From 55d7013f118202764ba5deaf9b2a301a6b5296b0 Mon Sep 17 00:00:00 2001 From: Cyril Brulebois Date: Mon, 15 Mar 2021 00:19:43 +0000 Subject: [PATCH 1/1] Import crowdsec_1.0.9.orig-hub1.tar.gz [dgit import orig crowdsec_1.0.9.orig-hub1.tar.gz] --- .exportedField/exported.go | 68 + .exportedField/go.mod | 3 + .github/workflows/dispatch_create_branch.yaml | 16 + .github/workflows/dispatch_delete_branch.yaml | 16 + .github/workflows/generate_taxonomy.yaml | 36 + .github/workflows/test_configurations.yaml | 49 + ...t_configurations_on_hub-tests_changes.yaml | 38 + .github/workflows/update-blockers.yml | 29 + .github/workflows/update-index.yml | 39 + .gitignore | 12 + .index.json | 1231 + README.md | 14 + blockers.go | 142 + blockers.json | 100 + blockers/list.json | 36 + ci.go | 155 + .../crowdsecurity/.tests/apache2/acquis.yaml | 5 + .../crowdsecurity/.tests/apache2/apache2.log | 4 + .../crowdsecurity/.tests/iptables/acquis.yaml | 5 + .../.tests/iptables/bucket_result.yaml | 329 + .../crowdsecurity/.tests/iptables/config.yaml | 14 + .../.tests/iptables/iptables.log | 563 + .../.tests/iptables/parser_results.yaml | 70377 ++++++++++++++++ .../.tests/iptables/po_input.yaml | 329 + .../crowdsecurity/.tests/mysql/acquis.yaml | 5 + .../crowdsecurity/.tests/mysql/mysql.log | 2 + .../crowdsecurity/.tests/nginx/acquis.yaml | 5 + .../crowdsecurity/.tests/nginx/nginx.log | 4 + .../crowdsecurity/.tests/postfix/acquis.yaml | 5 + .../crowdsecurity/.tests/postfix/postfix.log | 6 + .../crowdsecurity/.tests/tcpdump/acquis.yaml | 5 + .../crowdsecurity/.tests/tcpdump/tcpdump.log | 4 + .../crowdsecurity/.tests/vsftpd/acquis.yaml | 5 + .../crowdsecurity/.tests/vsftpd/vsftpd.log | 3 + collections/crowdsecurity/apache2.md | 4 + collections/crowdsecurity/apache2.yaml | 13 + .../crowdsecurity/base-http-scenarios.md | 14 + .../crowdsecurity/base-http-scenarios.yaml | 21 + collections/crowdsecurity/dovecot.md | 18 + collections/crowdsecurity/dovecot.yaml | 10 + collections/crowdsecurity/iptables.md | 4 + collections/crowdsecurity/iptables.yaml | 11 + collections/crowdsecurity/linux.md | 3 + collections/crowdsecurity/linux.yaml | 11 + collections/crowdsecurity/modsecurity.md | 3 + collections/crowdsecurity/modsecurity.yaml | 10 + collections/crowdsecurity/mysql.md | 4 + collections/crowdsecurity/mysql.yaml | 10 + collections/crowdsecurity/naxsi.md | 4 + collections/crowdsecurity/naxsi.yaml | 14 + collections/crowdsecurity/nginx.md | 4 + collections/crowdsecurity/nginx.yaml | 13 + collections/crowdsecurity/postfix.md | 18 + collections/crowdsecurity/postfix.yaml | 11 + collections/crowdsecurity/sshd.md | 5 + collections/crowdsecurity/sshd.yaml | 11 + collections/crowdsecurity/vsftpd.md | 3 + collections/crowdsecurity/vsftpd.yaml | 10 + .../crowdsecurity/whitelist-good-actors.md | 4 + .../crowdsecurity/whitelist-good-actors.yaml | 10 + collections/crowdsecurity/wordpress.md | 2 + collections/crowdsecurity/wordpress.yaml | 9 + generate.go | 194 + go.mod | 13 + .../.tests/syslog-logs/acquis.yaml | 3 + .../.tests/syslog-logs/config.yaml | 7 + .../.tests/syslog-logs/parser_results.yaml | 217 + .../.tests/syslog-logs/syslog.log | 5 + parsers/s00-raw/crowdsecurity/syslog-logs.md | 5 + .../s00-raw/crowdsecurity/syslog-logs.yaml | 30 + .../.tests/apache2-logs/config.yaml | 7 + .../.tests/apache2-logs/parser_input.yaml | 70 + .../.tests/apache2-logs/parser_results.yaml | 512 + .../.tests/cowrie-logs/config.yaml | 7 + .../.tests/cowrie-logs/parser_input.yaml | 28 + .../.tests/cowrie-logs/parser_results.yaml | 146 + .../.tests/dovecot-logs/config.yaml | 10 + .../.tests/dovecot-logs/parser_input.yaml | 23 + .../.tests/dovecot-logs/parser_results.yaml | 89 + .../.tests/iptables-logs/config.yaml | 8 + .../.tests/iptables-logs/parser_input.yaml | 14 + .../.tests/iptables-logs/parser_results.yaml | 80 + .../.tests/mysql-logs/config.yaml | 8 + .../.tests/mysql-logs/parser_input.yaml | 28 + .../.tests/mysql-logs/parser_results.yaml | 79 + .../.tests/nginx-logs/config.yaml | 8 + .../.tests/nginx-logs/parser_input.yaml | 70 + .../.tests/nginx-logs/parser_results.yaml | 482 + .../.tests/postfix-logs/config.yaml | 8 + .../.tests/postfix-logs/parser_input.yaml | 126 + .../.tests/postfix-logs/parser_results.yaml | 266 + .../.tests/postscreen-logs/config.yaml | 8 + .../.tests/postscreen-logs/parser_input.yaml | 21 + .../postscreen-logs/parser_results.yaml | 95 + .../crowdsecurity/.tests/smb-logs/config.yaml | 8 + .../.tests/smb-logs/parser_input.yaml | 29 + .../.tests/smb-logs/parser_results.yaml | 128 + .../.tests/sshd-logs/config.yaml | 8 + .../.tests/sshd-logs/parser_input.yaml | 21 + .../.tests/sshd-logs/parser_results.yaml | 92 + .../.tests/tcpdump-logs/config.yaml | 8 + .../.tests/tcpdump-logs/parser_input.yaml | 56 + .../.tests/tcpdump-logs/parser_results.yaml | 326 + .../.tests/vsftpd-logs/config.yaml | 9 + .../.tests/vsftpd-logs/parser_input.yaml | 42 + .../.tests/vsftpd-logs/parser_results.yaml | 99 + .../s01-parse/crowdsecurity/apache2-logs.md | 3 + .../s01-parse/crowdsecurity/apache2-logs.yaml | 74 + .../s01-parse/crowdsecurity/cowrie-logs.yaml | 20 + .../s01-parse/crowdsecurity/dovecot-logs.yaml | 14 + .../s01-parse/crowdsecurity/iptables-logs.md | 6 + .../crowdsecurity/iptables-logs.yaml | 16 + .../s01-parse/crowdsecurity/modsecurity.md | 3 + .../s01-parse/crowdsecurity/modsecurity.yaml | 13 + parsers/s01-parse/crowdsecurity/mysql-logs.md | 1 + .../s01-parse/crowdsecurity/mysql-logs.yaml | 14 + parsers/s01-parse/crowdsecurity/nginx-logs.md | 5 + .../s01-parse/crowdsecurity/nginx-logs.yaml | 33 + .../s01-parse/crowdsecurity/postfix-logs.yaml | 61 + .../crowdsecurity/postscreen-logs.yaml | 20 + parsers/s01-parse/crowdsecurity/smb-logs.yaml | 14 + parsers/s01-parse/crowdsecurity/sshd-logs.md | 2 + .../s01-parse/crowdsecurity/sshd-logs.yaml | 36 + .../s01-parse/crowdsecurity/tcpdump-logs.md | 25 + .../s01-parse/crowdsecurity/tcpdump-logs.yaml | 21 + .../s01-parse/crowdsecurity/vsftpd-logs.md | 1 + .../s01-parse/crowdsecurity/vsftpd-logs.yaml | 21 + .../.tests/dateparse-enrich/config.yaml | 12 + .../.tests/dateparse-enrich/parser_input.yaml | 5 + .../dateparse-enrich/parser_results.yaml | 86 + .../.tests/geoip-enrich/config.yaml | 8 + .../.tests/geoip-enrich/parser_input.yaml | 5 + .../.tests/geoip-enrich/parser_results.yaml | 84 + .../.tests/http-logs/config.yaml | 8 + .../.tests/http-logs/parser_input.yaml | 166 + .../.tests/http-logs/parser_results.yaml | 413 + .../.tests/naxsi-logs/config.yaml | 8 + .../.tests/naxsi-logs/parser_input.yaml | 10 + .../.tests/naxsi-logs/parser_results.yaml | 39 + .../.tests/whitelists/config.yaml | 7 + .../.tests/whitelists/parser_input.yaml | 10 + .../.tests/whitelists/parser_results.yaml | 27 + .../crowdsecurity/dateparse-enrich.md | 17 + .../crowdsecurity/dateparse-enrich.yaml | 9 + .../s02-enrich/crowdsecurity/geoip-enrich.md | 15 + .../crowdsecurity/geoip-enrich.yaml | 27 + parsers/s02-enrich/crowdsecurity/http-logs.md | 4 + .../s02-enrich/crowdsecurity/http-logs.yaml | 33 + .../s02-enrich/crowdsecurity/naxsi-logs.yaml | 16 + .../s02-enrich/crowdsecurity/whitelists.md | 2 + .../s02-enrich/crowdsecurity/whitelists.yaml | 13 + .../crowdsecurity/.tests/rdns/config.yaml | 7 + .../crowdsecurity/.tests/rdns/po_input.yaml | 16 + .../.tests/rdns/postoverflow_results.yaml | 216 + .../s00-enrich/crowdsecurity/rdns.md | 3 + .../s00-enrich/crowdsecurity/rdns.yaml | 9 + .../.tests/cdn-whitelist/config.yaml | 7 + .../.tests/cdn-whitelist/parser_input.yaml | 86 + .../.tests/cdn-whitelist/parser_results.yaml | 306 + .../.tests/seo-bots-whitelists/config.yaml | 7 + .../seo-bots-whitelists/parser_input.yaml | 226 + .../seo-bots-whitelists/parser_results.yaml | 783 + .../crowdsecurity/cdn-whitelist.md | 6 + .../crowdsecurity/cdn-whitelist.yaml | 10 + .../crowdsecurity/seo-bots-whitelist.md | 11 + .../crowdsecurity/seo-bots-whitelist.yaml | 18 + .../ban-defcon-drop_range/bucket_input.yaml | 432 + .../ban-defcon-drop_range/bucket_results.yaml | 263 + .../.tests/ban-defcon-drop_range/config.yaml | 8 + .../.tests/dovecot-spam/bucket_input.yaml | 41 + .../.tests/dovecot-spam/bucket_results.yaml | 137 + .../.tests/dovecot-spam/config.yaml | 8 + .../http-backdoors-attempts/bucket_input.yaml | 30 + .../bucket_result.yaml | 105 + .../http-backdoors-attempts/config.yaml | 7 + .../http-bad-user-agent/bucket_input.yaml | 42 + .../http-bad-user-agent/bucket_results.yaml | 105 + .../.tests/http-bad-user-agent/config.yaml | 8 + .../http-bf-wordpress_bf/bucket_input.yaml | 54 + .../http-bf-wordpress_bf/bucket_results.yaml | 169 + .../.tests/http-bf-wordpress_bf/config.yaml | 8 + .../.tests/http-bf-wordpress_bf/po_input.yaml | 169 + .../http-crawl-non_statics/bucket_input.yaml | 372 + .../bucket_results.yaml | 169 + .../.tests/http-crawl-non_statics/config.yaml | 8 + .../http-crawl-non_statics/po_input.yaml | 169 + .../.tests/http-generic-bf/bucket_input.yaml | 100 + .../.tests/http-generic-bf/bucket_result.yaml | 193 + .../.tests/http-generic-bf/config.yaml | 8 + .../bucket_input.yaml | 82 + .../bucket_result.yaml | 154 + .../http-path-traversal-probing/config.yaml | 8 + .../.tests/http-probing/bucket_input.yaml | 99 + .../.tests/http-probing/bucket_results.yaml | 338 + .../.tests/http-probing/config.yaml | 8 + .../.tests/http-probing/po_input.yaml | 338 + .../http-sensitive-files/bucket_input.yaml | 102 + .../http-sensitive-files/bucket_results.yaml | 153 + .../.tests/http-sensitive-files/config.yaml | 8 + .../http-sqli-probing/bucket_input.yaml | 222 + .../http-sqli-probing/bucket_results.yaml | 249 + .../.tests/http-sqli-probing/config.yaml | 7 + .../.tests/http-xss-probing/bucket_input.yaml | 128 + .../http-xss-probing/bucket_results.yaml | 169 + .../.tests/http-xss-probing/config.yaml | 7 + .../bucket_input.yaml | 136 + .../bucket_results.yaml | 393 + .../iptables-scan-multi_ports/config.yaml | 8 + .../iptables-scan-multi_ports/po_input.yaml | 393 + .../.tests/mysql-bf/bucket_input.yaml | 30 + .../.tests/mysql-bf/bucket_results.yaml | 169 + .../crowdsecurity/.tests/mysql-bf/config.yaml | 8 + .../.tests/mysql-bf/po_input.yaml | 169 + .../.tests/postfix-spam/bucket_input.yaml | 48 + .../.tests/postfix-spam/bucket_result.yaml | 310 + .../.tests/postfix-spam/config.yaml | 7 + .../.tests/smb-bf/bucket_input.yaml | 31 + .../.tests/smb-bf/bucket_results.yaml | 173 + .../crowdsecurity/.tests/smb-bf/config.yaml | 7 + .../.tests/ssh-bf/bucket_input.yaml | 36 + .../.tests/ssh-bf/bucket_results.yaml | 387 + .../crowdsecurity/.tests/ssh-bf/config.yaml | 8 + .../.tests/telnet-bf/bucket_input.yaml | 31 + .../.tests/telnet-bf/bucket_results.yaml | 169 + .../.tests/telnet-bf/config.yaml | 8 + .../.tests/vsftpd-bf/bucket_input.yaml | 30 + .../.tests/vsftpd-bf/bucket_result.yaml | 169 + .../.tests/vsftpd-bf/config.yaml | 7 + .../crowdsecurity/ban-defcon-drop_range.md | 3 + .../crowdsecurity/ban-defcon-drop_range.yaml | 17 + .../crowdsecurity/ban-report-ssh_bf_report.md | 1 + .../ban-report-ssh_bf_report.yaml | 10 + scenarios/crowdsecurity/dovecot-spam.md | 5 + scenarios/crowdsecurity/dovecot-spam.yaml | 15 + .../crowdsecurity/http-backdoors-attempts.md | 18 + .../http-backdoors-attempts.yaml | 18 + .../crowdsecurity/http-bad-user-agent.md | 10 + .../crowdsecurity/http-bad-user-agent.yaml | 17 + .../crowdsecurity/http-bf-wordpress_bf.md | 4 + .../crowdsecurity/http-bf-wordpress_bf.yaml | 14 + .../crowdsecurity/http-crawl-non_statics.md | 3 + .../crowdsecurity/http-crawl-non_statics.yaml | 16 + scenarios/crowdsecurity/http-generic-bf.md | 3 + scenarios/crowdsecurity/http-generic-bf.yaml | 14 + .../http-path-traversal-probing.md | 5 + .../http-path-traversal-probing.yaml | 20 + scenarios/crowdsecurity/http-probing.md | 3 + scenarios/crowdsecurity/http-probing.yaml | 16 + .../crowdsecurity/http-sensitive-files.md | 6 + .../crowdsecurity/http-sensitive-files.yaml | 19 + scenarios/crowdsecurity/http-sqli-probing.md | 12 + .../crowdsecurity/http-sqli-probing.yaml | 20 + scenarios/crowdsecurity/http-xss-probing.md | 10 + scenarios/crowdsecurity/http-xss-probing.yaml | 20 + .../iptables-scan-multi_ports.md | 3 + .../iptables-scan-multi_ports.yaml | 14 + scenarios/crowdsecurity/modsecurity.md | 1 + scenarios/crowdsecurity/modsecurity.yaml | 11 + scenarios/crowdsecurity/mysql-bf.md | 3 + scenarios/crowdsecurity/mysql-bf.yaml | 14 + .../crowdsecurity/naxsi-exploit-vpatch.md | 3 + .../crowdsecurity/naxsi-exploit-vpatch.yaml | 12 + scenarios/crowdsecurity/postfix-spam.md | 5 + scenarios/crowdsecurity/postfix-spam.yaml | 33 + scenarios/crowdsecurity/smb-bf.md | 1 + scenarios/crowdsecurity/smb-bf.yaml | 13 + scenarios/crowdsecurity/ssh-bf.md | 5 + scenarios/crowdsecurity/ssh-bf.yaml | 32 + scenarios/crowdsecurity/telnet-bf.md | 4 + scenarios/crowdsecurity/telnet-bf.yaml | 12 + scenarios/crowdsecurity/vsftpd-bf.md | 4 + scenarios/crowdsecurity/vsftpd-bf.yaml | 13 + .../.tests/http-w00tw00t/bucket_input.yaml | 7 + .../.tests/http-w00tw00t/bucket_results.yaml | 89 + .../ltsich/.tests/http-w00tw00t/config.yaml | 8 + scenarios/ltsich/http-w00tw00t.md | 3 + scenarios/ltsich/http-w00tw00t.yaml | 12 + tests.sh | 94 + update.go | 70 + 279 files changed, 88708 insertions(+) create mode 100644 .exportedField/exported.go create mode 100644 .exportedField/go.mod create mode 100644 .github/workflows/dispatch_create_branch.yaml create mode 100644 .github/workflows/dispatch_delete_branch.yaml create mode 100644 .github/workflows/generate_taxonomy.yaml create mode 100644 .github/workflows/test_configurations.yaml create mode 100644 .github/workflows/test_configurations_on_hub-tests_changes.yaml create mode 100644 .github/workflows/update-blockers.yml create mode 100644 .github/workflows/update-index.yml create mode 100644 .gitignore create mode 100644 .index.json create mode 100644 README.md create mode 100644 blockers.go create mode 100644 blockers.json create mode 100644 blockers/list.json create mode 100644 ci.go create mode 100644 collections/crowdsecurity/.tests/apache2/acquis.yaml create mode 100644 collections/crowdsecurity/.tests/apache2/apache2.log create mode 100644 collections/crowdsecurity/.tests/iptables/acquis.yaml create mode 100644 collections/crowdsecurity/.tests/iptables/bucket_result.yaml create mode 100644 collections/crowdsecurity/.tests/iptables/config.yaml create mode 100644 collections/crowdsecurity/.tests/iptables/iptables.log create mode 100644 collections/crowdsecurity/.tests/iptables/parser_results.yaml create mode 100644 collections/crowdsecurity/.tests/iptables/po_input.yaml create mode 100644 collections/crowdsecurity/.tests/mysql/acquis.yaml create mode 100644 collections/crowdsecurity/.tests/mysql/mysql.log create mode 100644 collections/crowdsecurity/.tests/nginx/acquis.yaml create mode 100644 collections/crowdsecurity/.tests/nginx/nginx.log create mode 100644 collections/crowdsecurity/.tests/postfix/acquis.yaml create mode 100644 collections/crowdsecurity/.tests/postfix/postfix.log create mode 100644 collections/crowdsecurity/.tests/tcpdump/acquis.yaml create mode 100644 collections/crowdsecurity/.tests/tcpdump/tcpdump.log create mode 100644 collections/crowdsecurity/.tests/vsftpd/acquis.yaml create mode 100644 collections/crowdsecurity/.tests/vsftpd/vsftpd.log create mode 100644 collections/crowdsecurity/apache2.md create mode 100644 collections/crowdsecurity/apache2.yaml create mode 100644 collections/crowdsecurity/base-http-scenarios.md create mode 100644 collections/crowdsecurity/base-http-scenarios.yaml create mode 100644 collections/crowdsecurity/dovecot.md create mode 100644 collections/crowdsecurity/dovecot.yaml create mode 100644 collections/crowdsecurity/iptables.md create mode 100644 collections/crowdsecurity/iptables.yaml create mode 100644 collections/crowdsecurity/linux.md create mode 100644 collections/crowdsecurity/linux.yaml create mode 100644 collections/crowdsecurity/modsecurity.md create mode 100644 collections/crowdsecurity/modsecurity.yaml create mode 100644 collections/crowdsecurity/mysql.md create mode 100644 collections/crowdsecurity/mysql.yaml create mode 100644 collections/crowdsecurity/naxsi.md create mode 100644 collections/crowdsecurity/naxsi.yaml create mode 100644 collections/crowdsecurity/nginx.md create mode 100644 collections/crowdsecurity/nginx.yaml create mode 100644 collections/crowdsecurity/postfix.md create mode 100644 collections/crowdsecurity/postfix.yaml create mode 100644 collections/crowdsecurity/sshd.md create mode 100644 collections/crowdsecurity/sshd.yaml create mode 100644 collections/crowdsecurity/vsftpd.md create mode 100644 collections/crowdsecurity/vsftpd.yaml create mode 100644 collections/crowdsecurity/whitelist-good-actors.md create mode 100644 collections/crowdsecurity/whitelist-good-actors.yaml create mode 100644 collections/crowdsecurity/wordpress.md create mode 100644 collections/crowdsecurity/wordpress.yaml create mode 100644 generate.go create mode 100644 go.mod create mode 100644 parsers/s00-raw/crowdsecurity/.tests/syslog-logs/acquis.yaml create mode 100644 parsers/s00-raw/crowdsecurity/.tests/syslog-logs/config.yaml create mode 100644 parsers/s00-raw/crowdsecurity/.tests/syslog-logs/parser_results.yaml create mode 100644 parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log create mode 100644 parsers/s00-raw/crowdsecurity/syslog-logs.md create mode 100644 parsers/s00-raw/crowdsecurity/syslog-logs.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/apache2-logs/config.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/apache2-logs/parser_input.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/apache2-logs/parser_results.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/config.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/parser_input.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/parser_results.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/config.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/parser_input.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/parser_results.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/iptables-logs/config.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/iptables-logs/parser_input.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/iptables-logs/parser_results.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/mysql-logs/config.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/mysql-logs/parser_input.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/mysql-logs/parser_results.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/nginx-logs/config.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/nginx-logs/parser_input.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/nginx-logs/parser_results.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/postfix-logs/config.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/postfix-logs/parser_input.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/postfix-logs/parser_results.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/config.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/parser_input.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/parser_results.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/smb-logs/config.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/smb-logs/parser_input.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/smb-logs/parser_results.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/sshd-logs/config.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/sshd-logs/parser_input.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/sshd-logs/parser_results.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/config.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/parser_input.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/parser_results.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/config.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/parser_input.yaml create mode 100644 parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/parser_results.yaml create mode 100644 parsers/s01-parse/crowdsecurity/apache2-logs.md create mode 100644 parsers/s01-parse/crowdsecurity/apache2-logs.yaml create mode 100644 parsers/s01-parse/crowdsecurity/cowrie-logs.yaml create mode 100644 parsers/s01-parse/crowdsecurity/dovecot-logs.yaml create mode 100644 parsers/s01-parse/crowdsecurity/iptables-logs.md create mode 100644 parsers/s01-parse/crowdsecurity/iptables-logs.yaml create mode 100644 parsers/s01-parse/crowdsecurity/modsecurity.md create mode 100644 parsers/s01-parse/crowdsecurity/modsecurity.yaml create mode 100644 parsers/s01-parse/crowdsecurity/mysql-logs.md create mode 100644 parsers/s01-parse/crowdsecurity/mysql-logs.yaml create mode 100644 parsers/s01-parse/crowdsecurity/nginx-logs.md create mode 100644 parsers/s01-parse/crowdsecurity/nginx-logs.yaml create mode 100644 parsers/s01-parse/crowdsecurity/postfix-logs.yaml create mode 100644 parsers/s01-parse/crowdsecurity/postscreen-logs.yaml create mode 100644 parsers/s01-parse/crowdsecurity/smb-logs.yaml create mode 100644 parsers/s01-parse/crowdsecurity/sshd-logs.md create mode 100644 parsers/s01-parse/crowdsecurity/sshd-logs.yaml create mode 100644 parsers/s01-parse/crowdsecurity/tcpdump-logs.md create mode 100644 parsers/s01-parse/crowdsecurity/tcpdump-logs.yaml create mode 100644 parsers/s01-parse/crowdsecurity/vsftpd-logs.md create mode 100644 parsers/s01-parse/crowdsecurity/vsftpd-logs.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/config.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/parser_input.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/parser_results.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/config.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/parser_input.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/parser_results.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/.tests/http-logs/config.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/.tests/http-logs/parser_input.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/.tests/http-logs/parser_results.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/config.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/parser_input.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/parser_results.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/.tests/whitelists/config.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/.tests/whitelists/parser_input.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/.tests/whitelists/parser_results.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/dateparse-enrich.md create mode 100644 parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/geoip-enrich.md create mode 100644 parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/http-logs.md create mode 100644 parsers/s02-enrich/crowdsecurity/http-logs.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/naxsi-logs.yaml create mode 100644 parsers/s02-enrich/crowdsecurity/whitelists.md create mode 100644 parsers/s02-enrich/crowdsecurity/whitelists.yaml create mode 100644 postoverflows/s00-enrich/crowdsecurity/.tests/rdns/config.yaml create mode 100644 postoverflows/s00-enrich/crowdsecurity/.tests/rdns/po_input.yaml create mode 100644 postoverflows/s00-enrich/crowdsecurity/.tests/rdns/postoverflow_results.yaml create mode 100644 postoverflows/s00-enrich/crowdsecurity/rdns.md create mode 100644 postoverflows/s00-enrich/crowdsecurity/rdns.yaml create mode 100644 postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/config.yaml create mode 100644 postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/parser_input.yaml create mode 100644 postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/parser_results.yaml create mode 100644 postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/config.yaml create mode 100644 postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/parser_input.yaml create mode 100644 postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/parser_results.yaml create mode 100644 postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.md create mode 100644 postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.yaml create mode 100644 postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.md create mode 100644 postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.yaml create mode 100644 scenarios/crowdsecurity/.tests/ban-defcon-drop_range/bucket_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/ban-defcon-drop_range/bucket_results.yaml create mode 100644 scenarios/crowdsecurity/.tests/ban-defcon-drop_range/config.yaml create mode 100644 scenarios/crowdsecurity/.tests/dovecot-spam/bucket_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/dovecot-spam/bucket_results.yaml create mode 100644 scenarios/crowdsecurity/.tests/dovecot-spam/config.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-backdoors-attempts/bucket_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-backdoors-attempts/bucket_result.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-backdoors-attempts/config.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_results.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-bad-user-agent/config.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/bucket_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/bucket_results.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/config.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/po_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-crawl-non_statics/bucket_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-crawl-non_statics/bucket_results.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-crawl-non_statics/config.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-crawl-non_statics/po_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-generic-bf/bucket_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-generic-bf/bucket_result.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-generic-bf/config.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-path-traversal-probing/bucket_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-path-traversal-probing/bucket_result.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-path-traversal-probing/config.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-probing/bucket_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-probing/bucket_results.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-probing/config.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-probing/po_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-sensitive-files/bucket_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-sensitive-files/bucket_results.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-sensitive-files/config.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-sqli-probing/bucket_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-sqli-probing/bucket_results.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-sqli-probing/config.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-xss-probing/bucket_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-xss-probing/bucket_results.yaml create mode 100644 scenarios/crowdsecurity/.tests/http-xss-probing/config.yaml create mode 100644 scenarios/crowdsecurity/.tests/iptables-scan-multi_ports/bucket_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/iptables-scan-multi_ports/bucket_results.yaml create mode 100644 scenarios/crowdsecurity/.tests/iptables-scan-multi_ports/config.yaml create mode 100644 scenarios/crowdsecurity/.tests/iptables-scan-multi_ports/po_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/mysql-bf/bucket_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/mysql-bf/bucket_results.yaml create mode 100644 scenarios/crowdsecurity/.tests/mysql-bf/config.yaml create mode 100644 scenarios/crowdsecurity/.tests/mysql-bf/po_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/postfix-spam/bucket_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/postfix-spam/bucket_result.yaml create mode 100644 scenarios/crowdsecurity/.tests/postfix-spam/config.yaml create mode 100644 scenarios/crowdsecurity/.tests/smb-bf/bucket_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/smb-bf/bucket_results.yaml create mode 100644 scenarios/crowdsecurity/.tests/smb-bf/config.yaml create mode 100644 scenarios/crowdsecurity/.tests/ssh-bf/bucket_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/ssh-bf/bucket_results.yaml create mode 100644 scenarios/crowdsecurity/.tests/ssh-bf/config.yaml create mode 100644 scenarios/crowdsecurity/.tests/telnet-bf/bucket_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/telnet-bf/bucket_results.yaml create mode 100644 scenarios/crowdsecurity/.tests/telnet-bf/config.yaml create mode 100644 scenarios/crowdsecurity/.tests/vsftpd-bf/bucket_input.yaml create mode 100644 scenarios/crowdsecurity/.tests/vsftpd-bf/bucket_result.yaml create mode 100644 scenarios/crowdsecurity/.tests/vsftpd-bf/config.yaml create mode 100644 scenarios/crowdsecurity/ban-defcon-drop_range.md create mode 100644 scenarios/crowdsecurity/ban-defcon-drop_range.yaml create mode 100644 scenarios/crowdsecurity/ban-report-ssh_bf_report.md create mode 100644 scenarios/crowdsecurity/ban-report-ssh_bf_report.yaml create mode 100644 scenarios/crowdsecurity/dovecot-spam.md create mode 100644 scenarios/crowdsecurity/dovecot-spam.yaml create mode 100644 scenarios/crowdsecurity/http-backdoors-attempts.md create mode 100644 scenarios/crowdsecurity/http-backdoors-attempts.yaml create mode 100644 scenarios/crowdsecurity/http-bad-user-agent.md create mode 100644 scenarios/crowdsecurity/http-bad-user-agent.yaml create mode 100644 scenarios/crowdsecurity/http-bf-wordpress_bf.md create mode 100644 scenarios/crowdsecurity/http-bf-wordpress_bf.yaml create mode 100644 scenarios/crowdsecurity/http-crawl-non_statics.md create mode 100644 scenarios/crowdsecurity/http-crawl-non_statics.yaml create mode 100644 scenarios/crowdsecurity/http-generic-bf.md create mode 100644 scenarios/crowdsecurity/http-generic-bf.yaml create mode 100644 scenarios/crowdsecurity/http-path-traversal-probing.md create mode 100644 scenarios/crowdsecurity/http-path-traversal-probing.yaml create mode 100644 scenarios/crowdsecurity/http-probing.md create mode 100644 scenarios/crowdsecurity/http-probing.yaml create mode 100644 scenarios/crowdsecurity/http-sensitive-files.md create mode 100644 scenarios/crowdsecurity/http-sensitive-files.yaml create mode 100644 scenarios/crowdsecurity/http-sqli-probing.md create mode 100644 scenarios/crowdsecurity/http-sqli-probing.yaml create mode 100644 scenarios/crowdsecurity/http-xss-probing.md create mode 100644 scenarios/crowdsecurity/http-xss-probing.yaml create mode 100644 scenarios/crowdsecurity/iptables-scan-multi_ports.md create mode 100644 scenarios/crowdsecurity/iptables-scan-multi_ports.yaml create mode 100644 scenarios/crowdsecurity/modsecurity.md create mode 100644 scenarios/crowdsecurity/modsecurity.yaml create mode 100644 scenarios/crowdsecurity/mysql-bf.md create mode 100644 scenarios/crowdsecurity/mysql-bf.yaml create mode 100644 scenarios/crowdsecurity/naxsi-exploit-vpatch.md create mode 100644 scenarios/crowdsecurity/naxsi-exploit-vpatch.yaml create mode 100644 scenarios/crowdsecurity/postfix-spam.md create mode 100644 scenarios/crowdsecurity/postfix-spam.yaml create mode 100644 scenarios/crowdsecurity/smb-bf.md create mode 100644 scenarios/crowdsecurity/smb-bf.yaml create mode 100644 scenarios/crowdsecurity/ssh-bf.md create mode 100644 scenarios/crowdsecurity/ssh-bf.yaml create mode 100644 scenarios/crowdsecurity/telnet-bf.md create mode 100644 scenarios/crowdsecurity/telnet-bf.yaml create mode 100644 scenarios/crowdsecurity/vsftpd-bf.md create mode 100644 scenarios/crowdsecurity/vsftpd-bf.yaml create mode 100644 scenarios/ltsich/.tests/http-w00tw00t/bucket_input.yaml create mode 100644 scenarios/ltsich/.tests/http-w00tw00t/bucket_results.yaml create mode 100644 scenarios/ltsich/.tests/http-w00tw00t/config.yaml create mode 100644 scenarios/ltsich/http-w00tw00t.md create mode 100644 scenarios/ltsich/http-w00tw00t.yaml create mode 100755 tests.sh create mode 100644 update.go diff --git a/.exportedField/exported.go b/.exportedField/exported.go new file mode 100644 index 0000000..f3f6344 --- /dev/null +++ b/.exportedField/exported.go @@ -0,0 +1,68 @@ +package main + +import ( + "io/ioutil" + "log" + "os" + "path/filepath" + + "github.com/crowdsecurity/crowdsec/pkg/types" + "gopkg.in/yaml.v2" +) + +type ParserResults struct { + ProvisionalResults []map[string]map[string]types.Event + FinalResults []types.Event +} + +func main() { + var ( + buf []byte + err error + results []types.Event = []types.Event{} + final types.Event = types.Event{ + Enriched: map[string]string{}, + Parsed: map[string]string{}, + Meta: map[string]string{}, + } + ) + _ = filepath.Walk(".", func(path string, info os.FileInfo, err error) error { + if err != nil { + log.Printf("prevent panic by handling failure accessing a path %q: %v\n", path, err) + return err + } + if !info.IsDir() && info.Name() == "parser_results.yaml" { + if buf, err = ioutil.ReadFile(path); err != nil { + log.Printf("Unable to read %s: %s", path, err) + return err + } + tmp := ParserResults{} + if err = yaml.Unmarshal(buf, &tmp); err != nil { + log.Printf("Unable to unmarshal path %s: %s", path, err) + } + results = append(results, tmp.FinalResults...) + } + return nil + + }) + + for _, result := range results { + for key, value := range result.Enriched { + final.Enriched[key] = value + } + for key, value := range result.Parsed { + final.Parsed[key] = value + } + for key, value := range result.Meta { + final.Meta[key] = value + } + } + + if buf, err = yaml.Marshal(final); err != nil { + log.Printf("Unable to marshal result: %s", err) + } + + if err = ioutil.WriteFile("exportedField.yaml", buf, 0644); err != nil { + log.Printf("Unable to write file: %s", err) + } +} diff --git a/.exportedField/go.mod b/.exportedField/go.mod new file mode 100644 index 0000000..206c030 --- /dev/null +++ b/.exportedField/go.mod @@ -0,0 +1,3 @@ +module exported + +go 1.15 diff --git a/.github/workflows/dispatch_create_branch.yaml b/.github/workflows/dispatch_create_branch.yaml new file mode 100644 index 0000000..0a40dc4 --- /dev/null +++ b/.github/workflows/dispatch_create_branch.yaml @@ -0,0 +1,16 @@ +name: Create branch from external dispatch + +on: + repository_dispatch: + types: ['create_branch'] + +jobs: + create_branch: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: peterjgrainger/action-create-branch@v1.0.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + branch: ${{ github.event.client_payload.version }} \ No newline at end of file diff --git a/.github/workflows/dispatch_delete_branch.yaml b/.github/workflows/dispatch_delete_branch.yaml new file mode 100644 index 0000000..069774a --- /dev/null +++ b/.github/workflows/dispatch_delete_branch.yaml @@ -0,0 +1,16 @@ +name: Delete branch from external dispatch + +on: + repository_dispatch: + types: ['delete_branch'] + +jobs: + delete_branch: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Delete branch + uses: dawidd6/action-delete-branch@v3 + with: + github_token: ${{github.token}} + branches: ${{ github.event.client_payload.version }} \ No newline at end of file diff --git a/.github/workflows/generate_taxonomy.yaml b/.github/workflows/generate_taxonomy.yaml new file mode 100644 index 0000000..5be829f --- /dev/null +++ b/.github/workflows/generate_taxonomy.yaml @@ -0,0 +1,36 @@ +name: Generate Taxonomy + +on: + push: + branches: [ master, wip_lapi ] + pull_request: + branches: [ master, wip_lapi ] + +jobs: + generate_taxonomy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: Set up Go 1.15 + uses: actions/setup-go@v1 + with: + go-version: 1.15 + id: go + - name: merge all results + run: | + cd .exportedField + export GO111MODULE=on + go build exported.go + cd .. + .exportedField/exported + - name: commit file + run: | + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git commit -m "Update exportedFields" exportedFields.json || exit 0 + - name: Push changes + uses: ad-m/github-push-action@master + if: github.event_name == 'push' + with: + github_token: ${{ secrets.REPO_ACCESS_TOKEN }} + branch: ${{ github.ref }} diff --git a/.github/workflows/test_configurations.yaml b/.github/workflows/test_configurations.yaml new file mode 100644 index 0000000..24ea1e6 --- /dev/null +++ b/.github/workflows/test_configurations.yaml @@ -0,0 +1,49 @@ +name: Test Hub Configurations Items on Hub Changes +on: + - push +jobs: + build-hub-tests: + runs-on: ubuntu-latest + env: + RESULTS_PATH: . + steps: + - name: Set up Go 1.13 + uses: actions/setup-go@v1 + with: + go-version: 1.13 + id: go + - name: Check out code into the Go module directory + uses: actions/checkout@v2 + - name: run tests on crowdsec master + run: | + rm -rf hub-tests + ./tests.sh -i master + ./tests.sh --all + - name: Find Crowdsec Latest Release Tag + id: latesttag + uses: pozetroninc/github-action-get-latest-release@master + with: + repository: crowdsecurity/crowdsec + excludes: prerelease, draft + - name: run tests on last crowdsec tag + run: | + rm -rf hub-tests + ./tests.sh -i ${{ steps.latesttag.outputs.release }} + ./tests.sh --all + - name: generate results + run: | + sudo apt-get update && sudo apt-get install nodejs-dev node-gyp libssl1.0-dev && sudo apt-get install npm + sudo npm i -g xunit-viewer + xunit-viewer -r output.xml + set +x + mkdir public + sudo mv index.html public + id: tests + - name: Deploy to GitHub Pages + if: github.ref == 'refs/heads/master' + uses: JamesIves/github-pages-deploy-action@3.7.1 + with: + BRANCH: gh-pages + FOLDER: public + ACCESS_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }} + diff --git a/.github/workflows/test_configurations_on_hub-tests_changes.yaml b/.github/workflows/test_configurations_on_hub-tests_changes.yaml new file mode 100644 index 0000000..8019c70 --- /dev/null +++ b/.github/workflows/test_configurations_on_hub-tests_changes.yaml @@ -0,0 +1,38 @@ +name: Test Hub Configurations Items +on: + - repository_dispatch + +jobs: + build-hub-tests: + runs-on: ubuntu-latest + env: + RESULTS_PATH: . + steps: + - name: Set up Go 1.13 + uses: actions/setup-go@v1 + with: + go-version: 1.13 + id: go + - name: Check out code into the Go module directory + uses: actions/checkout@v2 + - name: run tests + run: | + ./tests.sh -i ${{ github.event.client_payload.version }} + ./tests.sh --all + - name: generate results + run: | + sudo apt-get update && sudo apt-get install nodejs-dev node-gyp libssl1.0-dev && sudo apt-get install npm + sudo npm i -g xunit-viewer + xunit-viewer -r output.xml + set +x + mkdir public + sudo mv index.html public + id: tests + - name: Deploy to GitHub Pages + if: github.ref == 'refs/heads/master' + uses: JamesIves/github-pages-deploy-action@3.7.1 + with: + BRANCH: gh-pages + FOLDER: public + ACCESS_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }} + diff --git a/.github/workflows/update-blockers.yml b/.github/workflows/update-blockers.yml new file mode 100644 index 0000000..16c38ad --- /dev/null +++ b/.github/workflows/update-blockers.yml @@ -0,0 +1,29 @@ +name: Update Blockers Meta + +on: + schedule: + - cron: '0 6 * * *' + - cron: '0 18 * * *' + +jobs: + update_blockers: + runs-on: ubuntu-latest + steps: + - uses: actions/setup-go@v1 + with: + go-version: 1.13 + - uses: actions/checkout@v1 + - name: Create local changes + run: | + go build + ./main -target blockers + - name: Commit files + run: | + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git commit -m "Update blockers meta" blockers.json || exit 0 + - name: Push changes + uses: ad-m/github-push-action@master + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + branch: master \ No newline at end of file diff --git a/.github/workflows/update-index.yml b/.github/workflows/update-index.yml new file mode 100644 index 0000000..0be3536 --- /dev/null +++ b/.github/workflows/update-index.yml @@ -0,0 +1,39 @@ +name: Update index + +on: + push: + paths: + - 'scenarios/**.yaml' + - 'parsers/**.yaml' + - 'postoverflows/**.yaml' + - 'collections/**.yaml' + - 'scenarios/**.md' + - 'parsers/**.md' + - 'postoverflows/**.md' + - 'collections/**.md' + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/setup-go@v1 + with: + go-version: 1.13 + - uses: actions/checkout@v1 + - name: Create local changes + run: | + go build + ./main -target configs + - name: Commit files + if: ${{ github.event_name == 'push'}} + run: | + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git commit -m "Update index" .index.json || exit 0 + - name: Push changes + if: ${{ github.event_name == 'push'}} + uses: ad-m/github-push-action@master + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + branch: ${{ github.ref }} + diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..faf924f --- /dev/null +++ b/.gitignore @@ -0,0 +1,12 @@ +## Directories for hub-test +config/ +hub-tests/ +data/ +output.xml + +**.fail +go.sum +.vscode/ +main + +workspace.code-workspace \ No newline at end of file diff --git a/.index.json b/.index.json new file mode 100644 index 0000000..fa44adf --- /dev/null +++ b/.index.json @@ -0,0 +1,1231 @@ +{ + "collections": { + "crowdsecurity/apache2": { + "path": "collections/crowdsecurity/apache2.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "3601f38e187479724e830e0182f51468c980f661e6eedc6d2e586f622e3b48ea", + "deprecated": false + } + }, + "long_description": "QSBjb2xsZWN0aW9uIGZvciBhcGFjaGUyIDoKIC0gYXBhY2hlMiBwYXJzZXIKIC0gYmFzZSBodHRwIHNjZW5hcmlvcyBmb3IgY3Jhd2wsIHNjYW4gZXRjLgoK", + "content": "cGFyc2VyczoKI2dlbmVyaWMgcG9zdC1wYXJzaW5nIG9mIGh0dHAgc3R1ZmYKICAtIGNyb3dkc2VjdXJpdHkvYXBhY2hlMi1sb2dzCmNvbGxlY3Rpb25zOgogIC0gY3Jvd2RzZWN1cml0eS9iYXNlLWh0dHAtc2NlbmFyaW9zCmRlc2NyaXB0aW9uOiAiYXBhY2hlMiBzdXBwb3J0IDogcGFyc2VyIGFuZCBnZW5lcmljIGh0dHAgc2NlbmFyaW9zICIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gYXBhY2hlMgogIC0gY3Jhd2wKICAtIHNjYW4KCg==", + "description": "apache2 support : parser and generic http scenarios ", + "author": "crowdsecurity", + "labels": null, + "parsers": [ + "crowdsecurity/apache2-logs" + ], + "collections": [ + "crowdsecurity/base-http-scenarios" + ] + }, + "crowdsecurity/base-http-scenarios": { + "path": "collections/crowdsecurity/base-http-scenarios.yaml", + "version": "0.3", + "versions": { + "0.1": { + "digest": "7ee043a9d2e063cad751e6ce5d048f02518a76d39ec81aebed3bae736b0ced9e", + "deprecated": false + }, + "0.2": { + "digest": "affdb706e66ffd924086b24e94734589672fb531f80fe366ab06a8c3228962e2", + "deprecated": false + }, + "0.3": { + "digest": "543df5abb020afb51f3ab9d83cdc031e95572983e72f32a59b9f6f75cac990c3", + "deprecated": false + } + }, + "long_description": "Kipjb250YWlucyBubyBwYXJzZXIsIG1lYW50IHRvIGJlIGVtYmVkZGVkKioKCkEgY29sbGVjdGlvbiBvZiBkZWZlbnNpdmUgKGltcGxlbWVudGF0aW9uIGluZGVwZW5kZW50KSBzY2VuYXJpb3MgZm9yIGh0dHAgc2VydmljZXMgOgogLSBhZ2dyZXNzaXZlIGNyYXdsIGRldGVjdGlvbgogLSBzY2FubmluZy9wcm9iaW5nIGRldGVjdGlvbgogLSBiYWQgdXNlci1hZ2VudCBkZXRlY3Rpb24KIC0gcGF0aCB0cmF2ZXJzYWwgZGV0ZWN0aW9uCiAtIHNlbnNpdGl2ZSBkYXRhIGFjY2VzcyBhdHRlbXB0cyBkZXRlY3Rpb24KIC0gU1FMIGluamVjdGlvbiBkZXRlY3Rpb24KCjp3YXJuaW5nOiBUaGlzIGNvbGxlY3Rpb24gaXMgX25vdF8gYSBXQUYgYW5kIHRoaXMgc2NlbmFyaW8gZG9lcyBfbm90XyBhaW1zIGF0IHJlcGxhY2luZyBhIFdBRi4KCgoK", + "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1jcmF3bC1ub25fc3RhdGljcwogIC0gY3Jvd2RzZWN1cml0eS9odHRwLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1iYWQtdXNlci1hZ2VudAogIC0gY3Jvd2RzZWN1cml0eS9odHRwLXBhdGgtdHJhdmVyc2FsLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1zZW5zaXRpdmUtZmlsZXMKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1zcWxpLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC14c3MtcHJvYmluZwogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWJhY2tkb29ycy1hdHRlbXB0cwogIC0gbHRzaWNoL2h0dHAtdzAwdHcwMHQKCmRlc2NyaXB0aW9uOiAiaHR0cCBjb21tb24gOiBzY2FubmVycyBkZXRlY3Rpb24iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIGh0dHAKICAtIGNyYXdsCiAgLSBzY2FuCgo=", + "description": "http common : scanners detection", + "author": "crowdsecurity", + "labels": null, + "parsers": [ + "crowdsecurity/http-logs" + ], + "scenarios": [ + "crowdsecurity/http-crawl-non_statics", + "crowdsecurity/http-probing", + "crowdsecurity/http-bad-user-agent", + "crowdsecurity/http-path-traversal-probing", + "crowdsecurity/http-sensitive-files", + "crowdsecurity/http-sqli-probing", + "crowdsecurity/http-xss-probing", + "crowdsecurity/http-backdoors-attempts", + "ltsich/http-w00tw00t" + ] + }, + "crowdsecurity/dovecot": { + "path": "collections/crowdsecurity/dovecot.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "7990a4b855273b5ceaa379d2979d796e070c96a398caeefbfa1933cc36f690be", + "deprecated": false + } + }, + "long_description": "QSBjb2xsZWN0aW9uIGZvciBkb3ZlY290CiAqIGRvdmVjb3QgbG9nIHBhcnNlcnMKICogZG92ZWNvdCBzY2VuYXJpbyBicnV0ZWZvcmNlIHNwYW0gYXR0ZW1wdAoKVGhpcyBjb2xsZWN0aW9uIG1vc3RseSBhaW1zIGF0IGdldHRpbmcgc2ltaWxhciBzcGFtIHByb3RlY3Rpb24gYXMKdGhlIG5vcm1hbCBmYWlsMmJhbiBkb3ZlY290IGNvbmZpZ3VyYXRpb24uCgpUaGUgcmVsZXZhbnQgYGFjcXVpcy55YW1sYCBzaG91bGQgYmU6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL21haWwubG9nCmxhYmVsczoKICB0eXBlOiBzeXNsb2cKYGBgCgoKPiBDb250cmlidXRpb24gYnkgaHR0cHM6Ly9naXRodWIuY29tL0x0U2ljaAo=", + "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvZG92ZWNvdC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvZG92ZWNvdC1zcGFtCmRlc2NyaXB0aW9uOiAiZG92ZWNvdCBzdXBwb3J0IDogcGFyc2VyIGFuZCBzcGFtbWVyIGRldGVjdGlvbiIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gc3BhbQogIC0gYnJ1dGVmb3JjZQo=", + "description": "dovecot support : parser and spammer detection", + "author": "crowdsecurity", + "labels": null, + "parsers": [ + "crowdsecurity/dovecot-logs" + ], + "scenarios": [ + "crowdsecurity/dovecot-spam" + ] + }, + "crowdsecurity/iptables": { + "path": "collections/crowdsecurity/iptables.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "ba5c8e97c06b19e4c075e0285e6b60c1da3b86381c88c4bfea4b374378ced10a", + "deprecated": false + } + }, + "long_description": "QSBjb2xsZWN0aW9uIGZvciBwb3J0c2NhbiBkZXRlY3Rpb24gdmlhIGlwdGFibGVzIDoKIC0gaXB0YWJsZXMgcGFyc2VyIChsaWtlIGluIGAtaiBMT0dgKQogLSBtdWx0aSBwb3J0IHNjYW4gZGV0ZWN0aW9uCgo=", + "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvaXB0YWJsZXMtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L2lwdGFibGVzLXNjYW4tbXVsdGlfcG9ydHMKZGVzY3JpcHRpb246ICJpcHRhYmxlcyBzdXBwb3J0IDogbG9ncyBhbmQgcG9ydC1zY2FucyBkZXRlY3Rpb24gc2NlbmFyaW9zIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSBwb3J0c2NhbgogIC0gaXB0YWJsZXMKCg==", + "description": "iptables support : logs and port-scans detection scenarios", + "author": "crowdsecurity", + "labels": null, + "parsers": [ + "crowdsecurity/iptables-logs" + ], + "scenarios": [ + "crowdsecurity/iptables-scan-multi_ports" + ] + }, + "crowdsecurity/linux": { + "path": "collections/crowdsecurity/linux.yaml", + "version": "0.2", + "versions": { + "0.1": { + "digest": "8d16483218a979b84549fb020b0342feea3d1f4951294b6994d33a9b7214842f", + "deprecated": false + }, + "0.2": { + "digest": "baaa37b12b4d734fab81ae01ff81c58ceb7a99304f21e6bb6ff86b871ed6d5eb", + "deprecated": false + } + }, + "long_description": "Kipjb3JlIHBhY2thZ2UgZm9yIGxpbnV4KioKCmNvbnRhaW5zIHN1cHBvcnQgZm9yIHN5c2xvZywgZG8gbm90IHJlbW92ZS4K", + "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGNyb3dkc2VjdXJpdHkvZ2VvaXAtZW5yaWNoCiAgLSBjcm93ZHNlY3VyaXR5L2RhdGVwYXJzZS1lbnJpY2gKY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L3NzaGQKZGVzY3JpcHRpb246ICJjb3JlIGxpbnV4IHN1cHBvcnQgOiBzeXNsb2crZ2VvaXArc3NoIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4Cgo=", + "description": "core linux support : syslog+geoip+ssh", + "author": "crowdsecurity", + "labels": null, + "parsers": [ + "crowdsecurity/syslog-logs", + "crowdsecurity/geoip-enrich", + "crowdsecurity/dateparse-enrich" + ], + "collections": [ + "crowdsecurity/sshd" + ] + }, + "crowdsecurity/modsecurity": { + "path": "collections/crowdsecurity/modsecurity.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "530454a9dbdb3800f62de4b8ba7d6ed2160b4e533d577c52393f5f286df2b615", + "deprecated": false + } + }, + "long_description": "QSBjb2xsZWN0aW9uIGZvciBtb2RzZWN1cml0eSAodGVzdGVkIG9ubHkgd2l0aCBBcGFjaGUpOgogLSBtb2RzZWN1cml0eSBwYXJzZXI6IGBjcm93ZHNlY3VyaXR5L21vZHNlY3VyaXR5YAogLSBtb2RzZWN1cml0eSBzY2VuYXJpbzogYGNyb3dkc2VjdXJpdHkvbW9kc2VjdXJpdHk=", + "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvbW9kc2VjdXJpdHkKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9tb2RzZWN1cml0eQpkZXNjcmlwdGlvbjogIm1vZHNlY3VyaXR5IHN1cHBvcnQgOiBtb2RzZWN1cml0eSBwYXJzZXIgYW5kIHNjZW5hcmlvIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSB3ZWIKICAtIHdhZg==", + "description": "modsecurity support : modsecurity parser and scenario", + "author": "crowdsecurity", + "labels": null, + "parsers": [ + "crowdsecurity/modsecurity" + ], + "scenarios": [ + "crowdsecurity/modsecurity" + ] + }, + "crowdsecurity/mysql": { + "path": "collections/crowdsecurity/mysql.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "77e63a6deedaedc15457691e8631633c15663e796f9e896331d64aa3614fdafc", + "deprecated": false + } + }, + "long_description": "QSBjb2xsZWN0aW9uIGZvciBteXNxbCBzZXJ2aWNlcyA6CiAtIG15c3FsIGxvZ3MgcGFyc2VyCiAtIGJydXRlZm9yY2UgZGV0ZWN0aW9uCiA=", + "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvbXlzcWwtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L215c3FsLWJmCmRlc2NyaXB0aW9uOiAibXlzcWwgc3VwcG9ydCA6IGxvZ3MgYW5kIGJydXRlLWZvcmNlIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gbXlzcWwKICAtIGJydXRlZm9yY2UK", + "description": "mysql support : logs and brute-force scenarios", + "author": "crowdsecurity", + "labels": null, + "parsers": [ + "crowdsecurity/mysql-logs" + ], + "scenarios": [ + "crowdsecurity/mysql-bf" + ] + }, + "crowdsecurity/naxsi": { + "path": "collections/crowdsecurity/naxsi.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "cd093e3b26795e8ae86898a585ef77509dc988c4841ea49ba61795a7c849b06e", + "deprecated": false + } + }, + "long_description": "QSBjb2xsZWN0aW9uIHRvIGRldGVjdCB2aXJ0dWFsIHBhdGNoIHZpb2xhdGlvbnMgOgogLSBuYXhzaSBsb2dzIHBhcnNlcgogLSB2cGF0Y2ggaGlnaCBpZCAoPjk5OTkpIHRyaWdnZXIgcnVsZQog", + "content": "cGFyc2VyczoKI2dlbmVyaWMgcG9zdC1wYXJzaW5nIG9mIGh0dHAgc3R1ZmYKICAtIGNyb3dkc2VjdXJpdHkvbmdpbngtbG9ncwogIC0gY3Jvd2RzZWN1cml0eS9uYXhzaS1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvbmF4c2ktZXhwbG9pdC12cGF0Y2gKZGVzY3JpcHRpb246ICJuYXhzaSBzdXBwb3J0IDogcGFyc2VyIGFuZCB2cGF0Y2ggc2NlbmFyaW8iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIG5naW54CiAgLSBuYXhzaQogIC0gZXhwbG9pdAoK", + "description": "naxsi support : parser and vpatch scenario", + "author": "crowdsecurity", + "labels": null, + "parsers": [ + "crowdsecurity/nginx-logs", + "crowdsecurity/naxsi-logs" + ], + "scenarios": [ + "crowdsecurity/naxsi-exploit-vpatch" + ] + }, + "crowdsecurity/nginx": { + "path": "collections/crowdsecurity/nginx.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "5ef06c9a84fbea5b01d901a6a23d5de8de811da5036e5ec4f6a8d00fb096805b", + "deprecated": false + } + }, + "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBuZ2lueCBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzIDoKIC0gbmdpbnggcGFyc2VyCiAtIGJhc2UgaHR0cCBzY2VuYXJpb3MgKGNyYXdsLCA0MDQgc2NhbiwgYmYpCgo=", + "content": "cGFyc2VyczoKI2dlbmVyaWMgcG9zdC1wYXJzaW5nIG9mIGh0dHAgc3R1ZmYKICAtIGNyb3dkc2VjdXJpdHkvbmdpbngtbG9ncwpjb2xsZWN0aW9uczoKICAtIGNyb3dkc2VjdXJpdHkvYmFzZS1odHRwLXNjZW5hcmlvcwpkZXNjcmlwdGlvbjogIm5naW54IHN1cHBvcnQgOiBwYXJzZXIgYW5kIGdlbmVyaWMgaHR0cCBzY2VuYXJpb3MiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIG5naW54CiAgLSBjcmF3bAogIC0gc2NhbgoK", + "description": "nginx support : parser and generic http scenarios", + "author": "crowdsecurity", + "labels": null, + "parsers": [ + "crowdsecurity/nginx-logs" + ], + "collections": [ + "crowdsecurity/base-http-scenarios" + ] + }, + "crowdsecurity/postfix": { + "path": "collections/crowdsecurity/postfix.yaml", + "version": "0.2", + "versions": { + "0.1": { + "digest": "81767bab91a7a071d8d32f3227f2391744eef5ba6a4cf916a96ec8183d050ae0", + "deprecated": false + }, + "0.2": { + "digest": "b4cceea527807a9fe70f673ef34e0d7d4372267d665fbbe164f0d6a1a3531a2e", + "deprecated": false + } + }, + "long_description": "QSBjb2xsZWN0aW9uIGZvciBwb3N0Zml4CiAqIHBvc3RmaXggbG9nIHBhcnNlcnMKICogcG9zdHNjcmVlbiBsb2cgcGFyc2VyCiAqIHBvc3RmaXggc2NlbmFyaW8gYnJ1dGVmb3JjZSBzcGFtIGF0dGVtcHQKICogcG9zdHNjcmVlbiByYiBhdHRlbXB0IGJsYWNrbGlzdAoKVGhpcyBjb2xsZWN0aW9uIG1vc3RseSBhaW1zIGF0IGdldHRpbmcgYSBzaW1pbGFyIHNwYW0gcHJvdGVjdGlvbiBhcwp0aGUgbm9ybWFsIGZhaWwyYmFuIHBvc3RmaXggY29uZmlndXJhdGlvbiBhbHRob3VnaCBwb3N0Y3JlZW4gbG9nCm1hbmFnZW1lbnQgaXNuJ3QgaW5jbHVkZWQgYnkgZGVmYXVsdCBieSBmYWlsMmJhbi4KClRoZSByZWxldmFudCBgYWNxdWlzLnlhbWxgIHNob3VsZCBiZToKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvbWFpbC5sb2cKbGFiZWxzOgogIHR5cGU6IHN5c2xvZwpgYGAK", + "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvcG9zdGZpeC1sb2dzCiAgLSBjcm93ZHNlY3VyaXR5L3Bvc3RzY3JlZW4tbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L3Bvc3RmaXgtc3BhbQpkZXNjcmlwdGlvbjogInBvc3RmaXggc3VwcG9ydCA6IHBhcnNlciBhbmQgc3BhbW1lciBkZXRlY3Rpb24iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIHNwYW0KICAtIGJydXRlZm9yY2UK", + "description": "postfix support : parser and spammer detection", + "author": "crowdsecurity", + "labels": null, + "parsers": [ + "crowdsecurity/postfix-logs", + "crowdsecurity/postscreen-logs" + ], + "scenarios": [ + "crowdsecurity/postfix-spam" + ] + }, + "crowdsecurity/sshd": { + "path": "collections/crowdsecurity/sshd.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "21159aeb87529efcf1a5033f720413d5321a6451bab679a999f7f01a7aa972b3", + "deprecated": false + } + }, + "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBzc2hkIGFnYWluc3QgY29tbW9uIGF0dGFja3MgOgogLSBzc2ggcGFyc2VyCiAtIHNzaCBicnV0ZWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCiAKCg==", + "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3NoZC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvc3NoLWJmCmRlc2NyaXB0aW9uOiAic3NoZCBzdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZS1mb3JjZSBkZXRlY3Rpb24iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIHNzaAogIC0gYnJ1dGVmb3JjZQoK", + "description": "sshd support : parser and brute-force detection", + "author": "crowdsecurity", + "labels": null, + "parsers": [ + "crowdsecurity/sshd-logs" + ], + "scenarios": [ + "crowdsecurity/ssh-bf" + ] + }, + "crowdsecurity/vsftpd": { + "path": "collections/crowdsecurity/vsftpd.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "7cb60c9ce9772d4dc7227cc415a55114b8f4e3c07e27c17a666e56e11cb04b32", + "deprecated": false + } + }, + "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBWU0ZUUEQgYWdhaW5zdCBjb21tb24gYXR0YWNrcyA6Ci0gVlNGVFBEIHBhcnNlcjogYGNyb3dkc2VjdXJpdHkvdnNmdHBkLWxvZ3NgCi0gYnJ1dGVmb3JjZSBzY2VuYXJpbyA6IGBjcm93ZHNlY3VyaXR5L3ZzZnRwZC1iZmA=", + "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvdnNmdHBkLWxvZ3MKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS92c2Z0cGQtYmYKZGVzY3JpcHRpb246ICJWU0ZUUEQgc3VwcG9ydCA6IGxvZ3MgYW5kIGJydXRlLWZvcmNlIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gZnRwCiAgLSBicnV0ZWZvcmNlCg==", + "description": "VSFTPD support : logs and brute-force scenarios", + "author": "crowdsecurity", + "labels": null, + "parsers": [ + "crowdsecurity/vsftpd-logs" + ], + "scenarios": [ + "crowdsecurity/vsftpd-bf" + ] + }, + "crowdsecurity/whitelist-good-actors": { + "path": "collections/crowdsecurity/whitelist-good-actors.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "70f9b1723423de3918bfa3f33fa9c266da71c897b6173ff21e2fb73f9a24245e", + "deprecated": false + } + }, + "long_description": "QSBjb2xsZWN0aW9uIHRvIHdoaXRlbGlzdCBhbGwgZ29vZCBhY3RvcnMgOgogLSByZG5zIHRvIHVzZSBpdCBpbiB3aGl0ZWxpc3RzIHRoYXQgbmVlZCByZG5zCiAtIHJkbnMgb2YgYWxsIGdvb2Qgc2VhcmNoIGVuZ2luZSBjcmF3bGVycyAoZ29vZ2xlYm90LCBiaW5nIGV0Yy4uLikKIC0gdHJ1c3RlZCBwYXJ0bmVycyBsaWtlIGNsb3VkZmxhcmU=", + "content": "cG9zdG92ZXJmbG93czoKICAtIGNyb3dkc2VjdXJpdHkvc2VvLWJvdHMtd2hpdGVsaXN0CiAgLSBjcm93ZHNlY3VyaXR5L2Nkbi13aGl0ZWxpc3QKICAtIGNyb3dkc2VjdXJpdHkvcmRucwpkZXNjcmlwdGlvbjogIkdvb2QgYWN0b3JzIHdoaXRlbGlzdHMiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gd2hpdGVsaXN0CiAgLSBib3RzCiAgLSBwYXJ0bmVycwo=", + "description": "Good actors whitelists", + "author": "crowdsecurity", + "labels": null, + "postoverflows": [ + "crowdsecurity/seo-bots-whitelist", + "crowdsecurity/cdn-whitelist", + "crowdsecurity/rdns" + ] + }, + "crowdsecurity/wordpress": { + "path": "collections/crowdsecurity/wordpress.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "14f428b1d171a092d703478a891db27aaf83a3f6ba99199a3be4a64d193d718d", + "deprecated": false + } + }, + "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCB3b3JkcHJlc3MgYWdhaW5zdCBicnV0ZWZvcmNlIDoKIC0gd3AtbG9naW4ucGhwIGJydXRlZm9yY2UgZGV0ZWN0aW9uCg==", + "content": "c2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWJmLXdvcmRwcmVzc19iZgpkZXNjcmlwdGlvbjogIndvcmRwcmVzcyA6IGJydXRlZm9yY2UgZGV0ZWN0aW9uIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSB3b3JkcHJlc3MKICAtIGJydXRlZm9yY2UKCg==", + "description": "wordpress : bruteforce detection", + "author": "crowdsecurity", + "labels": null, + "scenarios": [ + "crowdsecurity/http-bf-wordpress_bf" + ] + } + }, + "parsers": { + "crowdsecurity/apache2-logs": { + "path": "parsers/s01-parse/crowdsecurity/apache2-logs.yaml", + "stage": "s01-parse", + "version": "0.4", + "versions": { + "0.1": { + "digest": "405a1eacb736240024a1302fb7a95184bd1dbb4205c9746877b01aa74aff602f", + "deprecated": false + }, + "0.2": { + "digest": "911be04b02a2aef5052020087b0941c9a646a0ad6213cb34d541d35c5c10fba1", + "deprecated": false + }, + "0.3": { + "digest": "2acd7b53dd7ac9765246dbcc539395ad89942a5b48f3cab6b1489cb6c9fe1360", + "deprecated": false + }, + "0.4": { + "digest": "63c47a8b0740d05e15a84640c44cdbc7b96907deae4650dcdb61329d37bcf9e8", + "deprecated": false + } + }, + "long_description": "VGhpcyBhcGFjaGUyIHBhcnNlciBzdXBwb3J0IGFjY2VzcyBhbmQgZXJyb3IgbG9ncyBpbiB0aGUgSFRUUEQgQ09NQklORUQgTE9HIHN0YW5kYXJkIGZvcm1hdC4KCipub3RlIDogKiBJZiB5b3UgYXJlIGFnZ3JlZ2F0aW5nIGxvZ3MgZnJvbSBzZXZlcmFsIGRvbWFpbnMsIHByZWZpeCB5b3VyIGxvZ2xpbmUgd2l0aCB0aGUgdGFyZ2V0IEZRRE4uIEhUVFAgYmFzZWQgc2NlbmFyaW9zIHNob3VsZCB0YWtlIHRoaXMgaW50byBhY2NvdW50IHNvIHRoYXQgYnVja2V0cyBhcmUgX3Blcl8gc291cmNlIElQIHBlciB0YXJnZXQgRlFETiwgbGltaXRpbmcgZmFsc2UgcG9zaXRpdmVzIGR1ZSB0byBsb2dzIG11bHRpcGxleGluZy4K", + "content": "I0FwYWNoZSBhY2Nlc3MvZXJyb3JzIGxvZ3MKI2RlYnVnOiB0cnVlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSBzdGFydHNXaXRoICdhcGFjaGUyJyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvYXBhY2hlMi1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgQXBhY2hlMiBhY2Nlc3MgYW5kIGVycm9yIGxvZ3MiCiNsb2cgbGluZSBjYW4gYmUgcHJlZml4ZWQgYnkgYSB0YXJnZXRfZnFkbgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcoJXtJUE9SSE9TVDp0YXJnZXRfZnFkbn0gKT8le0NPTU1PTkFQQUNIRUxPR30gJXtRUzpyZWZlcnJlcn0gJXtRUzpodHRwX3VzZXJfYWdlbnR9JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICAjIHRoZXNlIG9uZXMgYXBwbHkgZm9yIGJvdGggZ3JvayBwYXR0ZXJucwogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBodHRwX2FjY2Vzcy1sb2cKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wCiAgICAgICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgICAgICB2YWx1ZTogaHR0cAogICAgICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmNsaWVudGlwCiAgICAgICAgLSBtZXRhOiBodHRwX3N0YXR1cwogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5yZXNwb25zZQogICAgICAgIC0gbWV0YTogaHR0cF9wYXRoCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnJlcXVlc3QKICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7SFRUUERfRVJST1JMT0d9JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgICBwYXR0ZXJuX3N5bnRheDoKICAgICAgTk9UX0RPVUJMRV9QT0lOVDogJ1teOl0rJwogICAgICBOT1RfRE9VQkxFX1FVT1RFOiAnW14iXSsnICAgIAogICAgbm9kZXM6CiAgICAgIC0gZmlsdGVyOiAiZXZ0LlBhcnNlZC5tb2R1bGUgPT0gJ2F1dGhfYmFzaWMnIgogICAgICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogICAgICAgIHBhdHRlcm5fc3ludGF4OgogICAgICAgICAgRVhUUkFDVF9VU0VSX0FORF9QQVRIOiAndXNlciAle05PVF9ET1VCTEVfUE9JTlQ6dXNlcm5hbWV9OiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlIGZvciAiJXtOT1RfRE9VQkxFX1FVT1RFOnRhcmdldF91cml9IjogUGFzc3dvcmQgTWlzbWF0Y2gnCiAgICAgICAgZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICcle0VYVFJBQ1RfVVNFUl9BTkRfUEFUSH0nCiAgICAgICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICAgICAgIyB0aGVzZSBvbmVzIGFwcGx5IGZvciBib3RoIGdyb2sgcGF0dGVybnMKICAgICAgICBzdGF0aWNzOgogICAgICAgICAgLSBtZXRhOiB1c2VybmFtZQogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXJuYW1lCiAgICAgICAgICAtIG1ldGE6IGh0dHBfcGF0aAogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRhcmdldF91cmkKICAgICAgICAgIC0gbWV0YTogc3ViX3R5cGUKICAgICAgICAgICAgdmFsdWU6ICJhdXRoX2ZhaWwiCiAgICAgIC0gZmlsdGVyOiAiZXZ0LlBhcnNlZC5tb2R1bGUgPT0gJ2F1dGh6X2NvcmUnICYmIGV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnY2xpZW50IGRlbmllZCciCiAgICAgICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgICAgICAgcGF0dGVybl9zeW50YXg6CiAgICAgICAgICBFWFRSQUNUX1BBVEg6ICdjbGllbnQgZGVuaWVkIGJ5IHNlcnZlciBjb25maWd1cmF0aW9uOiAle0dSRUVEWURBVEE6dGFyZ2V0X3VyaX0nCiAgICAgICAgZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICcle0VYVFJBQ1RfUEFUSH0nCiAgICAgICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAtIG1ldGE6IGh0dHBfcGF0aAogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRhcmdldF91cmkKICAgICAgICAgIC0gbWV0YTogc3ViX3R5cGUKICAgICAgICAgICAgdmFsdWU6ICJwZXJtaXNzaW9uX2RlbmllZCIKICAgIHN0YXRpY3M6CiAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICB2YWx1ZTogaHR0cF9lcnJvci1sb2cKICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXAKICAgICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgICAgdmFsdWU6IGh0dHAKICAgICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmNsaWVudAogICAgICAtIG1ldGE6IGh0dHBfc3RhdHVzCiAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5yZXNwb25zZQoKICAgICAg", + "description": "Parse Apache2 access and error logs", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/cowrie-logs": { + "path": "parsers/s01-parse/crowdsecurity/cowrie-logs.yaml", + "stage": "s01-parse", + "version": "0.1", + "versions": { + "0.1": { + "digest": "4ebcf38bef1106ba94ccf6aa575958695de12fa1278b25dddb76cfdce93b553b", + "deprecated": false + } + }, + "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNvd3JpZS1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgY293cmllIGhvbmV5cG90cyBsb2dzIgpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2Nvd3JpZSciCmdyb2s6CiAgbmFtZTogIkNPV1JJRV9ORVdfQ08iCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogdGVsbmV0CiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiB0ZWxuZXRfbmV3X3Nlc3Npb24KICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAgIC0gbWV0YTogZGVzdF9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5kZXN0X2lwIgogICAgLSBtZXRhOiBkZXN0X3BvcnQKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuZGVzdF9wb3J0IgogICAgLSBwYXJzZWQ6ICJ0ZWxuZXRfc2Vzc2lvbiIKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGVsbmV0X3Nlc3Npb24i", + "description": "Parse cowrie honeypots logs", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/dateparse-enrich": { + "path": "parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml", + "stage": "s02-enrich", + "version": "0.1", + "versions": { + "0.1": { + "digest": "16b79f7ef39d0c5e71180cff559b0e2ef98983f2009b5f26d778509e897f94d4", + "deprecated": false + } + }, + "long_description": "UGFyc2VzIHRpbWVzdGFtcCBzdHJpbmdzIGluIGxvZ3MgdG8gYmUgdXNlZCBpbiBbZm9yZW5zaWMgbW9kZV0oaHR0cHM6Ly9kb2MuY3Jvd2RzZWMubmV0L0Nyb3dkc2VjL3YxL3VzZXJfZ3VpZGUvZm9yZW5zaWNfbW9kZS8pLiBUaGUgZm9sbG93aW5nIGZvcm1hdHMgYXJlIGN1cnJlbnRseSBzdXBwb3J0ZWQgOgoKIC0gUkZDMzMzOQogLSBgMDIvSmFuLzIwMDY6MTU6MDQ6MDUgLTA3MDBgCiAtIGBNb24gSmFuIDIgMTU6MDQ6MDUgMjAwNmAKIC0gYDAyLUphbi0yMDA2IDE1OjA0OjA1IGV1cm9wZS9wYXJpc2AKIC0gYDAxLzAyLzIwMDYgMTU6MDQ6MDVgCiAtIGAyMDA2LTAxLTAyIDE1OjA0OjA1Ljk5OTk5OTk5OSAtMDcwMCBNU1RgCiAtIGBKYW4gIDIgMTU6MDQ6MDVgCiAtIGBNb24gSmFuIDAyIDE1OjA0OjA1LjAwMDAwMCAyMDA2YAogLSBgMjAwNi0wMS0wMlQxNTowNDowNVowNzowMGAKIC0gYDIwMDYvMDEvMDJgCiAtIGAyMDA2LzAxLzAyIDE1OjA0YAogLSBgMjAwNi0wMS0wMmAKIC0gYDIwMDYtMDEtMDIgMTU6MDRgCgpUaGUgYFN0clRpbWVgIGl0ZW0gb2YgdGhlIGV2ZW50IGlzIHBhcnNlZCBieSBkZWZhdWx0LiBTZWUgW2Nyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3NdKGh0dHBzOi8vaHViLmNyb3dkc2VjLm5ldC9hdXRob3IvY3Jvd2RzZWN1cml0eS9jb25maWd1cmF0aW9ucy9zeXNsb2ctbG9ncykgYXMgYW4gZXhhbXBsZSBvZiBhIHBhcnNlciBzZXR0aW5nIHRoaXMgZmllbGQgZm9yIGBjcm93ZHNlY3VyaXR5L2RhdGVwYXJzZS1lbnJpY2hgLgo=", + "content": "ZmlsdGVyOiAiZXZ0LlN0clRpbWUgIT0gJyciCm5hbWU6IGNyb3dkc2VjdXJpdHkvZGF0ZXBhcnNlLWVucmljaAojZGVidWc6IHRydWUKI2l0J3MgYSBoYWNrIGxvbApzdGF0aWNzOgogIC0gbWV0aG9kOiBQYXJzZURhdGUKICAgIGV4cHJlc3Npb246IGV2dC5TdHJUaW1lCiAgLSB0YXJnZXQ6IE1hcnNoYWxlZFRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5NYXJzaGFsZWRUaW1l", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/dovecot-logs": { + "path": "parsers/s01-parse/crowdsecurity/dovecot-logs.yaml", + "stage": "s01-parse", + "version": "0.1", + "versions": { + "0.1": { + "digest": "3d30684b5d1ceea08ea743a2fa1697178d878bd87eb55e465432c000da162b42", + "deprecated": false + } + }, + "content": "I2NvbnRyaWJ1dGlvbiBieSBAbHRzaWNoCm9uc3VjY2VzczogbmV4dF9zdGFnZQpkZWJ1ZzogZmFsc2UKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdkb3ZlY290JyIKbmFtZTogY3Jvd2RzZWN1cml0eS9kb3ZlY290LWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBkb3ZlY290IGxvZ3MiCmdyb2s6CiAgcGF0dGVybjogIiV7V09SRDpwcm90b2NvbH0tbG9naW46ICV7REFUQTpkb3ZlY290X2xvZ2luX3Jlc3VsdH06IHVzZXI9PCV7REFUQTpkb3ZlY290X3VzZXJ9Pi4qLCByaXA9JXtJUDpkb3ZlY290X3JlbW90ZV9pcH0sIGxpcD0le0lQOmRvdmVjb3RfbG9jYWxfaXB9IgogIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBkb3ZlY290X2xvZ3MKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmRvdmVjb3RfcmVtb3RlX2lwIgo=", + "description": "Parse dovecot logs", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/geoip-enrich": { + "path": "parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml", + "stage": "s02-enrich", + "version": "0.2", + "versions": { + "0.1": { + "digest": "c0718adfc71ad462ad90485ad5c490e5de0e54d8af425bff552994e114443ab6", + "deprecated": false + }, + "0.2": { + "digest": "ab327e6044a32de7d2f3780cbc8e0c4af0c11716f353023d2dc7b986571bb765", + "deprecated": false + } + }, + "long_description": "VGhlIEdlb0lQIG1vZHVsZSByZWxpZXMgb24gZ2VvbGl0ZSBkYXRhYmFzZSB0byBwcm92aWRlIGVucmljaG1lbnQgb24gc291cmNlIGlwLgoKVGhlIGZvbGxvd2luZyBpbmZvcm1hdGlvbnMgd2lsbCBiZSBhZGRlZCB0byB0aGUgZXZlbnQgOgogLSBgTWV0YS5Jc29Db2RlYCA6IHR3by1sZXR0ZXJzIGNvdW50cnkgY29kZQogLSBgTWV0YS5Jc0luRVVgIDogYSBib29sZWFuIGluZGljYXRpbmcgaWYgSVAgaXMgaW4gRVUKIC0gYE1ldGEuR2VvQ29vcmRzYCA6IGxhdGl0dWRlICYgbG9uZ2l0dWRlIG9mIElQCiAtIGBNZXRhLkFTTk51bWJlcmAgOiBBdXRvbm9tb3VzIFN5c3RlbSBOdW1iZXIKIC0gYE1ldGEuQVNOT3JnYCA6IEF1dG9ub21vdXMgU3lzdGVtIE5hbWUKIC0gYE1ldGEuU291cmNlUmFuZ2VgIDogVGhlIHB1YmxpYyByYW5nZSB0byB3aGljaCB0aGUgSVAgYmVsb25ncwoKClRoaXMgY29uZmlndXJhdGlvbiBpbmNsdWRlcyBHZW9MaXRlMiBkYXRhIGNyZWF0ZWQgYnkgTWF4TWluZCBhdmFpbGFibGUgZnJvbSBbaHR0cHM6Ly93d3cubWF4bWluZC5jb21dKGh0dHBzOi8vd3d3Lm1heG1pbmQuY29tKSwgaXQgaW5jbHVkZXMgdHdvIGRhdGEgZmlsZXM6IAoqIFtHZW9MaXRlMi1DaXR5Lm1tZGJdKGh0dHBzOi8vY3Jvd2RzZWMtc3RhdGljcy1hc3NldHMuczMtZXUtd2VzdC0xLmFtYXpvbmF3cy5jb20vR2VvTGl0ZTItQ2l0eS5tbWRiKQoqIFtHZW9MaXRlMi1BU04ubW1kYl0oaHR0cHM6Ly9jcm93ZHNlYy1zdGF0aWNzLWFzc2V0cy5zMy1ldS13ZXN0LTEuYW1hem9uYXdzLmNvbS9HZW9MaXRlMi1BU04ubW1kYikKCg==", + "content": "ZmlsdGVyOiAiJ3NvdXJjZV9pcCcgaW4gZXZ0Lk1ldGEiCm5hbWU6IGNyb3dkc2VjdXJpdHkvZ2VvaXAtZW5yaWNoCmRlc2NyaXB0aW9uOiAiUG9wdWxhdGUgZXZlbnQgd2l0aCBnZW9sb2MgaW5mbyA6IGFzLCBjb3VudHJ5LCBjb29yZHMsIHNvdXJjZSByYW5nZS4iCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2Nyb3dkc2VjLXN0YXRpY3MtYXNzZXRzLnMzLWV1LXdlc3QtMS5hbWF6b25hd3MuY29tL0dlb0xpdGUyLUNpdHkubW1kYgogICAgZGVzdF9maWxlOiBHZW9MaXRlMi1DaXR5Lm1tZGIKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vY3Jvd2RzZWMtc3RhdGljcy1hc3NldHMuczMtZXUtd2VzdC0xLmFtYXpvbmF3cy5jb20vR2VvTGl0ZTItQVNOLm1tZGIKICAgIGRlc3RfZmlsZTogR2VvTGl0ZTItQVNOLm1tZGIKc3RhdGljczoKICAtIG1ldGhvZDogR2VvSXBDaXR5CiAgICBleHByZXNzaW9uOiBldnQuTWV0YS5zb3VyY2VfaXAKICAtIG1ldGE6IElzb0NvZGUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Jc29Db2RlCiAgLSBtZXRhOiBJc0luRVUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Jc0luRVUKICAtIG1ldGE6IEdlb0Nvb3JkcwogICAgZXhwcmVzc2lvbjogZXZ0LkVucmljaGVkLkdlb0Nvb3JkcwogIC0gbWV0aG9kOiBHZW9JcEFTTgogICAgZXhwcmVzc2lvbjogZXZ0Lk1ldGEuc291cmNlX2lwCiAgLSBtZXRhOiBBU05OdW1iZXIKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5BU05OdW1iZXIKICAtIG1ldGE6IEFTTk9yZwogICAgZXhwcmVzc2lvbjogZXZ0LkVucmljaGVkLkFTTk9yZwogIC0gbWV0aG9kOiBJcFRvUmFuZ2UKICAgIGV4cHJlc3Npb246IGV2dC5NZXRhLnNvdXJjZV9pcAogIC0gbWV0YTogU291cmNlUmFuZ2UKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Tb3VyY2VSYW5nZQo=", + "description": "Populate event with geoloc info : as, country, coords, source range.", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/http-logs": { + "path": "parsers/s02-enrich/crowdsecurity/http-logs.yaml", + "stage": "s02-enrich", + "version": "0.5", + "versions": { + "0.1": { + "digest": "d11c01b85927959d1619735c6ac09f260008211edcbf496db0d01b0bd93c5be2", + "deprecated": false + }, + "0.2": { + "digest": "1274d4a8afd04f96fa0adb03f661ba4a7771cd0be84cf33d1b405881d07c5f0e", + "deprecated": false + }, + "0.3": { + "digest": "26d3a09d652bd0024ceb1b51a864183367d7391fa33c87db5274c1e47c072999", + "deprecated": false + }, + "0.4": { + "digest": "ba77a9a5e6b979b9e8d327946aea0a42eed1f035766b80aab2c2a43fb7cf3c13", + "deprecated": false + }, + "0.5": { + "digest": "132938d05f1af484c29088b588aaa86a329a2e677842e17c255295fb47532990", + "deprecated": false + } + }, + "long_description": "VGhpcyBwYXJzZXIgaXMgYSBnZW5lcmljIHBvc3QtcGFyc2luZyBodHRwIHJlLXBhcnNlciBhbmQgcHJvZmlkZXMgbW9yZSBkZXRhaWxlZCBpbmZvcm1hdGlvbiBzdWNoIGFzIDoKIC0gc3RhdGljX3Jlc3NvdXJjZSA6IGEgYm9vbGVhbiB0byB0ZWxsIGlmIHRoZSByZXF1ZXN0ZWQgcmVzc291cmNlIGlzIGEgc3RhdGljIGZpbGUKIC0gZmlsZV9uYW1lIDogc2ltcGxlIGZpbGUrZmlsZS1leHRlbnNpb24KIC0gaW1wYWN0X2NvbXBsZXRpb24gOiBhIGJvb2xlYW4gZmxhZyBpbmRpY2F0aW5nIGlmIHRoZSByZXF1ZXN0IHN1Y2NlZWRlZCAoYmFzZWQgb24gdGhlIGh0dHAgcmVzcG9uc2UgY29kZSkK", + "content": "ZmlsdGVyOiAiZXZ0Lk1ldGEuc2VydmljZSA9PSAnaHR0cCcgJiYgZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWydodHRwX2FjY2Vzcy1sb2cnLCAnaHR0cF9lcnJvci1sb2cnXSIKZGVzY3JpcHRpb246ICJQYXJzZSBtb3JlIFNwZWNpZmljYWxseSBIVFRQIGxvZ3MsIHN1Y2ggYXMgSFRUUCBDb2RlLCBIVFRQIHBhdGgsIEhUVFAgYXJncyBhbmQgaWYgaXRzIGEgc3RhdGljIHJlc3NvdXJjZSIKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWxvZ3MKcGF0dGVybl9zeW50YXg6CiAgRElSOiAiXi4qLyIKICBGSUxFOiAiW14vXS4qPyIKICBFWFQ6ICJcXC5bXi5dKiR8JCIKbm9kZXM6CiAgLSBzdGF0aWNzOgogICAgIC0gcGFyc2VkOiAiaW1wYWN0X2NvbXBsZXRpb24iCiAgICAgICAjIHRoZSB2YWx1ZSBvZiBhIGZpZWxkIGNhbiBhcyB3ZWxsIGJlIGRldGVybWluZWQgYXMgdGhlIHJlc3VsdCBvZiBhbiBleHByZXNzaW9uCiAgICAgICBleHByZXNzaW9uOiAiZXZ0Lk1ldGEuaHR0cF9zdGF0dXMgaW4gWyc0MDQnLCAnNDAzJywgJzUwMiddID8gJ2ZhbHNlJyA6ICd0cnVlJyIKICAgICAtIHRhcmdldDogZXZ0LlBhcnNlZC5zdGF0aWNfcmVzc291cmNlCiAgICAgICB2YWx1ZTogJ2ZhbHNlJwogICMgbGV0J3Mgc3BsaXQgdGhlIHBhdGg/cXVlcnkgaWYgcG9zc2libGUKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICJeJXtHUkVFRFlEQVRBOnJlcXVlc3R9XFw/JXtHUkVFRFlEQVRBOmh0dHBfYXJnc30kIgogICAgICBhcHBseV9vbjogcmVxdWVzdAogICMgdGhpcyBpcyBhbm90aGVyIG5vZGUsIHdpdGggaXRzIG93biBwYXR0ZXJuX3N5bnRheAogIC0gI2RlYnVnOiB0cnVlCiAgICBncm9rOgogICAgICBwYXR0ZXJuOiAiJXtESVI6ZmlsZV9kaXJ9JXtGSUxFOmZpbGVfZnJhZ30le0VYVDpmaWxlX2V4dH0iCiAgICAgIGFwcGx5X29uOiByZXF1ZXN0CiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBodHRwX3BhdGgKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmh0dHBfcGF0aCIKICAgICAgICAgICMgbWV0YSBhZgogICAgICAgIC0gbWV0YTogaHR0cF9hcmdzX2xlbgogICAgICAgICAgZXhwcmVzc2lvbjogImxlbihldnQuUGFyc2VkLmh0dHBfYXJncykiCiAgICAgICAgLSBwYXJzZWQ6IGZpbGVfbmFtZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5maWxlX2ZyYWcgKyBldnQuUGFyc2VkLmZpbGVfZXh0CiAgICAgICAgLSBwYXJzZWQ6IHN0YXRpY19yZXNzb3VyY2UKICAgICAgICAgIGV4cHJlc3Npb246ICJVcHBlcihldnQuUGFyc2VkLmZpbGVfZXh0KSBpbiBbJy5KUEcnLCAnLkNTUycsICcuSlMnLCAnLkpQRUcnLCAnLlBORycsICcuU1ZHJywgJy5NQVAnLCAnLklDTycsICcuT1RGJywgJy5HSUYnLCAnLk1QMycsICcuTVA0JywgJy5XT0ZGJywgJy5XT0ZGMicsICcuVFRGJywgJy5PVEYnLCAnLkVPVCcsICcuV0VCUCddID8gJ3RydWUnIDogJ2ZhbHNlJyIK", + "description": "Parse more Specifically HTTP logs, such as HTTP Code, HTTP path, HTTP args and if its a static ressource", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/iptables-logs": { + "path": "parsers/s01-parse/crowdsecurity/iptables-logs.yaml", + "stage": "s01-parse", + "version": "0.1", + "versions": { + "0.1": { + "digest": "00076ea5d8fa862aeb6bb48890d84d9e2763bfc332a635eab884c0a3069fcccd", + "deprecated": false + } + }, + "long_description": "QSBwYXJzZXIgZm9yIGlwdGFibGVzIGAtaiBMT0dgIGxvZ3MuCgpBbGwgbG9nZ2VkIHBhY2tldHMgYXJlIGNvbnNpZGVyZWQgYXMgRFJPUHMuCgpUbyBtYWtlIHRoaXMgcGFyc2VyIHJlbGV2YW50LCB5b3Ugc2hvdWxkIGhhdmUgYSBgaXB0YWJsZXMgLUEgSU5QVVQgIC1tIHN0YXRlIC0tc3RhdGUgTkVXIC1qIExPR2Agb3Igc2ltaWxhciBpbnRvIHlvdXIgY29uZmlndXJhdGlvbi4gVGhpcyBvbmUgd2lsbCBsb2cgYWxsIG5ldyBjb25uZWN0aW9ucywgc3VjY2Vzc2Z1bCBvciBub3QuCgo=", + "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2tlcm5lbCciCm5hbWU6IGNyb3dkc2VjdXJpdHkvaXB0YWJsZXMtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGlwdGFibGVzIGRyb3AgbG9ncyIKZ3JvazoKICBwYXR0ZXJuOiBcWyV7REFUQX1cXSsuKigle1dPUkQ6YWN0aW9ufSk/IElOPSV7V09SRDppbnRfZXRofSBPVVQ9IE1BQz0le0lQfTole01BQ30gU1JDPSV7SVA6c3JjX2lwfSBEU1Q9JXtJUDpkc3RfaXB9IExFTj0le0lOVDpsZW5ndGh9LipQUk9UTz0le1dPUkQ6cHJvdG99IFNQVD0le0lOVDpzcmNfcG9ydH0gRFBUPSV7SU5UOmRzdF9wb3J0fS4qCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogdGNwCiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBpcHRhYmxlc19kcm9wCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zcmNfaXAiCiAg", + "description": "Parse iptables drop logs", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/modsecurity": { + "path": "parsers/s01-parse/crowdsecurity/modsecurity.yaml", + "stage": "s01-parse", + "version": "0.1", + "versions": { + "0.1": { + "digest": "8db1b74ef6681ebe8e9fcc09ed271830a330f3aa5dd3e273a98b3906c334f715", + "deprecated": false + } + }, + "long_description": "VGhpcyBtb2RzZWN1cml0eSBwYXJzZXIgc3VwcG9ydCBtb2RzZWN1cml0eSBsb2dzIGZyb20gYXBhY2hlMiBlcnJvciBsb2cuCgooTm90IHRlc3RlZCB3aXRoIE5naW54IHlldCkuIA==", + "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdtb2RzZWN1cml0eScKbmFtZTogY3Jvd2RzZWN1cml0eS9tb2RzZWN1cml0eQojZGVidWc6IHRydWUKZGVzY3JpcHRpb246IEEgcGFyc2VyIGZvciBtb2RzZWN1cml0eSBXQUYKZ3JvazoKICBuYW1lOiBNT0RTRUNBUEFDSEVFUlJPUgogIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IG1vZHNlY3VyaXR5CiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlaG9zdAo=", + "description": "A parser for modsecurity WAF", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/mysql-logs": { + "path": "parsers/s01-parse/crowdsecurity/mysql-logs.yaml", + "stage": "s01-parse", + "version": "0.1", + "versions": { + "0.1": { + "digest": "9ad9acb6f2c62c6d38c8b662a22af412f6bb0d73f14197b5136cc2c777a3865b", + "deprecated": false + } + }, + "long_description": "TXlzcWwgYXV0aGVudGljYXRpb24gZmFpbCBwYXJzZXIuCg==", + "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbXlzcWwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIE15U1FMIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnbXlzcWwnIgpncm9rOgogIG5hbWU6ICJNWVNRTF9BVVRIX0ZBSUwiCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogbXlzcWxfZmFpbGVkX2F1dGgKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogIC0gbWV0YTogdXNlcgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudXNlciI=", + "description": "Parse MySQL logs", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/naxsi-logs": { + "path": "parsers/s02-enrich/crowdsecurity/naxsi-logs.yaml", + "stage": "s02-enrich", + "version": "0.1", + "versions": { + "0.1": { + "digest": "c8b9f9ffdc82619cfc9ef10be9ba18513f702688d86d5c48a5cffb525499a8f0", + "deprecated": false + } + }, + "content": "I2xldCdzIHRyeSB0byBwb3N0LXByb2Nlc3MgbmdpbnggZXJyb3IgbG9nIHRvIGhhdmUgbmF4c2kgcGF0dGVybgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnaHR0cF9lcnJvci1sb2cnICYmIGV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnbmdpbngnIgpkZXNjcmlwdGlvbjogIkVucmljaCBsb2dzIGlmIGl0cyBmcm9tIE5BWFNJIgpuYW1lOiBjcm93ZHNlY3VyaXR5L25heHNpLWxvZ3MKZ3JvazoKICBuYW1lOiAiTkFYU0lfRVhMT0ciCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIHRhcmdldDogZXZ0Lk1ldGEubG9nX3R5cGUKICAgIHZhbHVlOiB3YWZfbmF4c2ktbG9nCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLm5heHNpX3NyY19pcCIKICAtIG1ldGE6IGh0dHBfcGF0aAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuaHR0cF9wYXRoIgogIC0gbWV0YTogZGVzdF9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGFyZ2V0X2lwIg==", + "description": "Enrich logs if its from NAXSI", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/nginx-logs": { + "path": "parsers/s01-parse/crowdsecurity/nginx-logs.yaml", + "stage": "s01-parse", + "version": "0.2", + "versions": { + "0.1": { + "digest": "60ba29ab5a5a49214664344b57403fab932e70bb1493203e83dc7df4f66b2059", + "deprecated": false + }, + "0.2": { + "digest": "eae9b00d93c9e86f4b909bf0b0ce7dee821834702bc99c29213ebeca86054367", + "deprecated": false + } + }, + "long_description": "QSBnZW5lcmljIHBhcnNlciBmb3IgbmdpbngsIHN1cHBvcnQgYm90aCBhY2Nlc3MgYW5kIGVycm9yIGxvZ3MuCgoKKm5vdGUgOiAqIElmIHlvdSBhcmUgYWdncmVnYXRpbmcgbG9ncyBmcm9tIHNldmVyYWwgZG9tYWlucywgcHJlZml4IHlvdXIgbG9nbGluZSB3aXRoIHRoZSB0YXJnZXQgRlFETi4gSFRUUCBiYXNlZCBzY2VuYXJpb3Mgc2hvdWxkIHRha2UgdGhpcyBpbnRvIGFjY291bnQgc28gdGhhdCBidWNrZXRzIGFyZSBfcGVyXyBzb3VyY2UgSVAgcGVyIHRhcmdldCBGUUROLCBsaW1pdGluZyBmYWxzZSBwb3NpdGl2ZXMgZHVlIHRvIGxvZ3MgbXVsdGlwbGV4aW5nLgoK", + "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ25naW54JyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L25naW54LWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBuZ2lueCBhY2Nlc3MgYW5kIGVycm9yIGxvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJygle0lQT1JIT1NUOnRhcmdldF9mcWRufSApPyV7SVBPUkhPU1Q6cmVtb3RlX2FkZHJ9IC0gJXtOR1VTRVI6cmVtb3RlX3VzZXJ9IFxbJXtIVFRQREFURTp0aW1lX2xvY2FsfVxdICIle1dPUkQ6dmVyYn0gJXtVUklQQVRIUEFSQU06cmVxdWVzdH0gSFRUUC8le05VTUJFUjpodHRwX3ZlcnNpb259IiAle05VTUJFUjpzdGF0dXN9ICV7TlVNQkVSOmJvZHlfYnl0ZXNfc2VudH0gIiV7Tk9URFFVT1RFOmh0dHBfcmVmZXJlcn0iICIle05PVERRVU9URTpodHRwX3VzZXJfYWdlbnR9IicKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogaHR0cF9hY2Nlc3MtbG9nCiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVfbG9jYWwKICAtIGdyb2s6CiAgICAgICAgIyBhbmQgdGhpcyBvbmUgdGhlIGVycm9yIGxvZwogICAgICAgIHBhdHRlcm46ICcoJXtJUE9SSE9TVDp0YXJnZXRfZnFkbn0gKT8le05HSU5YRVJSVElNRTp0aW1lfSBcWyV7TE9HTEVWRUw6bG9nbGV2ZWx9XF0gJXtOT05ORUdJTlQ6cGlkfSMle05PTk5FR0lOVDp0aWR9OiAoXCole05PTk5FR0lOVDpjaWR9ICk/JXtHUkVFRFlEQVRBOm1lc3NhZ2V9JwogICAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgICAgdmFsdWU6IGh0dHBfZXJyb3ItbG9nCiAgICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lCiMgdGhlc2Ugb25lcyBhcHBseSBmb3IgYm90aCBncm9rIHBhdHRlcm5zCnN0YXRpY3M6CiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogaHR0cAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5yZW1vdGVfYWRkciIKICAtIG1ldGE6IGh0dHBfc3RhdHVzCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zdGF0dXMiCiAgLSBtZXRhOiBodHRwX3BhdGgKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlcXVlc3Qi", + "description": "Parse nginx access and error logs", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/postfix-logs": { + "path": "parsers/s01-parse/crowdsecurity/postfix-logs.yaml", + "stage": "s01-parse", + "version": "0.2", + "versions": { + "0.1": { + "digest": "da6b8ecae70e951905697c92fc0c198c2148041bf96e33658d485818c37d7414", + "deprecated": false + }, + "0.2": { + "digest": "7338524c5cd363792ee2b8edd488ee6e855b925e073ad659ae2c1b9fb1f4afdf", + "deprecated": false + } + }, + "content": "IyBDb3B5cmlnaHQgKGMpIDIwMTQsIDIwMTUsIFJ1ZHkgR2V2YWVydAojIENvcHlyaWdodCAoYykgMjAyMCBDcm93ZHNlYwoKIyBQZXJtaXNzaW9uIGlzIGhlcmVieSBncmFudGVkLCBmcmVlIG9mIGNoYXJnZSwgdG8gYW55IHBlcnNvbiBvYnRhaW5pbmcKIyBhIGNvcHkgb2YgdGhpcyBzb2Z0d2FyZSBhbmQgYXNzb2NpYXRlZCBkb2N1bWVudGF0aW9uIGZpbGVzICh0aGUKIyAiU29mdHdhcmUiKSwgdG8gZGVhbCBpbiB0aGUgU29mdHdhcmUgd2l0aG91dCByZXN0cmljdGlvbiwgaW5jbHVkaW5nCiMgd2l0aG91dCBsaW1pdGF0aW9uIHRoZSByaWdodHMgdG8gdXNlLCBjb3B5LCBtb2RpZnksIG1lcmdlLCBwdWJsaXNoLAojIGRpc3RyaWJ1dGUsIHN1YmxpY2Vuc2UsIGFuZC9vciBzZWxsIGNvcGllcyBvZiB0aGUgU29mdHdhcmUsIGFuZCB0bwojIHBlcm1pdCBwZXJzb25zIHRvIHdob20gdGhlIFNvZnR3YXJlIGlzIGZ1cm5pc2hlZCB0byBkbyBzbywgc3ViamVjdCB0bwojIHRoZSBmb2xsb3dpbmcgY29uZGl0aW9uczoKCiMgVGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UgYW5kIHRoaXMgcGVybWlzc2lvbiBub3RpY2Ugc2hhbGwgYmUKIyBpbmNsdWRlZCBpbiBhbGwgY29waWVzIG9yIHN1YnN0YW50aWFsIHBvcnRpb25zIG9mIHRoZSBTb2Z0d2FyZS4KCiMgVEhFIFNPRlRXQVJFIElTIFBST1ZJREVEICJBUyBJUyIsIFdJVEhPVVQgV0FSUkFOVFkgT0YgQU5ZIEtJTkQsCiMgRVhQUkVTUyBPUiBJTVBMSUVELCBJTkNMVURJTkcgQlVUIE5PVCBMSU1JVEVEIFRPIFRIRSBXQVJSQU5USUVTIE9GCiMgTUVSQ0hBTlRBQklMSVRZLCBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBTkQKIyBOT05JTkZSSU5HRU1FTlQuIElOIE5PIEVWRU5UIFNIQUxMIFRIRSBBVVRIT1JTIE9SIENPUFlSSUdIVCBIT0xERVJTIEJFCiMgTElBQkxFIEZPUiBBTlkgQ0xBSU0sIERBTUFHRVMgT1IgT1RIRVIgTElBQklMSVRZLCBXSEVUSEVSIElOIEFOIEFDVElPTgojIE9GIENPTlRSQUNULCBUT1JUIE9SIE9USEVSV0lTRSwgQVJJU0lORyBGUk9NLCBPVVQgT0YgT1IgSU4gQ09OTkVDVElPTgojIFdJVEggVEhFIFNPRlRXQVJFIE9SIFRIRSBVU0UgT1IgT1RIRVIgREVBTElOR1MgSU4gVEhFIFNPRlRXQVJFLgoKIyBTb21lIG9mIHRoZSBncm9rcyB1c2VkIGhlcmUgYXJlIGZyb20gaHR0cHM6Ly9naXRodWIuY29tL3JnZXZhZXJ0L2dyb2stcGF0dGVybnMvYmxvYi9tYXN0ZXIvZ3Jvay5kL3Bvc3RmaXhfcGF0dGVybnMKb25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAncG9zdGZpeC9zbXRwZCciCm5hbWU6IGNyb3dkc2VjdXJpdHkvcG9zdGZpeC1sb2dzCnBhdHRlcm5fc3ludGF4OgogIFBPU1RGSVhfSE9TVE5BTUU6ICcoJXtIT1NUTkFNRX18dW5rbm93biknCiAgUE9TVEZJWF9DT01NQU5EOiAnKEFVVEh8U1RBUlRUTFN8Q09OTkVDVHxFSExPfEhFTE98UkNQVCknCiAgUE9TVEZJWF9BQ1RJT046ICdkaXNjYXJkfGR1bm5vfGZpbHRlcnxob2xkfGlnbm9yZXxpbmZvfHByZXBlbmR8cmVkaXJlY3R8cmVwbGFjZXxyZWplY3R8d2FybicKICBSRUxBWTogJyg/OiV7SE9TVE5BTUU6cmVtb3RlX2hvc3R9KD86XFsle0lQOnJlbW90ZV9hZGRyfVxdKD86OlswLTldKyguWzAtOV0rKT8pPyk/KScKZGVzY3JpcHRpb246ICJQYXJzZSBwb3N0Zml4IGxvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgcGF0dGVybjogJ2xvc3QgY29ubmVjdGlvbiBhZnRlciAle0RBVEE6c210cF9yZXNwb25zZX0gZnJvbSAle1JFTEFZfScKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlX2VuaAogICAgICAgICAgdmFsdWU6IHNwYW0tYXR0ZW1wdAogIC0gZ3JvazoKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgcGF0dGVybjogJ3dhcm5pbmc6ICV7UE9TVEZJWF9IT1NUTkFNRTpyZW1vdGVfaG9zdH1cWyV7SVA6cmVtb3RlX2FkZHJ9XF06IFNBU0wgKCg/aSlMT0dJTnxQTEFJTnwoPzpDUkFNfERJR0VTVCktTUQ1KSBhdXRoZW50aWNhdGlvbiBmYWlsZWQ6JXtHUkVFRFlEQVRBOm1lc3NhZ2VfZmFpbHVyZX0nCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZV9lbmgKICAgICAgICAgIHZhbHVlOiBzcGFtLWF0dGVtcHQKICAtIGdyb2s6CiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHBhdHRlcm46ICdOT1FVRVVFOiAle1BPU1RGSVhfQUNUSU9OOmFjdGlvbn06ICV7REFUQTpjb21tYW5kfSBmcm9tICV7UkVMQVl9OiAle0dSRUVEWURBVEE6cmVhc29ufScKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGFjdGlvbgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuYWN0aW9uIiAgICAgICAgCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHBvc3RmaXgKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlbW90ZV9hZGRyIgogICAgLSBtZXRhOiBzb3VyY2VfaG9zdG5hbWUKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVtb3RlX2hvc3QiCiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBwb3N0Zml4Cgo=", + "description": "Parse postfix logs", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/postscreen-logs": { + "path": "parsers/s01-parse/crowdsecurity/postscreen-logs.yaml", + "stage": "s01-parse", + "version": "0.1", + "versions": { + "0.1": { + "digest": "5ee035d47824573e19f9a1d378d8882cf3efa72f6443e2243f915d6b38b4b957", + "deprecated": false + } + }, + "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAncG9zdGZpeC9wb3N0c2NyZWVuJyIKbmFtZTogY3Jvd2RzZWN1cml0eS9wb3N0c2NyZWVuLWxvZ3MKcGF0dGVybl9zeW50YXg6CiAgUE9TVFNDUkVFTl9QUkVHUkVFVDogJ1BSRUdSRUVUJwogIFBPU1RTQ1JFRU5fUFJFR1JFRVRfVElNRV9BVFRFTVBUOiAnXGQrLlxkKycKZGVzY3JpcHRpb246ICJQYXJzZSBwb3N0c2NyZWVuIGxvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgcGF0dGVybjogJyV7UE9TVFNDUkVFTl9QUkVHUkVFVDpwcmVncmVldH0gJXtJTlQ6Y291bnR9IGFmdGVyICV7UE9TVFNDUkVFTl9QUkVHUkVFVF9USU1FX0FUVEVNUFQ6dGltZV9hdHRlbXB0fSBmcm9tIFxbJXtJUDpyZW1vdGVfYWRkcn1cXTole0lOVDpwb3J0fTogJXtHUkVFRFlEQVRBOm1lc3NhZ2VfYXR0ZW1wdH0nCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHBvc3RzY3JlZW4KICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlbW90ZV9hZGRyIgogICAgLSBtZXRhOiBwcmVncmVldAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5wcmVncmVldCIKCgo=", + "description": "Parse postscreen logs", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/smb-logs": { + "path": "parsers/s01-parse/crowdsecurity/smb-logs.yaml", + "stage": "s01-parse", + "version": "0.1", + "versions": { + "0.1": { + "digest": "a68bdf79455bda0a84ffaa109752b682266ea0e050d04c260a965a0dbac0fb27", + "deprecated": false + } + }, + "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvc21iLWxvZ3MKZmlsdGVyOiBldnQuUGFyc2VkLnByb2dyYW0gPT0gJ3NtYicKZGVzY3JpcHRpb246ICJQYXJzZSBTTUIgbG9ncyIKZ3JvazoKICBuYW1lOiAiU01CX0FVVEhfRkFJTCIKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiBzbWJfZmFpbGVkX2F1dGgKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuaXBfc291cmNlIgogIC0gbWV0YTogdXNlcgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudXNlciI=", + "description": "Parse SMB logs", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/sshd-logs": { + "path": "parsers/s01-parse/crowdsecurity/sshd-logs.yaml", + "stage": "s01-parse", + "version": "0.1", + "versions": { + "0.1": { + "digest": "ecd40cb8cd95e2bad398824ab67b479362cdbf0e1598b8833e2f537ae3ce2f93", + "deprecated": false + } + }, + "long_description": "WW91ciBvbmUgZml0cy1hbGwgc3NoIHBhcnNlciB3aXRoIHN1cHBvcnQgZm9yIHRoZSBtb3N0IGNvbW1vbiBraW5kIG9mIGZhaWxlZCBhdXRoZW50aWNhdGlvbnMgYW5kIGVycm9ycy4KCg==", + "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnc3NoZCciCm5hbWU6IGNyb3dkc2VjdXJpdHkvc3NoZC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2Ugb3BlblNTSCBsb2dzIgpub2RlczoKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0ZBSUwiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9ESVNDX1BSRUFVVEgiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9CQURfVkVSU0lPTiIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0lOVkFMX1VTRVIiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9VU0VSX0ZBSUwiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHNzaAogICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2NsaWVudF9pcCI=", + "description": "Parse openSSH logs", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/syslog-logs": { + "path": "parsers/s00-raw/crowdsecurity/syslog-logs.yaml", + "stage": "s00-raw", + "version": "0.1", + "versions": { + "0.1": { + "digest": "44e8cfbf528dcd70c6cc329df1b963f6861668796c706cc79050b0907a85540e", + "deprecated": false + } + }, + "long_description": "IyBTeXNsb2cgcGFyc2VyCgpUaGlzIGlzIGEgZ2VuZXJpYyBsaW51eCBzeXNsb2cgcGFyc2VyIHdpdGggdGltZS1zdXBwb3J0LgpUaGlzIG9uZSBvZnRlbiB3b3JrcyBhbG9uZyBgY3Jvd2RzZWN1cml0eS9za2lwLXByZXRhZ2AKCg==", + "content": "I0lmIGl0J3Mgc3lzbG9nLCB3ZSBhcmUgZ29pbmcgdG8gZXh0cmFjdCBwcm9nbmFtZSBmcm9tIGl0CmZpbHRlcjogImV2dC5MaW5lLkxhYmVscy50eXBlID09ICdzeXNsb2cnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncwpncm9rOgogICN0aGlzIGlzIGEgbmFtZWQgcmVndWxhciBleHByZXNzaW9uLiBncm9rIHBhdHRlcm5zIGNhbiBiZSBrZXB0IGludG8gc2VwYXJhdGUgZmlsZXMgZm9yIHJlYWRhYmlsaXR5CiAgbmFtZTogIlNZU0xPR0xJTkUiIAogICNUaGlzIGlzIHRoZSBmaWVsZCBvZiB0aGUgYEV2ZW50YCB0byB3aGljaCB0aGUgcmVnZXhwIHNob3VsZCBiZSBhcHBsaWVkCiAgYXBwbHlfb246IExpbmUuUmF3CiNpZiB0aGUgbm9kZSB3YXMgc3VjY2Vzc2Z1bGwsIHN0YXRpY3Mgd2lsbCBiZSBhcHBsaWVkLgpzdGF0aWNzOgogIC0gcGFyc2VkOiAibG9nc291cmNlIgogICAgdmFsdWU6ICJzeXNsb2ciCiMgc3lzbG9nIGRhdGUgY2FuIGJlIGluIHR3byBkaWZmZXJlbnQgZmllbGRzIChvbmUgb2YgaHRlIGFzc2lnbm1lbnQgd2lsbCBmYWlsKQogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXAKICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wODYwMQotLS0KI2lmIGl0J3Mgbm90IHN5c2xvZywgdGhlIHR5cGUgaXMgdGhlIHByb2duYW1lCmZpbHRlcjogImV2dC5MaW5lLkxhYmVscy50eXBlICE9ICdzeXNsb2cnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogY3Jvd2RzZWN1cml0eS9ub24tc3lzbG9nCiNkZWJ1ZzogdHJ1ZQpzdGF0aWNzOgogIC0gcGFyc2VkOiBtZXNzYWdlCiAgICBleHByZXNzaW9uOiBldnQuTGluZS5SYXcKICAtIHBhcnNlZDogcHJvZ3JhbQogICAgZXhwcmVzc2lvbjogZXZ0LkxpbmUuTGFiZWxzLnR5cGUKLS0tCg==", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/tcpdump-logs": { + "path": "parsers/s01-parse/crowdsecurity/tcpdump-logs.yaml", + "stage": "s01-parse", + "version": "0.1", + "versions": { + "0.1": { + "digest": "e51892c14d137cc4f12d2203c851a953e743f262561c48ff6108bd4222fff254", + "deprecated": false + } + }, + "long_description": "QSBwYXJzZXIgZm9yIHRjcGR1bXAgbG9ncy4KClRvIG1ha2UgdGhpcyBwYXJzZXIgcmVsZXZhbnQsIHlvdSBzaG91bGQgaGF2ZSBhZGQgdGNwZHVtcCBjb21tYW5kIHRoYXQgbG9nIHRjcCBzY2FuIDoKCkFuIGV4YW1wbGU6CmBgYGJhc2gKY2F0IDw8RU9GID4gL2V0Yy9zeXN0ZW1kL3N5c3RlbS90Y3BkdW1wLnNlcnZpY2UKW1VuaXRdCkRlc2NyaXB0aW9uPVRDUERVTVAKCltTZXJ2aWNlXQpUeXBlPXNpbXBsZQpVc2VyPXJvb3QKRXhlY1N0YXJ0PS9iaW4vc2ggLWMgJ3RjcGR1bXAgLWwgLW4gLWkgZXRoMCAidGNwW3RjcGZsYWdzXSAmICh0Y3Atc3luKSAhPSAwIiA+PiAvdmFyL2xvZy90Y3BkdW1wLm91dCcKUmVzdGFydD1vbi1mYWlsdXJlCgpbSW5zdGFsbF0KV2FudGVkQnk9bXVsdGktdXNlci50YXJnZXQKRU9GCgpzeXN0ZW1jdGwgZGFlbW9uLXJlbG9hZApzeXN0ZW1jdGwgZW5hYmxlIHRjcGR1bXAuc2VydmljZQpzZXJ2aWNlIHRjcGR1bXAgc3RhcnQKYGBgCgo=", + "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAndGNwZHVtcCciCm5hbWU6IGNyb3dkc2VjdXJpdHkvdGNwZHVtcC1sb2dzCiNkZWJ1ZzogdHJ1ZQpkZXNjcmlwdGlvbjogIlBhcnNlIHRjcGR1bXAgcmF3IGxvZ3MiCmdyb2s6CiAgbmFtZTogIlRDUERVTVBfT1VUUFVUIgogIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHRjcAogICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICB2YWx1ZTogdGNwX3N5bgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSBtZXRhOiBkZXN0X2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmRlc3RfaXAiCiAgICAtIG1ldGE6IGRlc3RfcG9ydAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5kZXN0X3BvcnQiCiAgICAtIHBhcnNlZDogIm5ld19jb25uZWN0aW9uIgogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50Y3BmbGFncyBjb250YWlucyAnUycgPyAndHJ1ZScgOiAnZmFsc2UnIg==", + "description": "Parse tcpdump raw logs", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/vsftpd-logs": { + "path": "parsers/s01-parse/crowdsecurity/vsftpd-logs.yaml", + "stage": "s01-parse", + "version": "0.1", + "versions": { + "0.1": { + "digest": "39d986c6005d2b96b8941a71ee81c4af35bd22b1094685a8b7f7fbc00e1b4f7f", + "deprecated": false + } + }, + "long_description": "RlRQIChbdnNmdHBkXShodHRwczovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9Wc2Z0cGQpKSBhdXRoZW50aWNhdGlvbiBmYWlsIHBhcnNlci4=", + "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IHZzZnRwZC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgVlNGVFBEIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAndnNmdHBkJyIKI2RlYnVnOiB0cnVlCnBhdHRlcm5fc3ludGF4OgogIEZUUF9BVVRIX0ZBSUw6ICcle0hUVFBERVJST1JfREFURTp0aW1lc3RhbXB9IFxbcGlkICV7TlVNQkVSfVxdIFxbJXtHUkVFRFlEQVRBOnVzZXJ9XF0gRkFJTCBMT0dJTjogQ2xpZW50ICIoOjpmZmZmOik/JXtJUDpzb3VyY2VfaXB9IicKZ3JvazoKICBwYXR0ZXJuOiAiJXtGVFBfQVVUSF9GQUlMfSIKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogICAgLSBtZXRhOiBwcm9ncmFtCiAgICAgIHZhbHVlOiB2c2Z0cGQKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IGZ0cF9mYWlsZWRfYXV0aAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSBtZXRhOiB1c2VyCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnVzZXIiCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXA=", + "description": "Parse VSFTPD logs", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/whitelists": { + "path": "parsers/s02-enrich/crowdsecurity/whitelists.yaml", + "stage": "s02-enrich", + "version": "0.1", + "versions": { + "0.1": { + "digest": "f51f41270a7ff9900d9c815beccc3ded36a1c377a6e21dd19f9d8209623789b1", + "deprecated": false + } + }, + "long_description": "QSBnZW5lcmljIHdoaXRlbGlzdCB0byBhdm9pZCBiYW5uaW5nIHlvdXJzZWxmLCB3aGl0ZWxpc3RlZCByYW5nZXMgOgoxOTIuMTY4LjAuMC8xNiwgMTAuMC4wLjAvOCwgMTcyLjE2LjAuMC8xMgo=", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS93aGl0ZWxpc3RzCmRlc2NyaXB0aW9uOiAiV2hpdGVsaXN0IGV2ZW50cyBmcm9tIHByaXZhdGUgaXB2NCBhZGRyZXNzZXMiCndoaXRlbGlzdDoKICByZWFzb246ICJwcml2YXRlIGlwdjQgcmFuZ2VzIgogIGlwOiAKICAgIC0gIjEyNy4wLjAuMSIKICBjaWRyOgogICAgLSAiMTkyLjE2OC4wLjAvMTYiCiAgICAtICIxMC4wLjAuMC84IgogICAgLSAiMTcyLjE2LjAuMC8xMiIKICAjIGV4cHJlc3Npb246CiAgIyAgIC0gIidmb28uY29tJyBpbiBldnQuTWV0YS5zb3VyY2VfaXAucmV2ZXJzZSIgCgo=", + "description": "Whitelist events from private ipv4 addresses", + "author": "crowdsecurity", + "labels": null + } + }, + "postoverflows": { + "crowdsecurity/cdn-whitelist": { + "path": "postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.yaml", + "stage": "s01-whitelist", + "version": "0.3", + "versions": { + "0.1": { + "digest": "d1cb42fbe9f3bb37f3cfa77ef5c60ec0b17dc3703bffb0d422dc6fe9cc0eb9f5", + "deprecated": false + }, + "0.2": { + "digest": "7fb5b1474067c22192cf12effb7d508e316c130900cb00c108c0467d18d9d2c0", + "deprecated": false + }, + "0.3": { + "digest": "63c933b81052c7776deb607ed7c115b89e59a88908123e04573853201122a45a", + "deprecated": false + } + }, + "long_description": "IyBDRE5zIHdoaXRlbGlzdAoKQ0ROcyB3aGl0ZWxpc3QgYmFzZWQgb24gZm9sbG93aW5nIGxpc3RzOgoqIGh0dHBzOi8vd3d3LmNsb3VkZmxhcmUuY29tL2lwcy12NAoKSXQgd2lsbCB3aGl0ZWxpc3Qgb3ZlcmZsb3dzIHRyaWdnZXJlZCBvbiBhbiBJUCBpbiB0aG9zZSBsaXN0cw==", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9jZG4td2hpdGVsaXN0CmRlc2NyaXB0aW9uOiAiV2hpdGVsaXN0IENETiBwcm92aWRlcnMiCndoaXRlbGlzdDoKICByZWFzb246ICJDRE4gcHJvdmlkZXIiCiAgZXhwcmVzc2lvbjogCiAgICAtICJhbnkoRmlsZSgnY2xvdWRmbGFyZV9pcHMudHh0JyksIHsgSXBJblJhbmdlKGV2dC5PdmVyZmxvdy5BbGVydC5Tb3VyY2UuSVAgLCMpfSkiCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL3d3dy5jbG91ZGZsYXJlLmNvbS9pcHMtdjQKICAgIGRlc3RfZmlsZTogY2xvdWRmbGFyZV9pcHMudHh0CiAgICB0eXBlOiBzdHJpbmcK", + "description": "Whitelist CDN providers", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/rdns": { + "path": "postoverflows/s00-enrich/crowdsecurity/rdns.yaml", + "stage": "s00-enrich", + "version": "0.2", + "versions": { + "0.1": { + "digest": "796da42b262fe6574d78a7c7f95f73876d30a07751679a43afd018fc272e490a", + "deprecated": false + }, + "0.2": { + "digest": "2b174b379f05edb3aa298b7037f6a85cde06b45893e4152492a51757408d517b", + "deprecated": false + } + }, + "long_description": "IyBSZG5zIGVucmljaGVyCgpUaGlzIHdpbGwgdXNlIGByZXZlcnNlX2Ruc2AgbWV0aG9kIHRvIGVucmljaCBlbiBldmVudCB3aXRoIHRoZSByZXZlcnNlIGRucyBvZiB0aGUgSVAgaWYgaXQgZXhpc3RzLg==", + "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5PdmVyZmxvdy5BbGVydC5SZW1lZGlhdGlvbiA9PSB0cnVlIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3JkbnMKZGVzY3JpcHRpb246ICJMb29rdXAgdGhlIEROUyBhc3NvY2lhdGVkIHRvIHRoZSBzb3VyY2UgSVAgb25seSBmb3Igb3ZlcmZsb3dzIgpzdGF0aWNzOgogIC0gbWV0aG9kOiByZXZlcnNlX2RucwogICAgZXhwcmVzc2lvbjogZXZ0Lk92ZXJmbG93LkFsZXJ0LlNvdXJjZS5JUAogIC0gbWV0YTogcmV2ZXJzZV9kbnMKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5yZXZlcnNlX2Rucwo=", + "description": "Lookup the DNS associated to the source IP only for overflows", + "author": "crowdsecurity", + "labels": null + }, + "crowdsecurity/seo-bots-whitelist": { + "path": "postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.yaml", + "stage": "s01-whitelist", + "version": "0.4", + "versions": { + "0.1": { + "digest": "6df83947191a61ab73a87fccb3c285563bd9c4b3ef8027558d3510d262776ebe", + "deprecated": false + }, + "0.2": { + "digest": "71eccc355bf181addcb1b5681c5fa99e087b23cbd8fed40ade7ff8a3b07488ef", + "deprecated": false + }, + "0.3": { + "digest": "43968bb27b6f8cb8420bdcfa997627bce5f19e62fb96299af8c0e1e767ff0582", + "deprecated": false + }, + "0.4": { + "digest": "f48b0841cc4cf03fe16f118ea1b5d64f4c1eb07cbacf4647bb0e871b4fd71f8c", + "deprecated": false + } + }, + "long_description": "IyBTRU8gQm90cyBXaGl0ZWxpc3QKCkNvbmZpZ3VyYXRpb24gYmFzZWQgb24gYGNyb3dkc2VjdXJpdHkvcmRuc2AgdG8gd2hpdGVsaXN0IGZvbGxvd2luZyBiZW5pZ24gU0VPIGJvdHM6CiogZHVja2R1Y2tCb3QKKiBnb29nbGVib3QKKiB5YW5kZXgKKiBiaW5nCiogYmFpZHUKKiB5YWhvbwoqIHBpbnRlcmVzdAoqIHF3YW50Cg==", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9zZW8tYm90cy13aGl0ZWxpc3QKZGVzY3JpcHRpb246ICJXaGl0ZWxpc3QgZ29vZCBzZWFyY2ggZW5naW5lIGNyYXdsZXJzIgp3aGl0ZWxpc3Q6CiAgcmVhc29uOiAiZ29vZCBib3RzIChzZWFyY2ggZW5naW5lIGNyYXdsZXJzKSIKICBleHByZXNzaW9uOiAKICAgIC0gImFueShGaWxlKCdyZG5zX3Nlb19ib3RzLnR4dCcpLCB7IGxlbigjKSA+IDAgJiYgZXZ0LkVucmljaGVkLnJldmVyc2VfZG5zIGVuZHNXaXRoICN9KSIKICAgIC0gIlJlZ2V4cEluRmlsZShldnQuRW5yaWNoZWQucmV2ZXJzZV9kbnMsICdyZG5zX3Nlb19ib3RzLnJlZ2V4JykiCiAgICAtICJhbnkoRmlsZSgnaXBfc2VvX2JvdHMudHh0JyksIHsgbGVuKCMpID4gMCAmJiBJcEluUmFuZ2UoZXZ0Lk92ZXJmbG93LkFsZXJ0LlNvdXJjZS5JUCAsIyl9KSIKZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2hpdGVsaXN0cy9iZW5pZ25fYm90cy9zZWFyY2hfZW5naW5lX2NyYXdsZXJzL3JkbnNfc2VvX2JvdHMudHh0CiAgICBkZXN0X2ZpbGU6IHJkbnNfc2VvX2JvdHMudHh0CiAgICB0eXBlOiBzdHJpbmcKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2hpdGVsaXN0cy9iZW5pZ25fYm90cy9zZWFyY2hfZW5naW5lX2NyYXdsZXJzL3JuZHNfc2VvX2JvdHMucmVnZXgKICAgIGRlc3RfZmlsZTogcmRuc19zZW9fYm90cy5yZWdleAogICAgdHlwZTogcmVnZXhwCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vY3Jvd2RzZWN1cml0eS9zZWMtbGlzdHMvbWFzdGVyL3doaXRlbGlzdHMvYmVuaWduX2JvdHMvc2VhcmNoX2VuZ2luZV9jcmF3bGVycy9pcF9zZW9fYm90cy50eHQKICAgIGRlc3RfZmlsZTogaXBfc2VvX2JvdHMudHh0CiAgICB0eXBlOiBzdHJpbmc=", + "description": "Whitelist good search engine crawlers", + "author": "crowdsecurity", + "labels": null + } + }, + "scenarios": { + "crowdsecurity/ban-defcon-drop_range": { + "path": "scenarios/crowdsecurity/ban-defcon-drop_range.yaml", + "version": "0.2", + "versions": { + "0.1": { + "digest": "da839847a4a67c1787ea5185e2b25e1e26710ac3b12e7c179a9bdda8a99b2009", + "deprecated": false + }, + "0.2": { + "digest": "e1068cba1ce38cc0c3b82b195e91b560e8675ae789c451bbef5c5b4aff1aff02", + "deprecated": false + } + }, + "long_description": "QmFucyBhIHJhbmdlIGlmIG1vcmUgdGhhbiA1IGlwcyBmcm9tIHNhaWQgcmFuZ2UgYXJlIGJhbm5lZC4KCkxlYWtzcGVlZCBvZiAxIG1pbnV0ZSwgY2FwYWNpdHkgb2YgNS4K", + "content": "I1RBUCBJVCBUV0lDRSA6IGlmIG1vcmUgdGhhbiA1IHVuaXF1ZSBJUHMgb2YgYSByYW5nZSBhcmUgYmVpbmcgYmFubmVkLCBkcm9wIHRoZSByYW5nZQp0eXBlOiBsZWFreQojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9iYW4tZGVmY29uLWRyb3BfcmFuZ2UKZGVzY3JpcHRpb246ICJCYW4gYSByYW5nZSBpZiBtb3JlIHRoYW4gNSBpcHMgZnJvbSBpdCBhcmUgYmFubmVkIGF0IGEgdGltZSIKI2l0J3MgYW4gb3ZlcmZsb3cgZnJvbSBhIHNjZW5hcmlvIHRoYXQgdHJpZ2dlcmVkIGEgcmVtZWRpYXRpb24gOykKZmlsdGVyOiAiZXZ0LkdldFR5cGUoKSA9PSAnb3ZlcmZsb3cnICYmIGV2dC5PdmVyZmxvdy5BbGVydC5SZW1lZGlhdGlvbiA9PSB0cnVlIgpncm91cGJ5OiAiZXZ0Lk92ZXJmbG93LkFsZXJ0LlNvdXJjZS5SYW5nZSIKZGlzdGluY3Q6ICJldnQuT3ZlcmZsb3cuQWxlcnQuU291cmNlLklQIgpjYXBhY2l0eTogNQpsZWFrc3BlZWQ6ICIxbSIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiByZW1lZGlhdGlvbjogdHJ1ZQpzY29wZToKIHR5cGU6IFJhbmdlCgo=", + "description": "Ban a range if more than 5 ips from it are banned at a time", + "author": "crowdsecurity", + "labels": { + "remediation": "true" + } + }, + "crowdsecurity/ban-report-ssh_bf_report": { + "path": "scenarios/crowdsecurity/ban-report-ssh_bf_report.yaml", + "version": "0.2", + "versions": { + "0.1": { + "digest": "0a7bc501a12b4a8aff250d95d3a08dd0f53ad9eb874ac523ba9c628302749c4d", + "deprecated": false + }, + "0.2": { + "digest": "34d80ea3e271c1c1735e55076610063b137a2311a11d51fecff93715b9a4ac39", + "deprecated": false + } + }, + "long_description": "Q291bnQgdGhlIG51bWJlciBvZiB1bmlxdWUgaXBzIHRoYXQgcGVyZm9ybWVkIHNzaF9icnV0ZWZvcmNlcywgcmVwb3J0IGV2ZXJ5IDEwIG1pbnV0ZXMuCg==", + "content": "dHlwZTogY291bnRlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2Jhbi1yZXBvcnRzLXNzaF9iZl9yZXBvcnQKZGVzY3JpcHRpb246ICJDb3VudCB1bmlxdWUgaXBzIHBlcmZvcm1pbmcgc3NoIGJydXRlZm9yY2UiCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuT3ZlcmZsb3cuQWxlcnQuU2NlbmFyaW8gPT0gJ3NzaF9icnV0ZWZvcmNlJyIKZGlzdGluY3Q6ICJldnQuT3ZlcmZsb3cuQWxlcnQuU291cmNlLklQIgpjYXBhY2l0eTogLTEKZHVyYXRpb246IDEwbQpsYWJlbHM6CiAgc2VydmljZTogc3NoCg==", + "description": "Count unique ips performing ssh bruteforce", + "author": "crowdsecurity", + "labels": { + "service": "ssh" + } + }, + "crowdsecurity/dovecot-spam": { + "path": "scenarios/crowdsecurity/dovecot-spam.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "fc1429f0c8d5b1ba20660ac0725fe0b52bb0382efa746e9bd962d80bdf7c9310", + "deprecated": false + } + }, + "long_description": "U3BhbSBkZXRlY3Rpb24gZm9yIGRvdmVjb3QgKGNhcGFjaXR5IG9mIDMgYW5kIGxlYWtzcGVlZCBvZiAzNjBzKQoKLSBhbGxvd3MgZmFpbCBhdXRoZW50aWNhdGlvbiBhdHRlbXB0IGV2ZXJ5IDYgbWludXRlcyB3aXRoIGEgYnVyc3Qgb2YgMwoKPiBDb250cmlidXRpb24gYnkgaHR0cHM6Ly9naXRodWIuY29tL0x0U2ljaAo=", + "content": "I2NvbnRyaWJ1dGlvbiBieSBAbHRzaWNoCnR5cGU6IGxlYWt5Cm5hbWU6IGNyb3dkc2VjdXJpdHkvZG92ZWNvdC1zcGFtCmRlc2NyaXB0aW9uOiAiZGV0ZWN0IGVycm9ycyBvbiBkb3ZlY290IgpkZWJ1ZzogZmFsc2UKIyByZXF1ZXN0IHdpdGggbG9naW4gIT0gTG9naW4KZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2RvdmVjb3RfbG9ncycgJiYgZXZ0LlBhcnNlZC5kb3ZlY290X2xvZ2luX3Jlc3VsdCAhPSAnTG9naW4nIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDMKbGVha3NwZWVkOiAiMzYwcyIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiBzZXJ2aWNlOiBodHRwCiB0eXBlOiBzY2FuCiByZW1lZGlhdGlvbjogdHJ1ZQo=", + "description": "detect errors on dovecot", + "author": "crowdsecurity", + "labels": { + "remediation": "true", + "service": "http", + "type": "scan" + } + }, + "crowdsecurity/http-backdoors-attempts": { + "path": "scenarios/crowdsecurity/http-backdoors-attempts.yaml", + "version": "0.2", + "versions": { + "0.1": { + "digest": "2eaba549ef284a36349482aa803b201fa8dcbff0f4d1ab2c5127d6b29806bba1", + "deprecated": false + }, + "0.2": { + "digest": "388ec8c8f0679601bafa27fdf57fd414312bb2110bff56ef583bb505a1866d8b", + "deprecated": false + } + }, + "long_description": "RGV0ZWN0IGF0dGVtcHRzIHRvIGFjY2VzcyBjb21tb24gYmFja2Rvb3JzIHN1Y2ggYXMgYzk5LnBocCAuLi4KCiMjIENvbmZpZ3VyYXRpb24KClRoaXMgc2NlbmFyaW8gd2lsbCBiZSB0cmlnZ2VyIGlmIGFuIGF0dGFja2VyIHJlcXVlc3RzIGEgbWluaW11bSBvZiB0d28gZGlmZmVyZW50cyBmaWxlIG9mIFt0aGUgbGlzdF0oaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIvYmFja2Rvb3JzLnR4dCkvCgpDb25maWd1cmF0aW9uOgoKYGRpc3RpbmN0YCA6IGBldnQuUGFyc2VkLnJlcXVlc3RgIChIVFRQIHJlcXVlc3QgVVJJKQoKYGxlYWtzcGVlZGAgOiA1IHNlY29uZGVzCgpgZ3JvdXBfYnlgIDogYGV2dC5NZXRhLnNvdXJjZV9pcGAKCgojIyMgRGF0YQoKVGhpcyBzY2VuYXJpbyB1c2UgdGhlIFtmb2xsb3dpbmcgbGlzdCBiYWNrZG9vcnMudHh0XShodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vY3Jvd2RzZWN1cml0eS9zZWMtbGlzdHMvbWFzdGVyL3dlYi9iYWNrZG9vcnMudHh0KSBmcm9tIFtkYW5pZWxtaWVzc2xlcl0oaHR0cHM6Ly9naXRodWIuY29tL2RhbmllbG1pZXNzbGVyL1NlY0xpc3RzKQ==", + "content": "dHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1iYWNrZG9vcnMtYXR0ZW1wdHMKZGVzY3JpcHRpb246ICJEZXRlY3QgYXR0ZW1wdCB0byBjb21tb24gYmFja2Rvb3JzIgpmaWx0ZXI6ICdldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZCBhbnkoRmlsZSgiYmFja2Rvb3JzLnR4dCIpLCB7IGV2dC5QYXJzZWQucmVxdWVzdCBjb250YWlucyAjfSknCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmRpc3RpbmN0OiBldnQuUGFyc2VkLnJlcXVlc3QKZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2ViL2JhY2tkb29ycy50eHQKICAgIGRlc3RfZmlsZTogYmFja2Rvb3JzLnR4dAogICAgdHlwZTogc3RyaW5nCmNhcGFjaXR5OiAxCmxlYWtzcGVlZDogNXMKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIHR5cGU6IGRpc2NvdmVyeQogIHJlbWVkaWF0aW9uOiB0cnVlCg==", + "description": "Detect attempt to common backdoors", + "author": "crowdsecurity", + "labels": { + "remediation": "true", + "service": "http", + "type": "discovery" + } + }, + "crowdsecurity/http-bad-user-agent": { + "path": "scenarios/crowdsecurity/http-bad-user-agent.yaml", + "version": "0.3", + "versions": { + "0.1": { + "digest": "46e7058419bc3086f2919fb9afad6b2e85f0d4764f74153dd336ed491f99fa08", + "deprecated": false + }, + "0.2": { + "digest": "524e2465c1bd817b4d54b37ccb4d2457eec1dad789e21690f51e43469545f426", + "deprecated": false + }, + "0.3": { + "digest": "d3cae6c40fadd16693e449b4eb7a030586c8f1a9d9dd33c97001c9dc717c68f2", + "deprecated": false + } + }, + "long_description": "IyBLbm93biBiYWQgdXNlci1hZ2VudHMKCkRldGVjdCBrbm93biBiYWQgdXNlci1hZ2VudHMuCgpCYW5zIGFmdGVyIHR3byByZXF1ZXN0cy4KCgoKCgo=", + "content": "dHlwZTogbGVha3kKZm9ybWF0OiAyLjAKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1iYWQtdXNlci1hZ2VudApkZXNjcmlwdGlvbjogIkRldGVjdCBiYWQgdXNlci1hZ2VudHMiCmZpbHRlcjogJ2V2dC5NZXRhLmxvZ190eXBlIGluIFsiaHR0cF9hY2Nlc3MtbG9nIiwgImh0dHBfZXJyb3ItbG9nIl0gJiYgYW55KEZpbGUoImJhZF91c2VyX2FnZW50cy50eHQiKSwge2V2dC5QYXJzZWQuaHR0cF91c2VyX2FnZW50IGNvbnRhaW5zICN9KScKZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2ViL2JhZF91c2VyX2FnZW50cy50eHQKICAgIGRlc3RfZmlsZTogYmFkX3VzZXJfYWdlbnRzLnR4dAogICAgdHlwZTogc3RyaW5nCmNhcGFjaXR5OiAxCmxlYWtzcGVlZDogMW0KZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgdHlwZTogc2NhbgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", + "description": "Detect bad user-agents", + "author": "crowdsecurity", + "labels": { + "remediation": "true", + "type": "scan" + } + }, + "crowdsecurity/http-bf-wordpress_bf": { + "path": "scenarios/crowdsecurity/http-bf-wordpress_bf.yaml", + "version": "0.2", + "versions": { + "0.1": { + "digest": "628d9988c1f2448f4ffa5a72fe8aec6e1c1eedd8c838447630cce653bf31cbd9", + "deprecated": false + }, + "0.2": { + "digest": "f4074942f2454ffeae226219e0807c63262413986a5b07fc939f4b0835e7bef2", + "deprecated": false + } + }, + "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIG9uIHdvcmRwcmVzcyBsb2dpbiBwYWdlICd3cC1sb2dpbi5waHAnLgoKbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNQoK", + "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWJmLXdvcmRwcmVzc19iZgpkZXNjcmlwdGlvbjogImRldGVjdCB3b3JkcHJlc3MgYnJ1dGVmb3JjZSIKZGVidWc6IGZhbHNlCiMgZmFpbGVkIGF1dGggb24gd3AtbG9naW4ucGhwIHJldHVybnMgMjAwCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdodHRwX2FjY2Vzcy1sb2cnICYmIGV2dC5QYXJzZWQuZmlsZV9uYW1lID09ICd3cC1sb2dpbi5waHAnICYmIGV2dC5QYXJzZWQudmVyYiA9PSAnUE9TVCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApjYXBhY2l0eTogNQpsZWFrc3BlZWQ6ICIxMHMiCmJsYWNraG9sZTogNW0KbGFiZWxzOgogc2VydmljZTogaHR0cAogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWU=", + "description": "detect wordpress bruteforce", + "author": "crowdsecurity", + "labels": { + "remediation": "true", + "service": "http", + "type": "bruteforce" + } + }, + "crowdsecurity/http-crawl-non_statics": { + "path": "scenarios/crowdsecurity/http-crawl-non_statics.yaml", + "version": "0.2", + "versions": { + "0.1": { + "digest": "86265749b84641e86e7e8ea3c1df53a1cabd1e0e04b6f93853db5d0687913cc7", + "deprecated": false + }, + "0.2": { + "digest": "41fb957dfc8e2bb4ae76f2a64a5a25e169e5a0e7e53f42c432e84bec933657ca", + "deprecated": false + } + }, + "long_description": "RGV0ZWN0IGNyYXdsIG9uIG5vbi1zdGF0aWMgKGpwZyxjc3MsanMsZXRjLikgaHR0cCBwYWdlcyBmcm9tIGEgc2luZ2xlIGlwLgoKTGVha3NwZWVkIG9mIDAuNXMsIGNhcGFjaXR5IG9mIDQwCg==", + "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWNyYXdsLW5vbl9zdGF0aWNzCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGFnZ3Jlc3NpdmUgY3Jhd2wgZnJvbSBzaW5nbGUgaXAiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlIGluIFsnaHR0cF9hY2Nlc3MtbG9nJywgJ2h0dHBfZXJyb3ItbG9nJ10gJiYgZXZ0LlBhcnNlZC5zdGF0aWNfcmVzc291cmNlID09ICdmYWxzZSciCmRpc3RpbmN0OiAiZXZ0LlBhcnNlZC5maWxlX25hbWUiCmxlYWtzcGVlZDogMC41cwpjYXBhY2l0eTogNDAKI2RlYnVnOiB0cnVlCiN0aGlzIGxpbWl0cyB0aGUgbWVtb3J5IGNhY2hlIChhbmQgZXZlbnRfc2VxdWVuY2VzIGluIG91dHB1dCkgdG8gZml2ZSBldmVudHMKY2FjaGVfc2l6ZTogNQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwICsgJy8nICsgZXZ0LlBhcnNlZC50YXJnZXRfZnFkbiIKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiBzZXJ2aWNlOiBodHRwCiB0eXBlOiBjcmF3bAogcmVtZWRpYXRpb246IHRydWUK", + "description": "Detect aggressive crawl from single ip", + "author": "crowdsecurity", + "labels": { + "remediation": "true", + "service": "http", + "type": "crawl" + } + }, + "crowdsecurity/http-generic-bf": { + "path": "scenarios/crowdsecurity/http-generic-bf.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "aaaf0209fe77be79d8d61a50e73e5da6807e8f13eb7d9832e705553770f6d376", + "deprecated": false + } + }, + "long_description": "QWxlcnQgd2hlbiBhIHNpbmdsZSBJUCB0aGF0IHRyeSB0byBicnV0ZWZvcmNlIGh0dHAgYmFzaWMgYXV0aC4KCkxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUuCg==", + "content": "IyA0MDQgc2Nhbgp0eXBlOiBsZWFreQojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWdlbmVyaWMtYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgZ2VuZXJpYyBodHRwIGJydXRlIGZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5zZXJ2aWNlID09ICdodHRwJyAmJiBldnQuTWV0YS5zdWJfdHlwZSA9PSAnYXV0aF9mYWlsJyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmNhcGFjaXR5OiA1CmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiBzZXJ2aWNlOiBodHRwCiB0eXBlOiBiZgogcmVtZWRpYXRpb246IHRydWUK", + "description": "Detect generic http brute force", + "author": "crowdsecurity", + "labels": { + "remediation": "true", + "service": "http", + "type": "bf" + } + }, + "crowdsecurity/http-path-traversal-probing": { + "path": "scenarios/crowdsecurity/http-path-traversal-probing.yaml", + "version": "0.2", + "versions": { + "0.1": { + "digest": "3f00b0aa00448549a0a9635fdd86d8135503078c7087c1f5e4af11d49e7c2ee1", + "deprecated": false + }, + "0.2": { + "digest": "b02022230086b96c212913406376584cc431332bb5cd26078dffa44ff9454499", + "deprecated": false + } + }, + "long_description": "VGhlIGh0dHAgcGF0aCB0cmF2ZXJzYWwgcHJvYmluZyBzY2VuYXJpbyBhaW1zIGF0IGRldGVjdGluZywgd2l0aCB2ZXJ5IGxpdHRsZSBmYWxzZSBwb3NpdGl2ZSBjaGFuY2VzLCBwYXRoIHRyYXZlcnNhbCBwcm9iaW5nIGF0dGVtcHRzLgoKUGF0aCB0cmF2ZXJzYWwgYXR0ZW1wdHMgd2lsbCBiZSBkZXRlY3RlZCB3aXRoIHRoZSBwcmVzZW5jZSBvZiBzcGVjaWZpYyBwYXRoIG1hbmlwdWxhdGlvbiBwYXR0ZXJucyBpbiB0aGUgVVJJIG9yIHRoZSBgR0VUYCBwYXJhbWV0ZXIgc3VjaCBhcyBgLi4vYCAsIGAlMkZldGMlMkZwYXNzd2RgIC4uLgoKOndhcm5pbmc6IFRoaXMgc2NlbmFyaW8gaXMgX25vdF8gYSBXQUYgYW5kIHRoaXMgc2NlbmFyaW8gZG9lcyBfbm90XyBhaW1zIGF0IHJlcGxhY2luZyBhIFdBRi4=", + "content": "IyBwYXRoIHRyYXZlcnNhbCBwcm9iaW5nCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L2h0dHAtcGF0aC10cmF2ZXJzYWwtcHJvYmluZwpkZXNjcmlwdGlvbjogIkRldGVjdCBwYXRoIHRyYXZlcnNhbCBhdHRlbXB0IgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2h0dHBfYWNjZXNzLWxvZycsICdodHRwX2Vycm9yLWxvZyddICYmIGFueShGaWxlKCdodHRwX3BhdGhfdHJhdmVyc2FsLnR4dCcpLHtldnQuTWV0YS5odHRwX3BhdGggY29udGFpbnMgI30pIgpkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIvcGF0aF90cmF2ZXJzYWwudHh0CiAgICBkZXN0X2ZpbGU6IGh0dHBfcGF0aF90cmF2ZXJzYWwudHh0CiAgICB0eXBlOiBzdHJpbmcKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKZGlzdGluY3Q6ICJldnQuTWV0YS5odHRwX3BhdGgiCmNhcGFjaXR5OiAzCnJlcHJvY2VzczogdHJ1ZQpsZWFrc3BlZWQ6IDEwcwpibGFja2hvbGU6IDJtCmxhYmVsczoKIHNlcnZpY2U6IGh0dHAKIHR5cGU6IHNjYW4KIHJlbWVkaWF0aW9uOiB0cnVlCg==", + "description": "Detect path traversal attempt", + "author": "crowdsecurity", + "labels": { + "remediation": "true", + "service": "http", + "type": "scan" + } + }, + "crowdsecurity/http-probing": { + "path": "scenarios/crowdsecurity/http-probing.yaml", + "version": "0.2", + "versions": { + "0.1": { + "digest": "580a3bcbb3756b8da7717c88708305791f39ef17c1e5c3041a1dd54b7293f57a", + "deprecated": false + }, + "0.2": { + "digest": "c8bb45b4fb8834ea1dc5cff6439dd272c87d7ee5af4a51e77341ec6edc5d7a25", + "deprecated": false + } + }, + "long_description": "VGFrZSByZW1lZGlhdGlvbiBhZ2FpbnN0IGEgc2luZ2xlIElQIHRoYXQgcmVxdWlyZXMgbXVsdGlwbGUgZGlmZmVyZW50IChodHRwIHBhdGgpIHBhZ2VzIHRoYXQgZW5kIHVwIGluIDQwNC80MDMvNDAwLgoKTGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgMTAuCg==", + "content": "IyA0MDQgc2Nhbgp0eXBlOiBsZWFreQojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLXByb2JpbmcKZGVzY3JpcHRpb246ICJEZXRlY3Qgc2l0ZSBzY2FubmluZy9wcm9iaW5nIGZyb20gYSBzaW5nbGUgaXAiCmZpbHRlcjogImV2dC5NZXRhLnNlcnZpY2UgPT0gJ2h0dHAnICYmIGV2dC5NZXRhLmh0dHBfc3RhdHVzIGluIFsnNDA0JywgJzQwMycsICc0MDAnXSAmJiBldnQuUGFyc2VkLnN0YXRpY19yZXNzb3VyY2UgPT0gJ2ZhbHNlJyIKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCArICcvJyArIGV2dC5QYXJzZWQudGFyZ2V0X2ZxZG4iCmRpc3RpbmN0OiAiZXZ0Lk1ldGEuaHR0cF9wYXRoIgpjYXBhY2l0eTogMTAKcmVwcm9jZXNzOiB0cnVlCmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiBzZXJ2aWNlOiBodHRwCiB0eXBlOiBzY2FuCiByZW1lZGlhdGlvbjogdHJ1ZQo=", + "description": "Detect site scanning/probing from a single ip", + "author": "crowdsecurity", + "labels": { + "remediation": "true", + "service": "http", + "type": "scan" + } + }, + "crowdsecurity/http-sensitive-files": { + "path": "scenarios/crowdsecurity/http-sensitive-files.yaml", + "version": "0.2", + "versions": { + "0.1": { + "digest": "9ed53c09709b6e9f11b52e204c8155e9a6b9db9de25686c6b1909a9c59740c5f", + "deprecated": false + }, + "0.2": { + "digest": "3f20d74ee5b040db30743ed189537e8c43e04f8954bb5a02251a3495e7a2a555", + "deprecated": false + } + }, + "long_description": "IyBIVFRQIFNlbnNpdGl2ZSBmaWxlcwoKRGV0ZWN0IHRlbnRhdGl2ZSBvZiBkYW5nZXJvdXMgZmlsZSBzY2FubmluZyBzdWNoIGFzIGxvZ3MgZmlsZSwgZGF0YWJhc2UgYmFja3VwLCB6aXAgYXJjaGl2ZSBldGMgLi4uCgojIyMgUnVsZQpNb3JlIHRoYW4gMyBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGZpbGVzIGluIFt0aGlzIGxpc3RdKGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2ViL3NlbnNpdGl2ZV9kYXRhLnR4dCk=", + "content": "dHlwZTogbGVha3kKZm9ybWF0OiAyLjAKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1zZW5zaXRpdmUtZmlsZXMKZGVzY3JpcHRpb246ICJEZXRlY3QgYXR0ZW1wdCB0byBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGZpbGVzICgubG9nLCAuZGIgLi4pIG9yIGZvbGRlcnMgKC5naXQpIgpmaWx0ZXI6ICdldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZCBhbnkoRmlsZSgic2Vuc2l0aXZlX2RhdGEudHh0IiksIHsgZXZ0LlBhcnNlZC5yZXF1ZXN0IGVuZHNXaXRoICN9KScKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKZGlzdGluY3Q6IGV2dC5QYXJzZWQucmVxdWVzdApkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIvc2Vuc2l0aXZlX2RhdGEudHh0CiAgICBkZXN0X2ZpbGU6IHNlbnNpdGl2ZV9kYXRhLnR4dAogICAgdHlwZTogc3RyaW5nCmNhcGFjaXR5OiA0CmxlYWtzcGVlZDogNXMKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIHR5cGU6IGRpc2NvdmVyeQogIHJlbWVkaWF0aW9uOiB0cnVlCg==", + "description": "Detect attempt to access to sensitive files (.log, .db ..) or folders (.git)", + "author": "crowdsecurity", + "labels": { + "remediation": "true", + "service": "http", + "type": "discovery" + } + }, + "crowdsecurity/http-sqli-probing": { + "path": "scenarios/crowdsecurity/http-sqli-probing.yaml", + "version": "0.2", + "versions": { + "0.1": { + "digest": "f3388a2016f9a7fc48a31a357b21c8e65093b8031fc7b120ee2f020de16be246", + "deprecated": false + }, + "0.2": { + "digest": "87683f8a569090e52fbcc6ca2ffe139658950d6a05f9d611fd13e90ab875cdb1", + "deprecated": false + } + }, + "long_description": "VGhlIGh0dHAgc3FsaSBwcm9iaW5nIHNjZW5hcmlvIGFpbXMgYXQgZGV0ZWN0aW5nLCB3aXRoIHZlcnkgbGl0dGxlIGZhbHNlIHBvc2l0aXZlIGNoYW5jZXMsIFNRTCBpbmplY3Rpb24gcHJvYmluZyBhdHRlbXB0cy4KClNRTCBpbmplY3Rpb24gcHJvYmluZyBhdHRlbXB0cyB3aWxsIGJlIGNoYXJhY3Rlcml6ZWQgYnkgdGhlIHByZXNlbmNlIG9mIHNwZWNpZmljIFNRTC1yZWxhdGVkIHBhdHRlcm5zIGluIHVyaS9HRVQgYXJndW1lbnRzIChpZiBhbmQgd2hlbiB0aGlzIGlzIHdoZXJlIHRoZSBpbmplY3RlZCBwYXJhbWV0ZXIgaXMpLCBhbmQgdGhpcyBpcyB3aGF0IHRoaXMgc2NlbmFyaW8gZGV0ZWN0cy4KCgpUaGUgW3dvcmQgbGlzdF0oaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIvc3FsaV9wcm9iZV9wYXR0ZXJucy50eHQpIGlzIHBpY2tlZCBzcGVjaWZpY2FsbHkgdG8gbGltaXQgZmFsc2UgcG9zaXRpdmVzLgpGdXJ0aGVybW9yZSwgYSBgZGlzdGluY3RgIGRpcmVjdGl2ZSBpcyBwcmVzZW50IG9uIHRoZSBnZXQgcGFyYW1ldGVycyB0aGVtc2VsdmVzIHRvIHJlZHVjZSBmYWxzZSBwb3NpdGl2ZSBjaGFuY2VzLgoKWW91IGNhbiB0ZXN0IHRoZSBiZWhhdmlvciBvZiB0aGUgc2NlbmFyaW8gYnkgbGF1bmNoaW5nIHRoZSBleGNlbGxlbnQgW3NxbG1hcF0oaHR0cHM6Ly9zcWxtYXAub3JnKSBvbiBvbmUgb2YgeW91ciBwYWdlcy4KCioqV0FSTklORyoqIFRoaXMgc2NlbmFyaW8gaXMgX25vdF8gYSBXQUYsIGFuZCB0aGlzIHNjZW5hcmlvIGRvZXMgX25vdF8gYWltcyBhdCByZXBsYWNpbmcgYSBXQUYuIEEgbW90aXZhdGVkIGF0dGFja2VyIHdpdGgga25vd2xlZGdlIG9mIGNyb3dkc2VjIHdpbGwgYmUgYWJsZSB0byBieXBhc3MgaXQuIEl0IGlzIG1vc3RseSBtZWFudCB0byBiZSBhIHdheSB0byBkZXRlY3QgZ2VuZXJpYyBTUUwgaW5qZWN0aW9uIHByb2Jpbmcgc3VjaCBhcyBwZXJmb3JtZWQgYnkgb3Blbi1zb3VyY2Ugb3IgY29tbWVyY2lhbCBzY2FubmVycy4KCg==", + "content": "dHlwZTogbGVha3kKI3JlcXVpcmVzIGF0IGxlYXN0IDIuMCBiZWNhdXNlIGl0J3MgdXNpbmcgdGhlICdkYXRhJyBzZWN0aW9uIGFuZCB0aGUgJ1VwcGVyJyBleHByIGhlbHBlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L2h0dHAtc3FsaS1wcm9iYmluZy1kZXRlY3Rpb24KZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2ViL3NxbGlfcHJvYmVfcGF0dGVybnMudHh0CiAgICBkZXN0X2ZpbGU6IHNxbGlfcHJvYmVfcGF0dGVybnMudHh0CiAgICB0eXBlOiBzdHJpbmcKZGVzY3JpcHRpb246ICJBIHNjZW5hcmlvIHRoYXQgZGV0ZWN0cyBTUUwgaW5qZWN0aW9uIHByb2Jpbmcgd2l0aCBtaW5pbWFsIGZhbHNlIHBvc2l0aXZlcyIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWydodHRwX2FjY2Vzcy1sb2cnLCAnaHR0cF9lcnJvci1sb2cnXSAmJiBhbnkoRmlsZSgnc3FsaV9wcm9iZV9wYXR0ZXJucy50eHQnKSwge1VwcGVyKGV2dC5QYXJzZWQuaHR0cF9hcmdzKSBjb250YWlucyBVcHBlcigjKX0pIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDEwCmxlYWtzcGVlZDogMXMKYmxhY2tob2xlOiA1bQojbG93IGZhbHNlIHBvc2l0aXZlcyBhcHByb2FjaCA6IHdlIHJlcXVpcmUgZGlzdGluY3QgcGF5bG9hZHMgdG8gYXZvaWQgZmFsc2UgcG9zaXRpdmVzCmRpc3RpbmN0OiBldnQuUGFyc2VkLmh0dHBfYXJncwpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIHR5cGU6IHNxbGlfcHJvYmluZwogIHJlbWVkaWF0aW9uOiB0cnVlCg==", + "description": "A scenario that detects SQL injection probing with minimal false positives", + "author": "crowdsecurity", + "labels": { + "remediation": "true", + "service": "http", + "type": "sqli_probing" + } + }, + "crowdsecurity/http-xss-probing": { + "path": "scenarios/crowdsecurity/http-xss-probing.yaml", + "version": "0.2", + "versions": { + "0.1": { + "digest": "8d6f0d6f9dc48f8f5ad561a2cdb315e499539b3575f259e0d6cf5850ef1efc9e", + "deprecated": false + }, + "0.2": { + "digest": "1c4d58e1a29cf806a92f67c981532f8a4656312abd05697dcc69b59b757f0076", + "deprecated": false + } + }, + "long_description": "VGhlIGh0dHAgWFNTIHByb2Jpbmcgc2NlbmFyaW8gYWltcyBhdCBkZXRlY3RpbmcsIHdpdGggdmVyeSBsaXR0bGUgZmFsc2UgcG9zaXRpdmUgY2hhbmNlcywgWFNTIHByb2JpbmcgYXR0ZW1wdHMuCgpYU1MgcHJvYmluZyBhdHRlbXB0cyB3aWxsIGJlIGNoYXJhY3Rlcml6ZWQgYnkgdGhlIHByZXNlbmNlIG9mIHNwZWNpZmljIFhTUyByZWxhdGVkIHBhdHRlcm5zIGluIHVyaS9HRVQgYXJndW1lbnRzIChpZiBhbmQgd2hlbiB0aGlzIGlzIHdoZXJlIHRoZSBpbmplY3RlZCBwYXJhbWV0ZXIgaXMpLCBhbmQgdGhpcyBpcyB3aGF0IHRoaXMgc2NlbmFyaW8gZGV0ZWN0cy4KCgpUaGUgW3dvcmQgbGlzdF0oaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIveHNzX3Byb2JlX3BhdHRlcm5zLnR4dCkgaXMgcGlja2VkIHNwZWNpZmljYWxseSB0byBsaW1pdCBmYWxzZSBwb3NpdGl2ZXMuCkZ1cnRoZXJtb3JlLCBhIGBkaXN0aW5jdGAgZGlyZWN0aXZlIGlzIHByZXNlbnQgb24gdGhlIGdldCBwYXJhbWV0ZXJzIHRoZW1zZWx2ZXMgdG8gcmVkdWNlIGZhbHNlIHBvc2l0aXZlIGNoYW5jZXMuCgoKKipXQVJOSU5HKiogVGhpcyBzY2VuYXJpbyBpcyBfbm90XyBhIFdBRiwgYW5kIHRoaXMgc2NlbmFyaW8gZG9lcyBfbm90XyBhaW1zIGF0IHJlcGxhY2luZyBhIFdBRi4gQSBtb3RpdmF0ZWQgYXR0YWNrZXIgd2l0aCBrbm93bGVkZ2Ugb2YgY3Jvd2RzZWMgd2lsbCBiZSBhYmxlIHRvIGJ5cGFzcyBpdC4gSXQgaXMgbW9zdGx5IG1lYW50IHRvIGJlIGEgd2F5IHRvIGRldGVjdCBnZW5lcmljIFhTUyBwcm9iaW5nLgo=", + "content": "dHlwZTogbGVha3kKI3JlcXVpcmVzIGF0IGxlYXN0IDIuMCBiZWNhdXNlIGl0J3MgdXNpbmcgdGhlICdkYXRhJyBzZWN0aW9uIGFuZCB0aGUgJ1VwcGVyJyBleHByIGhlbHBlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L2h0dHAteHNzLXByb2JiaW5nCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vY3Jvd2RzZWN1cml0eS9zZWMtbGlzdHMvbWFzdGVyL3dlYi94c3NfcHJvYmVfcGF0dGVybnMudHh0CiAgICBkZXN0X2ZpbGU6IHhzc19wcm9iZV9wYXR0ZXJucy50eHQKICAgIHR5cGU6IHN0cmluZwpkZXNjcmlwdGlvbjogIkEgc2NlbmFyaW8gdGhhdCBkZXRlY3RzIFhTUyBwcm9iaW5nIHdpdGggbWluaW1hbCBmYWxzZSBwb3NpdGl2ZXMiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlIGluIFsnaHR0cF9hY2Nlc3MtbG9nJywgJ2h0dHBfZXJyb3ItbG9nJ10gJiYgYW55KEZpbGUoJ3hzc19wcm9iZV9wYXR0ZXJucy50eHQnKSwge1VwcGVyKGV2dC5QYXJzZWQuaHR0cF9hcmdzKSBjb250YWlucyBVcHBlcigjKX0pIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAxcwpibGFja2hvbGU6IDVtCiNsb3cgZmFsc2UgcG9zaXRpdmVzIGFwcHJvYWNoIDogd2UgcmVxdWlyZSBkaXN0aW5jdCBwYXlsb2FkcyB0byBhdm9pZCBmYWxzZSBwb3NpdGl2ZXMKZGlzdGluY3Q6IGV2dC5QYXJzZWQuaHR0cF9hcmdzCmxhYmVsczoKICBzZXJ2aWNlOiBodHRwCiAgdHlwZTogeHNzX3Byb2JpbmcKICByZW1lZGlhdGlvbjogdHJ1ZQo=", + "description": "A scenario that detects XSS probing with minimal false positives", + "author": "crowdsecurity", + "labels": { + "remediation": "true", + "service": "http", + "type": "xss_probing" + } + }, + "crowdsecurity/iptables-scan-multi_ports": { + "path": "scenarios/crowdsecurity/iptables-scan-multi_ports.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "85bd908ec6efae802035e4553f5dd41e4d5b6b53b2f237dd256533965bd44cd7", + "deprecated": false + } + }, + "long_description": "RGV0ZWN0cyBhIHBvcnQgc2NhbiA6IGRldGVjdHMgaWYgYSBzaW5nbGUgSVAgYXR0ZW1wdHMgY29ubmVjdGlvbiB0byBtYW55IGRpZmZlcmVudCBwb3J0cy4KCkxlYWtzcGVlZCBvZiA1cywgY2FwYWNpdHkgb2YgMTUuCg==", + "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9pcHRhYmxlcy1zY2FuLW11bHRpX3BvcnRzCmRlc2NyaXB0aW9uOiAiYmFuIElQcyB0aGF0IGFyZSBzY2FubmluZyB1cyIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2lwdGFibGVzX2Ryb3AnICYmIGV2dC5NZXRhLnNlcnZpY2UgPT0gJ3RjcCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0LlBhcnNlZC5kc3RfcG9ydApjYXBhY2l0eTogMTUKbGVha3NwZWVkOiA1cwpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiB0Y3AKICB0eXBlOiBzY2FuCiAgcmVtZWRpYXRpb246IHRydWUKCg==", + "description": "ban IPs that are scanning us", + "author": "crowdsecurity", + "labels": { + "remediation": "true", + "service": "tcp", + "type": "scan" + } + }, + "crowdsecurity/modsecurity": { + "path": "scenarios/crowdsecurity/modsecurity.yaml", + "version": "0.2", + "versions": { + "0.1": { + "digest": "447c63986f53a743d08fc16677d7f5427ed4b7efca6a0d73c47991d83582e0d0", + "deprecated": false + }, + "0.2": { + "digest": "45c2a35d4ee071e66197aa2381b0c066a18d17fe6b8aee7b0e83efb21512cdbc", + "deprecated": false + } + }, + "long_description": "VGFrZSBhIHJlbWVkaWF0aW9uIGFnYWluc3QgYW4gSVAgdGhhdCB0cmlnZ2VyIGEgbW9kc2VjdXJpdHkgcnVsZSB3aXRoIGEgYENSSVRJQ0FMYCBzZXZlcml0eS4K", + "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9tb2RzZWN1cml0eQpkZXNjcmlwdGlvbjogIldlYiBleHBsb2l0YXRpb24gdmlhIG1vZHNlY3VyaXR5IgpmaWx0ZXI6IGV2dC5QYXJzZWQucnVsZXNldmVyaXR5ID09ICdDUklUSUNBTCcKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgdHlwZTogd2ViX2F0dGFjawogIHNlcnZpY2U6IGh0dHAKICByZW1lZGlhdGlvbjogdHJ1ZQogIHNjb3BlOiBpcAo=", + "description": "Web exploitation via modsecurity", + "author": "crowdsecurity", + "labels": { + "remediation": "true", + "scope": "ip", + "service": "http", + "type": "web_attack" + } + }, + "crowdsecurity/mysql-bf": { + "path": "scenarios/crowdsecurity/mysql-bf.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "3783ff9de7b6d19697ee121314b20b21b8c765b279a9caacc70d3c75f4ebd455", + "deprecated": false + } + }, + "long_description": "RGV0ZWN0IHNldmVhbCBmYWlsZWQgbXlzcWwgYXV0aGVudGljYXRpb25zLgoKbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgMwo=", + "content": "IyBteXNxbCBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L215c3FsLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG15c3FsIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ215c3FsX2ZhaWxlZF9hdXRoJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKIHNlcnZpY2U6IG15c3FsCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQo=", + "description": "Detect mysql bruteforce", + "author": "crowdsecurity", + "labels": { + "remediation": "true", + "service": "mysql", + "type": "bruteforce" + } + }, + "crowdsecurity/naxsi-exploit-vpatch": { + "path": "scenarios/crowdsecurity/naxsi-exploit-vpatch.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "908ceeb2d7f5607a114a872847df34662e4c80ed07338a55f125a56985f0d095", + "deprecated": false + } + }, + "long_description": "RGV0ZWN0cyBuYXhzaSBibG9ja2VkIHJlcXVlc3RzIG9uIGN1c3RvbSAoPjk5OTkpIHJ1bGVzLgoKVHJpZ2dlcnMgb24gZmlyc3QgcmVxdWVzdC4K", + "content": "IyBuYXhzaSB2cGF0Y2ggcnVsZXMgZGV0ZWN0aW9uCnR5cGU6IHRyaWdnZXIKbmFtZTogY3Jvd2RzZWN1cml0eS9uYXhzaS1leHBsb2l0LXZwYXRjaAojIGlkIGlzIGJpZ2dlciB0aGFuIDlrLCBjdXN0b20gcnVsZQpkZXNjcmlwdGlvbjogIkRldGVjdCBjdXN0b20gYmxhY2tsaXN0IHRyaWdnZXJlZCBpbiBuYXhzaSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3dhZl9uYXhzaS1sb2cnICYmIGxlbihldnQuUGFyc2VkLm5heHNpX2lkKSA+IDQiCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmJsYWNraG9sZTogNW0KbGFiZWxzOgogc2VydmljZTogaHR0cAogdHlwZTogc2NhbgogcmVtZWRpYXRpb246IHRydWUK", + "description": "Detect custom blacklist triggered in naxsi", + "author": "crowdsecurity", + "labels": { + "remediation": "true", + "service": "http", + "type": "scan" + } + }, + "crowdsecurity/postfix-spam": { + "path": "scenarios/crowdsecurity/postfix-spam.yaml", + "version": "0.2", + "versions": { + "0.1": { + "digest": "03876677d3fe37bdc9ad584cb015e3f0b648266450b2b494a40e1863d5a64d8a", + "deprecated": false + }, + "0.2": { + "digest": "b36d95dc5ba9cb45c8cbb1a3d37bd19d929ed387f3d7ec386b4e9e041d0bbd8e", + "deprecated": false + } + }, + "long_description": "Q29udGFpbnMgbXVsdGlwbGUgc2NlbmFyaW9zOgoKLSBjcm93ZHNlY3VyaXR5L3Bvc3RmaXgtc3BhbTogcG9zdGZpeCBzY2VuYXJpbyBicnV0ZWZvcmNlIHNwYW0gYXR0ZW1wdCAobGVha3NwZWVkIG9mIDEwcyB3aXRoIGEgY2FwYWNpdHkgb2YgNSkKLSBjcm93ZHNlY3VyaXR5L3Bvc3RzY3JlZW4tcmJsOiBwb3N0c2NyZWVuIHJiIGF0dGVtcHQgYmxhY2tsaXN0IChjYXBhY2l0eSBvZiAwKQoK", + "content": "IyBwb3N0Zml4IHNwYW0KdHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9wb3N0Zml4LXNwYW0KZGVzY3JpcHRpb246ICJEZXRlY3Qgc3BhbW1lcnMiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlX2VuaCA9PSAnc3BhbS1hdHRlbXB0JyB8fCBldnQuTWV0YS5sb2dfdHlwZSA9PSAncG9zdGZpeCcgJiYgZXZ0Lk1ldGEuYWN0aW9uID09ICdyZWplY3QnIgpsZWFrc3BlZWQ6ICIxMHMiCnJlZmVyZW5jZXM6CiAgLSBodHRwczovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9TcGFtbWluZwpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IGZhbHNlCmxhYmVsczoKIHNlcnZpY2U6IHBvc3RmaXgKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIHBvc3RmaXggc3BhbQp0eXBlOiB0cmlnZ2VyCm5hbWU6IGNyb3dkc2VjdXJpdHkvcG9zdHNjcmVlbi1yYmwKZGVzY3JpcHRpb246ICJEZXRlY3Qgc3BhbW1lcnMiCmZpbHRlcjogImV2dC5NZXRhLnNlcnZpY2UgPT0gJ3Bvc3RzY3JlZW4nICYmIGV2dC5NZXRhLnByZWdyZWV0ID09ICdQUkVHUkVFVCciCmxlYWtzcGVlZDogIjEwcyIKcmVmZXJlbmNlczoKICAtIGh0dHBzOi8vZW4ud2lraXBlZGlhLm9yZy93aWtpL1NwYW1taW5nCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCnJlcHJvY2VzczogZmFsc2UKbGFiZWxzOgogc2VydmljZTogcG9zdHNjcmVlbgogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUKCg==", + "description": "Detect spammers", + "author": "crowdsecurity", + "references": [ + "https://en.wikipedia.org/wiki/Spamming" + ], + "labels": { + "remediation": "true", + "service": "postfix", + "type": "bruteforce" + } + }, + "crowdsecurity/smb-bf": { + "path": "scenarios/crowdsecurity/smb-bf.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "ee7fea38f0a67bde1aae3979cf0579da03da5adf4e69826f12a82c74b812e9d6", + "deprecated": false + } + }, + "long_description": "dHJhY2tzIGZhaWxlZCBzYW1iYSBhdXRoZW50aWNhdGlvbnMuCg==", + "content": "IyBzbWIgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NtYi1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBzbWIgYnJ1dGVmb3JjZSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnc21iX2ZhaWxlZF9hdXRoJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKIHNlcnZpY2U6IHNtYgogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWU=", + "description": "Detect smb bruteforce", + "author": "crowdsecurity", + "labels": { + "remediation": "true", + "service": "smb", + "type": "bruteforce" + } + }, + "crowdsecurity/ssh-bf": { + "path": "scenarios/crowdsecurity/ssh-bf.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "4441dcff07020f6690d998b7101e642359ba405c2abb83565bbbdcee36de280f", + "deprecated": false + } + }, + "long_description": "RGV0ZWN0IGZhaWxlZCBzc2ggYXV0aGVudGljYXRpb25zIDoKCiAtIGxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUgb24gc2FtZSB0YXJnZXQgdXNlcgogLSBsZWFrc3BlZWQgb2YgMTBzLCBjYXBhY2l0eSBvZiA1IHVuaXF1ZSBkaXN0aW5jdCB1c2VycwogCg==", + "content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBzc2ggYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3NzaF9mYWlsZWQtYXV0aCciCmxlYWtzcGVlZDogIjEwcyIKcmVmZXJlbmNlczoKICAtIGh0dHA6Ly93aWtpcGVkaWEuY29tL3NzaC1iZi1pcy1iYWQKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKIHNlcnZpY2U6IHNzaAogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUKLS0tCiMgc3NoIHVzZXItZW51bQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3Qgc3NoIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdzc2hfZmFpbGVkLWF1dGgnCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudGFyZ2V0X3VzZXIKbGVha3NwZWVkOiAxMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiBzZXJ2aWNlOiBzc2gKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCgo=", + "description": "Detect ssh bruteforce", + "author": "crowdsecurity", + "references": [ + "http://wikipedia.com/ssh-bf-is-bad" + ], + "labels": { + "remediation": "true", + "service": "ssh", + "type": "bruteforce" + } + }, + "crowdsecurity/telnet-bf": { + "path": "scenarios/crowdsecurity/telnet-bf.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "fd1769c247b352916a0400c33668b315a6d7a0ab8e672f339b00d9de2df71229", + "deprecated": false + } + }, + "long_description": "IyMgRGV0ZWN0IFRlbG5ldCBicnV0ZWZvcmNlIGF0dGFjay4KCiMjIyBSdWxlCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDU=", + "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS90ZWxuZXQtYmYKZGVzY3JpcHRpb246ICJkZXRlY3QgdGVsbmV0IGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3RlbG5ldF9uZXdfc2Vzc2lvbicKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmNhcGFjaXR5OiA1CmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiBzZXJ2aWNlOiB0ZWxuZXQKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVl", + "description": "detect telnet bruteforce", + "author": "crowdsecurity", + "labels": { + "remediation": "true", + "service": "telnet", + "type": "bruteforce" + } + }, + "crowdsecurity/vsftpd-bf": { + "path": "scenarios/crowdsecurity/vsftpd-bf.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1", + "deprecated": false + } + }, + "long_description": "IyMgRGV0ZWN0IEZUUCBicnV0ZWZvcmNlIGF0dGFjay4KCiMjIyBSdWxlCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDU=", + "content": "dHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvdnNmdHBkLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEZUUCBicnV0ZWZvcmNlICh2c2Z0cGQpIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdmdHBfZmFpbGVkX2F1dGgnCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KbGFiZWxzOgogc2VydmljZTogZnRwCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQ==", + "description": "Detect FTP bruteforce (vsftpd)", + "author": "crowdsecurity", + "labels": { + "remediation": "true", + "service": "ftp", + "type": "bruteforce" + } + }, + "ltsich/http-w00tw00t": { + "path": "scenarios/ltsich/http-w00tw00t.yaml", + "version": "0.1", + "versions": { + "0.1": { + "digest": "f0cba1520658a1016e9d1952473fa9e78175deef2117d2b921e7d994a6e7a549", + "deprecated": false + } + }, + "long_description": "dHJpZ2dlciBzY2VuYXJpbyB0byBkZXRlY3QgdzAwdHcwMHQgcGF0dGVybiB1c2VkIGJ5IGh0dHAgdnVsbmVyYWJpbGl0eSBzY2FubmVyLCBzZWUgW3RoaXMgcmVzc291cmNlXShodHRwczovL2lzYy5zYW5zLmVkdS9mb3J1bXMvZGlhcnkvdzAwdHcwMHQvOTAwLykKCj4gQ29udHJpYnV0ZWQgYnkgaHR0cHM6Ly9naXRodWIuY29tL0x0U2ljaAo=", + "content": "I2NvbnRyaWJ1dGVkIGJ5IGx0c2ljaAp0eXBlOiB0cmlnZ2VyCm5hbWU6IGx0c2ljaC9odHRwLXcwMHR3MDB0CmRlc2NyaXB0aW9uOiAiZGV0ZWN0IHcwMHR3MDB0IgpkZWJ1ZzogZmFsc2UKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2h0dHBfYWNjZXNzLWxvZycgJiYgZXZ0LlBhcnNlZC5maWxlX25hbWUgY29udGFpbnMgJ3cwMHR3MDB0LmF0LklTQy5TQU5TLkRGaW5kJyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KbGFiZWxzOgogc2VydmljZTogaHR0cAogdHlwZTogc2NhbgogcmVtZWRpYXRpb246IHRydWUK", + "description": "detect w00tw00t", + "author": "ltsich", + "labels": { + "remediation": "true", + "service": "http", + "type": "scan" + } + } + } +} \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..06e4abe --- /dev/null +++ b/README.md @@ -0,0 +1,14 @@ + +> CrowdSec Hub for parsers, enrichers and scenarios. + +# Foreword + +This repository stores most of the official parsers/scenarios/collections for crowdsec. + +The repository is not intended for use as-is, but rather as source of truth for the [CrowdSec Hub](https://hub.crowdsec.net/) and `cscli`. + +Feel free to use the parsers/scenarios here as a source of inspiration. + + +The results of the continuous integration tests can be seen at [CI tests results](https://crowdsecurity.github.io/hub/) + diff --git a/blockers.go b/blockers.go new file mode 100644 index 0000000..e895b52 --- /dev/null +++ b/blockers.go @@ -0,0 +1,142 @@ +package main + +import ( + "context" + "encoding/base64" + "encoding/json" + "fmt" + "io/ioutil" + "log" + + "github.com/google/go-github/github" +) + +type ItemInfo struct { + //Source info (crafted by humans) + Name string `json:"name"` + Owner string `json:"author"` + Logo string `json:"logo"` + //Main infos about repo + URL string `json:"url"` + Description string `json:"description"` + Stargazers int `json:"stars"` + DownloadCount int `json:"downloads"` + ReadmeContent string `json:"readme_content"` + //Infos about last downloadable version + LastVersion string `json:"version"` + DownloadURL string `json:"download_url"` + AssetURL string `json:"asset_url"` + Status string `json:"status"` +} + +//DumpJSON dumps the list to a json file +func DumpJSON(file string, items []ItemInfo) error { + dump, err := json.MarshalIndent(items, "", " ") + if err != nil { + return fmt.Errorf("failed to unmarshal : %s", err) + } + err = ioutil.WriteFile(file, dump, 0755) + if err != nil { + return fmt.Errorf("failed to write dump : %s", err) + } + return nil +} + +//LoadJSON loads a list of blockers from json +func LoadJSON(file string) ([]ItemInfo, error) { + var blockers []ItemInfo + body, err := ioutil.ReadFile(file) + if err != nil { + return nil, fmt.Errorf("failed to open %s : %s", file, err) + } + if err = json.Unmarshal(body, &blockers); err != nil { + return nil, fmt.Errorf("failed to decode json : %s", err) + } + return blockers, nil +} + +//UpdateItem refreshes the item information from github api +func UpdateItem(item ItemInfo) (ItemInfo, error) { + /*Configure client with auth*/ + client := github.NewClient(nil) + /*get main infos about repo*/ + log.Printf("updating %s/%s", item.Owner, item.Name) + repinfo, _, err := client.Repositories.Get(context.Background(), item.Owner, item.Name) + if err != nil { + return item, fmt.Errorf("unable to get %s/%s : %s", item.Owner, item.Name, err) + } + item.Stargazers = repinfo.GetStargazersCount() + log.Printf("Stargazers : %d", item.Stargazers) + item.URL = repinfo.GetHTMLURL() + log.Printf("URL : %s", item.URL) + item.Description = repinfo.GetDescription() + log.Printf("Description : %s", item.Description) + + /*get the readme*/ + readme, _, err := client.Repositories.GetReadme(context.Background(), item.Owner, item.Name, nil) + if err != nil { + return item, fmt.Errorf("Failed to get the readme : %s", err) + } + + content, err := readme.GetContent() + if err != nil { + return item, fmt.Errorf("Failed to get the readme content : %s", err) + } + log.Printf("len(readme) : %d", len(content)) + item.ReadmeContent = base64.StdEncoding.EncodeToString([]byte(content)) + + // Fetch nb downloads of all (pre-)releases + releases, _, err := client.Repositories.ListReleases(context.Background(), item.Owner, item.Name, nil) + if err != nil { + log.Fatalf("Failed to fetch releases : %+v", err.Error()) + } + if len(releases) > 0 { + /*get download count*/ + for _, release := range releases { + for x, asset := range release.Assets { + if x == 0 { + item.AssetURL = asset.GetBrowserDownloadURL() + log.Printf("AssetURL : %s", item.AssetURL) + } + item.DownloadCount += asset.GetDownloadCount() + } + } + } + + /*get infos about latest release*/ + release, _, _ := client.Repositories.GetLatestRelease(context.Background(), item.Owner, item.Name) + if release != nil { + item.LastVersion = *release.TagName + log.Printf("LastVersion : %s", item.LastVersion) + item.DownloadURL = release.GetHTMLURL() + log.Printf("DownloadURL : %s", item.DownloadURL) + log.Printf("len(assets) : %d", len(release.Assets)) + if len(release.Assets) > 0 { + item.AssetURL = release.Assets[0].GetBrowserDownloadURL() + } else { + item.AssetURL = *release.ZipballURL + } + item.Status = "stable" + } else { + /*if has prerelease*/ + releases, _, err := client.Repositories.ListReleases(context.Background(), item.Owner, item.Name, nil) + if err != nil { + log.Fatalf("Failed to fetch releases : %+v", err.Error()) + } + if len(releases) > 0 { + item.DownloadURL = *releases[0].HTMLURL + item.LastVersion = *releases[0].TagName + item.Status = "unstable" + log.Printf("Has only prereleases : %s", item.DownloadURL) + log.Printf("LastVersion : %s", item.LastVersion) + } else { + item.LastVersion = "no release" + item.DownloadURL = *repinfo.HTMLURL + "/tags" + item.AssetURL = *repinfo.HTMLURL + "/tags" + item.DownloadCount = 0 + item.Status = "development" + log.Printf("Has no release : %s", item.DownloadURL) + } + } + return item, nil +} diff --git a/blockers.json b/blockers.json new file mode 100644 index 0000000..b854365 --- /dev/null +++ b/blockers.json @@ -0,0 +1,100 @@ +[ + { + "name": "cs-nginx-bouncer", + "author": "crowdsecurity", + "logo": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAABmJLR0QA/wD/AP+gvaeTAAAJIElEQVR4nO2de3BU1R3HP+fukheQlJdVIAgiFKUIhSoEeeRBEqzN0KGBsRaTEHBaa4UAikAgBAkglPJsxzIdSAhFrGGYKaIhYReiVR61EEWLBErBgoISsLwSILv39A+GsToE9t69zzSff3N+5/fd882es7vn3N+BZppppplmmnEhhYWFSmFhoWK3jnAQdgvQS2rpY8NVVV0BRAhFTPVlba+wW5MeXGdA2rq0eNUjFkjJOL6pf5tQg5N9ub5/2aVND64xIK00raUaVF6QQr4IRDXS7DrIP0R4PXPKx5VftFKfXpxvgESMWJ/+lISXgXtCjKpFUNQ2OvZ3ZWPLgmbKCxdHG5C8Pv0RIVkBJOjs4oBETtmZU/mOkbqMxJEGJP7psc7eoLrwFvO8XrZ5FDmpMqvyuAF9GYqjDMhYkxFTH9EwXQp1Oohog7t35PrgsVsAABKR3HXkmIA3uBXBKBAtTMjiATEwqMrs7j/pfjmr31PVVVVV0oQ8mrD9HZBSPPJhFLkCyWAr8wrYjyLyfFnb37Uy7y102EPy+h93UmhYZOA8r5dtQSmeqxq//YQdyS1/4RlrMmKuRF1/TkhmA62szn9rZL2QYlW9GrngvQlbL1mZ2bo14OY83yL4FyHJBCIsy31HRAsEQ7xK0PL1wZJ3QGpp6g+DqmeFQD5qRb7wEX9XCebtytnxnumZzOw8dW1qR9XjmQtyIuC2Xy2lEGxWGzwv7Jz41qdmJTHFgITXx0RH11+cJCT5QGszclhInZCsDrS8VlQ1tuqy0Z0bbkBycVqGEGIV0NXovu1FfiYQs3zZFRsQGLY+GGZAUknaAAWxHBhqVJ8O5X2pyryduZW7jegsbAPSN6TfEwiKQpATcMo3a/ORQrAZEXzel+X7dzgd6TZgzOtjIs7XX3wGyUtAbDgiXEydkOI3V1q2XrxnbFm9ng50GXBjnldWgLxPT3wT5JSAfD3rgyYDktel9xcKy4FhmuT9nyAk+0DJ840v3xtyTKgNU9anr0WSQ5if5wfHJ5DZezQ92/UgyhtFXUMdJy+c4oMzH/JGzTbOXP4inO516QCoqT3C5kNb2HMy5LFrDBVBiT+7YkIojUM3oCQ97I9eEwfk8sT3xzb694AaoKS6lD9/XIY07pOeJh2vfvQa6w6UhJ3Dn1MR0tha9u10cHzCbQcfwKt4mTggl18P/JVtOp7s8wSDOg80Lf+3scyAzN6jQ247qlcGWX3H2aZDi9ZwscyAHu3u19Q+q984RvXKsEVHz3Y9Dc/bGJYZEO3VvsX77CPPMKSLsRtloeiIaWH0dnTjOPoXSkUozBw2g9539bZbimk42gCASE8E85PnEh8Xb7cUU3C8AQCxkbEsSVtEh5j2dksxHFcYANAhpj0LRxTRKsIh28gG4RoDALq16Uph0hxaeMw4NmQPrjIAoN/dfZn+6DSEsP1IkyG4zgCApG6JPD0gpJ9aHI8rDQAY2zuTnz5o3TdWs3CtAQC/fPhpUrun2C0jLFxtgEAwbfAUBnTsb7cU3TjOgI+//Iem9l7FS8HwfO5r080kRebiOAPy/QUc/+qEppiWES1ZNKKI77a6yxxRJuI4A65cv8Is32zOXjmrKa5dTDuWpC4iLirOJGXm4DgDAM7W1TLTN4fL17UdROsU24milHlEeRt7iNJ5ONIAgBP/OcHcXS/REGzQFPdA+17MHj4Tj3DHESXHGgDw4ZmDLH53KVJq2x8e1HkgkwY9a5IqY3G0AQBVJ95m9b7fa457vOeP+PlDPzNBkbE43gCArTXb2Hxoi+a4nB9kMbJHugmKjMMVBgCsef+P7Djm1xQjEExNmMzgeL3PeZuPawyQSH67ezn7Pz+gKU4RCvnDZvBghwdMUhYerjEAbhzcmldVxD/PH9MUF+mNZH7KPOLjOpukTD+uMgCgrqGOfH8BX1z+UlNcXGQsC1Lmm6RKP64zAOBc3TmmV87gwtULmuI6tg612Ip1uNIAgM8ufU6+v4Crgat2SwkL1xoAcLi2hqK3FxGUji4JdFtcbQDA3lP7WLVX+xc1p+B6AwDePPIWGw9usluGLpqEAQAl1aVsP+q+wolNxgCJZNmelew+ucduKZpoMgYAqFJlwTsvc+jsJ3ZLCZkmZQDAtcA15vjncvLCKbulhESTMwDgwrWLzPLP4Xz9V3ZLuSNN0gCA05dOM9tfQH1A1/PTlmGZAaEMRF1DnaE5j5w7SsHOeQTUgKY4o3XcDssMOFJ79I5tamqPGJ63+vQHLNu9UtNjr2boaAzLDAhlR0vPrlcoVB7bQUl1acjtzdJxKywzYM/Jvbz60WuN/n3jwU3sO/U30/JvPLiJlXtX33EqNFvHt7H0SXm4cWIhs/dovtf+xqOgh8/WsPnQFstedNvoNiR1S2JIl8F0iYsnLiqO+kC94TpCfVJeS62Il5DyeRNKCjcxZD1CLPVnVxSE0lpbtRTnFFt1KpqLhOsaRLvKDTsVAfulZIp/fMVfdcTqRCKSS0ZmCiGXAl109+NuTgtkYZuYuLV6L4oIexoxueS8UzGsFL5h87gJly44FUMvCzJ8oJJK0wYqKitADDK6b5uplsg8o69DMec/9euLdxYDd5uSwzpMvRDI1KkixKunnEoDyFfMvvLEkrn6NpevOZVtEiVvZ065tjOQOrB0MEYUj0yUQi4H+lmZVwOfCEVMsfJaREs3ZHzjt1cNPZEwQEA2YE19ytA4hyCvbUxsH6vvpLRtOnDI+tAA8hVxTS3w/cKn7aCpQdg+HyduSL/fq7JQSsZYnNqHqkz255YfsjjvN7DdgJukrE9PApYj6WtmHgmHEXLqzuzKcjPzhIpjNuX92RW7hh5P6G/i+nAeQZ5677U+Thl8cNA74H9JLE78jpfIGVKQB0SG2V0DiOJgRIv8qiffqDVCn5E40oCbpBan9pCKsiCM9cGnQt6unAptFUAsxNEG3CS1ZGSKilwGPBRSgKBGSKb5cireNFdZ+LjCAIDEXYle76cRuRIxH2isLMp5KVjSLjp2ednYsutW6tOLawy4yZCNj7eJuh54UQqm8PVtfAEQ6yJUMbs8t1xbmRWbcZ0BN0krTusVFGIZgEfKqZXjKw/bramZZppppplmtPBfF3sPBXFW2BYAAAAASUVORK5CYII=", + "url": "https://github.com/crowdsecurity/cs-nginx-bouncer", + "description": "CrowdSec bouncer for Nginx", + "stars": 5, + "downloads": 224, + "readme_content": "PHAgYWxpZ249ImNlbnRlciI+CjxpbWcgc3JjPSJodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcy1uZ2lueC1ib3VuY2VyL3Jhdy9tYWluL2RvY3MvYXNzZXRzL2Nyb3dkc2VjX25naW54LnBuZyIgYWx0PSJDcm93ZFNlYyIgdGl0bGU9IkNyb3dkU2VjIiB3aWR0aD0iMjgwIiBoZWlnaHQ9IjMwMCIgLz4KPC9wPgo8cCBhbGlnbj0iY2VudGVyIj4KPGltZyBzcmM9Imh0dHBzOi8vaW1nLnNoaWVsZHMuaW8vYmFkZ2UvYnVpbGQtcGFzcy1ncmVlbiI+CjxpbWcgc3JjPSJodHRwczovL2ltZy5zaGllbGRzLmlvL2JhZGdlL3Rlc3RzLXBhc3MtZ3JlZW4iPgo8L3A+CjxwIGFsaWduPSJjZW50ZXIiPgomI3gxRjREQTsgPGEgaHJlZj0iI2luc3RhbGxhdGlvbi8iPkRvY3VtZW50YXRpb248L2E+CiYjeDFGNEEwOyA8YSBocmVmPSJodHRwczovL2h1Yi5jcm93ZHNlYy5uZXQiPkh1YjwvYT4KJiMxMjgxNzI7IDxhIGhyZWY9Imh0dHBzOi8vZGlzY291cnNlLmNyb3dkc2VjLm5ldCI+RGlzY291cnNlIDwvYT4KPC9wPgoKCgojIENyb3dkU2VjIE5HSU5YIEJvdW5jZXIKCkEgbHVhIGJvdW5jZXIgZm9yIG5naW54LgoKIyMgSG93IGRvZXMgaXQgd29yayA/CgpUaGlzIGJvdW5jZXIgbGV2ZXJhZ2VzIG5naW54IGx1YSdzIEFQSSwgbmFtZWx5IGBhY2Nlc3NfYnlfbHVhX2ZpbGVgLgoKTmV3L3Vua25vd24gSVAgYXJlIGNoZWNrZWQgYWdhaW5zdCBjcm93ZHNlYyBBUEksIGFuZCBpZiByZXF1ZXN0IHNob3VsZCBiZSBibG9ja2VkLCBhICoqNDAzKiogaXMgcmV0dXJuZWQgdG8gdGhlIHVzZXIsIGFuZCBwdXQgaW4gY2FjaGUuCgpBdCB0aGUgYmFjaywgdGhpcyBib3VuY2VyIHVzZXMgW2Nyb3dkc2VjIGx1YSBsaWJdKGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2x1YS1jcy1ib3VuY2VyLykuCgojIEluc3RhbGxhdGlvbgoKIyMgSW5zdGFsbCBzY3JpcHQKCkRvd25sb2FkIHRoZSBsYXRlc3QgcmVsZWFzZSBbaGVyZV0oaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3MtbmdpbngtYm91bmNlci9yZWxlYXNlcykKCmBgYGJhc2gKdGFyIHh2emYgY3MtbmdpbngtYm91bmNlci50Z3oKY2QgY3MtbmdpbngtYm91bmNlci8Kc3VkbyAuL2luc3RhbGwuc2gKYGBgCgpJZiB5b3UgYXJlIG9uIGEgbW9uby1tYWNoaW5lIHNldHVwLCB0aGUgYGNzLW5naW54LWJvdW5jZXJgIGluc3RhbGwgc2NyaXB0IHdpbGwgcmVnaXN0ZXIgZGlyZWN0bHkgdG8gdGhlIGxvY2FsIGNyb3dkc2VjLCBzbyB5b3UncmUgZ29vZCB0byBnbyAhCgojIyBVcGdyYWRlIHNjcmlwdAoKIyMgVXBncmFkZQoKSWYgeW91IGFscmVhZHkgaGF2ZSBgY3MtbmdpbngtYm91bmNlcmAgaW5zdGFsbGVkLCBwbGVhc2UgZG93bmxvYWQgdGhlIFtsYXRlc3QgcmVsZWFzZV0oaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3MtbmdpbngtYm91bmNlci9yZWxlYXNlcykgYW5kIHJ1biB0aGUgZm9sbG93aW5nIGNvbW1hbmRzOgoKYGBgYmFzaAp0YXIgeHp2ZiBjcy1uZ2lueC1ib3VuY2VyLnRnegpjZCBjcy1uZ2lueC1ib3VuY2VyLXYqLwpzdWRvIC4vdXBncmFkZS5zaApzdWRvIHN5c3RlbWN0bCByZXN0YXJ0IG5naW54CmBgYAoKIyMgQ29uZmlndXJhdGlvbgoKSWYgeW91ciBuZ2lueCBib3VuY2VyIG5lZWRzIHRvIGNvbXVuaWNhdGUgd2l0aCBhIHJlbW90ZSBjcm93ZHNlYyBBUEksIHlvdSBjYW4gY29uZmlndXJlIEFQSSB1cmwgYW5kIGtleSBpbiBgL2V0Yy9jcm93ZHNlYy9jcy1uZ2lueC1ib3VuY2VyL2Nyb3dkc2VjLmNvbmZgOgoKYGBgbHVhCkFQSV9VUkw9aHR0cDovLzEyNy4wLjAuMTo4MDgwCkFQSV9LRVk9PEFQSSBLRVk+IC0tZ2VuZXJhdGVkIHdpdGggYGNzY2xpIGJvdW5jZXJzIGFkZCAtbiA8Ym91bmNlcl9uYW1lPgpMT0dfRklMRT0vdG1wL2x1YV9tb2QubG9nCkNBQ0hFX0VYUElSQVRJT049MQpDQUNIRV9TSVpFPTEwMDAKYGBgCgpUaGVuIHJlc3RhcnQgbmdpbng6CgpgYGBzaApzdWRvIHN5c3RlbWN0bCByZXN0YXJ0IG5naW54CmBgYAoKOndhcm5pbmc6IHRoZSBpbnN0YWxsYXRpb24gc2NyaXB0IHdpbGwgdGFrZSBjYXJlIG9mIGRlcGVuZGVuY2llcyBmb3IgRGViaWFuL1VidW50dQo8ZGV0YWlscz4KICA8c3VtbWFyeT5ub24tZGViaWFuIGJhc2VkIGRlcGVuZGVuY2llczwvc3VtbWFyeT4KCiAgLSBsaWJuZ2lueC1tb2QtaHR0cC1sdWEgOiBuZ2lueCBsdWEgc3VwcG9ydAogIC0gbHVhLXNlYyA6IGZvciBodHRwcyBjbGllbnQgcmVxdWVzdAo8L2RldGFpbHM+CgoKIyMgRnJvbSBzb3VyY2UKCiMjIyBSZXF1aXJlbWVudHMKClRoZSBmb2xsb3dpbmcgcGFja2FnZXMgYXJlIHJlcXVpcmVkIDoKCi0gbHVhCi0gbHVhLXNlYwotIGxpYm5naW54LW1vZC1odHRwLWx1YQoKIyMjIyBEZWJpYW4vVWJ1bnR1CgpgYGBiYXNoCnN1ZG8gYXB0LWdldCBpbnN0YWxsIGx1YTUuMyBsaWJuZ2lueC1tb2QtaHR0cC1sdWEgbHVhLXNlYwpgYGAKCkRvd25sb2FkIHRoZSBmb2xsb3dpbmcgMiByZXBvc2l0b3JpZXM6CgotIFtgbHVhLWNzLWJvdW5jZXJgXShodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9sdWEtY3MtYm91bmNlcik6CmBgYGJhc2gKZ2l0IGNsb25lIGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2x1YS1jcy1ib3VuY2VyLmdpdApgYGAKCi0gW2Bjcy1uZ2lueC1ib3VuY2VyYF0oaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3MtbmdpbngtYm91bmNlcikKYGBgYmFzaApnaXQgY2xvbmUgaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3MtbmdpbngtYm91bmNlci5naXQKYGBgCgojIyMgSW5zdGFsbGF0aW9uCgojIyMjIGx1YS1jcy1ib3VuY2VyCgpgYGBiYXNoCmNkIC4vbHVhLWNzLWJvdW5jZXIvCnN1ZG8gbWFrZSBpbnN0YWxsCmBgYAoKIyMjIyBjcy1uZ2lueC1ib3VuY2VyCgotIENvcHkgdGhlIGBjcy1uZ2lueC1ib3VuY2VyL25naW54L2Nyb3dkc2VjX25naW54LmNvbmZgIGludG8gYC9ldGMvbmdpbngvY29uZi5kL2Nyb3dkc2VjX25naW54LmNvbmZgOgpgYGBiYXNoCmNwIC4vY3MtbmdpbngtYm91bmNlci9uZ2lueC9jcm93ZHNlY19uZ2lueC5jb25mIC9ldGMvbmdpbngvY29uZi5kL2Nyb3dkc2VjX25naW54LmNvbmYKYGBgCi0gQ29weSB0aGUgYGNzLW5naW54LWJvdW5jZXIvbmdpbngvYWNjZXNzLmx1YWAgaW50byBgL3Vzci9sb2NhbC9sdWEvY3Jvd2RlYy9hY2Nlc3MubHVhYDoKYGBgYmFzaApjcCAuL2NzLW5naW54LWJvdW5jZXIvbmdpbngvYWNjZXNzLmx1YSAvdXNyL2xvY2FsL2x1YS9jcm93ZGVjL2FjY2Vzcy5sdWEKYGBgCgpDb25maWd1cmUgeW91ciBBUEkgdXJsIGFuZCBrZXkgaW4gYC9ldGMvY3Jvd2RzZWMvY3MtbmdpbngtYm91bmNlci9jcm93ZHNlYy5jb25mYDoKCmBgYGx1YQpBUElfVVJMPWh0dHA6Ly8xMjcuMC4wLjE6ODA4MApBUElfS0VZPTxBUEkgS0VZPiAtLWdlbmVyYXRlZCB3aXRoIGBjc2NsaSBib3VuY2VycyBhZGQgLW4gPGJvdW5jZXJfbmFtZT4KTE9HX0ZJTEU9L3RtcC9sdWFfbW9kLmxvZwpDQUNIRV9FWFBJUkFUSU9OPTEKQ0FDSEVfU0laRT0xMDAwCmBgYAoKWW91IGNhbiBub3cgcmVzdGFydCB5b3VyIG5naW54IHNlcnZlcjoKYGBgYmFzaApzeXN0ZW1jdGwgcmVzdGFydCBuZ2lueApgYGAKCgojIENvbmZpZ3VyYXRpb24KClRoZSBjb25maWd1cmF0aW9uIGZpbGUgbG9hZGVkIGJ5IG5naW54IGlzIGAvZXRjL25naW54L2NvbmYuZC9jcm93ZHNlY19uZ2lueC5jb25mYCwgYnV0IHlvdSBzaG91bGRuJ3QgaGF2ZSB0byBlZGl0IGl0LCB0aGUgcmVsZXZhbnQgY29uZmlndXJhdGlvbiBmaWxlIGJlaW5nIGAvZXRjL2Nyb3dkc2VjL2NzLW5naW54LWJvdW5jZXIvY3Jvd2RzZWMuY29uZmAgOgoKYGBgYmFzaApBUElfVVJMPWh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCAgICAgICAgICAgICAgICAgPC0tIHRoZSBBUEkgdXJsCkFQSV9LRVk9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8LS0gdGhlIEFQSSBLZXkgZ2VuZXJhdGVkIHdpdGggYGNzY2xpIGJvdW5jZXJzIGFkZCAtbiA8Ym91bmNlcl9uYW1lPmAgCkxPR19GSUxFPS90bXAvbHVhX21vZC5sb2cgICAgICAgICAgICAgICAgICAgICA8LS0gcGF0aCB0byBsb2cgZmlsZQpDQUNIRV9FWFBJUkFUSU9OPTEgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC0tIGluIHNlY29uZHMgOiBob3cgb2Z0ZW4gaXMgdGhlIHllcy9ubyBkZWNpc2lvbnMgZm9yIGFuIElQIHJlZnJlc2hlZApDQUNIRV9TSVpFPTEwMDAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC0tIGNhY2hlIHNpemUgOiBob3cgbWFueSBzaW11bGF0ZW5vdXMgZW50cmllcyBhcmUga2VwdCBpbiAKYGBgCgojIEhvdyBpdCB3b3JrcwoKIC0gZGVwbG95cyBgL2V0Yy9uZ2lueC9jb25mLmQvY3Jvd2RzZWNfbmdpbnguY29uZmAgd2l0aCBgYWNjZXNzX2J5X2x1YWAgZGlyZWN0aXZlCiAtIGRlcGxveXMgYC91c3IvbG9jYWwvbHVhL2Nyb3dkc2VjL2FjY2Vzcy5sdWFgIHdpdGggdGhlIGx1YSBjb2RlIGNoZWNraW5nIGluY29taW5nIElQcyBhZ2FpbnN0IGNyb3dkc2VjIEFQSQoKIyBUZXN0aW5nCgpXaGVuIHlvdXIgSVAgaXMgYmxvY2tlZCwgYW55IHJlcXVlc3Qgc2hvdWxkIGxlYWQgdG8gYSBgNDAzYCBodHRwIHJlc3BvbnNlLgo=", + "version": "v0.0.4", + "download_url": "https://github.com/crowdsecurity/cs-nginx-bouncer/releases/tag/v0.0.4", + "asset_url": "https://github.com/crowdsecurity/cs-nginx-bouncer/releases/download/v0.0.4/cs-nginx-bouncer.tgz", + "status": "stable" + }, + { + "name": "cs-wordpress-bouncer", + "author": "crowdsecurity", + "logo": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAABmJLR0QA/wD/AP+gvaeTAAAYRklEQVR4nO1dd3hUVdr/TabX9N4IJCGYkJAECF2T0KSoGLDifrqAfDYQRNT1cZfdz3VXmiiK4u6KIr0LCkozVCEBAmlASMiENNInkymZ/v2RZJhzp9w7KeDzbH5/zT33zHvOPe8973nbORfoRz/60Y9+9KMf/ehHP/rx3wbWg+6AKyQv/yEkKlA802gyjVS1G+Nb1LqINq1BqjOYuEqtgaPVGz0AQMjjmGVCrpHPZRukQm6bj4hfIRZyijlsdk55nfpQ3srHax70szjD74oBics2i2OCQxYqtfpZ5fVtSbfrlVKLpWc0WSxgUKCsbYC/9JpUyN2bU9WyseqTp7S90+Oe43fBgNlrjs9QqHXvXpY3jlKo9ey+bEsq5JqTInyuS4Xc1Yffm/odwOohi3uGB8aAAS9uEiQlhK7Ou904r7JJLXgQfQj3lWiTB/j8u6jS9Hbp+mm6B9GH+86AxGWbxQMCAjdcLG14tr5Vy3VVl+3BQlKkL4YN8EFMsCcGB3shKkAKqZALLxEPYj4HAKDWGaHQ6NGmNeB2vRIlta0oqWnFVXkTrlU0w0wjxwI9hYYRMQFbatS61y+vmKnpvaelx31lwKw1xxddKq1fWdWs5jurE+Itwuy0KGQMDcGEuGB4iXk9arNFrcOp4rs4WViNvRflqFU4H99wX4lubFzAu9sXZa7rUaNu4L4wIGvtyfiqJuWhnNKGKEf3BVw2stKi8MKEGGQmhIDt0TfdMpktOJpfha1nSrE3Rw6dweSwXlq0f1mwn3jm/iWTrvdJR2zQ5wyYtebo0uyi2lUKtd6Dek/M52Be+mC8/VgiQn3Efd0VAvVKLTYcvY51PxVAqTXY3ZcKueb0hJAPflg2+aO+7EefMSD6jcP8CH/LL9nFNQ9TRTCH7YFFU+Px3hPD4Ct1Ko0AADUtGlyr6JDlV+VNkDe0oVWjh0KtR6tGD5PZAomAC5mQCz+ZADFBnogOkiEp0gfj4oIQ6Cl0Sb9B2Y6/78vDhmPXYTSZiXssFjAtOfw3k9CcfmRR3yzSfcKAaSt/CrpT315QVNnsR703Li4IX/xxDIZG+Dj9/5XyRvyQW4H9uXIUVrb0qC9xIV6YlhyOp0YPxMhof6f1rsqb8Po353G+pM7uXmKkT0Okp+fQg+9PtL/ZQ/Q6A2asPBpzo6rlSlmdUmJbzueysfL5kXh9SjxYDlrV6IzYdKoEnx4uROldZW93CwAwKFCGVyYPwfyMOMiE9gqYxQKsO1KI97blQG8kZ0N0oEyVEuubuvP1iSW92adeZcAz606mnb1x93R1i5pQXQYFyrBjcQZSB9pNCLRq9Fj7YwG+PHYdjW3tvdkdp5AJuXh18kN45/EkeIrstayc0gY88+lJyBvaiPIwH7F+/JDA8dsWZeb0Vl96jQFz1p0c/NuNu/nUwc+ID8HetybaPajFAmw9W4rlWy/iruLBeAb8ZQL8dU4qFmTG2WleLWodnlxzHKeKa4nyMB+x/uGhQYlbXs242Rt96BUGPPrRYf+yelXZrdpWqW35EyMisW1RBgRc0rtw624rXv76rN3DPSiMHRyI7157BAMDiO5DZzDhD19kY/eFcqJ8UKBUHRsmjT68fPrdnrbdYwZEv3GYL+JrqwooC+689MH4asE4uzfrh0sVeHHDKbRq9D1tulchEXDx+R/H4A8TYohyk9mCl78+g03ZpOhPjPCpN4pN4UUrnurRg9jp5u5iQIDlGHXwnxgRaTf4JrMF7+/IxZNrjv3uBh8AVO0GvLjhFN7dlkO4LtgeLPxr4XjMGUXakPl3mgNCOZIjPW23RwyY88nxpSeLasbblqXHB2P7ogxi8I0mM/7wRTb+ceAaeupe7isIuGzMGRWFAE8hbtWSWpgHi4XvX0/HpKGhRPnxwuqM2Z8cX96TdrstgrLWnow/UVCZ36q5Z+FGB8mQ+9ETxIJrNJkx9/Ns7Prtdk/62aeYmRqBL+aNRRiNNa5Q65H63n6U19/TjrwlPHP6kKD4vcum3OhO292eAVVNykO2g8/nsrFjcQYx+GaLBc+v//V3Pfj/83AMDiybTDv4AOAl5mHnm5ngce4NW4tK71GjaD/Y3fa7xYCstccXUx1rq19IQ0oUqef/bc8VOw3i94ToIBm+mj/OoWHoDMMH+uHj50cSZRdu1cc8ve7kq93pg9sMSFy2WZxzq/5j27IJQ4Lw6qSHiHo/XKrAh/uudqdP9w1vTksAn+t+AG7R1ASMHRxIlF0oqVszesku144nB+C4+4fIwKAvCy5VWD1oHLYHPntpDPEWmS0W5JTWY/Gj8eBx2JCJeGB7sOAl5oHL9oC3mA8vMQ9SARc/X6vCBzsvEW2MiQ3EB1nJMFssUKj1UGj0UGr10BnM0OqMUOsMVlcBiwV4ifjgcjwgFnAg4LLhJeqgL+ZzcKKgBh8fvObwWcYODnL38a1tfjl/HFLf3Q9DpwPvTpNKkDQ8cj2A+W7RcqfygBc3CbQ8rtI2krVsxlCsnJvmDhkCJrMFgrnfwGS+px7tWpKJ2WkOQwduw2gyQzB3k8Oo2LWVT7p0CtJh6eYLWHe40Hod7CXSi3jeMnfCm26JoKT4sDW2gy8RcLH88SR3SADocEM0KNtRXKXABzsvEYMPAJtP3cKNGgU0OqPbtLugN5pR3azG6h8LnIYky+raHJYzxfuzkiER3HPq1So0vIRIzscu/mIHN0SQhZVXvv2PtiWvTh4CP6l78fQFG8/g21MldoNuix+v3MGPV+4A6GDyAH8Jcj56ws6l4QhvfHMeW8+VQqGmN/ZOFFTjiRGRzDuPDvdE17rhK+Vj4cQ4rPmxwHo/r7zpZcCyhGm2BeMZ8NjHR5+zzV4QcNlYPC2Bec87kTk0xOXgU6FqN6CwsgU/dTKEDiNjAhgNPgBsO1cGrd69WbYvR05cvzUjEULevff4TqNKOHvtiaeZ0mPMAKXWsMz2+ukxAxHsJWL6dytmpkZCxHd77ce2s2WM6j0xPJLRTAE6PJ7rfy52qx/fn74FtY1oDPIS4smRA4g6zar2ZWAIRgwIW7JLmFfRmGhbNnc86bT6/kyp0yC3LcR8DqYmhTHtnxWHr1aiWUW/tkmFXExOZE7/nz9cdSsOYTJb8M2vpCd67vho4vrS7cbkkJc3Mno7GTEgLcznFaXGYK0b7itGenwwUWfNoXyr3KbD7FHuazg6gwl7LjIz6tyhr1Dr8e429+IrG46Ss2bi0FCEeN8b7zatwWNU7MB5TGgxYoBSq59lez1n1EB42Cj+uWUNyL/TjC1nSpmQw4yUCEJuMsVWhvQfc0MMAcCm7BKcvcHMta/SGXCzphUFd5qtZWwPlp3arNIZspjQY8SA8vo2QtfMSAgh7u/pdDccuVrJaDpLBFw8Osx9MXT25l27MKEjyIRcTHFDzFkswBubzttlRThCi6pjgd9LmY3plDGR17clM2mblgGj3z8UerteaQ0VcdgeGBdHWpDHCqoBdOjeOxk63rojhiyWDs2lL+hfq2jG1ydcOzRNZgvKO1+AvRflxL2HhwQTLviyujbZiLd/ojW1aRkQ7COcYWvHpEb5ERkF9UotrlU0Wa+3nGYmJmamRlpzO90BYzGUGum2mPvrnisOk7S6UNGosioaRVUtqGu9F8v2EvMIZ6TZYkFoAGc6XZu0DDCYzYSfISmSNN3P3qgjgiwXS+txs6aVjizEfI5bYqIL16sVuFLeSFtPKuRiSlIobT1bNCjb8dUx59mIV+VNxPW1imbiOpHi1rCwWKPo2qRlgKbdEG97HRviSdwvrrJPnNp6ltlb2h0xBDC3CWaPGug27e9OOU/7yS4iN9rkyckXgTo2aq2RGDtHoGVAs0oXTjQSTDZyo1ph958tZ0oZhR67qw1tP1fGyJqemRLhljYEdMywPMqb3oVsShbH1XKy3mAKA5pV7bR+DloGKDV6IlcjipK6UVJrL27kDW04fZ0+5aS72lCtQoMThfTbvqRCLqZ2g/65m/YZiBWNKhRRZntlk5q4jvInx0apNZAFDkDLAK3eROTwUROsnFmnfS+GmNGf0w0xVOFA1d12tsxuVreoyWenjo1Wb3S5AQVgsgbojYSMkApImm3tjrWG3RfKGTm6uiuGDuTKaXe+dJe+2oEbfOd5+3WH6vSTUvJNNXoTbcP0DNAZiTpU1bHNidrWqtHj4GV614REwMW05HDaelQkhPsQ1rgzSIVct31PnkLyTS6sbEH+nWa7etQZQH05NToj7QLU48QsV4vhltO3GNHojhhy5z9zRrtH309Gxjgcvf2A62dnCloGiPgcwj6nTk8BzzmTf8mvZpR4OzMlwi2jjMWCnQvYJX03jb74cG/i2pl1L6Q8O1Uci/gcWvcwPQN4HGLEqY3IhM430RlNZuz8jV5nF/E5mDqMuRgaHROICD+JtQ06uGv02RqbuWUNTvcrUJ+dakWLeGzaRZDJDCCoUvM6Q31cu72Zeki7K1L+tjevV+lHBUiJQNMOF74n6r42JWVshDyOc79GJ2gZIBVyCZ3MNi0PAG1G2eXbjXb6syNMTw5nFCljsYCsTtevUmvA6kP5di4BR5iREsGIvu2CbbZYXCaWRfiRz15OUV9llLFzBFoG+Ir5hCpD9fPEh5Hy0hGYOOg6jDJ6MTQ6JtDK9AO5crQbTNhyhn6xZ0p/io3hdvZGHaqa1U7rplB2/NyoJsfGV8KX07VHL4IEnCLba6rlOzSSPq9m69lSRjo7EzFhW2fn+Y7FcdtZZq4JOvpeYh4RztzhRPvpwvCB5Ka/klrSLSPkcwpBA1oGcNhsIl5n63oGOrLY6FDVrLbzozgCnTZkq/00trXjeGccolahsf7uCf2skVFW35HRZMY+is+f2pdUSi5sPkUUerBAG+ukZUBFU+tBW4PnSnkTsRCHeIsQF+JFRwbfM7AJ6LQhW+1nX47cmhboDn1XYujZcYOsv48X1qBe6VyFHhLqRRyjoFDrCSeeB4uF0qr2H+n6RMuAyx9l1Q4MlFoXE6PJjDOU+CkTS3ZfjtyhiU+FKzFBih9SPBy4VOHUKmdC30fCxwSbSJ8z48tKhxIDzi6uJcTgoCBZa+Gnj9PuK2ZkCUf5SYg05xMFpCeSiexu0xpwIFdOW8+ZmLAVP7UKDU5fJ18Cjc5olzTlCDOc0J+WHA4Ou2M42g0mHMitcEnnqdGDiOuThaQIjPKTMNKPGTFAIuLts73ec7Gc4HZadABigjzt/kcFE5vAmRiyFT+7frvtcNFlKoYczdjpKRHW30euVrrcx5Y8wBcPhd0TuyazxS5GLBJy9tB2BgwZkFPVslEm4loFbnWzGidtokMsFrBwUhwtneMF1ahpoT+Ox9GMsi1ztuMmu7jWzkfvmD7pouayPTDFRvvp0q6c4QXKTspjBdXEMTieIp45r6D6P7QdAUMGVH3ylDZ5gC+RZE91tL30SKzD7f+2MJkt2M4gq4FqNLFY9xggb2jDhVv1Dv9ntlgYxSGmJ4cTYmh8XJB1QVW1G1wmmAXIhFiQSb5s1LFIifK7LP/2JUbpdoy9oVIhf5Xt9e4L5cTb7C3mY9Gj9Mm6rmKuXRBTtJUxsfeMrx3nb7sMdzIxykR8DiFyZqTe+30gt8JlWvyyxxIJ5t1VaLGfsl54irmrqP9zBsYMOLR80o5wX4lVL2s3mLDupwKizpLpCbTp6oWVLYxcB7YiJyuNXvx0obhKgcu36bMmbOnPsGGGK/oBMiFemTSEKFt9KJ8IPEX4SbT735rESP4DbsUDWJbkgb7f2JZ8eew6GpT3Zpq3mI8PnxlOS4nJW9olhmx9Pzc7z4Gjp08vhqYN6xBDQ0K9EB0kA9ARXj2aX+X0Px8+M5x4+5vadHbJXMkD/Da6cxKjWwGZH07ceCvQU2hVttU6I/55gNyINz9jsN0GNiqYuA7EfA6mDQvH6JhAhPt2iR9m6Sjbz5XRuqlFfA5mpEQQb/++HLndMTVdeHRYOOalDybK/m/vFahs3PPBXiL9LXXLO4w62Qn3ImJHFulGxvhvsy1a/0sxIVI8WCxsfu0Ru/ioLZhmNcweFUW4npnuN65XavFLPr1rYvaoKMy0kf/OXM9eYh6+WkBuZy2404wNlCSu4YP8vnX37Ai3Q5LVav2rYT5iq9wxmsx4/ZtzxMIYFSDFl/PHuaTDRGefnhJhtTivyptw3UEOkjMwCYdOSw7H6E5f1l2FFqccpNKwWMCGeWOtsxDo0Lb+999niVkW4SfR5hfXLGbcwU64zYDLK2Zq0mL9ifMRzt2sw2c/k46/58YOwtLpQ53SOZArp3UdiPkca9DD3d32By/foT0URMjjWBNqd19wbNz9OSsFz4whrd51hwvxWwmpCqfFBixlqnraoltB+T1LJq1Pi/Yn5uvyLTl2nVo5dySeGu04L0fN0HUAdGRF76AxjqjQ6o2MN3QAjteXeemD8ZfZKURZblkD/rQ9lygbExtQsmtx5ldudbAT3c6KCPYTz/QS86xz0GAyY+7nvxK5Mh4sFr579WGnzjom2hDQkfDLZF+APX1m4dCKRpWdcTcjJQJfzh9LlLWodXh63UliofYW800hvtLH3O5cJ7rNgP1LJl3PHBr2lu3CVF7fhllrjqHdZq8Yn8vGvrcmOdx4/WsRM9cBnWvAGU5fr2XEuJ0U4+6lR2Kx962JVucc0GH3zFp9jKDHYgGZicHv7X6z+8eX9SgvaM+SzHWZ8aGnbMtOFdfimXUniQWKx/HAzjcz8WfKdDZbLNh2zvVbarZY3BIltug4l45edd1u04d3HkvCvxdOANdm8E1mC174PNvOAzspIez47jcnMbZ6HaHHiVk1JtXkxEifBtuyg5crsPBfZ4lFjcUCVsxOsVNR6bSh09fvotpFXJYOdGLuRo0C1yqa4SXmYesb6fjHcyMIddNktmDBxjN2W5KSIn3rGu/cmdbtjnWixwwoWvGUPiLA56HYYE9irm/KLsHstcft8kPnjo/G5X/MsoYy6VwHdIEROtysacXFUsfOO6BjcZ+SFIb8VVl4diyp7egMJjz32Ul8S/FfDQqUqSI8ZUmXv15IHwGiQa98LKHk6HeaR55dsEepNr7cpjVYbfWbNa04f7MOjw8fQGTQ+Uj4ePGRWAR7i3HhVh0AlsM0coPJjPkbz0Dj5m52KgQctlNFwGLpOPPBUdb3zJW/4MhV0jUR5iPWjRgUlLT/nczKHnWqEz2eAV3Yu3jyrQlDAieE+YgJ5Tu7uBap7+1HbhkhpeDBYmHhxDiUfvo0BgZKHXo4TxTW9Mphrjt/u+3UxZAeH2x3YNPF0nqkvrvfTuaH+Yh1YwYHjN+9NJ2ZesUAvfq5kIIjm6sfeW7BDrMJLzWrdNYzhRRqPTafvgWJgIu06ADigQVctl1ZF/6+P4+R55QOGr0RKVF+iAt1nTxgtliw9qdCzF2fjWZK5nNssKdqVEzwsB1vZhQ4+Xu30GszoAsHl04tTQjziqYuzHqjGUs3X8D4vxxiNKgWi+PdN+4iPswb7z6ehJhgmct6efImjPvzIby95SKRbQF0LLixYf5R2xY/zMxwcQN9dnx9/IpdvBC2+MiJopoMR8fXvzb5Ibz/5DDa+EFdqxbnS+pwraIZxZUtqGpWo7JJDY3OiFaNHh4eLEgFXEiFXIR4ixAVIEV0oAzDB/kjLcYfATL64+s/3JeHDUeL7VwRLBYwLSniVG25fFJvLLiO0OcfcHjusxOvHMuvWd/Y1m4n7h70Bxw++bEQ638pchgB85HwzZMTw97evjhjbV/24/58wmT1L3E1Le2HLpTWRzu63/UJk+fHR2PS0NAH/gmT0bEBJaG+0sd6YuEyxX39iE/WmmOv5JY1rHX12apgLxGy0gYgIyEUDz8UBG+x6y9s0KFZpcOp67U4WVCDvTnlLjeMRPpJ2sc9FPT2ltfSP+9Ro27gvn/GKnXFIVGoiLc+t7Rh7t1WrctPJDn6jNXAQCkkAi68xTzreW2qdgNa1N3/jFWwl0g/PNrvu/yimkXdcSn3BA/sQ27RbxzmJ0RyV1253Ti/sknl9nmbvYEIP4k2Ocr36wMXFcuxu2enoHcXv4tPGT656th0pVb/3hV506gWte6+fMpQLOCu+vlPUzf/137K0BHCluwSjgjzWaDS6J+UN7Yl365rkzHZV+AKHiwWBgVKlZH+0isSIWdPXkH1f+63mHGF3xUDqIh/e1dQdKDXDABpKo0+vkWtj2xrN0i1OiNXpTNyu/Ywi/gcs4TPMQj5HINUwG3zkQgqxAJ2IZvFyimp1B5ikqXcj370ox/96Ec/+tGPfvSjH/cL/w/RdOpfEcCqbwAAAABJRU5ErkJggg==", + "url": "https://github.com/crowdsecurity/cs-wordpress-bouncer", + "description": "CrowdSec is an open-source cyber security tool. This plugin blocks detected attackers or display them a captcha to check they are not bots.", + "stars": 8, + "downloads": 16, + "readme_content": "IyBDcm93ZFNlYyBXb3JkUHJlc3MgQm91bmNlcgoKIVtDcm93ZFNlYyBXb3JkUHJlc3MgQm91bmNlcl0oLndvcmRwcmVzcy1vcmcvYmFubmVyLTE1NDR4NTAwLnBuZyAiQ3Jvd2RTZWMgV29yZFByZXNzIEJvdW5jZXIiKQoKIyBIb3cgdG8gaW5zdGFsbCB0aGlzIHBsdWdpbiBpbiBXb3JkUHJlc3MKCgotIEdvIHRvIFdvcmRQcmVzcyBiYWNrZW5kCi0gR28gdG8gJ1BsdWdpbnMnIC0+ICdBZGQgTmV3JwotIFNlYXJjaCAiY3Jvd2RzZWMiCi0gTm93IHlvdSBjYW4gYWN0aXZhdGUgaXQgYW5kIHNlZSBhIG5ldyBtZW51IG5hbWVkICJDcm93ZFNlYyIKCiMgV29yZFByZXNzIE1hcmtldHBsYWNlCgpZb3UgY2FuIGZpbmQgdGhpcyBwbHVnaW4gb24gdGhlIFtXb3JkUHJlc3MgUGx1Z2lucyBNYXJrZXRwbGFjZV0oaHR0cHM6Ly93b3JkcHJlc3Mub3JnL3BsdWdpbnMvY3Jvd2RzZWMvKS4KCiMgRkFRCgpMb29rIGF0IHRoZSBbRkFRIG9mIHRoaXMgcGx1Z2luXShkb2NzL2ZhcS5tZCkuCgojIyBEZXZlbG9wZXIgcmVzb3VyY2VzCgotIEluc3RhbGwgV29yZFByZXNzIGFuZCB0aGUgQ3Jvd2RTZWMgcGx1Z2luIGxvY2FsbHkgd2l0aCBkb2NrZXItY29tcG9zZQoKTG9vayBhdCB0aGUgW0luc3RhbGxhdGlvbiBndWlkZV0oZG9jcy9pbnN0YWxsLXdpdGgtZG9ja2VyLWNvbXBvc2UubWQpLgotICBEZW1vIGd1aWRlCgpGb2xsb3cgdGhlIFtEZW1vIEd1aWRlXShkb2NzL2Z1bGwtZ3VpZGUubWQpIHRvIGRpc2NvdmVyIHRoZSBtYWluIGZlYXR1cmVzIHRoaXMgcGx1Z2luIGlzIGNhcGFibGUgb2YuCgotICBIb3cgdG8gY29udHJpYnV0ZT8KCkxvb2sgYXQgdGhlIFtDb250cmlidXRvciBndWlkZV0oZG9jcy9jb250cmlidXRlLm1kKS4KCiMgTUlUIExpY2VuY2UKCltNSVQgTGljZW5zZV0oaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvcGhwLWNzLWJvdW5jZXIvYmxvYi9tYWluL0xJQ0VOU0UpCg==", + "version": "v0.6.0", + "download_url": "https://github.com/crowdsecurity/cs-wordpress-bouncer/releases/tag/v0.6.0", + "asset_url": "https://github.com/crowdsecurity/cs-wordpress-bouncer/releases/download/v0.6.0/crowdsec.zip", + "status": "stable" + }, + { + "name": "cs-firewall-bouncer", + "author": "crowdsecurity", + "logo": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAABmJLR0QA/wD/AP+gvaeTAAAO10lEQVR4nO2deXRUVZ7HP/fVmlRCErJvQkhCEkJCQgFhTQBlCaI20CAgyKBGzWjPONMObqg96sHpFnV6tM/x2GL3uHGOM+fQC3bjQhM2lQ4DjRA3BLUhUAkkgYQkVamqd+ePkJCQKrLUq0p5Tn3+eq/evb/7e+/73l1/7xWECBEiRIgQIUKECBEiRIgQIUIEDDHcDviC1Wo1NBGWrFcceqeitH574EDdcPs0WH5wAoyxzrxOrzrvRIhyYCKg63G4ScBfpGTL14c/3QHI4fFy4PxgBBhrtcahGjYjWA0YBpDlC6R8NiUqbGtVVZXL3/4NlR+EADnWkjlSFVsRJA4h+z5VGpZ+c3jvOc0d04CgFyBn0owcqboPAFE+mDlqcJin19RUXdLKL61QhtuB/pBu9xZ8u/gABU6zfaMW/mhNUD8BuRNLrCrioEbmOoSiK/zq4P6vNLKnCUH9BKhCLNfQnFGq6mMa2tOEoBYAlYnaGpTLRxfNjtbWpm8EtwBCjNfYotmo2BdobNMnglsAZMxgUkdHRzEqPR0hvDdtEjnfZ7c0RD/cDnhj9OzZZprt5q79/LxckhIT2Lv/UzqcHb3SCiG4/54KVixbgk5ROP7NSR564klsdfV97ArEZP97P3CC9glQWlpMXduL5s/j1Zf+k6cff4znn30avb73fXPjgvmsWr4MndJ5OtlZY/j3xx7xZjrLXz4PhaAVQI2MdACYTSZ+Unk3NpuNkydPYC0uYm5Zaa+0t69eCcDB6moOVlcDUJA/juIJhZ5Mmwii8w4aR67mu6qqDoD8cXlERkRw953rWbNqJcePH2fmtJLudJGREaSlpvD2m29QeU8FlfdU8M7bb9GZN9eDZdkMqIE4h4EQtALQeZE64uPisNls2Gw2nE4n2//wexIS4rsTxcaMBOi+6ABbL293HeuNaPGn04MlmAUAaLx48SIjRoxAuVy/nz9/nsbGpu4Etvp6pJRcunRlmqelpfMan7X1XR4QQTZFHdwCCNHwxVdfYzAamFVaRphJclvZOUoN93L0uSPseqKGX66toeHYc5TOKO7ONqVkKlJKDh463MekhLTCwkJLIE/jWuj6TzJ8xCan3mp3OEaZzWb+9Y4Z3DdzG/G6w3x7qpX0BAgzuqk/105RwieUT/iO4vEJxCUXcs8/P8n+T6vZ9sftnswKF6bfNdhOnQn0+XgiaMcBnYgGgPPHnid2XC16nYs2vaAou/OoXgejkwWqBIU2yrK+pCzrSxyndnLkhIUYSyJNrX3vMSFkIVAdyDPxRpBXQTTeNbeOTSu/R690LmqFm0HX45omxQqUHgPfCy2SP1Y1s2C8jefWfOfFsJzrN58HSVALICUNyyfX0eHsP62jA7btVnn5f90UZQsiLb2F6WVXsGD27NlB8fQHtQAKNNjdRv70scppLwuKHU748K8qz73tIjYKHl2nJyu988pbkq/3Zjq2ttmx0C9OD5KguAu8oUraH383ndf/8TQ7D1zivX2SjBSB2QhuCd+dgbMNkmkFgg1r9Rh7nI0zYhYJWc8QHlZBW3u7B+uyAvDYSgeS4O4FpaQtq79onGFKX8NtpU2MS2ugqUWiqhBuEhTlKCyappCRItBdfpZdYQW0pj5LW/JG9AYLp2vP8PU3J/rYFjA2LinlvQZb7bD2hoK6ChJC3Ajg1qVyMXMbptgiphcolBYrTMkXpMVD18yzakjh0nWvcDH7IzqibqJrtbV8/g1ezatCPOP/s7g2QStA9qSSeUiZD2CJCEfqYmge8zvssXeiGpJB6EDocJvzaE3ZxIWcAziil3L1MndRYQEpyUkeyxCIBbmTps7297lci6AUID8/3yhU8XzXflJiZziQVMJpTX2WprwjNBScpaHgLBfG7sYedxdSMXm0JYSgfP48r2W5VV5NsVrDNT6FAROUAnSYIp8GCgAURSFv7Fif7N1UvhCdznNzJyA7UjU861MBPhB0AuRMnLpCwL917ReMG0d0tG9hQQnxcUyfWuL1uBTcP1xVUVAJkF00vQj4DT0q8iU336iJ7R8tLr/WYUVVeaOgYOag1qC1IGgEyMoqNwmdfEtCd30cHR3FnFmzNLFfMmkSyUnXDC1Ndxhcr2lS2CAIGgGUqKZNXb2eLpYvuQWDcSCB0AOwrygsLu938Ls0p3jaHZoUOECCQoCxE6fMQvJAz99iR8ay6sfLNC3n5kULvDbGXUihPp9RUjKUKOwhEQwCKKC8xFW+VKxfi9ls9pJlaMSOjGVOaX9Vmog2uPiFpgVfg2EXYKx16lpgQs/fiicUsnihfwLY1t22EiEElvBw8nK9dG+lWJtdPL3U80FtGVYB0qZNCwO6pgNcAJbwcDZueLB7DVhrMjMymDV9Gq1tbdjq6ln546UYDcarkwmE+iuWL/f7XNmwCmBxcA+SNIDkxISLAA/cX9lfb8Vnbl22BICmpgvs/fgTNj70UwyG3hPDAsbnnDi10q+OMIwCZGWVmyTyQYDw8LCPJIzMGZvNomtMG2hFUWEBo9LTAag9c5bqQ4d54L7KPukkPIqfr9GwCaCMaFwHpAJy3epVJltdvVi3euU1A2u1QgjBTYuutDHv7fiAycXFTBjfJxh7XJa1xOt0qhYMlwAKiA0A4WFhHztdzhkjY2KYOW1qwBwoyL8y5FBVlT9/uJNVK/p2exUp7vWnH8MiQO7EafOATIB/ua/SUX3wsLJw3g19gm79SdaYMb0a+qOf11Ay2dod4NuDxf58qWNYBFCRd17erL/++jk5X359nIXzvK7f+oWwMDNpqSnd+42NFzAZTSSnJF+d1GDQORb5y4+AC5BVPCseuAVAp1N22Wz1SRaLhcyM0YF2hTGjR3Vv6/WdPc5wD4M/IfHbAn7ABRDCtRQwAsTHxZ+qq6vTFRXmB6TxvZoRkSO6t1Mv3/kdnmJghNbvql0h4AIoyO5+5qhRaUKVKlmZmYF2A4CIiIjubWtxEVJK6s95iH+RMtdqtWozK3gVgRVg+XKdlMzp2o2LjY2Oi43lurS0gLrRRUREZ4yu2WRi3ty5nDpd6yWEBV1HR1iEpwO+EtC4oNyTp8epgu6gfZfLPSo7cwxxIz3F8fufyMsC3LhwPpERFnbt3uM1bbte+OVaBfQJcKH26mKcPPntOICYmOF5dVcIQXR0FBXr1wHwyV+9xus2f3N473l/+BDQJ+Du0jpHTrrdmRjlNLy9P573/3YyZceHH7Fwnl8Hm15pbrnEkw8/xIjISBqbGtn/6QFvSY/hpxc7AiaA3GXMRTn7Dpe/9TMl8xJPR6SxafOLmM1mZs+aGShXurllUTmWCAvfnz7Du9u24XZ7fnVMIPf7y4eAhCbKg4Tj1H+IoLu7IwSU5jXzbZ2BX//PYdJSU/0+FhDuC0SdXIql9hH09s/Y800Sz7z0Gjuq9nH2fBPR8fFEREWjSjcddjsAYUYVo0E+ajt15nt/+BSYJ6DN+DKC/Kt/FgKeWnGamtPh/GzTf3C2ro7bV93qNzfMDb9F39b58RXjxfdIb6vD7sjrPi4l6AxGYpPSKC84/+36GcfDxiTYE4WQv6CU6UJo/3al3xthWWXcgBTrvR0PN7l54fbv0Skqr7z2OpueewGXyz9fGDO09q5JrAmH0Ov6XtO8hPM8teRYRmaiPUkIBIgSdpu0iY+5Cr8IIP+ESVaZZ8kq45sI8fP+0ueltlExt/ONxu073ucnDz5MY1NTP7kGj3C39trXKSqq2nsEPsLUwcPX70URV7W5gjLNHUJDAeReYuQe4+Nyj2kvFlMzQu5BiDUDzV85v46MhM5698jRo9xReT9ffPm1Vu5dpu+Ttcb6GQkRrYQZnMzM+DsvLX2P5BEev2zm8bV7X9FsAkbuNv0euNkXG9UnIlj7q2zk5ZvPZDTxxCMbmFOqTQ8p6vhc9O3Hhpq9jlJHitbtgJZVkM9D9cmZl1gxtaF739HhYONTz7Dlv9/01TQAQvp07RLZY/yRJo70QEMBxF4trPx08RliLO7ufSklW954i799dtR349LjPM8gEK/L3Ybi/tMNHC0F+EALK1HhLh5cXNvn92M1X/hsW3H53LBHgbJH7jbdJ3dp04XXTgBLezXg7jfdAFg6pYHi0Vd6LEaDkUkTi3wz6rYj3M0+egZ0VrUvo5iOyl1mn+dQNBNATMIJ9L11h4CiwNMr/o5BL1l6802885tfk5sz9Jc0mltaeHHzg2j8lZpcFLnVVyNajwM0G0FlJ9upnFfHsc8/x2Qa2lqIqqps//P7rF5fQUu9Vp8f7YXPdZp244Aqw2QgQyt7APfeYCPceZS1d1Wyfcf7uN0Dq+GcTicf7PwLd1Tez6bNL9DY1ERhhk6T6rEH34Hq87yJluOAfcAMrex18f05E4t+nofLLUhOSmTB9XOZWjKZ3OxsjMYrMZ3t7XYOHTlC9cFD7Ny9l4bGhl52Xr37RG1ZXnOqBi65kfwXDsfjYgGt/Se/NpoIID+yJGJw2bSw5YmH3xnFtureq2aKojAyJgaj0YjT6aShsRFV9V7H79xYczYttqNPzMngkAdQ5H1ilvP/fLNzBW1mQ3Ud6f6c11sw4UIfAVRV5XxDg5ccfYmNdEb64MI5EA9T6vhtcI6E251HkdRoYssDcZG+t+1GHWFDzLoFxZEjyuyv+2M6WpMnQCzCIfcY5qA6H0GwHtB0kdelYgfaQTSB9NTzcABtIBwg20DYQRolMlogkoE8VSJ1g1uAqgcqRJnjD1qcgzc0j4aS76IjMawE3PNATANK8FUQIbaKUvvqoWa3Wq2GTzbX1BgUmT3ALB+gN6wVMy71/fSuxvg9HE1KBHuMuUhlKoKFdH67eZCCiLtEmX2LT37sNv0S+Kf+i+IFbI4NYoU2o/r+iwswchd6FNNchPgHpFwC9Pcm3klUxwQxB5/+fkTuC7sOt1oNJHhJ4kDwgCh1vOJLOYNlWP9BQ+4lBrdpFUKsAznFQ5LPUOWtYk7Hl9qUZx6Dqj4JohRIBASCWuADJC+KMsdxLcoZDEHzFyadYwnnDFDiADeqqGF2+wEhgutDqyFChAgRIkSIECFChAgRIkSIED9g/h+02l+jofHlGAAAAABJRU5ErkJggg==", + "url": "https://github.com/crowdsecurity/cs-firewall-bouncer", + "description": "Crowdsec bouncer written in golang for firewalls", + "stars": 7, + "downloads": 1144, + "readme_content": "PHAgYWxpZ249ImNlbnRlciI+CjxpbWcgc3JjPSJodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcy1maXJld2FsbC1ib3VuY2VyL3Jhdy9tYWluL2RvY3MvYXNzZXRzL2Nyb3dkc2VjX2xpbnV4X2xvZ28ucG5nIiBhbHQ9IkNyb3dkU2VjIiB0aXRsZT0iQ3Jvd2RTZWMiIHdpZHRoPSIzMDAiIGhlaWdodD0iMjgwIiAvPgo8L3A+CjxwIGFsaWduPSJjZW50ZXIiPgo8aW1nIHNyYz0iaHR0cHM6Ly9pbWcuc2hpZWxkcy5pby9iYWRnZS9idWlsZC1wYXNzLWdyZWVuIj4KPGltZyBzcmM9Imh0dHBzOi8vaW1nLnNoaWVsZHMuaW8vYmFkZ2UvdGVzdHMtcGFzcy1ncmVlbiI+CjwvcD4KPHAgYWxpZ249ImNlbnRlciI+CiYjeDFGNERBOyA8YSBocmVmPSIjaW5zdGFsbGF0aW9uIj5Eb2N1bWVudGF0aW9uPC9hPgomI3gxRjRBMDsgPGEgaHJlZj0iaHR0cHM6Ly9odWIuY3Jvd2RzZWMubmV0Ij5IdWI8L2E+CiYjMTI4MTcyOyA8YSBocmVmPSJodHRwczovL2Rpc2NvdXJzZS5jcm93ZHNlYy5uZXQiPkRpc2NvdXJzZSA8L2E+CjwvcD4KCgojIGNzLWZpcmV3YWxsLWJvdW5jZXIKQ3Jvd2RzZWMgYm91bmNlciB3cml0dGVuIGluIGdvbGFuZyBmb3IgZmlyZXdhbGxzLgoKY3MtZmlyZXdhbGwtYm91bmNlciB3aWxsIGZldGNoIG5ldyBhbmQgb2xkIGRlY2lzaW9ucyBmcm9tIGEgQ3Jvd2RTZWMgQVBJIHRvIGFkZCB0aGVtIGluIGEgYmxvY2tsaXN0IHVzZWQgYnkgc3VwcG9ydGVkIGZpcmV3YWxscy4KClN1cHBvcnRlZCBmaXJld2FsbHM6CiAtIGlwdGFibGVzIChJUHY0IDpoZWF2eV9jaGVja19tYXJrOiAvIElQdjYgOmhlYXZ5X2NoZWNrX21hcms6ICkKIC0gbmZ0YWJsZXMgKElQdjQgOmhlYXZ5X2NoZWNrX21hcms6IC8gSVB2NiA6aGVhdnlfY2hlY2tfbWFyazogKQogLSBpcHNldCBvbmx5IChJUHY0IDpoZWF2eV9jaGVja19tYXJrOiAvIElQdjYgOmhlYXZ5X2NoZWNrX21hcms6ICkKCiMjIEluc3RhbGxhdGlvbgoKIyMjIEFzc2lzdGVkCgpGaXJzdCwgZG93bmxvYWQgdGhlIGxhdGVzdCBbYGNzLWZpcmV3YWxsLWJvdW5jZXJgIHJlbGVhc2VdKGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2NzLWZpcmV3YWxsLWJvdW5jZXIvcmVsZWFzZXMpLgoKYGBgc2gKJCB0YXIgeHp2ZiBjcy1maXJld2FsbC1ib3VuY2VyLnRnegokIHN1ZG8gLi9pbnN0YWxsLnNoCmBgYAoKIyMjIEZyb20gc291cmNlCgpSdW4gdGhlIGZvbGxvd2luZyBjb21tYW5kczoKCmBgYGJhc2gKZ2l0IGNsb25lIGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2NzLWZpcmV3YWxsLWJvdW5jZXIuZ2l0CmNkIGNzLWZpcmV3YWxsLWJvdW5jZXIvCm1ha2UgcmVsZWFzZQp0YXIgeHp2ZiBjcy1maXJld2FsbC1ib3VuY2VyLnRnegpjZCBjcy1maXJld2FsbC1ib3VuY2VyLXYqLwpzdWRvIC4vaW5zdGFsbC5zaApgYGAKCiMjIFVwZ3JhZGUKCklmIHlvdSBhbHJlYWR5IGhhdmUgYGNzLWZpcmV3YWxsLWJvdW5jZXJgIGluc3RhbGxlZCwgcGxlYXNlIGRvd25sb2FkIHRoZSBbbGF0ZXN0IHJlbGVhc2VdKGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2NzLWZpcmV3YWxsLWJvdW5jZXIvcmVsZWFzZXMpIGFuZCBydW4gdGhlIGZvbGxvd2luZyBjb21tYW5kczoKCmBgYGJhc2gKdGFyIHh6dmYgY3MtZmlyZXdhbGwtYm91bmNlci50Z3oKY2QgY3MtZmlyZXdhbGwtYm91bmNlci12Ki8Kc3VkbyAuL3VwZ3JhZGUuc2gKYGBgCgoKIyMgQ29uZmlndXJhdGlvbgoKVG8gYmUgZnVuY3Rpb25hbCwgdGhlIGBjcy1maXJld2FsbC1ib3VuY2VyYCBzZXJ2aWNlIG11c3QgYmUgYWJsZSB0byBhdXRoZW50aWNhdGUgd2l0aCB0aGUgbG9jYWwgQVBJLgpUaGUgYGluc3RhbGwuc2hgIHNjcmlwdCB3aWxsIHRha2UgY2FyZSBvZiBpdCAoaXQgd2lsbCBjYWxsIGBjc2NsaSBib3VuY2VycyBhZGRgIG9uIHlvdXIgYmVoYWxmKS4KSWYgaXQgd2FzIG5vdCB0aGUgY2FzZSwgdGhlIGRlZmF1bHQgY29uZmlndXJhdGlvbiBmaWxlIGlzIGxvY2F0ZWQgdW5kZXIgOiBgL2V0Yy9jcm93ZHNlYy9jcy1maXJld2FsbC1ib3VuY2VyL2AKCmBgYHNoCiQgdmltIC9ldGMvY3Jvd2RzZWMvY3MtZmlyZXdhbGwtYm91bmNlci9jcy1maXJld2FsbC1ib3VuY2VyLnlhbWwKYGBgCgpgYGB5YW1sCm1vZGU6IGlwdGFibGVzCnBpZGRpcjogL3Zhci9ydW4vCnVwZGF0ZV9mcmVxdWVuY3k6IDEwcwpkYWVtb25pemU6IHRydWUKbG9nX21vZGU6IGZpbGUKbG9nX2RpcjogL3Zhci9sb2cvCmxvZ19sZXZlbDogaW5mbwphcGlfdXJsOiA8QVBJX1VSTD4gICMgd2hlbiBpbnN0YWxsLCBkZWZhdWx0IGlzICJsb2NhbGhvc3Q6ODA4MCIKYXBpX2tleTogPEFQSV9LRVk+ICAjIEFkZCB5b3VyIEFQSSBrZXkgZ2VuZXJhdGVkIHdpdGggYGNzY2xpIGJvdW5jZXJzIGFkZCAtLW5hbWUgPGJvdW5jZXJfbmFtZT5gCiNpZiBwcmVzZW50LCBpbnNlcnQgcnVsZSBpbiB0aG9zZSBjaGFpbnMKaXB0YWJsZXNfY2hhaW5zOgogIC0gSU5QVVQKICAtIEZPUldBUkQKYGBgCgogLSBgbW9kZWAgY2FuIGJlIHNldCB0byBgaXB0YWJsZXNgLCBgbmZ0YWJsZXNgIG9yIGBpcHNldGAKIC0gYHVwZGF0ZV9mcmVxdWVuY3lgIGNvbnRyb2xzIGhvdyBvZnRlbiB0aGUgYm91bmNlciBpcyBnb2luZyB0byBxdWVyeSB0aGUgbG9jYWwgQVBJCiAtIGBhcGlfdXJsYCBhbmQgYGFwaV9rZXlgIGNvbnRyb2wgbG9jYWwgQVBJIHBhcmFtZXRlcnMuCiAtIGBpcHRhYmxlc19jaGFpbnNgIGFsbG93cyAoaW4gX2lwdGFibGVzXyBtb2RlKSB0byBjb250cm9sIGluIHdoaWNoIGNoYWluIHJ1bGVzIGFyZSBnb2luZyB0byBiZSBpbnNlcnRlZC4gKGlmIGVtcHR5LCBib3VuY2VyIHdpbGwgb25seSBtYWludGFpbiBpcHNldCBsaXN0cykKCllvdSBjYW4gdGhlbiBzdGFydCB0aGUgc2VydmljZToKCmBgYHNoCnN1ZG8gc3lzdGVtY3RsIHN0YXJ0IGNzLWZpcmV3YWxsLWJvdW5jZXIKYGBgCgojIyMgbW9kZXMKCiAtIG1vZGUgYG5mdGFibGVzYCByZWxpZXMgb24gZ2l0aHViLmNvbS9nb29nbGUvbmZ0YWJsZXMgdG8gY3JlYXRlIHRhYmxlLCBjaGFpbiBhbmQgc2V0LgogLSBtb2RlIGBpcHRhYmxlc2AgcmVsaWVzIG9uIGBpcHRhYmxlc2AgYW5kIGBpcHNldGAgY29tbWFuZHMgdG8gaW5zZXJ0IGBtYXRjaC1zZXRgIGRpcmVjdGl2ZXMgYW5kIG1haW50YWluIGFzc29jaWF0ZWQgaXBzZXRzCiAtIG1vZGUgYGlwc2V0YCByZWxpZXMgb24gYGlwc2V0YCBhbmQgb25seSBtYW5hZ2UgY29udGVudHMgb2YgdGhlIHNldHMgKHRoZXkgbmVlZCB0byBleGlzdCBhdCBzdGFydHVwIGFuZCB3aWxsIGJlIGZsdXNoZWQgcmF0aGVyIHRoYW4gY3JlYXRlZCkKCgoKCgoK", + "version": "v0.0.10", + "download_url": "https://github.com/crowdsecurity/cs-firewall-bouncer/releases/tag/v0.0.10", + "asset_url": "https://github.com/crowdsecurity/cs-firewall-bouncer/releases/download/v0.0.10/cs-firewall-bouncer.tgz", + "status": "stable" + }, + { + "name": "cs-custom-bouncer", + "author": "crowdsecurity", + "logo": "iVBORw0KGgoAAAANSUhEUgAAAuwAAAHACAYAAAD5pj0sAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAATiAAAE4gBo4oJKAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7d1/mJ11eSf++3NmMhMBIfzQVUgiorW1KK6dJjPnTMKOiOtaa11b44/dat1aabWK2l7dar/ttvvDrXa3rVh0FbHbgq7VdK3aKlURZk3mnDPhmvo1iKj1ByURqhQNSAgzmXk++wdhVQSSzJznPM/Meb2ui7+8rvt+/yEzb54593kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO6Tqg4AlK/ZbJ5WFMWjhoeHTy+K4vSIOD2lNJRzPiWl1Kg6H1CtoijuaDQaRc75O41G458WFxdvHxkZuW3Xrl23Vp0NUNhhzZiamho+dOjQE1JKT04pPSUifjwiHhsRZ0fEyZWGA1areyLiHyLipoj4Ys75841G43Pz8/M3zM3N3V1tNBgcCjusYtu2bTunKIoLc84XRsSFEXFq1ZmAgbCYUvpcURRXR8TV69ev3z09PX1P1aFgrVLYYRXZtm3b5sXFxeemlJ4WEf8iIk6rOhNARByKiE5K6dqc88c6nc5nqw4Ea4nCDjXXbDYfFhE/HREvjYhnRcRQtYkAjurGlNIHFxcX/3zPnj1frzoMrHYKO9RTY2Ji4oKU0ksj4nkRcVLVgQCWoYh7n7xfkVJ6/8zMzHerDgSrkcIONXLeeeedeMIJJ1yUUvr1iDir6jwAPXRXSumylNIfzszM3FJ1GFhNFHaogcnJyYcXRfGLEfGGiHhU1XkASrQQER8oiuI/z87O/n3VYWA1UNihQmNjY2eMjo6+Ouf82ojYUHUegD4qIuJ/55x/t9vt3lh1GKgzhR0qMDY2tm5kZOTXI+K3I+LEqvMAVKjIOb+nKIo37tmz5/aqw0Ad+bYJ6LNWq3X+0NDQX0fEiyNipOo8ABVLKaWxRqPxik2bNt2zf//+6yIiVx0K6sQTduiT7du3P3pxcfG/R8S/qToLQI11Ukqvarfb/3/VQaAuFHYoX2o2m6+KiDdFxClVhwFYBRYj4u0LCwu/NTc3d3fVYaBqCjuUaGxs7JSRkZHLI+L5VWcBWIW+GBEv6HQ611cdBKrkM+xQklartWVoaOjqiJisOgvAKnVGRLxs8+bN39q3b9/fVR0GquIJO/ReajabF0fEH4SjUoBeufLgwYOv3Lt378Gqg0C/KezQQ9u2bTt1aWnpioj46aqzAKxBX4iIn+t0Ol+sOgj0k8IOPbJ9+/ZHHz58+KqU0lOqzgKwhn0n5/ycbrc7U3UQ6BeFHXpg27Zt5ywtLX0yIh5XdRaAAXB3SukF7Xb7Y1UHgX5wdAorNDk5+ZNFUVwTEZuqzgIwINZFxAs3btx4y/79+x2jsuYp7LACrVbrgpzzxyPitKqzAAyYRkrpOZs3b0779u2brjoMlElhh2WamJh4TkR8NCJOqDoLwIBKETG1adOmof37919bdRgoi8IOyzA5OTkR95b1h1WdBYD4F5s2bbpj//793aqDQBkcncJxarVaT8o5fyYiTq06yzFYjIgvp5Suj4ivFEVxU0R8I6V0e0rp9pzzPUNDQ177DQPs8OHDI+vWrTuxKIqTi6I4o9FoPDrn/NiU0mNzzk+KiHNjdTycKHLO/6bb7X6g6iDQawo7HIdWq/WYnPNMRJxVdZYHcTgi9kTENY1G49p169Z1pqen76k6FLB67dixY+jmm2/+541G42k556ellM6PiJOqzvUgFnLOz+52u1dXHQR6SWGHYzQ2NnbGyMjI7oj40aqz3M89EfHRnPP77r777k97CyBQpqmpqeFDhw5NpJRenFJ6YUScXnWm+/luURRPm52dnas6CPSKwg7H4Nxzzx05+eSTpyOiWXWW+6SUdkfEFSMjIzunp6cPVJ0HGDxHfjb+VES8NO59w/O6iiPd51uLi4s/ed111+2rOgj0gsIOx6DZbP5RRLy+6hwRkSPiY41G400zMzOOq4Da2LZt2+bFxcVfTym9Imrwmfecc/fw4cPnz83NHa46C6yUwg5HMTEx8TMppQ9Htf++LEXEByPi9zudzvUV5gB4SFu2bHnU8PDwr0XEK6P6z7q/udPpvLHiDLBiCjs8hC1btmwaHh7+bFT7Gc2/yzm/qtvtzlaYAeC4bN++/dGLi4tviYiXVBgj55yf2+12/7rCDLBiCjs8iKmpqeH5+fnpiJisKMKBiPi9jRs3Xrpz586lijIArMjk5OTTiqJ4e0Q8saIIt0XEUzudzjcq2g8r1qg6ANTVwsLCm6K6sv7h4eHhJ3Q6nUuUdWA1m5mZuXbDhg1PjYg3R0RRQYRHRMT7duzY4WWRrFqesMMDGB8fH2s0GrPR/7cBL6aUfrvdbv9B3HtgCrBmtFqtC3LO74uIR/V7d0rpV9vt9jv6vRd6wRN2+GGNlNKl0f+yfnNK6fx2u/2WUNaBNajdbl+TUnpKSulT/d6dc/797du3P7rfe6EXFHa4n2az+YqU0kSf185ExFPb7Xanz3sB+qrdbn/rrLPOelZEvKvPq09eXFz8/T7vhJ7wkRj4Plu3bj19eHj4iznnM/q49m8WFhZeODc3d3cfdwJUrtVq/WbO+c19XJlzzhd0u93pPu6EFfOEHb5Po9H4b30u61cuLCz8rLIODKJ2u/2WlNKvRv+OUVNK6dKxsbG6vJEVjomLaTii1Wo1I+JPok9/eUop/Y9Op/OKW2+91bfAAANr3759123evPnrEfGvoz8/fx85NDT07f3793tbNKuGJ+xwRM75P0X/Pib24bPOOus14bgUINrt9pUR8Zo+rnzj2NjYCX3cByviCTtERKvV2hIRfTlGyjlfe+qppz7vIx/5yOF+7ANYDfbv33/d5s2bT4j+vP/ixEaj8c39+/fv6cMuWDFP2CEics6/1adVnx0aGnruVVddNd+nfQCrRrvdfkNEXNmPXY1G4zfOPffckX7sgpVS2Bl4ExMTT4yIn+nDqgNDQ0PPn5mZ+W4fdgGsRnl0dPSiiPhs6Yty3nTyySe/pOw90AsKOwMvpfTb0Z9/F161e/fur/VhD8CqNT09fU9RFC+MiH483Hjj1NTUcB/2wIoo7Ay0Vqv1uIh4YR9Wvb3T6by/D3sAVr3Z2dm/Tym9qg+rHjc/P/+CPuyBFVHYGWg551+O8o+vP79hw4ZfL3kHwJrSbrffG/35PHs//sMAVkRhZ5A1IuLFJe/IOefXODIFOH5LS0uvj4jbS17TOvLXVqgthZ2BNT4+/vSI2Fjymiu8Ahtgefbs2XN7zvl3Sl6Tcs7/tuQdsCIKOwOr0WiU/e0Adw4PD7+x5B0Aa1q3231XRMyWvOYl0b8X58FxU9gZSOedd96JEfG8ktf8h127dt1a8g6Ata5oNBqvK3nH41ut1kTJO2DZFHYG0kknnfSzEXFSiSu+GRGXlTgfYGDMzMx0I+KTZe4oiuLny5wPK6GwM5ByzqUem6aU/rjT6RwqcwfAIEkpvank+S/csWNH2d8aBsuisDNwjryK+vwSV9wxPz//zhLnAwycdrv9mYjYVeKK02+55Zanljgflk1hZ+CcdNJJWyPixLLmp5QunZubu6Os+QCDqtFovLnM+UtLSxeUOR+WS2Fn4DQajTJ/IOdGo/GnJc4HGFgzMzN/m1LaV9b8lNJUWbNhJRR2BtHTSpy9a/fu3V8rcT7AICuKovhfJc7fPjY2tq7E+bAsCjsDZWpqan1ElPbVXTnnfrxGG2Bg5ZyvKHH8SSMjI1tKnA/LorAzUA4fPtyMiPUljb9n/fr1f1nSbAAiYnZ29gsR8dmy5qeUfI6d2lHYGShFUWwvcfzV09PTB0qcD0BE5JxLeziSc95W1mxYLoWdQfOUsgbnnK8pazYA39NoNK4tcXxpvydguRR2Bs15ZQ0u+RcIAEeMjIxcFxF3ljT+Udu3b39ESbNhWRR2BsZ55513YkScU9L429vt9t6SZgPwfaanpxejxJcoLS0tPbms2bAcCjsD48QTTzwnyvv//GcioihpNgD3k1Iq86+ajy9xNhw3hZ2BkXM+u8Tx15U4G4D7KYpirqzZJf++gOOmsDMwGo3GY0scf32JswG4n5RSmR9DPLvE2XDcFHYGRs55Y1mzU0o3ljUbgB/W6XS+HRHfKmn8Y0qaC8uisDNIHlnS3KX5+fmbS5oNwIO7qaS5viWGWlHYGSSnlTT31rm5ucMlzQbgQaSUvl7S6NNLmgvLorAzSM4oY2hK6ZtlzAXgoeWcbytp9KlTU1PDJc2G46awM0geXsbQnPPtZcwF4KGllMr6+ZsOHTp0Qkmz4bgp7AySdSXNLettewA8hKIo7ihr9sjIyGhZs+F4KewMklJ++KaU5suYC8BDazQapf38XVxcHClrNhwvhZ1BUsoP35zzYhlzAXhoOefSCvvQ0JAn7NSGws4gSWUMzTkXZcwF4KhyWYOXlpZ0JGrD/xkBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhB37A5OTkxNatW59QdQ4A4F4KO/ADlpaWnj40NPSlZrO5u9ls7piamhquOhMADDKFHXgwkxHxwfn5+X+YmJh48/j4+MaqAwHAIFLYgaM5M6X0m41G46vNZvODExMTF1YdCAAGiT91A8dqJCJ2pJR2NJvNGyPiXQcPHrx87969B6sOBgBrmSfswHI8MSLeeuKJJ97SbDbfNTk5eW7VgQBgrVLYgZU4OSIuKori845UAaAcCjvQKz9wpNpsNs+qOhAArAUKO9BrZ6aUfjMivuZIFQBWzp+ugbI4UgWAHvCEHegHR6oAsEwKO9BPjlQB4Dgp7EBVHKkCwDFQ2IGqOVIFgIfgT9FAXThSBYAH4Ak7UEeOVAHgCIUdqDNHqgAMPIUdWC0cqQIwkBR2YLVxpArAQPGnZWC1cqQKwEDwhB1YCxypArBmKezAWnLfker1zWbzU45UAVgLFHZgLUoRcWEcOVJttVq/12q1Hll1KABYDoUd+AHr1q3705zzf4mIf6w6S4+cmXP+3Zzzza1W672tVqtZdSAAOB4KO/ADdu3adWu32/2dO++88zER8YKIuDoicsWxemE05/xvc87tZrP5d61W66LzzjvvxKpDAcDRKOzAA7rhhhsWOp3Ozk6n84yI+PGc89si4q6qc/XIU3PO73KkCsBqoLADR9XpdL7Y7XZfWxTFWSmlX46Iz1edqUccqQJQewo7cMxmZ2fvbLfbl3U6nScXRbE9InZGxGLVuXrAkSoAtaWwA8syOzu7u9PpvGB4eHhzSukNEbG/6kw9ct+R6j5vUgWgDhR2YEV27dp1a7vdfsudd975uPjekepacN+bVD/lSBWAKinsQE/c70j1iWv5SHV8fPzHqw4EwOBQ2IGeW+tHqo1G4/OOVAHoF4UdKI0jVQBYOYUd6AtHqgCwPAo70FeOVAHg+CjsQCUG5Ej1G45UAVgphR2o3Bo+Uj0lHKkCsEIKO1Abg3Skun379kdUHQqA1UFhB2pprR+pLi4u7nekCsCxUNiBWhuQI9U5R6oAPBiFHVgV1viR6k84UgXgwSjswKrjSBWAQaKwA6uWI1UABoHCDqwJjlQBWKsUdmBNcaQKwFqjsANrkiNVANYKhR1Y8x7gSPWGqjP1iCNVgAGgsAMD4/uOVJ/kSBWA1UJhBwbSfUeqjUbjMY5UAagzhR0YaDMzM7c4UgWgzhR2gHjQI9WDVefqEUeqAKuYwg5wP/cdqY6Ojm6MiNenlL5cdaYeue9I9fpms3nV5OTk06oOBMDR+TYBgAcxPT19ICLeGhFvHR8f39ZoNC6OiOfF6v/Z2YiIf1UUxVJEXFt1GAAemifsAMdgDR+pAlBzCjvAcVjDR6oA1NRq/7MuQCVuuOGGhbj3e9x3TkxMPDEifiWl9PKI8E0sAPSUJ+wAK9Ttdm888ibVM1fTm1RzzqnqDAAcnSfsAD0yOzt7Z0RcFhGXrbEjVQAq5Ak7QAke4Ej1G1VnAmB1UtgBSvR9R6rnhCNVAJbBn2kB+sCRKgDL5Qk7QJ/dd6QaEc2IuKmqHCklR6cAq4An7AB95iAVgOPhFwVAH0xOTj485/zinPNrIuJJVecBYPVQ2AFKNDk5+aNLS0v/riiKX46IDVXnAWD1UdgBemzHjh1D+/bt+6mU0sVFUTzdZ8UBWAmFHaBHtmzZ8qh169b9wv79+1+VUtpcdZ5j4D8kAFYBhR1ghcbHx8cajcZrI+JFOed1VecBYG1R2AGWYWpqav38/PwLcs6/llJ6StV5AFi7FHaA4zA+Pv4jKaWXz8/PvyIiTvPxdADKprADHF1jYmLigpTSayPi2eGz3wD0kcIO8CBardYji6L4pUaj8Ss5501V5+mhu3PO70sp/UnVQQA4OoUd4H6OHJFelHN+SUrpYTnnqiP1yldSSpcvLi5evmfPnturDgPAsVHYASLiWc961uiBAwd+JiJeHxHNqvP0UBER10TEZRs3bvzQzp07l6oOBMDxUdiBgdZqtR5XFMUrDhw48EsRcXrVeXroQM75iqIo3rpnz56vVx0GgOVT2IFBdN8R6UU5559NKQ1VHahXUkpzEXHZ/Pz8e+fm5u6uOg8AK6ewAwNjbGzslJGRkZdFxMURcU7FcXppPiI+mnO+pNPpzFQdBoDeUtiBNe++I9KI+PmIOKHqPD30jZTS5fPz85fOzc39U9VhACiHwg6sSd93RHpRRFxYdZ4e+n9HpKOjo381PT29WHUgAMqlsANryuTk5Jk554sOHDjwqoh4RNV5euiOiPhAURSXzM7OfqHqMAD0j8IOrAVpYmLi6Smli4qieF6srZ9tn00pvfOuu+563969ew9WHQaA/ltLv9SAATM+Pn7y0NDQi3LOr42IH686Tw8tRMRHcs6Xdbvdq6sOA0C1FHZg1Wk2mz+Wc35lSunlOecTq87TQ7fmnK/IOV86Ozu7v+owANSDwg6sCueee+7IySef/Nw4ckSaUqo6Ui/NRMQljkgBeCAKO1Br27dvf/TS0tJLc86vjoiNVefpoe9GxPtTSn/Sbrc/X3UYAOpLYQdqaXx8fFuj0bh4cXHxX0fEuqrz9NCXIuJ/jI6Ovmd6evquqsMAUH8KO1Abk5OTD885v/jI0/QnV52nh5Yi4qqc8yXdbvfTEZGrDgTA6qGwA5XbunXrExqNxi8WRXFRRJxadZ4e+sec858PDw+/Y/fu3TdXHQaA1UlhB6rSmJiYeHZK6eKIeHpErJkr0pTSXM75bQsLC++fm5s7XHUeAFY3hR3oq/Hx8X82NDT0spzzqyJic9V5euieiNg5NDT0h7t37/5c1WEAWDsUdqAvxsfHxxqNxmsj4kU557V0RPr3KaX35Jzf3el0vl11GADWHoUdKM3U1NT6+fn5F+Scfy2l9JSq8/RQERHX5Jzf1u12/yYckQJQIoUd6Lnx8fEfSSm9fH5+/hURcdoaesnRt3LO/zMi3tntdm+qOgwAg0FhB3qlMTExcUFK6bUR8exYY0ekEXFZzvnKbrd7qOo8AAwWhR1YkVar9ciI+Hc551+JiLMrjtNL8xHx0ZTSH7fb7U7VYQAYXAo7sCxHjkgvyjm/JCIeVnWeHvpqSundi4uLl+/Zs+f2qsMAgMIOHLNnPetZowcOHPiZiHhdRLSqztNDRURcExGXbdy48UM7d+5cqjoQANxHYQeOqtVqPa4oilfccccdL4+IM6rO00N3HHkT6SW7d+/+WtVhAOCBKOzAg7nviPSinPPPppSGcl4b31543xHp/Pz8e+fm5u6uOg8APBSFHfgBzWbztIh4eUT8SkScU3GcXronIj4YEW9vt9t7qg4DAMdKYQd+QM75lSml/1J1jh66JaX07qGhobfv2rXrtqrDAMDxUtiBtShHxKcj4rLR0dG/mp6eXqw6EAAsl8IOrCV3RsRfNBqNt83MzNxQdRgA6AWFHVgLvhgR7zx48ODle/fuPVh1GADoJYUdWK0WIuIjOefLut3u1VWHAYCyKOzAanNrzvmKnPOls7Oz+6sOAwBlU9iB1WImIi5ZWFj48Nzc3OGqwwBAvyjsQJ19NyLeHxGXdjqd66sOAwBVUNiB2kkpfTki/rTRaFy2e/fu71SdBwCqpLADdVFExMdzzpd0Op1Px73fpQ4AA09hB6r2zZzznw0PD79j9+7dN1cdBgDqRmEHKpFSmouIy0ZGRq6Ynp6+p+o8AFBXCjvQT/dExM6hoaE/3L179+eqDgMAq4HCDvTDV1JKl+ec393pdL5ddRgAWE0UdqAsRURck3N+W7fb/ZtwRAoAy6KwA712IOd8RUT8cbfbvanqMACw2insQE/cd0Sac76y2+0eqjoPAKwVCjuwEvMR8dGIeGu73W5XHQYA1iKFHViOr6WULpufn3/P3NzcP1UdBgDWMoUdOFZFRFwTEZdt3LjxQzt37lyqOhAADAKFHTiaOyLiAznnt3a73RurDgMAg0ZhBx7M36WU3jU/P//eubm5u6sOAwCDSmEHfsDQ0FA7IpozMzPdqrMAAAo7cD8zMzPXVp0BAPieRtUBAACAB6ewAwBAjSnsAABQYwo7AADUmMIOAAA1prADAECNKewAAFBjCjsAANSYwg4AADWmsAMAQI0p7AAAUGMKOwAA1JjCDgAANaawAwBAjSnsAABQYwo7AADUmMIOAAA1prADAECNKewAAFBjw1UHAKA627ZtO7UoiidXnYP+KYritm63e2PVOYBjp7ADDLClpaWtEfG3Veegf1JKH4qIn6s6B3DsfCQGAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpsuOoAAFSn0+l8ampq6mFV56B/vvvd7y5VnQE4Pgo7wGArpqen76k6BAAPzkdiAACgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhZ2CklBZLmjtUxlwAjmpdWYNTSofLmg3HS2FnYOScF0qaO1LGXAAeWpk/fw8fPjxf1mw4Xgo7g6SUH76NRuOEMuYCcFQPK2vw8PBwKQ95YDkUdgbJPSXNPa2kuQA8hEajcXqJ4w+VOBuOi8LOIPlOGUNzzmeUMReAh5ZzLquwH+p0Ogo7taGwMzBSSv9U0uizSpoLwEPbVMbQEn9fwLIo7AyMoihuL2n0w7du3Vrmn2UBeGCPLWNozrms3xewLAo7AyOl9I9lzR4aGnpcWbMB+GFTU1PDEbG5pPGl/b6A5VDYGST/UOLsJ5c4G4D7OXTo0BMiYrSM2Smlr5cxF5ZLYWdgNBqN0n4A55zPK2s2AD8spVTag5KiKG4qazYsh8LOwFhcXCytsKeUxsuaDcAPSyltL3G2J+zUisLOwJidnf1GRBwoafxPjI2NeYESQP9cUNbgnPPny5oNy6GwM0hySqmsH8Lr1q1b1yppNgDfZ8uWLY+KiB8rafz84cOHv1LSbFgWhZ2BUhTF3rJmp5SeWdZsAL5neHj4gohIJY2/cW5u7nBJs2FZFHYGzWdLnP2cEmcD8D1lPiCZK3E2LIvCzkDJObdLHP+jrVZrS4nzAQZes9l8WEQ8t6z5Oedry5oNy6WwM1BmZ2dvjIhvl7jiJSXOBiDieRFxSlnDU0rTZc2G5VLYGTQ5Ijolzn/x2NjYuhLnAwy6ny9x9pc6nc43SpwPy6KwM3BSSp8sa3bO+YzR0dGfKms+wCA78u0wzyhxhY/DUEsKOwMnpfSJMufnnF9X5nyAQTU8PHxxRAyXuOKaEmfDsinsDJyZmZkvRcRXS1wxNT4+vq3E+QADZ2xs7JSIeGWJK3JRFJ8pcT4sm8LOoPqrMoc3Go03lDkfYNCMjo6+JiI2lLiiPTs7+80S58OyKewMpEaj8Wclr3j2xMTET5S8A2AgnHfeeSfmnC8uec2VJc+HZVPYGUgzMzM35Jw/V+aOlNJ/LXM+wKA46aSTfiMiHlHiivmI2FnifFgRhZ2BlVJ6b8krntlqtX6u5B0Aa1qr1Xpczvk3S17zsU6nU+Y7OmBFFHYG1vDw8PsiYqnMHTnnt05NTZ1U5g6AtSznfElErC95jY/DUGsKOwNr165dt0bEp0tes3FhYeF3St4BsCY1m83nRcSzS17z7Q0bNlxV8g5YEYWdQfdnZS/IOb++2Wy2yt4DsJa0Wq1HRsSlfVj1v6666qr5PuyBZVPYGWgbN278YER8rINEGgAACCJJREFUpeQ161JKf7F169bTS94DsFY0cs5XRMSZJe9ZiohLSt4BK6awM9B27ty5lHP+w7L35Jw3DQ0N/XlEpLJ3Aax2ExMTb4iIZ/Zh1fs6nU7ZD21gxRR2Bt6pp576PyPilj6senar1fq1PuwBWLVardb5KaX/2IdVRc75zX3YAys2VHUAqNpXvvKVpc2bN6eI+Jd9WPf0zZs3f2Hfvn1f6MMugFWl2Ww+PiL+NiIe3od1/7vb7b6jD3tgxTxhh4i466673hkRt/Vh1VDO+X0TExMX9mEXwKoxOTl5ZkR8KiIe2Y99RVF4us6qobBDROzdu/dgSultfVo3klL6y/Hx8fP6tA+g1rZt23ZqURSfiIiz+7TyY7Ozs3N92gUrprDDEfPz838UEf/Qp3WnNBqNTzSbzSf3aR9ALTWbzdMWFxc/HhFP6tPKhZzzb/RpF/SEwg5HzM3N3R0Rr+vjykdFxGdardb5fdwJUBtHPgZzbUppoo9r/6jb7d7Yx32wYgo7fJ9Op/PhiPibPq7ckHP+ZKvVen4fdwJUbmJi4olFUXQiom8fD0wp7RsdHX1Tv/ZBryjscD9DQ0OvjYhDfVw5mnP+i2az+drwPe3AABgfH39GSml3RGzu596iKF43PT19Vz93Qi/4Wke4n5tvvvk7GzduHE4pTfVxbSMi/tWmTZv++dlnn/2Jm2+++Z4+7gboix07dgxt2LDhd1NK746IE/q8/pPdbvf/6/NO6AlP2OEBrF+//i0ppS9XsPq5S0tLc61Wa0sFuwFKMzk5eeb+/fuvyTn/bvS/f9wdEb/a553QM/78Dg9iYmLiJ1JK7YgYrWD9QkS8JSJ+v9Pp9PPjOQC9liYmJn6h0Wj8t5zzGRVl+KVOp/OeinbDiins8BCazearI+JPKozwtZTSxe12+2MVZgBYlsnJyR8tiuLtEfH0qjKklD7QbrdfVNV+6AWFHY5iYmLiL1NKP1dxjA9HxBs7nc4XK84BcFTbt29/xOLi4m9FxKsjYriqHCmlL4+MjIw5NGW1U9jhKKampjbMz8/PRcQ5FUcpIuLjKaX/1G63r6s4C8APGR8f/2cppdenlF4T/T8qvb97IqLV6XQ+W3EOWDGFHY5Bq9XaknPeHREjVWeJiBz3Fvc/arfb03FvkQeoTKvVelLO+dUR8bKo5u7nh+ScX9ntdt9ZdQ7oBYUdjlGz2fzFiLg8avTvTUppX875vTnnK725D+inLVu2PGpoaOjFKaWXRMRTq85zP5d1Op1frjoE9EptigesBs1m840R8V+rzvFAUkpzEfG3OedrI6Lt22WAXtqxY8fQLbfc8tSlpaULGo3GhTnnC6Ke73P58MaNG5+/c+fOpaqDQK8o7HCcJiYmLkkpXVx1jqOYj4huznlXSmlvo9HYe+DAga/fcMMNC1UHA1aFRqvV2pRSOjfn/OSIaOWcz4+IDVUHO4rPjI6OPnN6etrL51hTFHY4fo1ms/neiHhx1UGOU5FS+kbOeX9E3H7kn/mIuDvnPF9tNKAiwymlh8e9T8pPP/LPoyNic9TjZud4XD86Onr+9PT0gaqDQK9V9lVLsIoVCwsLvzAyMnJaRDyz6jDHoZFz3hQRm+7/P6Tkv92BVW3/4uLiszudjrLOmtTvVwPDmjA3N3d4dHT0+RFxddVZAAbc1yPiadddd92+qoNAWep4LAKrwk033bRwyimnfGBkZORHUkpPqjoPwAC6oSiKp3e73ZuqDgJlUthhBW677bal/fv3f2jz5s0Pj4hm1XkABsj/WVhYeMZ11113W9VBoGwKO/TAvn37Prl58+Z7IuLp4ZgboGwfiYjn7dmz566qg0A/KOzQI/v27ZvZvHnzrRHxrHAfAlCWd27cuPFln/jEJ3xNLQPDk0DosVartSXn/IGIeGzVWQDWkHsi4g2dTueSqoNAvynsUIKtW7eePjQ09GcR8dNVZwFYA74YES/odDrXVx0EqqCwQ3lSs9m8OCL+IFbfC0gA6uLKgwcPvnLv3r0Hqw4CVVHYoWStVquZc35/RDym6iwAq8hdEfGrnU7niqqDQNUcnULJ9u3bt//xj3/85UtLS+siYmv49w7gaD60uLj4nNnZ2V1VB4E68IQd+mjr1q1PGB4evjTn/IyqswDU0FcbjcbFMzMzH686CNSJwg4VmJiYeE5K6R0RsbHqLAA1sJBz/uP169f/3vT09D1Vh4G6UdihImNjY6eMjo7+Vs75VRFxUtV5ACqwFBEfTCn9Trvd/mrVYaCuFHao2Pj4+MlDQ0OvzDn/+4g4reo8AH1wOCL+otFovGlmZuZLVYeBulPYoSampqZOmp+ff3lE/PuIOLPqPAAlmI97n6j/R0/U4dgp7FAzY2NjJ4yOjr4s5/yyiNhSdR6AHrgpIq5cXFx8x3XXXfePVYeB1UZhhxprNps/llJ6Uc75JRFxTtV5AI7DHRHx0ZzzFd1u99MRkasOBKuVwg6rQ2NiYuL8iHhpo9F4Ts75jKoDATyAu1NKV+ec3zs6OvrXvvEFekNhh1Vo27Zt5xRFcWHO+cKIuDAiTq06EzCQFlNKnyuK4uqIuHr9+vW7lXToPYUdVrkdO3YM7du37ydTSk/LOf9ko9F4cs75ceGNqkDv7Y+I61NKn11aWppeXFycmZubu7vqULDWKeywBjWbzYdFxI/lnB8bEWc3Go2zi6I4M6V0ekScERGnR8T6uPdnwIYKowLVuyvu/ZrFxYi4PSJuTyndXhTFNyPippTS11NKNzUajS/u3r37O5UmhQH1fwFiYtgzpiU5kgAAAABJRU5ErkJggg==", + "url": "https://github.com/crowdsecurity/cs-custom-bouncer", + "description": "CrowdSec bouncer to use custom scripts", + "stars": 1, + "downloads": 81, + "readme_content": "PHAgYWxpZ249ImNlbnRlciI+CjxpbWcgc3JjPSJodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcy1jdXN0b20tYm91bmNlci9yYXcvbWFpbi9kb2NzL2Fzc2V0cy9jcm93ZHNlY19jdXN0b21fbG9nby5wbmciIGFsdD0iQ3Jvd2RTZWMiIHRpdGxlPSJDcm93ZFNlYyIgd2lkdGg9IjI4MCIgaGVpZ2h0PSIzMDAiIC8+CjwvcD4KPHAgYWxpZ249ImNlbnRlciI+CjxpbWcgc3JjPSJodHRwczovL2ltZy5zaGllbGRzLmlvL2JhZGdlL2J1aWxkLXBhc3MtZ3JlZW4iPgo8aW1nIHNyYz0iaHR0cHM6Ly9pbWcuc2hpZWxkcy5pby9iYWRnZS90ZXN0cy1wYXNzLWdyZWVuIj4KPC9wPgo8cCBhbGlnbj0iY2VudGVyIj4KJiN4MUY0REE7IDxhIGhyZWY9IiNpbnN0YWxsYXRpb24vIj5Eb2N1bWVudGF0aW9uPC9hPgomI3gxRjRBMDsgPGEgaHJlZj0iaHR0cHM6Ly9odWIuY3Jvd2RzZWMubmV0Ij5IdWI8L2E+CiYjMTI4MTcyOyA8YSBocmVmPSJodHRwczovL2Rpc2NvdXJzZS5jcm93ZHNlYy5uZXQiPkRpc2NvdXJzZSA8L2E+CjwvcD4KCgojIGNzLWN1c3RvbS1ib3VuY2VyCkNyb3dkc2VjIGJvdW5jZXIgd3JpdHRlbiBpbiBnb2xhbmcgZm9yIGN1c3RvbSBzY3JpcHRzLgoKY3MtY3VzdG9tLWJvdW5jZXIgd2lsbCBwZXJpb2RpY2FsbHkgZmV0Y2ggbmV3IGFuZCBleHBpcmVkL3JlbW92ZWQgZGVjaXNpb25zIGZyb20gQ3Jvd2RTZWMgTG9jYWwgQVBJIGFuZCB3aWxsIHBhc3MgdGhlbSBhcyBhcmd1bWVudHMgdG8gYSBjdXN0b20gdXNlciBzY3JpcHQuCgojIyBJbnN0YWxsYXRpb24KCiMjIyBXaXRoIGluc3RhbGxlcgoKRmlyc3QsIGRvd25sb2FkIHRoZSBsYXRlc3QgW2Bjcy1jdXN0b20tYm91bmNlcmAgcmVsZWFzZV0oaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3MtY3VzdG9tLWJvdW5jZXIvcmVsZWFzZXMpLgoKYGBgc2gKJCB0YXIgeHp2ZiBjcy1jdXN0b20tYm91bmNlci50Z3oKJCBzdWRvIC4vaW5zdGFsbC5zaApgYGAKCiMjIyBGcm9tIHNvdXJjZQoKUnVuIHRoZSBmb2xsb3dpbmcgY29tbWFuZHM6CgpgYGBiYXNoCmdpdCBjbG9uZSBodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcy1jdXN0b20tYm91bmNlci5naXQKY2QgY3MtY3VzdG9tLWJvdW5jZXIvCm1ha2UgcmVsZWFzZQp0YXIgeHp2ZiBjcy1jdXN0b20tYm91bmNlci50Z3oKY2QgY3MtY3VzdG9tLWJvdW5jZXItdiovCnN1ZG8gLi9pbnN0YWxsLnNoCmBgYAoKIyMjIFN0YXJ0CgpJZiB5b3VyIGJvdW5jZXIgcnVuIG9uIHRoZSBzYW1lIG1hY2hpbmUgYXMgeW91ciBjcm93ZHNlYyBsb2NhbCBBUEksIHlvdSBjYW4gc3RhcnQgdGhlIHNlcnZpY2UgZGlyZWN0bHkgc2luY2UgdGhlIGBpbnN0YWxsLnNoYCB0b29rIGNhcmUgb2YgdGhlIGNvbmZpZ3VyYXRpb24uCmBgYHNoCnN1ZG8gc3lzdGVtY3RsIHN0YXJ0IGNzLWN1c3RvbS1ib3VuY2VyCmBgYAoKIyMgVXBncmFkZQoKIyMgVXBncmFkZQoKSWYgeW91IGFscmVhZHkgaGF2ZSBgY3MtY3VzdG9tLWJvdW5jZXJgIGluc3RhbGxlZCwgcGxlYXNlIGRvd25sb2FkIHRoZSBbbGF0ZXN0IHJlbGVhc2VdKGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2NzLWN1c3RvbS1ib3VuY2VyL3JlbGVhc2VzKSBhbmQgcnVuIHRoZSBmb2xsb3dpbmcgY29tbWFuZHMgdG8gdXBncmFkZSBpdDoKCmBgYGJhc2gKdGFyIHh6dmYgY3MtY3VzdG9tLWJvdW5jZXIudGd6CmNkIGNzLWN1c3RvbS1ib3VuY2VyLXYqLwpzdWRvIC4vdXBncmFkZS5zaApgYGAKCiMjIFVzYWdlCgpUaGUgY3VzdG9tIGJpbmFyeSB3aWxsIGJlIGNhbGxlZCB3aXRoIHRoZSBmb2xsb3dpbmcgYXJndW1lbnRzIDoKCmBgYGJhc2gKPG15X2N1c3RvbV9iaW5hcnk+IGFkZCA8aXA+IDxkdXJhdGlvbj4gPHJlYXNvbj4gPGpzb25fb2JqZWN0PiAjIHRvIGFkZCBhbiBJUCBhZGRyZXNzCjxteV9jdXN0b21fYmluYXJ5PiBkZWwgPGlwPiA8ZHVyYXRpb24+IDxyZWFzb24+IDxqc29uX29iamVjdD4gIyB0byBkZWwgYW4gSVAgYWRkcmVzcwpgYGAKCi0gYGlwYCA6IGlwIGFkZHJlc3MgdG8gYmxvY2sgYDxpcD4vPGNpZHI+YAotIGBkdXJhdGlvbmA6IGR1cmF0aW9uIG9mIHRoZSByZW1lZGlhdGlvbiBpbiBzZWNvbmRzCi0gYHJlYXNvbmAgOiByZWFzb24gb2YgdGhlIGRlY2lzaW9uCi0gYGpzb25fb2JqZWN0YDogdGhlIHNlcmlhbGl6ZWQgZGVjaXNpb24KCjp3YXJuaW5nOiBkb24ndCBmb3JnZXQgdG8gYWRkIGV4ZWN1dGlvbiBwZXJtaXNzaW9ucyB0byB5b3VyIGJpbmFyeS9zY3JpcHQKCiMjIyBFeGFtcGxlczoKCmBgYGJhc2gKY3VzdG9tX2JpbmFyeS5zaCBhZGQgMS4yLjMuNC8zMiAzNjAwICJ0ZXN0IGJsYWNrbGlzdCIKY3VzdG9tX2JpbmFyeS5zaCBkZWwgMS4yLjMuNC8zMiAzNjAwICJ0ZXN0IGJsYWNrbGlzdCIKYGBgCgojIyBDb25maWd1cmF0aW9uCgpCZWZvcmUgc3RhcnRpbmcgdGhlIGBjcy1jdXN0b20tYm91bmNlcmAgc2VydmljZSwgcGxlYXNlIGVkaXQgdGhlIGNvbmZpZ3VyYXRpb24gdG8gYWRkIHlvdXIgQVBJIHVybCBhbmQga2V5LgpUaGUgZGVmYXVsdCBjb25maWd1cmF0aW9uIGZpbGUgaXMgbG9jYXRlZCB1bmRlciA6IGAvZXRjL2Nyb3dkc2VjL2NzLWN1c3RvbS1ib3VuY2VyL2AKCmBgYHNoCiQgdmltIC9ldGMvY3Jvd2RzZWMvY3VzdG9tLWJvdW5jZXIvY3MtY3VzdG9tLWJvdW5jZXIueWFtbApgYGAKCmBgYHlhbWwKYmluX3BhdGg6IDxhYnNvbHV0ZV9wYXRoX3RvX2JpbmFyeT4KcGlkZGlyOiAvdmFyL3J1bi8KdXBkYXRlX2ZyZXF1ZW5jeTogMTBzCmRhZW1vbml6ZTogdHJ1ZQpsb2dfbW9kZTogZmlsZQpsb2dfZGlyOiAvdmFyL2xvZy8KbG9nX2xldmVsOiBpbmZvCmFwaV91cmw6IDxBUElfVVJMPiAgIyB3aGVuIGluc3RhbGwsIGRlZmF1bHQgaXMgImxvY2FsaG9zdDo4MDgwIgphcGlfa2V5OiA8QVBJX0tFWT4gICMgQWRkIHlvdXIgQVBJIGtleSBnZW5lcmF0ZWQgd2l0aCBgY3NjbGkgYm91bmNlcnMgYWRkIC0tbmFtZSA8Ym91bmNlcl9uYW1lPmAKYGBgCgpZb3UgY2FuIHRoZW4gc3RhcnQgdGhlIHNlcnZpY2U6CgpgYGBzaApzdWRvIHN5c3RlbWN0bCBzdGFydCBjcy1jdXN0b20tYm91bmNlcgpgYGAK", + "version": "v0.0.6", + "download_url": "https://github.com/crowdsecurity/cs-custom-bouncer/releases/tag/v0.0.6", + "asset_url": "https://github.com/crowdsecurity/cs-custom-bouncer/releases/download/v0.0.6/cs-custom-bouncer.tgz", + "status": "stable" + }, + { + "name": "cs-cloud-firewall-bouncer", + "author": "fallard84", + "logo": "iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAABmJLR0QA/wD/AP+gvaeTAAAgAElEQVR4nO3deXhV1d3o8e865+QkOZkDIQwJQ4AQQAEZFGQKJCCzghynqq9tb23f2/pW66PtbXvvS/WtVatgqx2uvtqq19sBfdtah15FHOoMVBEIyCyCEKaEISM5Z90/NmkpAjlrn33OPsPv8zx5gGQPK5uzf3vtNfwWCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQiUm5XQDhrOrqap83u6QSX7hShVV/pRgQ1pQr6A50O/nlBzKBwMndGgGt0UcU6gRQj9Z7UGovsAetd6F86zqa6re89tprHa78YiImJAAkNzVz/uVDwlpNUFpP1HguAD0MyIrR+dpQ1IFer8PqLY9Hr3z5uWe2xOhcIg4kACSZ6vlXd/eFOmai9BxgJlDiZnkU7NaaldqjXvCHjv/xxRdfbHOzPMKMBIAkULNwYTd1wrMIra4EqgGv22U6I60/RfGlFc8/s8LtoojISABIUEuWLPG8tWZ9LWG+ouFSIMPtMkWoXWt16SsvLP+L2wURXZMAkGAmLliQFwhnfklr/W9Ahdvlsam+I6AGvbZ8+XG3CyLOzed2AYSlev7V3X26/VZC6msaXeh2eaJU6msOXwE85nZBxLlJAHDZ3LnXFLWp9m8RPvFNUHlul8c5ajwSABKeBACXVFdX+3y5JV9r0+0/QFPsdnkcp3SsuiKFgyQAuKBm7qJpCs9DaD3M7bLETFhtc7sIomsetwuQTmprgwUz5i3+icKzAkjdmx+4687vjtZaX+x2OcS5SQ0gTmrmBGeh9GNa08vNcmT6/WRlZRIIBAgEsgmHw7S2ttHW3k5bWxtNTc1Rn2PKxPGMG33BAmCB1vot4B7gOaWUjvrgwlHSDRhj1dU3ZGXkHr9Ha24iDtfb78+gX3k5ZX16UVbWm/KyPpT16UVpjxJyc3LweM5d6Wtrb+fAgUMcPHSI/fsPsnPXp2zfsZNtOz6hsfFIl+cfNHAA9/7H/yIvL/f0H60FlgJPKaVCdn8/4SwJADE0ffaVA5Un/IxCj4zVObxeL1VDBjNqxHBGnX8ew4YOwe+PzZihAwcPsfajDXz40XrWrtvAvvr9f/9ZIDubObNqueHaK8nMzDzXYT4CblJKvRGTQgojEgBipHZucC7oJ4Eip4+dkZHBReNGUzt9CqNHjSA7y50G90OHG/h09x6ys7Oo6N+PjAyjwLMcKxDUx6h453TL27qYEFehmQ4MwpohuU0p3g138NQD09RON8oVbxIAYqB2TvA2lL4bhxtZh1ZVUjttCtOmTDxTFTsZHQH+HXgoHq8Fwd9rb1kvpqG5Hricf0yHPpM1KB7OUPzm3knqWKzL5hYJAA6qrq72+QLdH0TxNaeOqZRiyqQJXHPFQioG9HfqsIlmFXC1UrHpOrzlTT2cENcBN6AoNdy9FfgziicLOnhxyTSVUvkQJAA4ZPbs2ZknPDm/BxY4cTyfz8v06slctXgh5WW9nThkojsG3KiU+q0TB7v5Dd1Laa5AcT0w2oljavhMaZ5WHh5bOlmtdeKYbpMA4ID58+cHWkKZf0Ax04njVU++mP92w7WUlro61d8tTwJfVUq1mO540ws605fHTDTXAZcR2xmUdUrxxAnNYw9OUQdieJ6YkgAQpZM3/wsopkZ7rPKy3nzja19m9KgRThQtmX0AXK6U2hHJxrf+VY8Jh7kexTVYqc/iqR14SSmeOJ7NHx8eq07E+fxRkQAQhWAw6G9o5g+g50RznEy/nysWX8rVwYWmLempbB8wRyn1wZl+eNOruizDxxe05svA4PgW7awa0Cz3eHny/knqTbcLEwkJADZVV1f7fDndnyHKd/6K/v34/ne+lS7v+aaOA4uUUi8D3PK2zlYh5mnNjUANif35rVOa5crHr+6fqD5xuzBnk8gXMKHVzFv8kNJ8PZpj1E6fws1fv7GrgTNpTUPbyt3c9fx2+pys4idb/2cYWKkUT3qaeea+S1ST2wU6lQQAG2rmLb5dae6xu38gO5tvfv1GpldPcrJYKWV/C3ywH1bth8OtbpfGMUeAZ1E8sWwSr5AAcyMkABg6OcLvWWwO8inp3o0f3fF9+vUtc7hkya+lAz48CKvrYedRcP3uiK1daH7j8/HIjye6N3VaAoCBWbOu6t/h7ViNtbiGsb7lffjRHd+nR0m8G6oTV1jD1iPWTf/RQWgPu10iV7g26lACQISqq2/I8uY0vWt3Ys/Qqkp++O//I1WG8EZtz3Grev+3/XDcxY6zgA8uODnc4oMD0OzuOL8m4A8oHi+YxMolSsU8HEoAiNCMeYt/ojX/ZmffMReMZMn3biMrK70b+462w4cHYPV+2O1ivmCPgkEFMLYURnQH/8mXuZCGTQ1WbWT9IevfbonXqEMJABGYMX/xTB3mL9i4XlWVg7j3rn93bcae2zrC8HFjYtxUpQEYVwrjekCe/9zbntoeseNofMp3DjEbdSgBoAvVl11W6DvhqwPzTD79+pax9J47yM9LoWS/Edp9HFbVw98OQJPLVfyR3WFCLyiz+fZV32z9Lqv2w7F2Z8tnyPFRhxIAulA7d/GjwJdM9+verZgHfvwflPZIn/H8jW3WDf/ePjhgPJLfOT4PVBZaT/vzuoHXoU+5BrY0JkyDpSOjDiUAnMPJ7L2vYHidAtnZ/PT+u9Kiq+9EGOoOwzt7rZvDza67slwY2wPG9ICcGI+obu2A9YetYOD2700Uow4lAJyFNdS35APQ55nu+51bb6Jm2pRYFCshaKx++tUnq/htLmb4K/BbN/xFPaEk250yNLRZPQjv7IVD7g5aMh51KAHgLGrnLr4J+KnpfvNmz+CbX78xBiVyX6KMzvN5YHix1Yo/tMhq1U8EiRQYiXDUYYJcusRysuFvK4YDfir69+OnS+8i099FE3MS0Vhdd2/sgU9cTIylgEGFVhV/RHfITMwF0v+uLWS1E6zeD1vdf0XYiubRjkx+/uB49U99GhIAzqB23uI70XzfZJ/MzEx+8ZN7U2pWX9MJeGQD7HLxxi/Jtm76saVQlKTDKBrarFrB6v3uNo4Cu0Ka2p9OVVs6vyEB4DTV86/u7guf2A4Y9d198bqruebKRTEqVfyFNDzwoTViL96yfTCqxOqv758f//PH0s6j1ivUhwessQYu2OX1Mu6+iWo/yMpAn+PT7beartJbXtab4KL5sSqSK1bVx/fmV8Dgws+Pzks1/fOtr4UVrg2Q6hsOcRtwG0gA+CcTFyzII6SMM/r+61e+mHKZfFbFKVt/rxzrST8mgtF5qaSzIXN4sTW4aM3JxtW9ccgWoOEraH07SmkJAKfIDvm/DBSa7DNtykTGjRkVoxK5Z38M31WzfTCqu/W0H5BiVXw78vxQXWZ97Wu2agWr6uFY7EZQFnzrDcqWwqcSAE5asmSJ581V628y2cfn8/Llf/lCrIrkKqeH73oVDClyfnRequkZgHkDYE7/f0yTXnvQGnDlJOWhBxIA/uHNVetmgKow2Wd69eR0Td0dsc4JOBeWQm5qvSXFlEdZw5krC2HhwNglSpEA0El5voKO/NJ6PB6uWrwwhgVKXvl+awLORT2hd47bpUl+2T6Y0NP62t9sjTp0ajCWBACgZuHCbrRro+y+kyeOT6k+/2gl6ui8VNMjAJf0g5n9nBl1KAEAUCc8izBcReaaK+Tpf6o7xkNWgo/OSyUKqwF1QD7Mr4Dvvm3vOCna22pGo64y2X5YVWUqL9Rpi9z87onm2qd9AKief3V3pc2W9aqdHvUqYEIkhLR/BfDqE5cAEcdQn8/H1MkTYlgi4RYNrDtoze8PaStv4HndwJ/CtZu0DwBKM9tk+wkXjU3LFF+priMMv9oIGw//43vv7rNu/vO7WSMVKwtTr3Ez3QOAArMlvWumTY5RUYSbXtn9zzd/p/aQNUx3zX5rxN7oEisY2M0vmGjSOgDUzr2yCkIRj+Txer1cMPL8WBZJuCSSuQ/H2uH1PdZXacCapjy6R/JOU4Y0DwCa8MUmNbqqIYMJZLuUd0rEVIPhoJr6Znh+J7ywEyoKrFrByO7WoJ1kkmTFdZaH8ARtkBJh1IjhMSyNcJPd4bUa2HbE+vqvbbHJRhxLaR0AtFKjTf7nR40wzg8q0kjHyQzJdYetmkDnyMjBhYmbeSdtA0B1dbUPzdBIt/f7MxhWNSSWRRIppKXDSgG2er/VRnBBibuZi88mbQOAN7ukEnTE63X1LS/D75fpbMJcQxus3G199cuDqX1gZEli1ArSdiSgx4vR47y8rE+siiLSyCfH4IlN8JMP3V0yrVPaBgAdDhsN5i/vIzP/hHN2HYP/vd7dxVIhjQOA8iijAFAmU3+Fw3Yft6bzuiltA0BYU26yfVkf48WBhejSO/vcPX/aBgBQRqv+9OzRI1YFSUimDVQu12ST1j4HsgDbufY6TBjSOAAowkbJ/AKBBOu/iTGv4Scj5O5S2UnLictmJ2FoGFohjQMAqKJIt8z0+/F6U3hO6BlkGH4ynM5amy58DvQFdti59mFaIK0DABE/0rOyIx4ukDJMA4CtD6EwrmmdiZ1rnyE1ACJehyYdJwD5pAYQF07UAOxce0+H1AAiDgDZaRgA5BUgPrIdGFxq59o3n5AaQMQv9V4n6mlJRl4B4iPXgcH4Nq59+MHZtEN6BwBxDqYBoNVmXvp0F3CgBtBqvsx4K0ppkAAgzsI01fSx9tiUI9UFHKgBHDWfU3Ck8y8SAMQZ5RumuToqAcCWQgfSiR1tM97ls86/JP104OrqG7IyAk1VYQ9D0LpSKV0Fngq0zgFygKKTf6bR6vPRyze8WhIA7Cl2oIfZxjLiezv/knQBoLq62ufPKRmp0bUaVQvHJ2nIUp3jIbVCBqZGzzQAxHAt+5TmREJRG8E3uQJAMBj0Hm5iOkpfr2BhGH1yzVm50WNFagDx4UQNIGUDwPQ5i/p58fz3hmb9BaWQjBxxZFwDkABgzO9xpg3AtPal4O9zEBMyANTOvbxCKfVNrfmqhiTOup68TAPAwVarPpYIaa6SRc+c6K+XBg63GO+0p/OvCRUAps++cqBHdfwQVFBr6aFwU16G9eGM9CWrPQSNbcm9SEa89QxEf4yGVmg3HAikVYLVAILBoL+xWd+iCS0BlXAzb/LzUmQdKAM+DxRlwWGDBTPqmyUAmHAiANQ3m++TqdjS+XfXn7I1c4KzGpr1Bg13Awl38wMMqhjgdhFcUWr4Ad1v48OYzpxYX9A0AGj47O7JqqHz367VAILBoL+xRf9Ya30TCfzq6PF4qK2Z6nYxXNEzcOYFM8+m3vRdNI15FJQ7sMi06TVXUHfqv10JALVzL69oaNa/A8a6cX4TwUUL6N/XKH1gyughNYCY6Z0DmQ7kmDF+BdAuB4DaucG5oJ8CCuJ9bhMej4fgogV86fqr3S6Ka0zfUfc2SU9ApAbkR38MjY0AoNh46j/jGgBmzAneoNGPxOO8mZmZZGVlEsjOJicngFKRfSzz83IZVDGAGTXV9OtbFuNSJrbSgFlPQHMHHGiBHumXPsFYhQOPv/pmawkyE2G3agA18xbfrrW+mxg8IMr69GLUiPMYNLCCsj69KC/rQ3FRodOnSTtZXijItLr3IrXzqASArniUtWBotHYeNd/HF3YhANTOXXw3mm87dTylFOcPH0rt9KmMGzOK7t2KnTq0OE2vHPMAcGFp7MqTCspznZkG/Mkxs+01fHb/NHXw1O/FPADUzFt8u1M3f0F+HgvmzeKS2mmU9jDK6i1sGpBv1hOw0/BDmY6qIs5HfW6mNQAFb53+vZgGgBlzgjecrPZHpbi4iOCiBcybNYOsLBlpEk+mjVX1TdZ7aXZCDDFLTEMdqLC2dNjoddFxDAA1cxbP00o/QhTv/D6fl4UL5nLdNUGysxJyjFDKK88Dr4p8EUuNVTV16imXagoznen/33nMfC5sWPP26d+LSQConXt5BfBkNMcfWlXJt276Kv379XWuYMKY32ONWDN539zSKAHgbEaVONMKvrmh621O01Sk+eD0bzo+FHjMmBszUJ6nAFvtnEopFi6Yw9K7fyA3f4Lob/gaUGfQZpBuRhitSHl2Nq7xe0umqc91GjpeAyjudfg+rRlvZ99AIJvv3nYzF40b7XSxRBQG5MPre7rerlN9MxxqhW7y1vZPirOgnwMDgA61WuMtTJypARAcrgHUzAnO0pqb7OxbWFjAfT9aIjd/AhqQb15tNek5SBcXljpT/bdTwwrFOgBUV9+QpZR+EBu/Y2mPEh64904GD6xwqjjCQXl+6GM4c22T+TtqSlPAGIdWmLcRXJtbAvz1TD9wLAD4co9/Bxhkul9BQT4/uuP79Ondy6miiBgYbth1taXRPFFFKhtU6MwrUXsIth7pervTvPzwWHXGTkNHAsD02VcOtDPYJ5CdzY9+8D3Ky3o7UQwRQ8MMG69OhOFjqQX83USHnm8bG8yXAtPw3Nl+5kgAsNJ4mSXzUErx3dtvZvAgqfYng7JcKDDME7hmf2zKkmyKMuE8h1r/bVxT7ffwwtl+GHUAuGRBcBBKLTbdL7hovjT4JRGF+Qi2usPms9VS0ZQ+1gSgaDV32GpbWXXvJPXZ2X4YdQAIdejvYrDSLliDfL543TXRnlrEmWk7QEcY1h7sertUlul1bnLUhwdsrASs+fO5fhxVAJh56VXlKL5gso/X6+Xmb9yIz+dAOhQRV4OLzFcNTvfXgEm9nZsXYedaKnj+XD+PKgDoEx3fwHDNvUWXzqWif79oTitc4vfAMMNawPYjZpmFU4nfC1MdWs6moc3W/P/NS6fw4bk2sB0AgsGgVxs+/YuLi7jumqDdU4oEMM6wOquB1WlaC5jYC3IznDnW+/tsLYT3OEqdczfbAaCxVdeA2XJdwUULZFZfkqsqsgYGmXh7b+SzCVNFpheqHXr6hzS8va/r7U4TVponu9rIdgAIh7nOZPv8vDzmzqq1ezqRIDwKRhvmYjnann6NgdPLzAPl2XxwwNbaiyuXTlWfdrWRrQAQDAb9Chaa7HPp/Fny9E8Rdlq13zxrR1Tqyfc79+4P9q6dgscj2c5WADjSFBoP5ERcGKWYWVNt51QiAfXKgT4R/+9bdh6FXWmSLmx2f6sB0Ak2r9vx1hB/jGRDWwEg7PFMN9l+xHnD6Fnq0EwIkRBMGwMhPWoB5bkwzsGPus1rtvzn09TxSDa0FQC0VtNMtq+ZNsXOaUQCG1tq/pT74IBZhuFk41EQHOzMqD+wuv5stp38MtINjQPAhGAwW6EvMtln7OiRpqcRCS7gM3/ShTSs6LJZKnlN7OXMgp+dXt5lo/dE8ddlU9T7kW5uHABymxgCRJyat6xPL0q6OzQTQiSUKX3Mkz+8ty81BwYVZlrv/k5paINV9bZ2XWaysXEACHsYYrL9qBHnmZ5CJImSbBhuGNtDGl5JsVqAwqr6Zzk4uv0lO09/2LF7L8+a7GAcADzaLADIdN/UZqe76/361KoFXNwLhjqYBbmhDVbbePprWLb8ChUy2cc4AGgVNgoAZX0k2UcqG1gAfQ3z3KdSW0C3LJg/wNljvvSJrad/Y3uIX5nuZBwAlFZGbzplkuor5U22EePfr7extHWC8Sr4whDn+vwB9jXDKnuz/h6OtOvvVOY1AFTEiY39/gyKi2WFiFR3QYm1lLiJsIb/2hab8sTLggrzNRO68qft1rUx1BRqZ6md89kYB6AjrvAFAoafCpGUPAousbGGy5ZGWHfI+fLEw7Bia66/k9YetJlHUbHsJ7XKVp+BnYFAkQeAbBn7ny5GltjrA//TdhtZblzWI9uq+js03gewkqj+eYetXRszsff0B3sBIOL/5qysbBuHF8lIAbNt5Hk53AqvGaw65LYsL3xxmPOrH6/81F7PiIJ7756sbOdfdnxtwFOFQpIRMp0MLYaKAvP9VnyaHEOEPQquqzJv7+jK4VZ4dbetXfd5WvhpNOe2EwAibmlsaUmhzl4Rkbk2RsO1h+C3m21lvHFMJOP3Fw40z4zcFQ08vdXeIioa7rrvEtUUzfntBICIJyc2txiuYCiS3oB887yBAJsbrbRXbinuorlqRl/nFvc41bt7bS+jtj10nIejPb+dABBxasLm5hY6OuQ1IN0sHAg+G5+sP223RsG54VwTmy7qCbNikMe2oQ2etdfwB4qbH5yjor5aNv6bVMQBIBwOs3efvRkNInl1y4KaMvP9Wl18FZheDiO6f/7740ohOMjZFn+wfsffb4E2o4G7FgV/XDZZnTPff6TM2zJV+BO0mhjp5rv37KW8zMH8SCIp1JTD3w6Yr2O/pdGaMTi+Z2zKdTZeBTcMtarjHzdYN+jQIhgSo3Fs7+y1vXZis0fzLafKYT4SUKtNJtvv+tRe86ZIbj6P9Spgx5+2w36Xmo+qiuDSCrisInY3f32z7T5/0Nx531Rld+/PMX8FUGqzyebr6z42PoVIDVVFZ65Wd6UtBL/emJrLi7ef/N3sVP2BzR1NZvP9u2I+HTiM0R390boNhEL2fluR/C6rsHLkm9rXBM9sdb48blu+1fYkKK3CfM2Jhr9TGQeAE805m4CIC9Hc0sKWrdtNTyNSRGGm/emyq+rhXRe7Bp329l77ayVq+OXSavWqsyWyEQBee+3XrWjeNdnnzXciTlEmUtDFveyNDQBrxuBu40muieezJqttww4N29pD3O5siSx2hwIbRaIVK18nHE7BFzoRsSsH21snryMMj2+EphPOlylejp+Ax+qsCT82dCi4xs5c/0jYSwuuWGmy/aHDDXz40Xo7pxIpIs9vBQE7DrXCIxuSs1HwRNi6+e2mQNNwh0mWX1O2AkBxQL2HwZwAgGef+392TiVSyPBu9vv3dx2D33zs7nwBUxr43WZby3p3HmB1c4C7nSzT6WwlM6qrqwtVDBk6FFTECf937/mMSRdfRFGhjeliImUMLrQSXzTbGCFe32y9ElQmSZKpP++Ad+w3YjYpD5c8NEEdcLBIn2N7OrAOe7pcevifttea3z79B7unEynC77Wm1GbY/OSt3G2Nokt0b++F16IYA6c1X1062WzMjR22A8DkC4e/gtZGuV1fff0tNm1Owc5dYaQs18qjb9cz2+CjBF5ufO3B6PIdalj6wFT1lHMlOjvbAWDJkiVhlPq/JvtorfnZLx9F62R6kxOxMLaHvWzCYCXNfHITrE/AfILrDsH/2WQrsWenVwpDfNvBIp1TVAmNK6qGb0bzDZPjHDx0mOLiIioH2xwoLlLGkCLYftReC7nGqgX0ybVy9CWCTQ1Wl6WNnP6dPumAS+6tjk2X35lEFQC2b647UlE5rD9wgcl+a9etZ9KEiygocDinskgqSlkDhNYehBYbjYKdQaAs11qmzE2bGqzuvigSnLZ6FLMemKLi+o4cdU7AcNh7F2D039fa2saddy+lrb092tOLJJeTYU3DtdsoGNLWU3dzo7PlMuHAzQ+aL98/Wa1xrFARinpNkx1bNzRUVA4bCpxvsl/jkSMcPHSYiy8ah1JOp1sQySTfD71zrJqAndpzWMMHB6xaQK8cx4t3Th8dhMc3RX3z/89lU9XPHCuUAUcWNeo/uGq1UupGwGiw57btO+kIhbhgpFHsECmoR8DKy2e3YU8D6w5a3YwD4vRm+dfPrIE+UTT4oeEXD0xVcWv0O50jAWDHlo1HBlQO8yqYZrrv+g0bycvNZeiQKPqFREronWNl5916xP4xNjdag4yqip1P49VJYy3g+dzO6I6j4I+79/HFuuU/cK1bzLFlDceOGv5uawdXAMYpIFb/bS0azcjzhztVHJGkBhZASwg+iTj39OftOmb1LAzrFlm6bxNhbc3pfz3axUwUr3YcZ+GvLlOuTnNyLADU1dWFBg4ZthnNtdgIvh+tq6O5uYUxF4yUNoE0N6TISgm2L4rVgz9rsoLI0CLnVu9tOjmrz4FBSGsyPMxaVqNcXx/ZwYWNYfvmum0VlcMKgAl29t+4aTNbtm1n7OiRZGZmOlk0kUQUcF432H0MDkaxtsyhVqthsaLAamiMxu7j8It1sCeqZTgA2Oj1MuPHk+wv5+UkRwMAQFH+pJXZuS21QLmd/Xfv2curr7/JkMpB9CixkVBOpASPglEl1gQgmym0AGt8war9VgCws3gpWFl8fl0HTdEvcVGnoXbpZHsr+caC4wFg79414Yqq4S+j+RfA1vCM5uYWXlrxGocOH+b84cPw+21kkhBJz6OspKKHW60qvV1hDRsOw9F2q3Ew0naBjrCVxee5nVGN7uu0pr2dmgenKZtJwWLD8QAA1gjBgUOGrgd1JVEMNtqydTsvrXyd4sICBvTvK20DaUgpK49AQ1t0QQCsavzmBhhUAIEunikHWuDROmtsvwPe6vAz86EpysXhSmcWkwAAsH3zxi0DhgzbrmAhUfTItLS08uY777Pi1TcAGFTRH683ZsUWCUgpq02gpcNq4Y/GkXYr0WimF/rmf/6DqbF+/uuN9rP4nOb1DA9zl12soix5bMT0TtqxuW5dxeDhzShmRHus48ebWLXmQ1565TWOHD1Gt+JimUuQRhRW9b0tyi5CsF4JNjVYwWRw4T/Slh9phyc2wht7HKnyAzyPj0vvnxjdCr6xFPNH6fYtdW8PHDwsE8VkJ47X3NzC+g0befb5v/Du+2vYf+AgCkVRcSE+qRmkNIW12EhOBnzcGH16sIOt8H49FGVZXY7/uQH2OtQxpxQ/Kwhxw91TVEJPeInbS3XtnOBtKH1PrM7p92fQr7ycsj69KCvrTa+epWRnZREIZJOTE8Cjop73JCKQm5tDaY8SPJ7YXu+PG+CJTfZmEcZYSCm+t3SyusftgkQirq1qtXZ+SzgAAANFSURBVPMWX4/mUewsSiqSRl5eLrXTpnDd1UHy8mz2vUXgQIv11DZdgDSGjivF1Usnq+fcLkik4lpn3r65bm3/QcNWK8UcbHYRisTX3t7Opo+38Pqb73Dx+HHk5sZmil5OBowusd7lGxxdMMuW3drLjGWT1BtuF8RE3F+ad2yt21o5cMTvtCd8MSDrhqew401NfLS+jjmX1MasC9fvtYJAY3v03YR2KXjD66V26UQVRSZAd7jSarZ16/rGMaOGP9F6glxgPHF+FRHx09DQSP++5fTvZ2tgaEQ8Cs7vBt2yrdmADrXgR0KjebAph2sfHJ+Y3Xxdcf3Gq5kTnKFU+CFQlW6XRcRGzbQpfOfWm+JyrgMtVuPgnlhn1dPUA9cvm6peivGZYsr1frMdW+q2DxnU/5Ew/jYUEzBMKiISXyCQzawZ0+NyrpwMuLAUWkPwaeyeySt8YS65v1qtjdkZ4sT1GsCpZs4PDgiH9Z3AVSRAcBKOeWXF80/Xxvukt7yhLwUeA2yuTfw5HUrzw/wp3LFEqSRcqfDzEqpz/KU/L9+x4vmnr/V6VZVCPwok9CAKEbF1bpx02RT1p44QIzU868Dh1mgv45ZOVUtS5eaHBKsBnG7mpVeV6xMd/6rR16JU7FqRREx5tB7/0gvPvOdmGW75q56P5udAmeGuLUrxg/wO7l8yTSXesKMoJXQA6LRkyRLP2+9tqNYefb2GRUCe22USEfv9iuefvtLtQgB8+2Vd0O7nDhTfILLa7+tKcWM81uhzS1IEgFONGXNjRnGPgxeGPZ7pCqZjdSNmuV0u8XlasdIfylz44otP2V0gOyZufVNPCod5GBh6lk0aUHxn2SQeQamUXscu6QLA6WbPnp0Z9mZVhbW3UqMqNbpKoQZoyFXoPKAQyAWiTAolInQM1Eeo8ONF2Z7Hli9fHnK7QGey5FWddcTDzSiuAgYACs024HeeMP95/zSVwMuPCiGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBAiMv8fEXkhdG5DOgcAAAAASUVORK5CYII=", + "url": "https://github.com/fallard84/cs-cloud-firewall-bouncer", + "description": "Crowdsec Cloud Firewall Bouncer", + "stars": 5, + "downloads": 25, + "readme_content": "PHAgYWxpZ249ImNlbnRlciI+CjxhIGhyZWY9Imh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2Nyb3dkc2VjIj48aW1nIHNyYz0iaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3Jvd2RzZWMvcmF3L21hc3Rlci9kb2NzL2Fzc2V0cy9pbWFnZXMvY3Jvd2RzZWNfbG9nby5wbmciIGFsdD0iQ3Jvd2RTZWMiIHRpdGxlPSJDcm93ZFNlYyIgd2lkdGg9IjQwMCIgaGVpZ2h0PSIyNDAiIHN0eWxlPSJtYXgtd2lkdGg6MTAwJTsiPjwvYT4KPC9wPgo8cCBhbGlnbj0iY2VudGVyIj4KPGEgaHJlZj0naHR0cHM6Ly9naXRodWIuY29tL2ZhbGxhcmQ4NC9jcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyL2FjdGlvbnM/cXVlcnk9d29ya2Zsb3clM0FidWlsZCc+PGltZyBzcmM9J2h0dHBzOi8vZ2l0aHViLmNvbS9mYWxsYXJkODQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci93b3JrZmxvd3MvYnVpbGQvYmFkZ2Uuc3ZnJyBhbHQ9J0J1aWxkIFN0YXR1cycgLz48L2E+CjxhIGhyZWY9J2h0dHBzOi8vZ2l0aHViLmNvbS9mYWxsYXJkODQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci9hY3Rpb25zP3F1ZXJ5PWJyYW5jaCUzQW1haW4rd29ya2Zsb3clM0F0ZXN0cyc+PGltZyBzcmM9J2h0dHBzOi8vZ2l0aHViLmNvbS9mYWxsYXJkODQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci93b3JrZmxvd3MvdGVzdHMvYmFkZ2Uuc3ZnP2JyYW5jaD1tYWluJyBhbHQ9J1Rlc3RzIFN0YXR1cycgLz48L2E+CjxhIGhyZWY9J2h0dHBzOi8vY292ZXJhbGxzLmlvL2dpdGh1Yi9mYWxsYXJkODQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlcj9icmFuY2g9bWFpbic+PGltZyBzcmM9J2h0dHBzOi8vY292ZXJhbGxzLmlvL3JlcG9zL2dpdGh1Yi9mYWxsYXJkODQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci9iYWRnZS5zdmc/YnJhbmNoPW1haW4nIGFsdD0nQ292ZXJhZ2UgU3RhdHVzJyAvPjwvYT4KPGEgaHJlZj0naHR0cHM6Ly9nb3JlcG9ydGNhcmQuY29tL3JlcG9ydC9naXRodWIuY29tL2ZhbGxhcmQ4NC9jcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyJz48aW1nIHNyYz0naHR0cHM6Ly9nb3JlcG9ydGNhcmQuY29tL2JhZGdlL2dpdGh1Yi5jb20vZmFsbGFyZDg0L2NzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXInIGFsdD0nR28gUmVwb3J0IENhcmQnIC8+PC9hPgo8YSBocmVmPSdodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL01JVCc+PGltZyBzcmM9J2h0dHBzOi8vaW1nLnNoaWVsZHMuaW8vYmFkZ2UvTGljZW5zZS1NSVQteWVsbG93LnN2ZycgYWx0PSdMaWNlbnNlOiBNSVQnIC8+PC9hPgoKPC9wPgoKPHAgYWxpZ249ImNlbnRlciI+CiYjeDFGNERBOyA8YSBocmVmPSIjaW5zdGFsbGF0aW9uLWFzLWEtc3lzdGVtZC1zZXJ2aWNlIj5Eb2N1bWVudGF0aW9uPC9hPgomI3gxRjRBMDsgPGEgaHJlZj0iaHR0cHM6Ly9odWIuY3Jvd2RzZWMubmV0Ij5IdWI8L2E+CiYjMTI4MTcyOyA8YSBocmVmPSJodHRwczovL2Rpc2NvdXJzZS5jcm93ZHNlYy5uZXQiPkRpc2NvdXJzZSA8L2E+CjwvcD4KCiMgQ3Jvd2RTZWMgQ2xvdWQgRmlyZXdhbGwgQm91bmNlcgoKQm91bmNlciBmb3IgY2xvdWQgZmlyZXdhbGxzIHRvIHVzZSB3aXRoIFtDcm93ZHNlY10oaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3Jvd2RzZWMpLgoKOndhcm5pbmc6IFRoaXMgaXMgbm90IGFuIG9mZmljaWFsIENyb3dkc2VjIGJvdW5jZXIuCgpUaGUgQ2xvdWQgRmlyZXdhbGwgQm91bmNlciB3aWxsIHBlcmlvZGljYWxseSBmZXRjaCBuZXcgYW5kIGV4cGlyZWQvcmVtb3ZlZCBkZWNpc2lvbnMgZnJvbSB0aGUgQ3Jvd2RTZWMgTG9jYWwgQVBJIGFuZCB1cGRhdGUgY2xvdWQgZmlyZXdhbGwgcnVsZXMgYWNjb3JkaW5nbHkuCgpTdXBwb3J0ZWQgY2xvdWQgcHJvdmlkZXJzOgoKLSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0gKEdDUCkgTmV0d29yayBGaXJld2FsbDpoZWF2eV9jaGVja19tYXJrOgotIEdvb2dsZSBDbG91ZCBQbGF0Zm9ybSAoR0NQKSBDbG91ZCBBcm1vcjpoZWF2eV9jaGVja19tYXJrOgotIEFtYXpvbiBXZWIgU2VydmljZXMgKEFXUykgTmV0d29yayBGaXJld2FsbCA6aGVhdnlfY2hlY2tfbWFyazoKCiMjIFVzYWdlIHdpdGggZXhhbXBsZQoKQSBjb21wbGV0ZSBzdGVwLWJ5LXN0ZXAgZXhhbXBsZSBvZiB1c2luZyB0aGUgYm91bmNlciBkb2NrZXIgaW1hZ2Ugd2l0aCB0aGUgR0NQIHByb3ZpZGVyIGlzIGF2YWlsYWJsZSBbaGVyZV0oZG9jcy9leGFtcGxlLWdjcC5tZCkuCgojIyBVc2luZyBEb2NrZXIKCllvdSBjYW4gcnVuIHRoaXMgYm91bmNlciB1c2luZyB0aGUgW2RvY2tlciBpbWFnZV0oaHR0cHM6Ly9odWIuZG9ja2VyLmNvbS9yL2ZhbGxhcmQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlcikuCgpZb3Ugd2lsbCBuZWVkIHRvIGNyZWF0ZSB0aGUgY29uZmlndXJhdGlvbiBmaWxlIGFuZCBtb3VudCBpdCBvbiB0aGUgZG9ja2VyIGNvbnRhaW5lci4gQnkgZGVmYXVsdCwgdGhlIGJvdW5jZXIgd2lsbCBsb29rIGZvciB0aGUgY29uZmlnIGF0IGAvZXRjL2Nyb3dkc2VjL2NvbmZpZy5kL2NvbmZpZy55YW1sYCBidXQgdGhpcyBjYW4gYmUgb3ZlcnJpZGRlbiB3aXRoIHRoZSBgQ09ORklHX1BBVEhgIGVudmlyb25tZW50IHZhcmlhYmxlLgoKIyMgSW5zdGFsbGF0aW9uIChhcyBhIHN5c3RlbWQgc2VydmljZSkKCiMjIyBXaXRoIGluc3RhbGxlcgoKRmlyc3QsIGRvd25sb2FkIHRoZSBsYXRlc3QgW2Bjcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyYCByZWxlYXNlXShodHRwczovL2dpdGh1Yi5jb20vZmFsbGFyZDg0L2NzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXIvcmVsZWFzZXMpLgoKYGBgc2gKJCB0YXIgeHp2ZiBjcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyLnRnegokIHN1ZG8gLi9pbnN0YWxsLnNoCmBgYAoKIyMjIEZyb20gc291cmNlCgpSdW4gdGhlIGZvbGxvd2luZyBjb21tYW5kczoKCmBgYGJhc2gKZ2l0IGNsb25lIGh0dHBzOi8vZ2l0aHViLmNvbS9mYWxsYXJkODQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci5naXQKY2QgY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci8KbWFrZSByZWxlYXNlCnRhciB4enZmIGNzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXIudGd6CmNkIGNzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXItdiovCnN1ZG8gLi9pbnN0YWxsLnNoCmBgYAoKIyMjIFN0YXJ0CgpJZiB5b3VyIGJvdW5jZXIgcnVuIG9uIHRoZSBzYW1lIG1hY2hpbmUgYXMgeW91ciBjcm93ZHNlYyBsb2NhbCBBUEksIHlvdSBjYW4gc3RhcnQgdGhlIHNlcnZpY2UgZGlyZWN0bHkgc2luY2UgdGhlIGBpbnN0YWxsLnNoYCB0b29rIGNhcmUgb2YgdGhlIGNvbmZpZ3VyYXRpb24uCgpgYGBzaApzdWRvIHN5c3RlbWN0bCBzdGFydCBjcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyCmBgYAoKIyMjIFVwZ3JhZGUKCklmIHlvdSBhbHJlYWR5IGhhdmUgYGNzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXJgIGluc3RhbGxlZCBhcyBhIHNlcnZpY2UsIHBsZWFzZSBkb3dubG9hZCB0aGUgW2xhdGVzdCByZWxlYXNlXShodHRwczovL2dpdGh1Yi5jb20vZmFsbGFyZDg0L2NzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXIvcmVsZWFzZXMpIGFuZCBydW4gdGhlIGZvbGxvd2luZyBjb21tYW5kcyB0byB1cGdyYWRlIGl0OgoKYGBgYmFzaAp0YXIgeHp2ZiBjcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyLnRnegpjZCBjcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyLXYqLwpzdWRvIC4vdXBncmFkZS5zaApgYGAKCiMjIENvbmZpZ3VyYXRpb24KCkJlZm9yZSBzdGFydGluZyB0aGUgYGNzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXJgIHNlcnZpY2UsIHBsZWFzZSBlZGl0IHRoZSBjb25maWd1cmF0aW9uIHRvIGFkZCB5b3VyIGNsb3VkIHByb3ZpZGVyIGNvbmZpZ3VyYXRpb24sIGFzIHdlbGwgYXMgdGhlIGNyb3dkc2VjIGxvY2FsIEFQSSB1cmwgYW5kIGtleS4KVGhlIGRlZmF1bHQgY29uZmlndXJhdGlvbiBmaWxlIGlzIGxvY2F0ZWQgdW5kZXIgOiBgL2V0Yy9jcm93ZHNlYy9jcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyL2AKCmBgYHNoCiQgdmltIC9ldGMvY3Jvd2RzZWMvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci9jcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyLnlhbWwKYGBgCgpgYGB5YW1sCmNsb3VkX3Byb3ZpZGVyczogIyAxIG9yIG1vcmUgcHJvdmlkZXIgbmVlZHMgdG8gYmUgc3BlY2lmaWVkCiAgZ2NwOgogICAgcHJvamVjdF9pZDogZ2NwLXByb2plY3QtaWQgIyBvcHRpb25hbCBpZiB1c2luZyBhcHBsaWNhdGlvbiBkZWZhdWx0IGNyZWRlbnRpYWxzLCB3aWxsIG92ZXJyaWRlIHByb2plY3QgaWQgb2YgdGhlIGFwcGxpY2F0aW9uIGRlZmF1bHQgY3JlZGVudGlhbHMKICAgIG5ldHdvcms6IGRlZmF1bHQgIyBtYW5kYXRvcnkuIFRoaXMgaXMgdGhlIFZQQyBuZXR3b3JrIHdoZXJlIHRoZSBmaXJld2FsbCBydWxlcyB3aWxsIGJlIGNyZWF0ZWQKICAgIHByaW9yaXR5OiAwICMgb3B0aW9uYWwsIGRlZmF1bHRzIHRvIDAgKGhpZ2hlc3QgcHJpb3JpdHkpLiBBZGRpdGlvbmFsIHJ1bGVzIHdpbGwgYmUgaW5jcmVtZW50ZWQgYnkgMS4KICAgIG1heF9ydWxlczogMTAgIyBvcHRpb25hbCwgZGVmYXVsdHMgdG8gMTAuIFRoaXMgaXMgdGhlIG1heGltdW0gbnVtYmVyIG9mIHJ1bGVzIHRvIGNyZWF0ZS4gT25lIEdDUCBuZXR3b3JrIGZpcmV3YWxsIHJ1bGUgY2FuIGNvbnRhaW4gYXQgbW9zdCAyNTYgc291cmNlIHJhbmdlcy4gVXNpbmcgdGhlIGRlZmF1bHQgb2YgMTAgbWVhbnMgMjU2MCBzb3VyY2UgcmFuZ2VzIGF0IG1vc3QgY2FuIGJlIGNyZWF0ZWQuIEEgR0NQIHByb2plY3QgaGFzIGEgZGVmYXVsdCBxdW90YSBvZiAxMDAgcnVsZXMgYWNyb3NzIGFsbCBWUEMgbmV0d29ya3MuIFNlZSBodHRwczovL2Nsb3VkLmdvb2dsZS5jb20vdnBjL2RvY3MvcXVvdGEgZm9yIG1vcmUgaW5mby4KICBhd3M6CiAgICByZWdpb246IHVzLWVhc3QtMSAjIG1hbmRhdG9yeQogICAgZmlyZXdhbGxfcG9saWN5OiBwb2xpY3ktbmFtZSAjIG1hbmRhdG9yeSwgdGhpcyBpcyB0aGUgZmlyZXdhbGwgcG9saWN5IHdoaWNoIHdpbGwgY29udGFpbiB0aGUgcnVsZSBncm91cC4gVGhlIGZpcmV3YWxsIHBvbGljeSBtdXN0IGV4aXN0LgogICAgY2FwYWNpdHk6IDEwMDAgIyBvcHRpb25hbCwgZGVmYXVsdHMgdG8gMTAwMC4gVGhpcyBpcyB0aGUgY2FwYWNpdHkgb2YgdGhlIHN0YXRlbGVzcyBydWxlIGdyb3VwIHRoYXQgdGhlIGJvdW5jZXIgd2lsbCBjcmVhdGUuIEEgY2FwYWNpdHkgb2YgMTAwMCBzaWduaWZ5IHRoYXQgdGhlIHJ1bGUgd2lsbCBjb250YWluIGF0IG1vc3QgMTAwMCBzb3VyY2UgcmFuZ2VzLiBBV1MgaGFzIGEgZGVmYXVsdCBxdW90YSBvZiAxMCwwMDAgc3RhdGVsZXNzIGNhcGFjaXR5IHBlciBhY2NvdW50IHBlciByZWdpb24uIFNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vbmV0d29yay1maXJld2FsbC9sYXRlc3QvZGV2ZWxvcGVyZ3VpZGUvcXVvdGFzLmh0bWwgZm9yIG1vcmUgaW5mby4gVGhpcyBjYXBhY2l0eSBpcyBvbmx5IHVzZWQgd2hlbiB0aGUgcnVsZSBpcyBiZWluZyBjcmVhdGVkIGFuZCB3aWxsIG5vdCBiZSB1cGRhdGVkIGFmdGVyd2FyZHMuCiAgICBwcmlvcml0eTogMSAjIG9wdGlvbmFsLCBkZWZhdWx0cyB0byAxIChoaWdoZXN0IHByaW9yaXR5KS4gVGhpcyBpcyB0aGUgcHJpb3JpdHkgb2YgdGhlIHJ1bGUgZ3JvdXAgaW4gdGhlIGZpcmV3YWxsIHBvbGljeS4KICBjbG91ZGFybW9yOgogICAgcHJvamVjdF9pZDogZ2NwLXByb2plY3QtaWQgIyBvcHRpb25hbCBpZiB1c2luZyBhcHBsaWNhdGlvbiBkZWZhdWx0IGNyZWRlbnRpYWxzLCB3aWxsIG92ZXJyaWRlIHByb2plY3QgaWQgb2YgdGhlIGFwcGxpY2F0aW9uCiAgICBwb2xpY3k6IHRlc3QtcG9saWN5ICMgbWFuZGF0b3J5LCB0aGlzIGlzIHRoZSBjbG91ZCBhcm1vciBwb2xpY3kgd2hpY2ggd2lsbCBjb250YWluIHRoZSBydWxlcy4gVGhlIGNsb3VkIGFybW9yIHBvbGljeSBtdXN0IGV4aXN0LgogICAgcHJpb3JpdHk6IDAgIyBvcHRpb25hbCwgZGVmYXVsdHMgdG8gMCAoaGlnaGVzdCBwcmlvcml0eSkuIEFkZGl0aW9uYWwgcnVsZXMgd2lsbCBiZSBpbmNyZW1lbnRlZCBieSAxLgogICAgbWF4X3J1bGVzOiAxMDAgIyBvcHRpb25hbCwgZGVmYXVsdHMgdG8gMTAwLiBUaGlzIGlzIHRoZSBtYXhpbXVtIG51bWJlciBvZiBydWxlcyB0byBjcmVhdGUuIE9uZSBjbG91ZCBhcm1vciBydWxlIGNhbiBjb250YWluIGF0IG1vc3QgMTAgc291cmNlIHJhbmdlcy4gQSBHQ1AgcHJvamVjdCBoYXMgYSBkZWZhdWx0IHF1b3RhIG9mIDIwMCBydWxlcyBhY3Jvc3MgYWxsIHNlY3VyaXR5IHBvbGljaWVzLiBVc2luZyB0aGUgZGVmYXVsdCBvZiAxMDAgbWVhbnMgMTAwMCBzb3VyY2UgcmFuZ2VzIGF0IG1vc3QgY2FuIGJlIGNyZWF0ZWQuIFNlZSBodHRwczovL2Nsb3VkLmdvb2dsZS5jb20vYXJtb3IvcXVvdGFzIGZvciBtb3JlIGluZm8uCnJ1bGVfbmFtZV9wcmVmaXg6IGNyb3dkc2VjICMgbWFuZGF0b3J5LCB0aGlzIGlzIHRoZSBwcmVmaXggZm9yIHRoZSBmaXJld2FsbCBydWxlIG5hbWUocykgdG8gY3JlYXRlL3VwZGF0ZQp1cGRhdGVfZnJlcXVlbmN5OiAxMHMKZGFlbW9uaXplOiB0cnVlCmxvZ19tb2RlOiBzdGRvdXQKbG9nX2RpcjogbG9nLwpsb2dfbGV2ZWw6IGluZm8KYXBpX3VybDogPEFQSV9VUkw+ICMgd2hlbiBpbnN0YWxsLCBkZWZhdWx0IGlzICJsb2NhbGhvc3Q6ODA4MCIKYXBpX2tleTogPEFQSV9LRVk+ICMgQWRkIHlvdXIgQVBJIGtleSBnZW5lcmF0ZWQgd2l0aCBgY3NjbGkgYm91bmNlcnMgYWRkIC0tbmFtZSA8Ym91bmNlcl9uYW1lPmAKYGBgCgojIyMgUnVsZSBuYW1lIHByZWZpeCByZXF1aXJlbWVudHMKClRoZSBydWxlIG5hbWUgcHJlZml4IGJlIDEtNDQgY2hhcmFjdGVycyBsb25nIGFuZCBtYXRjaCB0aGUgcmVndWxhciBleHByZXNzaW9uIGBeKD86W2Etel0oPzpbLWEtejAtOV17MCw0M30pPylcJGAuIFRoZSBmaXJzdCBjaGFyYWN0ZXIKbXVzdCBiZSBhIGxvd2VyY2FzZSBsZXR0ZXIsIGFuZCBhbGwgZm9sbG93aW5nIGNoYXJhY3RlcnMgbXVzdCBiZSBhIGRhc2gsIGxvd2VyY2FzZSBsZXR0ZXIsIG9yCmRpZ2l0LiBUaGUgbmFtZSBjYW5ub3QgY29udGFpbiB0d28gY29uc2VjdXRpdmUgZGFzaCAoJy0nKSBjaGFyYWN0ZXJzLgoKIyMgQXV0aGVudGljYXRpb24KCiMjIyBHQ1AKCkF1dGhlbnRpY2F0aW9uIHRvIEdDUCBpcyBkb25lIHRocm91Z2ggW0FwcGxpY2F0aW9uIERlZmF1bHQgQ3JlZGVudGlhbHNdKGh0dHBzOi8vY2xvdWQuZ29vZ2xlLmNvbS9kb2NzL2F1dGhlbnRpY2F0aW9uL3Byb2R1Y3Rpb24pLiBJZiB1c2luZyBhIHNlcnZpY2UgYWNjb3VudCwgdGhlIEdDUCBwcm9qZWN0IElEIHdpbGwgYmUgYXV0b21hdGljYWxseSBkZXRlcm1pbmVkICh1c2luZyB0aGUgcHJvamVjdCBJRCBvZiB0aGUgc2VydmljZSBhY2NvdW50KSBhbmQgZG9lcyBub3QgaGF2ZSB0byBiZSBzcGVjaWZpZWQgaW4gdGhlIGNvbmZpZ3VyYXRpb24uIElmIHRoZSBzZXJ2aWNlIGFjY291bnQgcmVzaWRlcyBpbiBhIGRpZmZlcmVudCBwcm9qZWN0IHRoYW4gdGhlIFZQQyBuZXR3b3JrL0Nsb3VkIEFybW9yIHBvbGljeSwgdGhlIEdDUCBwcm9qZWN0IElEIG11c3QgYmUgb3ZlcnJpZGRlbiBpbiB0aGUgY29uZmlndXJhdGlvbi4KCiMjIyMgTmV0d29yayBGaXJld2FsbAoKVGhlIHNlcnZpY2UgYWNjb3VudCB3aWxsIG5lZWQgdGhlIGZvbGxvd2luZyBwZXJtaXNzaW9uczoKCi0gY29tcHV0ZS5maXJld2FsbHMuY3JlYXRlCi0gY29tcHV0ZS5maXJld2FsbHMuZGVsZXRlCi0gY29tcHV0ZS5maXJld2FsbHMuZ2V0Ci0gY29tcHV0ZS5maXJld2FsbHMubGlzdAotIGNvbXB1dGUuZmlyZXdhbGxzLnVwZGF0ZQotIGNvbXB1dGUubmV0d29ya3MudXBkYXRlUG9saWN5CgojIyMjIENsb3VkIEFybW9yCgpUaGUgc2VydmljZSBhY2NvdW50IHdpbGwgbmVlZCB0aGUgZm9sbG93aW5nIHBlcm1pc3Npb25zOgoKLSBjb21wdXRlLnNlY3VyaXR5UG9saWNpZXMuZ2V0Ci0gY29tcHV0ZS5zZWN1cml0eVBvbGljaWVzLnVwZGF0ZQoKVGhlIG1hbmFnZWQgcm9sZSBgcm9sZXMvY29tcHV0ZS5zZWN1cml0eUFkbWluYCBhbHJlYWR5IHByb3ZpZGVzIHRoZXNlIHBlcm1pc3Npb25zLgoKIyMjIEFXUwoKQXV0aGVudGljYXRpb24gdG8gQVdTIGlzIGRvbmUgdGhyb3VnaCB0aGUgW2RlZmF1bHQgY3JlZGVudGlhbCBwcm92aWRlciBjaGFpbl0oaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL3Nkay1mb3ItZ28vYXBpL2F3cy9kZWZhdWx0cy8jQ3JlZENoYWluKS4KClRoZSB1c2VyIGFjY291bnQgd2lsbCBuZWVkIHRoZSBmb2xsb3dpbmcgcGVybWlzc2lvbnM6CgotIExpc3RGaXJld2FsbFBvbGljaWVzCi0gTGlzdFJ1bGVHcm91cHMKLSBEZXNjcmliZUZpcmV3YWxsUG9saWN5Ci0gRGVzY3JpYmVSdWxlR3JvdXAKLSBDcmVhdGVSdWxlR3JvdXAKLSBEZWxldGVSdWxlR3JvdXAKLSBVcGRhdGVGaXJld2FsbFBvbGljeQotIFVwZGF0ZVJ1bGVHcm91cAoKVGhlIG1hbmFnZWQgcm9sZSBgTmV0d29ya0ZpcmV3YWxsTWFuYWdlcmAgYWxyZWFkeSBwcm92aWRlcyB0aGVzZSBwZXJtaXNzaW9ucy4KCiMjIFRvZG8KCi0gQWRkIEF6dXJlIGFzIGEgcHJvdmlkZXIKLSBBZGQgQVdTIFdBRiBhcyBhIHByb3ZpZGVyCg==", + "version": "v0.2.0", + "download_url": "https://github.com/fallard84/cs-cloud-firewall-bouncer/releases/tag/v0.2.0", + "asset_url": "https://github.com/fallard84/cs-cloud-firewall-bouncer/releases/download/v0.0.2/cs-cloud-firewall-bouncer.tgz", + "status": "unstable" + }, + { + "name": "caddy-crowdsec-bouncer", + "author": "hslatman", + "logo": "iVBORw0KGgoAAAANSUhEUgAAA+gAAAD7CAMAAADO105+AAAC91BMVEUAAAAAAAAAAAAAGAIAAAAAAAAAAAAAAAAAGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/0PkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABO1Pc90P8MrRk90P890P890P890P890P890P890P890P8Nqig90P8Apw9G0v0OryM90P8Lph+B3rwApg4HrR890P8AqA490P8ApAc90P8ApAcXtTsRryRGxm4AfQIAqhIDfw0Vt0MCwIm37NYAfAAAfQMAfACp58qg48ICwYuV37gAAAA90P8zNTAAfAABqQ0BqxAAoQMApAf///8AoAEApgkAowUBrhQBrBK6vbYBrxcApwuCgoLh4t/a29fc3drf4Nzs7Orj5OHX2NTl5uPn6OXS1M/V1tLp6ucAog7LzcfGycMFsRwCvoEQtirP0cw0xVcApRYvwlDw+/QBqSk7x1/Dxb8BqzEUty8qwEoBrTi9wLkJsiABrz/r+fECwYz0/PfAwrwvvcUYuTQmv0VXWFU4OjUbujgMsyPk9eTp+Ow/QDw0NjL4+/nb8txDRUEjvUEeuzoAjAMNtCbu7uxQUU99fn1dXlxvcG7U8NUgvD4Cw5V5eXhpamhjZGIBsEba9ejP8uIAphwCu3QApyAAkAn09PPE7tpKTEji9+4AqCSo4Ks0R1eU2po6PDt0dXTH68ix5LMBt2Se3qK369HA6cLN7c6C1Ii55ruKjIozja1dyWYBs1QBgg2L15EzYHZSxlxozHCZmpd50X9IwlNxz3citzIjriYNtVE+wEuo5sU1vUIsujuqrKgorT8ZriEZtCo7yfSU4b4nRSU0sdkRk0YzlbcyVWY0pcqQro0Kiiw3wOhJwu80iqoKkxwzaoInsqUzeJEzf5wepX10krMXnGHF4cVihqRgcoxmn8PC3sEzh6YBnj9Ut+Feq9KBhqI/x4Q0xNpb06MdozAKbgosNv34AAAAU3RSTlMAy4IG6ruk4wz8MfcW8XRkEJNv2cMk0rI4rItVXAybex4qQEbeTFBqH/L9zpcq4lo/u3ogqJM0eE01/WOth7xl6G7T3FT57OKpSbbmyl51xqN9dJdQW+IAAEF3SURBVHja7NtdasUgEEDh2YjvilFjCJKXEO4eZv9raaG0tC+Xtjf+JJxvD8McTZTGTCjzlo5lX7OP6nxep+WRtrkEawTAxRk7L6vTp/yeAuMOXJIpafL6e259zIw7cCXh4fU/3MSwA5dgD6+viHth2IGR2ZT1DHEJAmBEJkU90W4FwGBK1rPFRMMDA7G71pFnATACc0StaOK4DnRnV60tstaBrmzWFuImADoJWVtxjDrQRfDakksCoLHitTV3CIBnrr3Nv7DVgWbMpL1EPrYBbWxOO5r4XQ6oz3r9Oy7ggUtZtD/PexegptnpEBYBUInJOgpXBEANZZB1zlIHfrjd6fw7z/U7IHLbbCffgU+3znbyHfhw72wn34F3t8928h04WRgy28l34Eyzjm0VAK9KOroswBt7d7PTRBQFcPxCAUsLIiBooaCCokbFmBjjxvgQ93bFqkk/pvSLyIIHcOUCNtB0Uz4WtMvGhWnXdUPCvgsSoiRiiKYJdgFuPXNLh4GZqZ1pi870/DY8wT/nnjudAVnzGg6v5BBqnjfMDGaxdIQa8JKZw2N8nw0hw16w5tg7KZdKpePj418i+Fsun54csmbC0hEyZuIJa9BJybexsbG9vZ3Pb4F0Op0Bm5uby2B9ff3j+s6P7wfNKR4fqCNkxMQsM+6wXPCBSud53nkaiJnLOgfJZHJ1NbnzfZ81Cj88g9BVdn5Y8lVB5qDaeUaj81xuZWXNs7bzZY81Av9zE0K6GTy3l30yNY/tIMk7X+Wdc7mjA2YcfiEWoau4hzv1ycjX87RW5zxz3rnk02dWD7yRszrHkBY3uTozQ1puEwt4ynQ78QHFOJc6r3Vsh84v+Gpwrj/G5+kWcp1q6SBXp5tq6STm94bp9dt3kfK2XcocnGUOVDrnjvZZnfCXMxaFobfcW6agK3Og7Fzr2A6dq/pkJPUnBFkFht5qr5mC3sx558pje2Yrc6Fz7cx56gesLviGiyVh6C32iukCmdce54XiYiCazSayqag/EAbxRW9xt7CdXv5Ys3OQ+8L0ekqQNWDorfWI6VH2aY7zfMEbCGUTcyCRigrhOIDMAxVBkSAIwfe7W0kPaOQAj1+isCAMvaUmHrP6Hfo0Ovd55yFxLhsJxmNxLgykzIEA/Fy4mM951B3tscus98MZW9/I7ekpx0ifnSAM/Sq8ZPUrqXZeWAxB41xiIRiLQeVS5orKuXkQiQjFLY8qved301y92xzuQVd3x3CXk55zdg13Dz6cvkvaHYbeSs8ZZ2ycg914du5MNhKOiSqVKzIHPHJRBEQj0Wg0XFhRO79LQ90yV+83poYmO5y0Bueo67rDRtoXhq7wTxb0U7XKpVEeEmKcfJhz59NcEDP3S52DBRBa2vAoHTA93pD/mn285z6tT7/r4T3SpjD0FpplnJHL9oI3Ic3y4JK8cq3VHCJXZL4QAh+WFaX/ZCrM+M6qfdzlpLpc65lpy8GOoetmG5lyT4/Ym7mgK4b5u7mqUCBWoZq5wPlFyswrUqnQUkb7+G7i38Lyyg3oGmvDuY6h6zTl6qVc97hNx4KuZz0vBquVJ6Lx2plzisp551LmokDec8k+M/ma/gAqN6xj4AZpLxi6Lo5RKnJS0bUHxhd07c53BSlzf2xJ1nmYk2WuOczl01y0AAIZldLN+zR9poM2xjk5QtoJhq7HABQ++tBxg9jvuW9SSsdsRNOsoc4Li7LV/O/TXJG51DmvXMo8Crxrl0s37Zo+Pkob1zvZTg/dMHQdOmGKT1+Y7i6i5amhzotZaZov6djNlZVD5il55iAyX7hUujnXdBtk3hzOwT7SLjD0+j2g9GYfOWfvoXSIqHtmpPOCf+5MKq56Zg/WnOa8crVpDiJgfj6eVDxmM9uP3m3uYdo8zs522dUx9Lrd7afDdtLTLXKNDdgIsXXTXgdRNWug811pnAf1DHOgvZpHF6TMRf68eumm+d7M7VHaXP1u0hYw9LoNUidUfU16IDtDSF8XdTV04+6T8Urbefwvmfs5xWoeUgzzs8oBr1xU9Mh9M9fNu62zlzbdrbY4v2Po9bL300kiC51nf5329hGlCf2dF+LVzqOyQ/ulF9Rkw1wxzdXP7JHzYc4Jwjv5nVyOXfCffwAabkVaoWucWB+GXq8BSh2V0G8Sm2NMfJIOI72X3jH+U5myrPNotXNBNs71T/OU9jQHAgjGc55zX83zdgsf563RY/1NHUP/w965/LRxxHF87PVjba/xLn4b1zbYhlZNX1FV9VJV/RtmfcoJiVcJgSgcuHHJiQO9hMiX8jgkHCsOFpzJBcl3DpGiEimtIqJKbVW15y679jDGZj0zO7NxwJ8c2ksIsvjw+813fjNDSgHGQVt0gxSEUfM7TzMncf9ini+1PZ/Hh13n+muOLO+u5kjzWaT5/AUdkdy7DyWPQ+VcBMEyuOEMRScCKY1ET0MYkS709zAncZjniyiGu25tjs+0o57dANMcr+Z4BNe2vCX63BxmOh7IDfJN76icCyIUAzeboeikVKCGiZ6xWndQhD7W2yBnLllAnvc8ubJgNx3T0vxHO8utnt1k7oKVA8z0lx9AHienISc+gJ+0NkPR3ws+mGuJ7kunzUhuxPz8omxJHH4wdQ717bjm9vtpBl1BO5bBYQkc7vmcxf0V7KD6iU7KF+A9oXigeAI3+lTbUHRSPDBgid7G9F6DKcYkrse+2hLZftqj0+bxzt7+5sETQ9Of6tv7ezvHzdPHSw9xzU0wyzHP7xus4xNyg57HJePQDRI3OZIbik5KFnpw0VshXBqmWQ6z4CfQm2gcDtcc309Dns9uNJ8f1q5l0zj4hiVw+NLcAEluXiyJ7adv6YN9uCXjg+4Qv8HD70PRSfHCkGKJnlIUL7Rm4tQozDEUdHwk7vjn9pwMXsxbYNV8obmLLm63Y3tm7YrnncV8xRR9eeUYS94HuqRXI9AtKjd3dmYoOilJa1EeND8ZKWX8RwJgCsJxphX6DGIFLdC7ijmm+emu9RwyEfXmPLL8as++YrJssMswIPcDcJ1YCLpH6sZ270PRKb7JitwW3Uzdi0COQz/DqTU8iTtte/4Qed512nx9D723RMrmaVcxNzEtN1l7xDI2A9ymCF3Ff1MTuaHoxJQhDCDRgQZhJFmAsOqwoP/Y3lkzVOx92ryJPYdMw9F9bGk+h2lueb621sRK+qAG73noMtkbavpQdHJyF827agAMJFVVihBqTC+nohX6DkrcZ6/ZT5vG3lWjpdlRzVdwzU3q9FtsnwBXmQhBt9HAjWQoOjmSB8KA3HEc3SM5LOi/tJO43k378i5LOUc8edyh+XKH5o/WprGpmYE825JkyNuD6YDmHYmNlcuT+amiN5uizfKK4CYyFJ0CxQ9hsKhY/18MQuhXQCd3qQr6zs4GVtDnu/bNZ2fqjJ4jnq9dreZrLR4Z7NXavB3Ekq7EIRXxwEhZAV2UysUEeWcQqoKbyFB0GiQvhDAUTxf88dDFNyexDcUdtz2feYoKeo8huGmb55C3DhuNs5O35+dvT84ah1t2/XurmlueI8tNVge6pEsJSE7Ib3uxq1zVKrfZ86HolIQLEXSNaJh1yh09h4wi96Ue0zGnpueHVz1vnP/aKzp7+frdWe9ZmhlUzHHPLdGP6PfSPwduEaCxXCG6qfvWej4UnRp1rFhIF4pjKuhGJ+IP9Ewqitx7zLoeW57jmh++e92n8L56cdajfV/pXJsjzVdXN2oIfdDeVy1CQqJFBZChjFRuqedD0XnypU4E8ryJnmPpOrmy+Pxq2751TrYH9vL3Rtew3Nql5cYfy3LDc4N9+on3r4ArVIk1VwE5Usx3Kz0fis6Tr4hFv9D82dEyiuKuHkNd2L7i+dtXOjlvzq8s2g9X17qqucU0FscN1BysGuSrOUIuRq/1fBLcWIai8+Mjws697fkOepKl6ya4zc7l+duXOiX/1DqoW5pj1dxifX37Su8+KEMzGiRBUwE9SuH2eT4UHeHaa+hW2350dISiuJ+vvqy0U69ju2qNNzo9L0861+lYAoc8XzdodvXuAxHHTUACKhOAjarvtnk+FB3h2ivJF5pfiL53vy364pW7Y07xtn3rtc7Gq461+jHy/BGy3IShd/8YiEaOw/4UVMCKkr1lng9F58fHhJ272bYbnh+hzv3KfY+rT7C2/URn510N4xStzXHPNzY26Xv3u0A0OdgXn7PgLB+5VZ4PRefHXcKCbpXzvT2Uuf/SeUXUPJ7CvdOd8GsNY+PS8/VVy3LD8w363l38dFw4BPvhURxfZ3GbPB+Kzo9PdCIMzU3Pnz9CS/TOi+D2nxyi5fmvujNeY6Lvrl7R3OTxY9qZGfH3wUop2A+/zOGCKp6eq8lMOKkC95FL48a/rMjvVXRJTYYz4yVFugWif0YYkrU9f/4UnUTHNX+4itXzV7pTXuHNO+rZcc8fb9KfSr8DhFJ05yJH1Y88HwMsKOX8qFcLpD1xX/sL+eIef0DzjmYkIBZpPJ/zpypR1PuEgv7CyGTJXdHlzFQhkQpGYZtIPK1NldWbLPodnYi/Dc1Nz/futTE1R+8k1lE5t6nnTDW9fqm5JbmhucEx/SJdByJRoy4dJZWyzJ5L47GAbWAYSXirogp8KVbwRGBvKoV8yR3RMyOBeAj2JOTJVWUW0bXgtWicmsXgNYQBIToZO2Y5N5hBWVzH7c2nl0My5zoPzmuI5iquucX042m66yfEj8EWXTtIKqVZPFfLXn8UkpDS8iXulo94+uYXo4po0TO5ILQnlB6T6ES331WNqEIvMokDQr7RyWh5vr9/+Xgq/hTDg0vPz3Q+YNPv3ZobINGJOgjxY7Cyz72rIeQEpedyvpCCVPjLPC0fRZb3sWxSEid6OFeBJPi0MG3rbtMlTQEOJOA1jAJCvtPJaHu+v4hER5YbHCPPay91PrzENtPbS/N2MTfZpt9J14E4Rt281k32UHguVbMRSE8qLwEuhLOQnPiYINHHUpCcdJhO9BGbjxE4Z5yyX2DP3P81NDc9332KQnf8nUTDc1ReefE7Ev0QaW4w3eYZxSPK4mdmpCC0paICnqjEBTdTiEJGgkXVPc0RqUmuoiPN6ciGaURXIvBaMgLnMwqc59z1P9qe795DomOPHm9sbSHp+LF1GbxjTTuiSZHGiZ93j0FbouPgvVBNQCdEtZJ7miMSSc6iT6YgPZpMKrr9JQQF50XE5/iXyJc6GX8ZmpuezyDR8ddQ97doplfok/fnSHMMmjRO+CJdikM7QmXwHpBiceiUyIgEnIzsMhGZ4il6JgWZqGTIRc+IjOPyzj+DOzoZVjk3mEaiY+8kLmE3rfOkUWuDNMfZon9CWQeCGIO25MB7IBaEPEgkmT8UH2TFXyIQXfjL1TmJVHSQYo/j2KO4GO+xOH2/5fnmfbS7hj2HSjuOSj8K20SWY6BHlF/oBIhdpNsXjaAMXCfjgZyIxAALagA6wJfhI3o4BR2QUEhFn2KO49ijuKjMe4muW55vbm7+jEQ3NTd5WMfePeQKEn17ugf7NQPKnfvvgRAmoC2TwG1KlJbxb0jKDvuJyCQH0aWREHREPEkouhwVFsdpzjdsvyQWfdfyfPspEr0lucEiNnbOl5Nam16iP2NYMHwKhKBBO9LAbWIRyJWsDOiQNOiYUceilxLQKb4MmeigICKOs/8VEua+RP/N8tzgHhK9rfmDh6fUly/Tj7yfTneDhmAbOjlACD7b6LoE3EXNQt54VECDnIYcKDoUPVmBzolkyEQPw2uJqkKiuATgvkT/r1XPt3c7RH9oiv7gGYNwtL37znQ3p/T7a4JOsGX6VCZ3yQQhfxISIEdNQC7EHIke9kEeRMeJRAc2mUhMSBSXB9yX6H/ubpqebz+7FL1l+YOlpTr3zh1xYrtIZxH9ByCAnG0SJwFXqYagCNISIEVJQT6Eqg5En4hCPgRLRKLnbfohEVGcT+a/RP/T0nz7oImL/sDUfGmRf+aOeGG7SKdfMghapFcG6VE0JQKFUAAI0R0zIpJllmeS38cQ99iJThLHhQEzGoeE9AdK0Q8OTu/hZ1oMzw2wwsqdN2Siv9HJAfwJQyhigcbeX4ghz/7EJDusoudD0A28ZJ97QUAUlwTEfK0T8pdVzw8OpjHRrXK+uIhlYvxBLjd5if4R4I53sN4zFlXSo0lAgBqHBIgWPcPsObvoSZuPTuYexfkBOZ8Qi25pflBfvxR96YJFgz1sO5s7Z3ZpHMPgrZCRmZTdMpMscv8gSrpHAn2R/JAA0aKXfNAdvGSH3GCMexQ3BsjRyUW3PK+vYaJbms/ObmPnwrnzttZif7qbJ/QzsCIun0hCG7KAiA+ipMMil18y4kWXPdAlvIRz0B7uUZzE8YkWxEnL8/o8JrqpuQHjgRbKs6oH093U6UUXMRs3CqHjqagPo6RHFNJOUzwexgdtBYou+bjHcRqPy+o+00nZtTx/8mTxUnRTc4MFLPvmz2u7NO6ApZe4A3gTgAiiX7ziUaKQHSeBQ4aglxAvehG6hpc0rClwjuJKPN9iQmwbmpvPJ/54eRx90bR8dmGeKXTnErszLRo+B7xJ0e5JiccLxRBKEj4xKR4P48EDkaKXeMdxeS5T1d/p5KJbnh/+cim66bnBupATLQhM9K4TbOjG5991CgBnpNBAHWchKelxf1bzTo1NjCvKeKaan8olSCtxlqDRJCOYSAc0b66Q9cf5ii5RfL2Q8UkUchd3Xyd8HEQHaS5xHMG0XRVQ8KlOLHq99XziU0x0U/P5+VORu2u46I8tMN13ay3+0YlB+2uu7KJHZECH+JKe0ibVHnaEpwJRiGDbRMiQ6pUulhW8EZgYDUQZRWdv3H2BqYwMLlGqRX/IoehVvnFcmM+0pU5Mo/V84k/3ED8umJ67LfqG8ceR6Pyn3fMDdW7N9pL5eGFMsfk7oxXqn2wcyUNkuT+mgm6kyWyEi+hJoi8TDZR7uaJMJRyJLgW5xnEal2nLj3RiGu131TDRTctx0c90ERxi98aZOBb9W8CXHOTUrwku6b5i3wBHwq6Yo68loySa21xCpxajHET3kxTzERlcRzJAJTp5O6Hxi+JCCudnVJHo7WdS7yEemp7Pzc25J7p1u/u6U9HvAkYYfrKSgAKhJT0VkwAJoyFoz6SDqD9U6BPmeSNORR8jqOZFGdgxnmUXXQlxjONifIYzPtOJabTfW7qHeGBqbtAUK3oDzcCuWzgWHe2viT+LHgUuYldb0mVASrgCbUmzb16n+nevit+Z6HKwf56ogn5MVFhFB1ny9o49iisDGr7RiWmY5fyq6HNuiH6Gi7568WcDS91ZRP8acEWBcCCe9r2+pEcK4xyvrYhIlDNcCE0maikiTkQf6VvO81zvu/NS7O15eEVxFUDFlzoxDctzXPQlS/P795HoJ7oI0In049UWGw63174CXCkP3i56Z0n3UGiOj6tTlpNCP8NIy1A4zi66FOz3t5KkEWuERXT715nCnKK4EUDFtzoxDctzXPRFS3PhoqNh9xk+onM/kR4boLtlOlB96MpiSpSKbWFmmq/3hTnfW+FhWaEnVEDKRJRN9FFecZwcZRxEZh+MQwtlXHRL85WVY7Gin6Pja49aOBX9E8AKdbM4AWgQUdKDTN/CeNRu2oZlFi9IE0uqHlbR+/xFvwzIyUSZRFcjZHEcewUJAATxtRPsos9ammOiv9VFgER/1hZ9nVF0BECInjZVwPtE9sGsApiYhDaU6N+SDZYoX4tlEz3D4zYsxLiPRXQQ4BTHeXiVj7s6gkH0BUvz5WXBor+rtThaG0zRtcEM3S+YigESaEtjlfrpuUgY0KEEmUTP2of+Mm38EmIRPcMnjgtzew/ijo5gEX3F8nxZcOv+T63F3lqLARO9YNfkfrBUKYfj4hwuocIJRxhETxJckEPFCIvoIMUljitwCX7QRVLMos+blosX/QVv0XkPu2cHc3cNwb+kp2l7Zo3jYDHCQ5sTVAE9WRbRYzw+CTnK7c3G/7k7d96mYiiOn/toyLNJG5KGhkcehIJ4CJhYEOIz3KvuSIAoUKjK0A/ABDtbYYK1QmJgBqkLOwOqAAELCJWBDYkBp7mVGMDYf/tYvvxER8Sj/cX238fnnEkFsOhXM8/XnIl+K+OOX6JPSTJeyi8jyYFbU7F2RAAFfdEDk7FSWP1NKHcUj+PqwJWt7PEaLvpE8zVnoj/3VPTAwyctFogkmXNDb8bkAHxpqyt6L5EQNwihC4hOMxYOMYG9lkWnUgEs+o2J5g5Fv51hLPpRgtE7nRYox8xJKvg1FMP/F6Z1Ra/LYwKMKUD0svkmr2zxOJhmYKLfFpq7Ff1Gxh9Ef5mqY1v02KdOzxaZ1eiDtyDLwKqEEbU1RZ9LGE5R/ZK+6CS5HewbRnF1cryiTzxfXVt1JfpjT0WvyI6FOaasEWvNsQyqGemJXqyw9OicAUTfb/rhX6wBh3yeM/qtiear7kS/mrFqJrrtM7r0pyDPxJJtsLpilSrBHNYSfZSwxKItQPQoNozj6sDnBFPqPvZc4E70Rzvv38WXZ6LX/tMVXXI6ndVQ7CBXH+1AZ+ntEs6cvug0bxgWBMBFPNM9utDcuegC/0Tf4+njNcYCgVDjcq1MOMWajugB00DbISB6y2xzUQZ+M1dlXKb5nTuuRL98LcNYdLJK268pLfaYUT5n7uMqJZjREb3CNdC2CZzOpoziuIPAdoCr1n2iueCyK9GvTBrJ+ya6JGGdojwTKl+YNbke6g40RG+xdfSaB0TvmsRxjRowEp3r9VrmuWvRBZ6J/p9WxslOyHPqje1bbFU7gXpQcJiMGACiG8VxC0Dow/Ue/UGmuUPRr2esGYp+jACgcug25Zn9qh9gZUAx+w8JptnqGaIacLESGsRxbeRjU95hBhddKO5W9Bc3M0xFP05WOSgrCs8zXcmrPODWGKKuLnpBofkVyD5A9F4J3uh1FI6CWM84XHTRsNGh6Ms3lwWmop8hAOgEV4rIY6Jqqyzj70tkrLx4HSEzehLRlUP3UpHv4yZEbuX64NLRJYisCywuurDcpejLK8vi1++iPwREB7vAYqM7++Qbxc7CeNBYcDiuJDCx8oLXIkNqyqJX+NoCdBDRh+g+p1GBJvPK+7rDom8IzR2LvpJhKvoJAsCqOrrkEdXhdKEpyc1g0QOF1tAogaroVcZHhA1E9Ojw3+O4CIriQsI4mgpg0SeWiwlJzkRfWloSmi+t3DIU/SxZZX8eamCjYSEr7GEQvcmYRhZURW9xFijGyHf4EBjHteGR6PLZa7joQnOXoq8L08dfpqKfI6uUE+8rZlphZjmP6DHjO91pVdHLClrBTCGiV7E4rmN/Y5IKcNHv7Xh+15nor9YzTEU/SVYplvxuGles700EjKLXAA3M29EGypfdHcablRAL6/vAnzUilONpiot+bwcxyNit6Bt/FP1dqsEBskszgfNeforzQkNe0SPOARYDVdFHnJHoPCT6ADlNNCr26/XPpyks+vpEc8EjV6JvjFnf2LhtKDpZZh/8DJqfTjNhIFaNquqMB6NAuea0x3izEgJLgDRAX5DX68Olcbjodydccim6wFj0U2SZQ96mccWZJINT9B7nrUNLVfS6Qos7mFnsGzwL5AZt6Uh09H4NF31p1/PciX6CLDNKPC2CHTQTHmLVMaojxlm1gXIFLBlTx0RvVLTjuA5HrnsgNRT9ksC96DfMRL9AluklLO+mGA6WPKJ3OGfPFVVFDznn5XQx0emg9g9GgaWMN8VFXxlb7lb0BxmGop8m29S8nKcKbNsx0cucojckoiseoCqctRIhWlI3r7cHaJIJx1JY9OVLeRX9KNlmb+Lhk/RDCR+xaqnKiHG7FCifhyPWrbuUQDOOmwVGogPNpGSib+3wbZdnH3Z5spXx/j4HX7YyXnzPeP1hl6dbAl3RDxAAvHaWGsQAEB/xiV7lLFXpexHGTaOi1zWDyjbcYtO89cT97bcfF/3m58ev91NVCAEfE1YnAIa/Ep/oRc5/fMeL67UQFb1Y04rjOliJoflD1TeftzcX88Hm9uc3qQLHyTqNkm+5+6iUcBKrNryeJlOGqqIP/SuYGTOjFccVkHoM89j9x/Zirtjc/pT+k4sEgY/tGZJzGnECwFACO8+YdwfkLvsvwKL3deK4RgVfLfA07s3Xxdyx+fWfq/pJss9C4lccBwXuuOh7GKdMhqqi9zkPEIFEdDipjSPlYOUXdef2G0UVx/HZnb2yly5sL7QVWrelKFFRn4yJMT7wF5wHug273bR/gcnSILWRmlqIkLSSSIp9Eh5QqzFqTLR4IbE1GgEVCKAJLyVpSIxvPHB58XvOmTndXWbPztmes8HPzs6siWkU+tnfZc75zW5rkzwj0fz/krPXqH7HVIkubw2bmGyu+3Fhrd+mmtW5vlguer/eeVbatu08odCOy0oeiW6oSL//uPff6nPrtqESXf6N/xg9UzXsS9b2yNaevm1t9dmqMHjC2CytTr+iZwzmVP2kedHtkO//ru2yB4GYKdLf/X+Gc87afYnor1om6CMS4h1WS9lFGhBvT+eSSuWxXPSIuT6YnfAnOgiZm9E50LTooMd3Oy4iyQnNFOl3vHLi1XXKZw4faAQ/DafmWF1VS9+fskzQQWR0Wa3EzhIpgTYmuUbR+wzdSJdX3gH/y5aSRm6jy0VXH32TTEj+T40U6Y904dbvnltZOXfunXfefvutt95888tPP3njjddffz1/gJHHQS/5A8Vi/kB+pIhLvkgZoUcB50KhMDJeGKcXfBgfL4Dx8f37ceBNGabvYRwl5wM+lUqj9BhlB7uAsbFRvCjlmZmJxYkjR26sPyL7Py0t0YFcriGrhQwQGdkhC+gVfchc2ZL2L/pWc1834eZFB2Gf7bhtJpdiPN/Y89W7K5RzoFp0WO0AyWG4cyrmizhG8tRyUAS4UNFHACTHgX/aD9ELsJxeXd1ht2M7Dir6MJV7mAuONz5wy3Eqw/OZRSr68bm5m+s1pteL6S9YZggSGdGYpYDJlnufbWkWXR6zQrYxxQL+b31ENM4QUhd9yGc7Lit5souJIv1OjebLy8vw3COi5ytEdwJ7kQZ1KvoItx2eQ/ECPeNC/R6B547sBcjuBHUWz/ECpRJ1HZrjE1wHsJudx3g8L+FEbYfo88zzI3NzpxdO16heZ6XcXks/IsV8PJ6fHJUU5whtBkS3E6Ymb2Ti/kXPmfq6gambEt2O+mrH5WQ3DQwU6fer8uC7S8tgZblK9E9F6i4y97wjeh5Ad+46TC8y1YsFFtMd11k4L1DdqeZC9o30HWcAt2lEB7hA7xLshun8BVhEn5g4cvz43OnTZxZOVKu+eruFJTroIjLiCu0Uc7Mq4wOWAdFBp0QEjYrJRU8aG/SzczOig6CvdlxEd0NTPk7qr7VKW1aWILpXRP/ETd3zwnMKP0Nzajm/jFAK8J2V5/QTBIfkOBd4zo7X8DAN6q7g7MzgCTzVfEyU6G6RPlOen5+fgOlI3c9Q06erTF/7q3UlOthOpARsq0UENUinKnrE1HjMbt+ig5ChO+l2aJOi98d9pHrJhMKaeA2Pa7lV6fny0obo5x6J6KJGzzsH68ZxivTNGMEbpjvQD5DcCedI3jlOFHerdHouiSIdpg/zEl2Ec8BTd+TuXPSFhYXp6YeVpv9ruESXNH013Ao1cOM5a5sSvc/ACmC5ISCg8DeQyujao6ouOujyUVSkDXUSBTU30Ct77UsHl4Tpkq47d53Hc569j7hNd56803ehyOI5Yz+ERwuOHW7Ozv3mId3pycFvHs2Z7hxen7NLGe04iD5BU3d4fuLE9OHD1ytN97id/rxljAEiZ7ell5jy2o5dlinRc4ZWAPcQFdGDhuZ/dG5a9AEf7bis7v6C/AbbWkU8r/FciF7djWPR24nkOCOoA9Z+g+DUcByI4k4gBxAbn5w2uyjMcSrh7SbvaMpxqOfA7btTzV1myqwbh5COxJ2KXmP6LYXM3WQoFQWyTtLZpOLvVMo2JrqdMvL8uVhKKrpK9TRoaxw4rV4ODTb8HswZ7+M+W6fjDs8herXp+76+8s2pyWNgknJy9iTnPcEpzoeMH3744RvK94wLFy58y/iKcf78+a8ZP4MfwW/g0qVLv4KfwC/g4sWLf4KrV69eu3bt8uXLN2/eXJyfKfOYXobn8zSizyF1X0CNDtEPHXoo67w/Y5kDXshJdVj6QDrZmVRbWr3TMiQ6iBgpWnYTJdHtkJGn4HVpED3dsB0XMT908GnvgL58EAjPwb0rs+8fe59ZTj2fBTWen3LglsNzLrqjORCan6dUaA6o5sDRXHguNAc3J6jmZUR16jlMX2QRnYp+ZmGai35oXRLSn7UMYg8SOdmM1rkSMF3pV2rIoOhPmLjjkAkpiC6VBQzG9JVk6qIn4w1+QDJhfu/ji54B/e5RJrow/d7n74NjnEkwO1mr+Xs10VzEc655ZTQX4bxWc1CjeWU4n+fhHPASnTXdkbmz22sw/TBMP1w/pD9tGaWNyIGZeudKdGZUytothkSX/yKDdjObbQNqOVVQ44Ji9R8badCOS7fgebxPebbcDx6t9HzpO9fySRxAhPP3TtYm7SJrZ55vRHNJOGdZO6jUHHhl7W7jfRSizy8CJvocRKee05D+sG7j/UXLKHaUNGCwQ0+RkCCcQEbhNyqpb/lpSO2ewxM6FwQIAmqTfhIdRmZsBjdd6PeabsUJnhP30CsDOhedm37vJDTHi4kOy5npwnOf4RzUy9qBR9YORNbONHerc96SK6MZx3txaMahG4fUfZqZvrrRZ1BYLWO+SgchSVhVFdDb9LBkx6i2UiSk5kMoaaljBxRFB+3atxZ1JHSIDjql7bhcS570s/fRzH31qBAdnj84Bs+F5pV5u4jmXppzy+tV5z/LmnDcc6+sHYdzQkTnqfscv7027UT0qYd1cvfnLNN0kUakcpvOG5DRSkzv1DbdfEhiruIS4LBtYEpOQJ6DaHl4WayTaBJ9m7Qd1617rqV8vfu/GwH9bIXoL7uaC8tn3XjuUttr927CAa9wLjT3qs655rwJVxqr2rxWZktgj2PBDIp0nrpz0+vsYttrmSaZIo1ItFmbItZVUwDH/K50j+lbARRSXS/U00y7UV10tLT0Tu+LEF2iZxKSH5GMt2aD8wuOCRs573KF6A94F054LjSvtRxHTdour84lTTjvcM5fgJ7KYzMzNffREdOh+dTURuN9TW2gu/l+HOhK6nw6Kkz3mSJ26FvTG1IuW3pVC/SEuuhgp94bnNuIJtHBTkk7Lq2wxknDXtV3qzJ3t+t+b5IV50L0iptqOERxLsK5sFxU5z7COZDfOnf1xrmi647ba7REn6M1+gka0rnoFatmbpta/qoeBgWhpjupdl+cELnp7ZpmodqdUtFVby4m1KLpk1HSkID6JsJsv1pWEdclury32JuVPBJdK7Ul+trZjYj+kRvPRbd9lnfhuOcQ3bMHByTRXF6dc81FOJ/Zg3C+MXeCV+q8Rl+kRTrbvSZ6cTD9kGeR/rxlHtG8kRPJNPfDvS0Ox3y1Cfr0bbAPqUe/+JBKPA8RNdEFYY23PdqID4Ia5gpGNXYV5LxaM3Bi5ayI6C/z4px320XaXu+eGjxniJVwnp6rN+FKYAyiAxHXy/NlnrkjpJ8R99FZSN+oQe5oaMUZeORZtM1Wr86DCR+9roieJ0lsiauKnkkRoGUv/PYUaVb0ASIn+qTCzQ29orcRVeJJSzM7akRfFhH94KwbzMUqmQ+//unitevXL1/+3Q83pOy5scebsT3UaLjNX8xsnJ0r+8gWzLgRfeHMCaftPgXWPUR/yTKMSHl9Maiour07JOtqK48ilJPMEjXRQU9DJ2yfRiSIsuiCRn/8KZ91U2wr0Sx6LEUU6ba082J10/2giOh/c8+d8hyen9on9qNX714Dzl50dgJ8/xqfPIGj4GxvwQsb0ukngP0tYo6UM2qGb18rYciMO10GB4fGc/5296k6t9eQuzs1OqgU/R8zq+LkbST9qtu9cvO6bFFX6tiUnQkQddH74w3V7LAak+wm/gg0GTd3xvz8LWaJP4IGH6uRs7Szo3pd3FFH9KWDzg4WHPyu2vl3vGbGifkTxQNsXJwzHRKK40RHTlDVceYjImE49MbVHRc3DMnH3ZFxuHBK/FyC8DCcR3d6heZiaNwEHyWF1F3cR58CDzfWxrU4oIMh4pfBtL8g2x+MEuDL9A4Nc1Zi7UROqMlf5MRuu+Hq3ijZlOh2Y0OzOYWmp0bRnyRqZC0DvFK1o+Wsm7o/qLh7Dj7a5zEc0jnnmefUd+DMm2DgI87jMJ07zthPP/BYzi84sAOdms5OdJcq3qNsjBSOEhWdwne0AGf32hHsXmPNONf0qaq2+61WB3SQJv4JpPsbWberK+4nzXMVkiSInba/vD1MFERXe+JbVl6p59oV/uiUF5sKwlukmrdFCdEuOmgnSqQtA+yoFH1ViH6lwnOwz3vwhKM3U74Iyembj5FCFGchHRRHxtk4KQomUHDR+TwpMe7Z+cB0h+9489kT7I0XE54juu50BexxRHSxYMZT9L1WC9lJiJLruUzdIJAOJwhQML1d/u80ZnuUKIiu/Kzmzl67nmC5sNKfW9OLXEBX3ewm1jZIFAgae5Z1ImmZ4Jkq0d0a/QvqudiT+rfnhBmetfOLKNHZIeI6B5rjGHGnT/CDX3hxDty5cXwQ7Ojw8CgubOQz78OJSVKjZSE6Xxm3IBXdaiV2mCgy2N23q79KgMz2tp4ub+XkJXhfwwxfTjpOlERXD1mpyIDt8f2yNUqUCDS1PFEw2OMR1u2h7gRRIqhh+FxLn+S1w0v0e7Q8F/H84z885rrzd9654Ow+vgFdOFxY6g7cKp2Pk2KD3XkbriB0Z+NlgKs6S9zxGVcc9MRMx6kkVsC699ER0Z2Fcd6p+2tWS8lkSTMkQtlAuLs73N45GCKqpLb4eWhMuEGlkAsQH4Q2+3THUDjY27+h5kBfN7Vch+hgm/+v1/RAUljY0dsTThFVghpGY0k6Kgb4j71z+ZFviOJ4zfQ8untmzMOMGYwxT8QjEu9XRLzfr16Ymeg20X+BjSAWJMSCRFgIsbJDJMLa2los/SVi5XvOt+r07Xa7teq+3Rf1uX2rm9WP+DhVp6rOuS1H9D/8KRkeh3skt2Yc43mmjQOT7bQ9pOAU1oIVwWE5F+wv4RHDfQ1Y+Vyo5YovJSXAbTqu4yud4pC8vQbTub32Rn5Ev8pNli2IOlmWDocLqysbA4J6fX5IT0f9L5msHM9szlw6V2tEMRNx7y2HGv7viv+zmuJFir7VGJ7LXEFcl7NG/wOSE4j+PYrG5YhOxSl7C99AV+l0/RxgaNLxc67VtdizpOF8vefAKVWn6fj4qu4ywnQN6BhhPEUPLZlYS4qi50f0W9yk2VlqTJYrhynAREF2q/nTkF1oPqLo1ePGhKDo+ezUGhNjdvx9bsm1rihu+2tEv0eDOfgBov+cWwWWjnPq3pLfJvo5Rt+QSRo0NZW2DpD7XLfSX+pCqzzLYHtrhEGdI4/LKO+Fa6o8Gce5O+gWnQF94hytNCbJtcNd4SIre0drvbHmSi5O40Un9cn9Y89EFpsrXPTRt17ZEr0orvprRP8tRPQfPv30h99zRe9OyIGWEuo9M+0uU3jfrkUKuovuzMcxE0e4TlfPmXbHq8JL7p3T9mxZd0nGvadLdJ26s2Ycd9d6Rb/ZTYH6JGfvs/94/nzp5VevXnNYP9g52b32H69N5+KLbxQvOvc9JsVsdBGi6fUBuD1HdB/PfwBv5IoeMu6t0GER+KiuhjdlZO817dQC1X1sB01z3FqvYWBAtzk7Rl2i4y8gu7reaclE0xnRJaDnZd1vcFNh69LGpFjvTTsXzFzcbZjJiV4ZmKgoXvTR/+3UXXGsPfoX0X08V37J771miXci83fZQUdMx0DJYbjQ1G8Yr0fjziWgd07H+bm7+A4oO9wW3/FDZMeQab32ipyXYe81LNJRd+Lzz/sl425y02F5pjEZrs65WFMoc9FldooXnSz3D51TFX2/Nuw/XJE8kys6Nf8aovfvpmpL9ZZ+RHJsr6nw8rTw0nPZWNNFehMfvALjOTjVR6M5R7wYwSmbMl3oSVhrycSz7ryQzppxeaLf6KYCq8EUTP61sGrRq4a5uPJLBYgeceVgWqKTIU/yr7pCebonGfebWE7PP/maouf1R6fjQH60JKa3zjHSb4nkqriaDs+Zc5fRB3KL58oFl+dQXUSX5ug2iWcyrrNIp+jWkkk8zxH9Kjc1KoWvFfOr0J008ihedLI11mg6Hxn0rqmN8x94JkL0qM5d1hK9UO7ujejmOciL6BbJMehXiwFdwIiATs0puqK7a/4EbDPcamEeTgeG9FMOdBxw2n5hVSeyxSH9pZaP8g/M3OWmSPGz6MWD/P3scXDZYoToYP/SMS5LViNEp1Lji+lLO9ujim4cD5d0KZjHeyI603Amem4yjobTd0NE157Jus3GzugYLBMHyzlnp+iZFbrm2iG7hnP2SMcrlvsbLcFz4JNxEN3utPRG9BvcdDksdmd5ZrnfmZHRWTroW218YtmJPRcnOutXjO+QQpTo8VeeDlzBMB+XjejUvJ/otrlmeTlqzlScPhrQ8aV6I7LLMRlEd4nmortxyg/gOp0fdktnP1UcfbUKFCb6OxCdXZNpeq/o17lpwgoGxXFFxeWztdIYmVUXITqpzo9p3l6JE50czI0r2TlG0XnMYTCbrnCe6Y7o1JzkrNH/somembgzljOcK/jR5tnXNmRn9YlMRBfDfTzvnJURzyG4VZHiJ6jO/ugf4sAM1+g5Ef1xN30KC+rHO0WGs8tdlOikAjNGZ3PNRYpOto7Hk2+LEz3+dt2uK56nu0U307/5RkR/v1t0qyzjZ+8YefgVXuNbvvBybOJpY2AyThLvIHNzzWbu1iRd+qMDCeb43bW9ZmfdNev+MUL6R/ln3W91JaCgoL5eLXLiOl+NFJ1URk0T8FZttOhkebMxMhsuQvTIOtrWh6l4bn20e+r+Nfnms296IvqblnU/4+jPwFrdCX7hh7+Rfp6Zvrd96l18V8uRj6PoMoaoDrWB+I3h1Idz7qJTdLRes04tXvS3upJxz7pycDT+bd3Fw+KWqPQ8WnRyOOo/83rFRYtuXDJiSq52pYsSPb6RPttdFM8z2YhungMT/UdfM+4siG5z95Za/jIt5+wdhD22NjfR8QoQHC+DOgbhNHz5oC6+i+TysmAceaWrOCS215B114j+bjgZV6KJO1lbX2qMk9r6mvs76tETVxaLjxedrC00RqCGlfFoopODkRKDc4cuVvT4k/hbbiI83ono9wTNxfS+WXfuoAffZfLO2ftZULzpvyA7p+3IyPE6Ol8BER0ExfEQmO6vtUi9Z/U903tNAzpFz7um+uiaKw/LVyyNT/O9/aFMuzw62V11o4lOrpkbNf8QL7pRma3Fz2uWXYTo0d2ZyLybDJWnLaKb6OD7XNENlT0M53piRjXvVI4DUB2PLwLrN9IxglAWkuXi5BuKS7U4v0hXyzl15/ydEZ0VZpB2Z++1nlYtd7tSMTbVF7bckGzUGhGsMBkUL7qxvBD/f5qRRTd2IoP6Eu4EFiC62xulfdVYl+nZiP4N+ap/RNc4rq63OGpMt+upraZl49oa0YEZboVgRXFLx/nzrzpmq8BiNLhI9xGdnVrouVxTLdUCPav6yhhSVAcuh/hSEvlVmUcXnRxcHhPOr3FkdNHJSYzqm1uuGNHr00/FkWcsosNzH8+/R0TvV3jiLGyhd9eYASz2zAGfVlsCOg+4Szyn5oaP6RhZdiIYL11U4TpFN9m19xqz7l90Ck8wopdrgZ5VfXY01VfW6+6fcUJbh2Zxt+KGEL1A1RdRFHo40YtUfebIuUJEBzODd/Mmx5Mi+gcQ3TyH6QPW6Kq6Ko4Xo2biNN9u83fO21kA9qXQuaEZYjqB5Bx4nwWDfjERZ8fiaDvG96Tcs07dEdC7RS/bAj1DlSUeopi/shKxFNtYbAzNyiVVB6JFH131Of4JhhK9ONUvw5yiONFXB+Vf9t3kuOpJP3X/xjQfJDrfUEYq3GBjdRl9mi1O3AFLu0umHTS74nl4PLyeiudUX4Ex3V9TxdQd22u8vAbT2ajFi16+Bfrorh9fve/iqJxsDxnFrl1zbryik+Vrh9zQnmedqwJEB/XZ4+HW5guHjkSLHt+dadtNkls/CKLT9B7Rvw2iW90JPuq57Kbji/P2MEJ00MYXK0mx8gSED7G83TH9gkVl7I4qqz3rCViWjvOy86y7mK5T93cz5Z7LuEAfxfWl+UvqbhT2Zy/721DKVUEhooP9jb91/VL+r6wY0Un9ir9zvba5WnUuVvTRuzOduInyBEU3zQdFdJpu19j0ErroTsPxxTW6hHSekrFluriutnPOLh9oDjAAMZynZl7pzN/hu0e213hN1dd7huZe9HIu0LupXjM7VOH22ubsYcWNzvLuwlzfGfv2Rj3vEtxCPusuiv3V9c1+sWxxYTd/wnK40IfYtWx9Y+GyWr8Z+xUn+Su+jYU+xKXIDxoktyX6ZHlBRee0Hfz0/U85Z90t3d6VjzNaQARn3YlQ0/3cV5zgLVUtISemd9bnpjoMz5x+FdmtmarCCjOcun8kogMWh3y64v4dLB9e0v8/u9ql21esHlbd+Ng62lifX1xqGEvH83uXXHNQcRMD5dO3UeN5yf4Ei/PrGydbbqJU6qvr86jxXLM/hf6rXnYTYrlWQEv0WNNVdJhO0X/KE13lJrK11ikYp70bOtP2JgvM+Lpxbas74Qu7A1/n2UaAgZFcu7XQ7wv1HC+z7uyPrhH9o+w11YdKmojrQ6V+dOXqJVesL2xvXraIKuPbC3tXzG4cbRWmX6W6vFWvby2vVdzUqOCPcLCPP8FUqe4f4N9DteImy9URLdEL40mIbp6DfttrtlLP2A6/MdjMvXMlnXP3l84tlENzQt/l7RSQkgew0aL4bWl3u9TSfdadoj9SiqssiUQfKseFtESPN/2e74PnYMAanbK3rMCM1XWXNxycOQc6bdd0HGlmRA+hnKt0loHVn8y9K6www0FqxtntNZR7BhrSk+eJknNUTEv0+E22e6g5yV5qsak7scYNbL4GKHu2rrvAGlJEjsvAeGL9FfHx9dw1oIPuenGh8gQ817bJnLqzlFQQvcQba4kE2C6mJXq86ff4PJzwa+4anak4M505OBZ75ipdR994DZr7+pAYGdVtf01DOr51EMs5cpWOFTro9GXqnHXngRkV/V0/dX/CJRJlph7REr1YrnsKnlPzX/uKTtc7u2tAZ/ECs3AI6RSd91Q1FcdDsO3QfY2OK3BcRj6Kr+puCfcQ0jNT906FmYddIlFqtgtriR5vOjXPFx1CexjTeRm9b113gFgOzQV8+6OwCmtPWO8GwnwcXlP9gudgs1l3nnXXSy0fSaeWO10iUWp2IlqiF84dT1Fz0L1GN9EZyK2wu8byv9Z1b7EbUzjwzpNxvI7e7qkDaw0WX7Hb6NYiPVSB1eE9W6Mj646NdEzdk+eJ0jNfaEv0+Nm7iT6wbTI/mWYtkJ3Lcx/LITZ054EZao6PDkD8tjqwtqcGzfUBGHnQXQYG9FdR113LPcPzL9ioJXmeKD2HRbdEjzf9V2XgfXTO3c10bqBjkLHZ1JfnZZh3DxdVYXoXzMSp7IPrunPmLh0ceNQdJ2bgeVqfJ0rPZlwfpuK56jnR/Lff+mbd5cOvll+o59Z1Pyc6a2+eq+VwHiMFt7m70FvX/ZVsXfcLzcdpWXeJ6GzJhJD+Vsq3J0pP/z30uaqbJjT9t19/y4vo2VQ7LcegmrORKkZEc3xJ+r1ttaRY/bXtv+C3JOIyovObvRVDHdiwiW7VnlkcMpOMS/vnidJTuaz44q/xpj+PgJ4vOuF1lpYl5fyddKbbNaxb0p2tGzDgxSAR3Rqv8b1gFOfAbDtHKn7BSTzQiA7P2U31oXQeLjFllvcq7m9YKEfFiX48/1fR3+yUe85uprf8SVjA7XNGc8A1OqHkPhXXtK7J2TqwLPZMz1/FL8ithBMzPBlnt9eS54mps85eeAOYbTRKdcz9L7yYG9HNcSousTz0VO1Ax2XkA3glPXunpd1x3dJx/poqHk26q+GM7Aqn7t705Hli6uwv4T553Q1gt9Eo1zH3HNMHTd0pewuyt+weeoucsS4kH7FbikmFzDsVt+7oNJ2I6LBbbRfHZQzBnKYzorOb6n1Vl0hMmb0GWFqtuH7sLDVKureW4bqHBpZ7BvqL8ZzGazg/E+dDEk5eDeXsj463SdlDMo6PLNQ1DcdjcTRdJafobNQiFWYoeto+T0yfrZpX9sTlU0eFn7LurWWo3tfvCGynvyIG1oyzis/WkgmPfqC6PtBbHzn72vSS2yqdvZLx8rKqXmbBxxef6DRZfP1LnIx7KKXbEyVgrxHYrOfl26+uNfqzWKY56b1e9O+y++hmuzxqO3XXfXRWgJWR9Z55KA5fzME1w7Rd3zYG20jHI+tzXmBjyh0/guTyJRFdknFp2p4oAxrQTfVr93s0371s6p2Sh+fuh/IjOt4WTbepu1qOoI6Xd9f08hplt8oTL/Hba07H1XVTXVxnMk4dx0cH9RyFJzBzT9P2RCno3TjbvKS+5sjayRWLjYHMuHJRvS+nlJQVheTILXS/Pm/KAl132VgDlk1VdYWOj26uWUS3qTsfrs45defmOX6o6Jn+6GnanigHB3kT86XjzcvnZ44bpPwp9wx39opuVWDFb6be9WEuLvRNxqeptHlshp1a2py+h80167LIVTpefqnjprv1R8elljRtT5SEIbrRlH0PvXf6ntupxaTHLwZ0noK1fFz3NrpWe9bT7qciuhWMU6+pt2biCPwmMNwOzED0NG1PlISDxgjUtlwJqdz5dvcaXb/1t15OxRCW6KBlZ+MAd9DxHSrA6oC0exueA4yctOObxgO9vmamM54r96VDMomyMExAL/Ep93xuva+nrjtvqLKhgyXdz5l3xw+M3FgLzVp4WqYpj52L40eGi9A42epNiOf6BtfBY+lOaqI01BsjMFfeNgQPP0bRuxukS2kZxnMA10V1wL4NwLo4qOpNoJZLWGdAt0KwvmMLHc8eg7WAfvu/pRdL4v/AEF0sS9Nu7R9Rvf3NzBqdgyXeobs+UBxy2zY6/W437eGdlqB4Wx33eTjznOgxmXA2Dtyfku2JErHzX5y4e+6+30d0s139FmB2aLIoM/YWgObivN1o4aenazI+wPqvQXO+kFz+Dhzn57F7XSJRIkYJ6Juln5ve+4BpzkDOJg5WeEJehnJupLckD4dXP5qMk1djuSlvDdIRxmUE6jlexnQ8t6c9tUSpGCWgz5XhGvrfUL3zAdtV4865yE7T8YrqQtNXk9IvfOTVHXTJxzHtzmhuYCv9Fbu/BpiRYx7u9pRrT5SM+UY8R+7fQOXeB85C42R5iUhul9LPhWA5gN4c9V6LWN61Uuci3fbW+C3FX4VXr0+aJ0rHYSOeWfcvoXLvgy+fmencWiNqN0VHUOfems7dgUhOz/GY5RjCYRkdwrydh+JeTZonSslmI5p19+8BqrMArNjuR4byM33OO6dlhJcY1FlJqsv0tibieACW91r4+JpxSfNEKTn4H8Rzz8M+qp9lV+gs744vX/Q5C4+6+2k7XiJ2c8h0Y4LoMlx/Z0rBJcrJNSuNODbcv44nbn+NG+msDxkkF8ebDO/NcGBGxJavpu+uCFR3v8Fm3VqoO+P5/fcmzROlZeuyRgS1ct1BH5bqvfefESsDq55Tc7vUYkdm8PGKn2aur6nmVvD5Fa098didac6eKDXVvcY/ZuUa92/l1jsfFMu95xh0fX6mBd1puT8ogxduE67Rqbq1U7V2LViZp0NwifKzuvRPb6b+2d7ZrDYMw3A8tKPrRjZI2UcpIRD2Ueg1GFNsjDGB0vMuOY2Bn2DHvf0UWzFjsC3s0trVL4mdB4iQZEX6R1A//4Ut02EOLDp0r49u4cEhM0E52Q5l9A6ecCaHONU11R79b0ME0VPPLl7Gcx6vOx+Ytsx46TVYYHVZOvau9ZsNoskuW+9xa2e9lQd/rqWgkJ2Ih9titFcvEjlyagTTr4AfJxW6WqwL4oHe0MMcqa+F9Dc8h9soThE7ERv55GpMcl7VWUI0Qmqsobsw3rt1uO3gzL14shda7IKMgzNyCtiJKJlf/3UAf7c+3u7zf7MVTIG1Y3YO+PY1uPyOwsmhzrYxku/JyImYycvZjyNfH6tllixzMHdp3l1+jhbuXrx9Y9S+U0zsKSUn0qBe3599Hwh7s3rOsxOgaQXnjEmpjNHafuidUUoyxrloKVQnkmOaXz6Ui1VVTBbl07I+3Cf+CRWg2ejcJux2AAAAAElFTkSuQmCC", + "url": "https://github.com/hslatman/caddy-crowdsec-bouncer", + "description": "A Caddy module that blocks malicious traffic based on decisions made by CrowdSec.", + "stars": 6, + "downloads": 0, + "readme_content": "IyBDcm93ZFNlYyBCb3VuY2VyIGZvciBDYWRkeQoKQSBbQ2FkZHldKGh0dHBzOi8vY2FkZHlzZXJ2ZXIuY29tLykgbW9kdWxlIHRoYXQgYmxvY2tzIG1hbGljaW91cyB0cmFmZmljIGJhc2VkIG9uIGRlY2lzaW9ucyBtYWRlIGJ5IFtDcm93ZFNlY10oaHR0cHM6Ly9jcm93ZHNlYy5uZXQvKS4KCiMjIERlc2NyaXB0aW9uCgpfX1RoaXMgcmVwb3NpdG9yeSBpcyBjdXJyZW50bHkgYSBXSVAuIFRoaW5ncyBtYXkgY2hhbmdlIGEgYml0Ll9fCgpDcm93ZFNlYyBpcyBhIGZyZWUgYW5kIG9wZW4gc291cmNlIHNlY3VyaXR5IGF1dG9tYXRpb24gdG9vbCB0aGF0IHVzZXMgbG9jYWwgbG9ncyBhbmQgYSBzZXQgb2Ygc2NlbmFyaW9zIHRvIGluZmVyIG1hbGljaW91cyBpbnRlbnQuIApJbiBhZGRpdGlvbiB0byBvcGVyYXRpbmcgbG9jYWxseSwgYW4gb3B0aW9uYWwgY29tbXVuaXR5IGludGVncmF0aW9uIGlzIGFsc28gYXZhaWxhYmxlLCB0aHJvdWdoIHdoaWNoIGNyb3dkLXNvdXJjZWQgSVAgcmVwdXRhdGlvbiBsaXN0cyBhcmUgZGlzdHJpYnV0ZWQuCgpUaGUgYXJjaGl0ZWN0dXJlIG9mIENyb3dkU2VjIGlzIHZlcnkgbW9kdWxhci4KQXQgaXRzIGNvcmUgaXMgdGhlIENyb3dkU2VjIEFnZW50LCB3aGljaCBrZWVwcyB0cmFjayBvZiBhbGwgZGF0YSBhbmQgcmVsYXRlZCBzeXN0ZW1zLgpCb3VuY2VycyBhcmUgcGllY2VzIG9mIHNvZnR3YXJlIHRoYXQgcGVyZm9ybSBzcGVjaWZpYyBhY3Rpb25zIGJhc2VkIG9uIHRoZSBkZWNpc2lvbnMgb2YgdGhlIEFnZW50LgoKVGhpcyByZXBvc2l0b3J5IGNvbnRhaW5zIGEgY3VzdG9tIENyb3dkU2VjIEJvdW5jZXIgdGhhdCBjYW4gYmUgZW1iZWRkZWQgYXMgYSBDYWRkeSBtb2R1bGUuCkl0IGNvbnNpc3RzIG9mIHRoZSBmb2xsd2luZyB0aHJlZSBtYWluIHBpZWNlczoKCiogQSBDYWRkeSBBcHAKKiBBIENhZGR5IEhUVFAgSGFuZGxlcgoqIEEgQ2FkZHkgW0xheWVyIDRdKGh0dHBzOi8vZ2l0aHViLmNvbS9taG9sdC9jYWRkeS1sNCkgQ29ubmVjdGlvbiBNYXRjaGVyCgpUaGUgQXBwIGlzIHJlc3BvbnNpYmxlIGZvciBjb21tdW5pY2F0aW5nIHdpdGggYSBDcm93ZFNlYyBBZ2VudCB2aWEgdGhlIENyb3dkU2VjICpMb2NhbCBBUEkqIGFuZCBrZWVwaW5nIHRyYWNrIG9mIHRoZSBkZWNpc2lvbnMgb2YgdGhlIEFnZW50LgpUaGUgSFRUUCBIYW5kbGVyIGNoZWNrcyBjbGllbnQgSVBzIG9mIGluY29taW5nIHJlcXVlc3RzIGFnYWluc3QgdGhlIGRlY2lzaW9ucyBzdG9yZWQgYnkgdGhlIEFwcC4KVGhpcyB3YXksIG11bHRpcGxlIGluZGVwZW5kZW50IEhUVFAgSGFuZGxlcnMgb3IgVENQIENvbm5lY3Rpb24gTWF0Y2hlcnMgY2FuIHVzZSB0aGUgc3RvcmFnZSBleHBvc2VkIGJ5IHRoZSBBcHAuClRoZSBBcHAgY2FuIGJlIGNvbmZpZ3VyZWQgdG8gdXNlIGVpdGhlciB0aGUgU3RyZWFtQm91bmNlciwgd2hpY2ggZ2V0cyBkZWNpc2lvbnMgdmlhIGEgSFRUUCBwb2xsaW5nIG1lY2hhbmlzbSwgb3IgdGhlIExpdmVCb3VuY2VyLCB3aGljaCAoY3VycmVudGx5KSBzZW5kcyBhIHJlcXVlc3Qgb24gZXZlcnkgaW5jb21pbmcgSFRUUCByZXF1ZXN0IG9yIExheWVyIDQgY29ubmVjdGlvbiBzZXR1cC4KCiMjIFVzYWdlCgpHZXQgdGhlIG1vZHVsZQoKYGBgYmFzaAojIGdldCB0aGUgaHR0cCBoYW5kbGVyCmdvIGdldCBnaXRodWIuY29tL2hzbGF0bWFuL2NhZGR5LWNyb3dkc2VjLWJvdW5jZXIvcGtnL2h0dHAKCiMgZ2V0IHRoZSBsYXllcjQgY29ubmVjdGlvbiBtYXRjaGVyCmdvIGdldCBnaXRodWIuY29tL2hzbGF0bWFuL2NhZGR5LWNyb3dkc2VjLWJvdW5jZXIvcGtnL2xheWVyNApgYGAKCkNyZWF0ZSBhIChjdXN0b20pIENhZGR5IHNlcnZlciAob3IgdXNlICp4Y2FkZHkqKQoKYGBgZ28KcGFja2FnZSBtYWluCgppbXBvcnQgKAogIGNtZCAiZ2l0aHViLmNvbS9jYWRkeXNlcnZlci9jYWRkeS92Mi9jbWQiCgogIF8gImdpdGh1Yi5jb20vY2FkZHlzZXJ2ZXIvY2FkZHkvdjIvbW9kdWxlcy9zdGFuZGFyZCIKCiAgLy8gdGhlIGZvcm1hdC1lbmNvZGVyIGlzIHVzZWQgdG8gd3JpdGUgbG9ncyB1c2luZyBOZ2lueCBmb3JtYXQKICBfICJnaXRodWIuY29tL2NhZGR5c2VydmVyL2Zvcm1hdC1lbmNvZGVyIgoKICAvLyBpbXBvcnQgdGhlIGh0dHAgaGFuZGxlcgogIF8gImdpdGh1Yi5jb20vaHNsYXRtYW4vY2FkZHktY3Jvd2RzZWMtYm91bmNlci9wa2cvaHR0cCIKICAvLyBpbXBvcnQgdGhlIGxheWVyNCBtYXRjaGVyCiAgXyAiZ2l0aHViLmNvbS9oc2xhdG1hbi9jYWRkeS1jcm93ZHNlYy1ib3VuY2VyL3BrZy9sYXllcjQiCikKCmZ1bmMgbWFpbigpIHsKICBjbWQuTWFpbigpCn0KYGBgCgpFeGFtcGxlIGNvbmZpZy5qc29uOgoKYGBganNvbgp7ICAgCiAgICAiYXBwcyI6IHsKICAgICAgImNyb3dkc2VjIjogewogICAgICAgICJhcGlfa2V5IjogIjxpbnNlcnRfY3Jvd2RzZWNfbG9jYWxfYXBpX2tleV9oZXJlPiIsCiAgICAgICAgImFwaV91cmwiOiAiaHR0cDovLzEyNy4wLjAuMTo4MDgwLyIsCiAgICAgICAgInRpY2tlcl9pbnRlcnZhbCI6ICIxMHMiLAoJImVuYWJsZV9zdHJlYW1pbmciOiB0cnVlCiAgICAgIH0sCiAgICAgICJodHRwIjogewogICAgICAgICJodHRwX3BvcnQiOiA5MDgwLAogICAgICAgICJodHRwc19wb3J0IjogOTQ0MywKICAgICAgICAic2VydmVycyI6IHsKICAgICAgICAgICJleGFtcGxlIjogewogICAgICAgICAgICAibGlzdGVuIjogWwogICAgICAgICAgICAgICIxMjcuMC4wLjE6OTQ0MyIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInJvdXRlcyI6IFsKICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAiZ3JvdXAiOiAiZXhhbXBsZS1ncm91cCIsCiAgICAgICAgICAgICAgICAibWF0Y2giOiBbCiAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAicGF0aCI6IFsKICAgICAgICAgICAgICAgICAgICAgICIvKiIKICAgICAgICAgICAgICAgICAgICBdCiAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIF0sCiAgICAgICAgICAgICAgICAiaGFuZGxlIjogWwogICAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgImhhbmRsZXIiOiAiY3Jvd2RzZWMiCiAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAiaGFuZGxlciI6ICJzdGF0aWNfcmVzcG9uc2UiLAogICAgICAgICAgICAgICAgICAgICJzdGF0dXNfY29kZSI6ICIyMDAiLAogICAgICAgICAgICAgICAgICAgICJib2R5IjogIkhlbGxvIFdvcmxkISIKICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICJoYW5kbGVyIjogImhlYWRlcnMiLAogICAgICAgICAgICAgICAgICAgICJyZXNwb25zZSI6IHsKICAgICAgICAgICAgICAgICAgICAgICJzZXQiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJTZXJ2ZXIiOiBbImNhZGR5LWNzLWJvdW5jZXIiXQogICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgXQogICAgICAgICAgICAgIH0KICAgICAgICAgICAgXSwKICAgICAgICAgICAgImxvZ3MiOiB7fQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgfSwKICAgICAgImxheWVyNCI6IHsKICAgICAgICAic2VydmVycyI6IHsKICAgICAgICAgICJodHRwc19wcm94eSI6IHsKICAgICAgICAgICAgImxpc3RlbiI6IFsibG9jYWxob3N0Ojg0NDMiXSwKICAgICAgICAgICAgInJvdXRlcyI6IFsKICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAibWF0Y2giOiBbCiAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAiY3Jvd2RzZWMiOiB7fSwKICAgICAgICAgICAgICAgICAgICAidGxzIjoge30KICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICJoYW5kbGUiOiBbCiAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAiaGFuZGxlciI6ICJwcm94eSIsCiAgICAgICAgICAgICAgICAgICAgInVwc3RyZWFtcyI6IFsKICAgICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgImRpYWwiOiBbImxvY2FsaG9zdDo5NDQzIl0KICAgICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBdCiAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIF0KICAgICAgICAgICAgICB9CiAgICAgICAgICAgIF0KICAgICAgICAgIH0KICAgICAgICB9CiAgICAgIH0sCiAgICB9CiAgfQpgYGAKClJ1biB0aGUgQ2FkZHkgc2VydmVyCgpgYGBiYXNoCmdvIHJ1biBtYWluLmdvIHJ1biAtY29uZmlnIGNvbmZpZy5qc29uCmBgYAoKIyMgRGVtbwoKVGhpcyByZXBvc2l0b3J5IGFsc28gY29udGFpbnMgYW4gZXhhbXBsZSB1c2luZyBEb2NrZXIuClN0ZXBzIHRvIHJ1biB0aGlzIGRlbW8gYXJlIGFzIGZvbGxvd3M6CgpgYGBiYXNoCiMgcnVuIENyb3dkU2VjIGNvbnRhaW5lcgokIGRvY2tlci1jb21wb3NlIHVwIC1kIGNyb3dkc2VjCgojIGFkZCB0aGUgQ2FkZHkgYm91bmNlciwgZ2VuZXJhdGluZyBhbiBBUEkga2V5CiQgZG9ja2VyLWNvbXBvc2UgZXhlYyBjcm93ZHNlYyBjc2NsaSBib3VuY2VycyBhZGQgY2FkZHktYm91bmNlcgoKIyBjb3B5IGFuZCBwYXN0ZSB0aGUgQVBJIGtleSBpbiB0aGUgLi9kb2NrZXIvY29uZmlnLmpzb24gZmlsZQojIGJlbG93IGlzIHRoZSBnaXQgZGlmZiBhZnRlciBjaGFuZ2luZyB0aGUgYXBwcm9wcmlhdGUgbGluZToKJCBnaXQgZGlmZgoKLSAiYXBpX2tleSI6ICI8YXBpX2tleT4iLAorICJhcGlfa2V5IjogIjllNGFjOTRjZjlhZWJhYTM2MjVhMWQ1MTk1MTIzMGE5IiwKCiMgcnVuIENhZGR5OyBhdCBmaXJzdCBydW4gYSBjdXN0b20gYnVpbGQgd2lsbCBiZSBjcmVhdGVkIHVzaW5nIHhjYWRkeQokIGRvY2tlci1jb21wb3NlIHVwIC1kIGNhZGR5CgojIHRhaWwgdGhlIGxvZ3MKJCBkb2NrZXItY29tcG9zZSBsb2dzIC10ZgpgYGAKCllvdSBjYW4gdGhlbiBhY2Nlc3MgaHR0cHM6Ly9sb2NhbGhvc3Q6OTQ0MyBhbmQgaHR0cHM6Ly9sb2NhbGhvc3Q6ODQ0My4KVGhlIGxhdHRlciBpcyBhbiBleGFtcGxlIG9mIHVzaW5nIHRoZSBbTGF5ZXIgNCBBcHBdKGh0dHBzOi8vZ2l0aHViLmNvbS9taG9sdC9jYWRkeS1sNCkgYW5kIHdpbGwgc2ltcGx5IHByb3h5IHRvIHBvcnQgOTQ0MyBpbiB0aGlzIGNhc2UuIAoKIyMgVE9ETwoKKiBBZGQgdGVzdHMKKiBUZXN0cyB3aXRoIElQdjYKKiBBZGQgY2FwdGNoYSBhY3Rpb24gKGN1cnJlbnRseSB3b3JrcyB0aGUgc2FtZSBhcyBhIGJhbikKKiBBZGQgc3VwcG9ydCBmb3IgY3VzdG9tIGFjdGlvbnMgKGRlZmF1bHRzIHRvIGJsb2NraW5nIGFjY2VzcyBub3cpCiogVGVzdCB3aXRoICpwcm9qZWN0IGNvbm5jZXB0KiAoQ2FkZHkgbGF5ZXIgNCBhcHA7IFRDUCBzZWVtcyB0byB3b3JrOyBVRFAgdG8gYmUgdGVzdGVkKQoqIEFkZCBtZXRyaWNzIGludGVncmF0aW9uPwoqIEFkZCBwcm9maWxpbmcgaW50ZWdyYXRpb24/CiogQ2FkZHlmaWxlIGNvbmZpZ3VyYXRpb24gc3VwcG9ydD8KKiBBZGQgbm90ZSBhYm91dCBgcmVhbGlwYCB0byBSRUFETUUubWQgKGluc3RlYWQgb2YganVzdCBpbiBjb2RlKQoqIENhY2hpbmcgdGhlIExpdmVCb3VuY2VyIChmb3IgdGhlIGR1cmF0aW9uIG9mIHRoZSBkZWNpc2lvbik/CiogLi4uCg==", + "version": "no release", + "download_url": "https://github.com/hslatman/caddy-crowdsec-bouncer/tags", + "asset_url": "https://github.com/hslatman/caddy-crowdsec-bouncer/tags", + "status": "development" + }, + { + "name": "cs-haproxy-bouncer", + "author": "hellracer", + "logo": "iVBORw0KGgoAAAANSUhEUgAAAQQAAAEECAYAAADOCEoKAAAgAElEQVR4Xuy9B7gdVbk+/q3ps3svp9ecdBICCYQSepWOFEFQBMRyvV6xK1dFUFSwYgEUsYCgoILSa6gJIYXkkHr62efs3veePrP+z9pJMGDKSaLe358z6+F5eHL2mpm13rXmnW99FYHdbARsBGwEdiCAbCRsBGwEbAR2ImATgr0XbARsBN5GwCYEezPYCNgI2IRg7wEbARuBf0bAlhDsXWEjYCNgSwj2HrARsBGwJQR7D9gI2AjsBQH7yGBvDxsBGwH7yGDvARsBGwH7yGDvARsBGwH7yGDvARsBG4GpIGDrEKaCkt3HRmCaIGATwjRZaHuaNgJTQcAmhKmgZPexEZgmCNiEME0W2p6mjcBUELAJYSoo2X1sBKYJAjYhTJOFtqdpIzAVBGxCmApKdh8bgWmCgE0I02Sh7WnaCEwFAZsQpoKS3cdGYJogYBPCNFloe5o2AlNBwCaEqaBk97ERmCYI2IQwTRbanqaNwFQQsAlhKijZfWwEpgkCNiFMk4W2p2kjMBUEbEKYCkp2HxuBaYKATQjTZKHtadoITAUBmxCmgpLdx0ZgmiBgE8I0WWh7mjYCU0HAJoSpoGT3sRGYJgjYhDBNFtqepo3AVBCwCWEqKNl9bASmCQI2IUyThbanaSMwFQRsQpgKSnYfG4FpgoBNCNNkoe1p2ghMBQGbEKaCkt3HRmCaIGATwjRZaHuaNgJTQcAmhKmgZPexEZgmCNiEME0W2p6mjcBUELAJYSoo2X1sBKYJAjYhTJOFJtMcKeHOjAJdtKVotKmpC1q9r+9p+mNZ3JQylVkcpqssh2tzgvzGaQTVtJ2qTQjvgaXHGCOEEN45lW0Y870Iqe+e2l0rJn/zyqh8gWBqxZlN3IufPq77sj1N/4FVyVuWD+Y+RFG0FXPpq796xiFnTQWqd49lKtfYff7fQcAmhP931uKARjKcycQk8MUdplnUKZWaEfUNbduG+d7efyaE214ce/zVrHia2zSgO2K8eMNxrcv29NBfr8r+8pmR6kcABOj2Sq/eeErPUbvrOzw8LOiUowlYH2+y2KQtxeiNeMcQQsYBTci+6P8UAZsQ/k/hP/iHP/LG+C2rJuTLgMJa3EGv/9gJ3RchhPTd3fn3K4e/8/jm6uc9FEr1tDlXXr+s69w9jeAPrye+9fiW9GdMi+fnNVN/+cKJsy7YVQrZ9boHXxm8bXVWuxAhmprpo59a1hH8bHu7r3jws7Pv8J9GwCaE/zTi/+Ln/WpF6snHhwqnAMPCTA81+tE53KzW1lZ5d4/pTxQPWT1WvDzq829AlizMC8Cfm5qacu/um81m3YM5/cg874kWc7XZrRHupWUdgcd2d0/S93frC4+/lqWPohEFC7zq2ssOaz+rNeSY+BdP1b7dfwABmxD+AyD/Ox/x29dG739qpHQxpinodlAjHzm6+dA2r7cGACZCyNr12ePjWETeqqPF48ljjOlksuqX9Ex7T3vPatIvJ0nNxUwm2tPevn6nyJ9IVII8r2rhcLi667126grGMRYfem7jw2uycDJDI5jjMV48b0HXRV1RV/rfOW/73v8eBGxC+Pfg+i+561QUdE+uGP7SBoW5jBWYmkuu1k7pCVzp8bByoVCQOjs7lV0HkslkYpFIJLXr31LVakTPZjtUi3KBW1TCkchmL0KFdxLJuPhuqQNjTBHCGR8vB14Zm/jftOWeT1OUEbJK64/tnv2/TU1IejcI5BoAoAGgoQC19Qz/km3yL72JTQj/Ujj/dTd7aWP6g1uBu0jQjGKrYDxy7Mz4g+TuhCTIS5VOpwPRaLTQ39/fGwwGR+PxuDwyMuLN5EtHtXXPfAsxhhRNpcqot/dta8PExERrc3Pz+Lu/9FsGhs/K50qzujra/x6PB9969yyGhoaiXV1d//TFxxhz69dvmuvxiJMdHR3kd7R58+YeQRAyHR0dRKIg5g9rx5jh2U2Zj63JGR+nFFnjHUL59Hb3NT2t3oF/HWr2nQ4WAZsQDhbBf8P1qVQ18ud1Iw+sLlnHIQPD7BDz6nmHdlzQGXGlMpmMC2OHk6IQXa9no3XVYmfP6FyHENIKhYI3n682W5YR8HgcW2KxWH7nsWESY4c2mo52dMSGdw4ZY8xvGx5eEvR6h4PB4Pj4eHq+xVhGezz+Dp+D0dFRf3t7+zuUhBhjZtPg+Eyk68jrFQebmpoaEkEymQwXi8VWn883RlGUbFkWVuNxqxMh5YH16dsfHyx/QqtUIeyli1cd1nrGIS3BFf8GCO1bHiACNiEcIHD/zssqFRy8Z8XQ86+XzHmmxUG3IOfPmR+5NIQqLzEMg1paWtBkJr80MTl5Rntn208EgJJlWZamaUY0GtU3bdo018E4ZE/IMxkIBMpkrOl0OqpSLrot7Jwk/y6XcSBRSi+MOOjXd9UPZLPZeKVSaenu7l61c475fN5Tq9XonaRAJIORkVRTtl4J9zSFt/r9fnlkBCiXK8cyDEOnUrlDOI6XwmHfUA0AVctlntV14+kUvuu5ceMsygBo9ujFDx/afOKcZv/afyeW9r33DwGbEPYPr3977214G89lWpufXj/8yw0l9QgTeHFWkH3jiDbHDaJWknRJmkFzrlhFkhaG4rEXfR7PcgZrBZZVZZcrRpSJOJFIOFIF+Xhwx/TDvPoLEAhYWwYnDxHdwWRbhJ+sJBKOqqI4mnt6kgghc3dn/eHh4blut3s4FApJpRK4J4upGbM7Y+vHx3OBkq4EzUrJvWDB3NfItSMjI7woijTP86ymsbyGtcjE2OilTqdro6VqFRCMhJfii28p/LlvpqyrQLeYoNMYPK4j8JW+ruib/3ZQ7QdMGQGbEKYM1X+mI3H06ejosEaTte5J3ZxbLhVntwc9T4Y4s18QBN6yLM/IePoThUJxrt/v28QwVM7N02tpjsrzfKBgGJYWj/sm/75y6BsvDZQurzL+IEsjnaIYgUJYDUHxzfcf2fWx3rj7n3QF757h8HCy40+bKncmy2afgjk/bZk1kecoRSoL81qdfz/9+J5rWgDURCLBG4aBMcYzipXaIppiuUqttsAhiJPN8fhDPI8m/H6/kgCgqolsi1GzBJeXrzgoXy4WQ/X/DLL2U6aCgE0IU0Hp/6APUcQNJhLdplR2zpgxp58oEmu1mq9e16PjqeS1Lc2RBwWGGTFkI6xpZa5Qrh9i8qICFi7xnDC2LgNXP7gmex3n9IKl1kE3AGgawcIoeuLL588/fapTuu3JoQfXjpTPsHivaCgyEDMBTxt4SQv927Pmej+mKAqrKIpoWaxPFCkqFAo1jiQYY/fo6OT5TU3h52k3ndPLNFuMJ1PcAId6enoMIpmkUilnLBb7J0Igug0AICZT4u1I3LLfYT6d6tjtfvuPgE0I+4/ZQV1BXvS1g6nTkNtvSAYKNnn1FzpdrneYAne8UFQul4sV0ulmfySySTAEQaIkd7kmL9YMI9DZEv9zvV4HihJ9AGqVoijKEgRTqtXEWi4XXpMVPvnXrfrlrCEDZaoWEj2UgVjocSsrbr5o3pFTncT3Hh/90+rhwjkqJbIOGkDTdBAdHBwSMv9+ejd8UhTF9LvNm+Pj282UIyOTsyr12pJQk+t5xLilmMuVHx7uDyPkQp2dnSmimHy36ZHoTx7fPHBLyeK6TUtEx3cLX5kV9bw61fHa/Q4OAZsQDg6//b56aw0vuPepdfdlsLOvoNPURxdyHz2hr/XOXW9ESCOXy7kUzEVT2cycjkhTQ8GnqpIrm00c0tXV9ayu6yJN03XD4ByiVTMNntdqpumkVLVANP5/fGXghw/06/9NAQYeNJBMGixGgMPi9AtfPavr+KkO/LYnxv6ybqx4hg4cx2p1AIYD2TTh2JnBP/7XCa2X7viC704PwSSTSa6UV47yOfAWZyhUMwzDSBVqLSznVWa0+4Z2N4axEu6+8/nVj4+rfK9uOuHqQ+mPnjCr/R34THXsdr/9R8AmhP3H7KCu2FzAR/3k6W0vF0EAFqtwydzATafPDd6ww2mH3JuIyCYhhWJxyDM6Ki1esGDuc4VCwTmaLR8XdVtrkaOZ4nlsmrVaKRwO1xMJEKAFgE2nqWg0KiUAhOWvpe/525u5i4jXAjkqaKYFIk9Dp0d789rzDzmyFaHduje/e3Lfe3LLoxvG4YyqgsDHyaAZJpiYg2U9jns/dmrX5XsDg4j+k5OFSDqf7ls4b9byZBLYYm1kRgwZQ4GeHuIfYb077mJdWjn118u3PpTWeSfHUnDpAv8Np88I3XRQoNsXTxkBmxCmDNW/puOQgvv+8OK2Z8bKUguHTOnYsHD/SfObrtd13QiHw2q1WvXqui4UdLEF0aKeyYwdFgr61ul12VWW9e4j56R/XSx2OYgGL1CpaFmnkwHg4zTNyoFAOgfQYeRyUviZjcmfP7sxc5rChnisq6DrOlDIhJlBavCS42ZeMrPJ+ca+ZkT8Gn74au6NrRNqj26xILBagxBYxgFHdHmeOHue56r2kCO1p6AnjDFLnrFu09DJArLqbDAykUtl5jT7vW9JCDtnUOY21NQkEeKo1WrecrnsSyto4cYifVmyLM/UNZk6aUb8xiU9/t/ua6z27/8aBGxC+NfguF93WT1ePb9Qr88KBXxrQzy/rcUDI4nEYDuwAVExdFemCqe8Nli4rKKCU5NrlOhwIdPUwSmwpYuPCB3vZRhZVVWdKORIcJGiKIZhtOCdfgCGwYmTsnFcuqrPVauqi2WoMb8/vAVzNE8pddEB5bKHolKurtjWAEINP4V3t9HRyUWlqtZheN31eh2FKIbVy1K5OVcqz434ghva3MyrczpDK/chIbBDuWrns5tqd4yMp7p5pweXalVPIOirqoruPLLN+ZMzDm36RiKRnmtZKtfW1raWKBBTGDvTyfoxbhcz3OURtuwXuHbng0LAJoSDgu/ALibKtHQ63RqLxYbJV5SIzeRvtVrNP5atzlw9UvzyE/2l00zeB5SlA3AOMAwDAg4EXzwp1umk9Vw4HNaIyF0oFBzBYLBCRkIchgqFgsBxHF83TRfNsoqczzeLorjl3cFJk5OTbZl6fVl3LPak2+3O7JwJxljYujVxusMhTrS2ht6RUalUKvm3JZOn9cbjT3izWQl6erQ9SQc7xzM0kev49ary00NpuY2iAEzAoFoIwFThtA727yfODF7v9zvSOx2oMMZOhFC9XC4HZFlmYrHY22M7MLTtq/YHAZsQ9get3fRtiLupmscQDJ2iapQss2o0GlWJ9ny7D/8IXyh4OI3jeAwQAlXFplxmazW5KRSKDlu0KPB6vc66KKlex1VybHiyv/i1+1YkvqIiJ3BaAQzaCSa2oMnH5n5w8YymPeU7ePfwyPOfWrXxtzO7Y9/mdX2UYTw+mlbrfr+/RCSLuqb1JsYKVweD7mfCLZGVyURiSTlbOS4Uib0Y8HLreJ4vEA9IWZa1eDxulMtl53A2f8bC3u579we2mx7etmpzUj1MN1RgWRrqJgK/k4Nz+oRvn3NE55fJ0UTXqSDisAchRLOgliqVWqBe1wLxePx1coTieV43DEP3+5MywGyixCQBUnQikWBYliXWUNidCXN/xmn3BbAJ4SB3AdnMhmGIDMM0lHR+v1/KZrNBBXNOJAgUZVgKa9aKxKef5/mwZdFxWa60Gqrqcvj921jEImSqrEZRKtb1ZCQSGX78zcy3730t8XkZc+CiLVAwCRC0oD3qzX/33LZmtJv0aLubBlFUvrx26M6ZEc93eYovuOPuEiEqEm9ANJc07WY0rEUTY6nLc7nSEdFY8IlY3PuI14GTLpdVIzpKIsWQe5MYCoSc7lR+/Ji5fX0P788YvvKX4cFNGaODoVBDj6FiBCyy4MxexzNLm6zP8TxVYZ0sZ2BxhkAhjgZ1QjURkynUL2wNC3calMAAQlWRqpUxdmMF834LYxOpKtKj3hSfzdLEZbpcLqvvNoEe5PJOu8ttQjjIJSe+/zSts4bBEBEeVOBdW1OlT4zXzGMszit0O/D98+P07T6fr1ZKlVpURB+ST09eirHJCA5HQtc1r2EZtAoM5kF7IxQK3f96Et/44BuZ63TgwLAwYEQBjU1oiXjwZ05rbWsWYWJvovrOKWVL9cMmh4eOmr9g7s92aPRNkl4tFqt5XS5XPZutNMlI80yOTl5arSjzeI5NNTX5HvIEnP0cNk2KclY9Hk+VSCTDGAuOstpUKWbbvE7/5kjkn30n9kBKrm/+fWTdxgmpGyMElKUBpnDDwenM+c1PLwnLX7IslVF1tb2mU6cJDEW7aH1QA14czSsXzWsP3II4R7/IQIJIBYMl7eTVo7WPGxTn5JCWPbnXeYWX54uqqhqqqlo2IRzchrYJ4eDwA3KuJj4BgiDoCkWxVZXrfnL90D3rxqpdCueFOV5z8NTZvo8GjGKmpFinaoz78Gw6ucjnFCZ8geg6D6UOUqxDBpc7LWJ1o9frHXh0Q/4X9702/lHNpAGBBRxNAWVI4Hdx8Mnjmk7taY2sQAg19AZ7ayNp6chcvTKnNyj+GeMSliRWdblcomRJHtZkjVqt1DeeLp0bCPoeawmHV1ZkuSUxlr7G5/aPtbUF75NlGQKBCrFcEBEdZbNZzjRNUZIkf3d399Z9PZ9IKAPjmZN/+Wrmz4kycugYgYO1QNcksDANZy3ufvT4PubDomkaDMNwFQO1IF3ysEa1XqyZR42X4BMh3njGsKhJsPQRimWULTJ/2ZPbqmdrtABeDsMnD3Uujftcm71ebwOP3cVm7Guc9u//QMAmhIPcDURCCAHUqrrOI7cblRAXe/ClbX99M292yUII5gm19CkzAzfE+coKluWdDBKaCoXkMofbv5EWAwUeGZOmqXI8D5O0ClVnODy5daJ08lC6dFpZw6F0DRb53M4R1pLUkEhlIi5+yElpSiTkfcrtdm/dm6QwMJpdxOvlMu/xpCxLdESjLpL4BCVSlYXlWu4ouaB1Nrd6f+ZyubJut7uWTqcZw4B5qVz2AzRNK9Fg+I+Yp9JNgUAyAcAaIyOYfIHf2ppYMGdGy7o9QUeIoCDLzdmx1Cl1McAUa3I0W5baWIevPJHJH+9z8kmfQA13xiJPRxl9BcfpgrmdFIjLMlYx41EtM5bJlq9oCXl+xSJuq65XNIyxY02e+q+H3kx+RgYeAjw2Pn1kfDHPGenWUChLXJ2nIjkd5JK/py+3CeEgl7dUKnWTW2gaUbgLdAGzkZc2JX4wWoXZeY0Rjw6pjx0zI/JFByuXLIvrQYzYlpoYOSHk9z/OCq4R4KiqKcsBmrZ0w0BSNBpdT+5HTG8CAJceGju0r7v9WfI3YkUAACqRq5xfrtT6OE7cMqM1cN+O37YrGrbrhRrOTW9uGTvG5UcpyuGvWjLjEfVCwjRN/3gy/xFOYGp9ne2/c7lcJM8BIsq5lpYWnegYcrlccyZfPKFQqrR2tzXdFYvVKuO5piCjm1o87q6u35pcPH9GfKfJkSj33hFzMDZZPTZXTB/eGml7Phzm1uwK8dB4bnHIyw263e4iMTHm8/nWRg55jLFlKQ7WYnSOYTSNNrh0Mnmu2xtYxVvUcKC5eTKTyYT7S/SHX9ia/izl8Os8MrUPzKRPc7JsWddDpXi84ej0jixRB7m80+5ymxAOcsmTVXU2Y8oCC1BmGKZWqVSqsmW1MCxrFCrSPEnCc2fN77wdFwrNGs3NUTEzc2xg20mzezu/gUxLwli3aJrWLIvYFzUcDP4jOUk2i926PNTX1Nb9DiciYqKs1yGYyU/Ox8DjsmKEXl2T+q+KpLsojjKxxdKGVZGrVaPJJzoqJktRDKbpnpj+dHsT/6TXHUg7gjAAFZD3lJCVBB5VVbWjUNAPK5W0npXbapcCRjrFIa0sKaGIkxvULaeLZ82qbKkCa9HGsYdG7vQ59BHEMGJfR8vzRPG4M9XaTpgHxzNnuJyORMTv3ESIJJfL9VIURfIoaKZp8hSly4QgQAWYmBy7hG2ekfJivDxsyZMQjWobtoycgRiU9XLUCM/zxKOz5nA4RFVVOZ2mmaZAYOwgl3RaX24TwkEuP0kewum6AE6MVdXgGMYt7fA6rGazY02Tk8WTwmHP625KLGgsyxmG0ZpMJo/t6YnfA3UAZySSJwlRa7XaLF3XqUAgQCIbG62UnVw0obBnzW4JfQcAyJfvnyL/JnPqzFWbxj98/2ObP183eZA1DXhaBMFpgK5SgFQEFoeBMS04aZH3b2cf2/Px5uZAdipWAmK2HEoWWzcO5C+7+9Gt39JMBBalA0no6sSGKRkOmjcAKOIsqcpwyuGBB993Ut//NAcCySQk+Sa0PYvSzkbul0hmzgWgHC3x0OMAoFer+WZdN1sxzWPLolRANMnpAIim64VcegnmnZWISL3AqipXxWwwlU8vbY1F/kT8Kggx5nI5ked5DmqATNE0iEn1IJd0Wl9uE8JBLj8xxxGTF8dxYqVSqcTjcTVZrfoFg3WYpi5U5Vq0UCq29rQ1P04iEguFdLtl0U5R9I87nXS1XC5LLS0tWqlUmkekhGBwe05D8vIUCoULSzVlTldb07f39gKvGywcfesvX/lbWed8DCuApVkgq1ngBS+wggn5WgX8ghMuPqnrWyfOD387Eok0XrqptldfHz7tJ395637Z4ryaKQHNscBrCtYoLzINGbBIA8gaXHPBwm+cd1T71/d03+3xGdmjajVlWWtr613kvS8Wi4cDgJem6ZyGcd60GNWysMEjupYppGYZGHPNIf9LLMty2ybLpzsETvJy5hscxxUqJu9wglQjhOApFCTo6CA6BLtAzFQXdjf9bEI4CPDIpSRrsQNjq6ozIkWpdNzvHyF/J5LD9hdbdCcy6aPdLn7Q7xK25fP5Fh3TwZAvslW0sCVTMmVZlshxnAtALAcC4hhJkU7SDmwdnbylycf/1eUNEqvC7rIYiwghedXW9Ek/+u2ah0sm5zBUExwcDxSjgqRQQIMKFs8Aa2A47+joj648a+Gn93fKL68aP/0Hf970qGaJSNdVoFkKGF0Cg/EBTytQNVRwcwJ88PTeb553dNv/7oUQmEpFPjRTLFzU2t78MwQgFPLFEziGSvIYDxiaVvMilIZwmDh26Ylt21rqqhrsmzv3zWSyGs6X83NjIddWmq7Wdd1pEGLb4fUZoGlaDum6SWIj9nd+dv9/IGATwkHsBuJ2nEwmWdM0cUtLC/kyYRgZYVBnp0I2arZeD4Wdo4XBQedhybLS19IUfV6VNU9V1mdEQ6G1TqOuIRFVKIoKmKbpoGlD9vmiQzsiH/mtw4nvBtzOV0Mh/8MNFwcAolQkzyF5BN6OVnxjtHL0rfe88nhONl0UtoCzEFi0CiZ4wGE4oWpp4GZp+MBJbTddeFL7jVP1dNwJzfNvDp/2gwfX/1XRBJ4CChDNAKOXQWUcIMgApoMDxjThQ2f2fvO8Y99JCDtTye8gOaFW09onkuMf6uvtvg1AEfJVfQFlGHkArYxUXKUcjkq1qoVkWmAlRXNzyoTudMaTk/na4R4XGp/V006UrmiiWvWQ+hKTk5MOp9Mp6DormgwlRLw8KRBDNLx2UpUD2Ns2IRwAaDtEenpwMrNkUw5dzIFWj7rZF6Jhx1pe1xsOSoqi6A6Hg69qQvCFTckfvzVZOdYCVNMMS2A4p9dBaYW+mHv1cbNDH+EswwGgEif+uiMUmthBCFz/5m33tre1/5Z1cOspDVwIgajoWpNq6E4LQ7ZYLnkdBj/cP1E/5e6H+28yOSdChgZYM4DiMGjYDQwqgUIh4BFtXnxC23cuPWXeV/Z3yi+u2nbOjx/u/40sMV6BdoBhAbC4DArHg4gpKBkaOFgeLlzWfMfSub6f8ghRBkK0L9BUJKoPHsASBEIdoCkAvm2bB788b2b3N8m/y+X8XKzrJmC6xDmdmbzKBFZtmbh5S7J6SFGlXADYUBmv15IqwuJW4b6TZ8U+TdNyI5tzNJpvlKwrlZocqTo9a6JYeZ9FMcjvoNd3e+nHd8ZH7O98p3N/mxAOcPXJF+8LT6b1bG4SYTEMR0XMJ64+un4OwGwrmc/3sqJY0k2TmPHQva8kn1oxqiwQiPO9qYFBc8CyGPqirvFPHBNeWNMgjLAZs0zT644GXzGqyqxyXV06NDJ8TTTg67cAJGRZiCwWSzMqxzPDPMv00zS7TRSZiRXDyuW//sumH+bUGrCMCUgmnr4kjMgFtEVBjSuAgES4/MTOWz5wYt+XyNin6sBDyOnZ9emLfvbQhvvqUgW5WAfohhtkKAJHC4AsGSgUAqQX4MoLZt68bKb/uwCiR1VxtKpW5gI23Kah+zVDjVKIt1iaJzkYz+qd0XOX0y1sNutSE0+ZGd2yCpyDSui6W/nrhuQjz2+rHoZITReKB02qAcuyMK/Fsf66Y4LLiOIQDw8TOCEtirThcAjpifKy76+rP0SZFLC8Bl8+sX1eT8D9toL2AJd52l1mE8JBLPlXHh0sDFbqfoNyw1Exes0JIelzyDSDBvAzRZbZSFFmmuPE3EObpQffSMIcy9QAaQoYlAN4pENfk5A5o0X9b0DQhgC3G7oS8PiCgxTDWEDRYjKVOWbBITO/wFBUFjgu6wJilwAigRDbP7G5NyogrRmon37rHa/8NaeqHMdTwGARgFLBNGngsAC6WCMCCHzwlO7vXNhJf23X4i1Tmf7fX91y7a//Nny7hWlWrdaBE0Jg0hVgKBZkSwIKPMDiGlz9gflfOGth+3fffc8dxwWXLINHUTT/xm2bvxMKB1exDBTHMspltKUAoqHC0bgfMWL/S0PaV1YktDaG5kA2FPA6hYb7dlRQc5ceFr1ExMWSpDMh06JCLqQWZYp1JbLa4j9l3NczmAGWluD6o+OHzwzvO+fDVOY/nfrYhHAQq337s5tfHSjrC6qKJS7tDj56XBP3Px4B1RSTa0OGjEA1CrJVdv75TfOe1RlmvkmpwFEEcg8gvQrzO9iNlywKvI/HmCgVgQ6LJ2cAACAASURBVKIo3ufzka8aKwMEhgfHv9DR3fotBwAJStpjhqM1A4XTv//LlX+pkGxpNAVg0GCgGtAMB4wBUDckcCIBrjz7kBsX99DfITqPPfkf7OZlpp5YP3Lxz+9d/xue97OyVAGgaECsAaYBDSlBl2kQaQk+fPGCG85c3LLX7EaN5LEjqSv8Ae+WgEccKNWMOaZR8xsYm5ailCQNm88OyD9fPlCfT5DCDA+6UgGKQtAb4ccvOix6sZ/WxmiaJlIOMdzQMu3gMunavPs2ZX4LGlI4F1SuPbrvjJ4Ab0sI+7m/bULYT8B27d5f0I9SipIvV5ZmxtzUhkN6Ik+n02kHEoSohbEVK5VS6ZDo+dOL8pMrxrUFGiMDTdNgaW6g1DIsme1affkhnuNNkw0JAiBd15lQKLSNKA2LdW3WRGLsurl9PZ8mVZn2NswNo8rJf3qk/546NoBmGLVc0loMq1x1eX0a6CaxYtBaTaJPWNpz51FHRL5LlHH7mvaO8msk45H+xOuJqx56bMMP3b5IieFwDWONqktKGFuC1+u0Bi2d4QVaV04/se/mpXOj+8xuNDqafD/P80o06n+5kk0uYSyDB0FMGBquaMhZf3RL4f5H1+ePIUcGDUTwijSYqgydfjNxzXG9x7VFhUESvk2sCjW329lwSFAUZd145soZ3d2PKZTAzfSgLbtL4rqveU/3321COMgdQMTh9GA6WNWqXRG3sBV5yVHfg6oqBC2lzI2UpWNe7Ff/d2PWiGqMSjyLgLa8IGAFDpnp2/TBBZ4jiMig63qRoihE8iEQCaFYVRZVqpUj2psiP5mKO+7OzU/+v3zlpktFkZpYPL/v+c2pVDtvMXylUG1/883155xw1vE3tHg8FWKvHx7GQmfnnl19if5grDzmXbd844dDoZYtzc2xNe3toUbKtOWvb7hIVdn4yUf3/Zxo/VM18MTdiMQT7LNlMoWjNU3vam6O/DWXyx3DcZahY97EACWd57NPrMrf92R/aqnIcZpi8hwxcZLkKq0+qnRSj/OmuIdZGwj4x0SRqiiKwhAxQc7lgjKl0L29h6yZSpHcfQ5ymnawCeEgF75YLPpIbYJCubbUHwwnnBwql+tKV7mmzQSpWvQ1hV5L5dHhqTqabVAKNkydpyyHt14udTkcinRMb/v1CGnIsqxkNBolbrukOKqQyuYvkTQj3tUcvXV/zYQvv7zuuljQtapnVs9q4g8RCASk8tiY+9WB5JWjufrs7t7o82Axhsh6qowpGxSNLbPhBAmIxoAxQ2PKNClMU8z6zfmznZZRuuTCJV/ZNXDorbcGTkjl1MUnLptzy/5CmM9X55SrleM725vuyRalYxjGrGoG+GnKSvIUNbxiMP/5wYy6JObhnzcoCgkMzhpAh3xOPjEvRD1RLBZ7Kxru9Dq50UiAW2+wfsfg1omPxmPuP7ZE7UpQ+7seu/a3CeFg0CNa7lKpizHreqZsnJ6va0dFeHqDrKouzhVItoQcf6nX63WSQSmdTvPk/yQ4iRgbxsaSszOF7KktseannU6urGkahTGuhMPhSSJ1JDK5S7CF2dZY+Df7G8H32LMrfzJzbtNdXdHW9YQQiImOlGR7/I3RK2/99XO/El2sioClLUyBCQap0NwIiNoBBfk3UVaScVqVepG94sQlt1977sL/IWnVdxZ1HRzLHb5ucNsVFxx/5H/tL4T1er1pcjJ7bk9P+6/K5dwcBjOmalkiTRsZS6oZE3npMM4XT3hZ462dWZCI5EPSxQUCKaWa9HsqNN1czuV6kaWKOudvUU1XV3er8IOAyzVIjjm2H8L+rsr2/jYhHBhuxLW4kQsxUy73OLWylKtSS9dtG7l+blf0tx6fb6VF0wYLxZKCmlDcJyR2mvlIqTav10tKssUnS+rZWC6J0XD0CUFgGrkDvV7vaCM1WCp7Ms1w6aawb/X+DJGIy489tvbew47quiHq8w3ukBDqABvpR1Y4rvrRH9b8XEMqGT8YgIFtOEXuuamMAR84YsbdFy5t+mRLSwuxbDTKy09OqrNe7H/tS5ecctwV+zM+0pdgt2Vg+Ly+ns6HSqVUK9IoWhdFxrIso5JM9GRk3NfW3ftYi4cf39VlmxxxOjpAzWazTuR0enDdcIBec7++afib4WB7siui/Dzc3NuIrrSPDfu7KjYh7DdiZCMPwADlzXrZcLhu1NIhD3a4zFxxcinHcTVV1ToDXu8an8/ZKGC6ry87kQQ2DqY/7gqgNW3+yEpyricJVwzOcAwOJM5r8gdf9zG+YYXBfopCLEe8dEyDt0RLNXSDcWiOlCmYutfrJTERbsuy3JLBBZa/tPyHxxy58LMiy74jueqLmyZP/eodrzyhmAoIFgKVpoHFe3fosygDPnTK/O9ee+bCL5A5kWK0oVJILEt65/MrVn/rfcceexVFKfWdiV53Byr5uhOJI51Os8SZqFr1utdszF87a2733VGXK73zmolspa9ezLb29nY9N9UvfLWKI6lqcqGHFlNqvehRAUSvK7Je0Czd3eyuwgAg1LudxOy2bwRsCWHfGMH4OBZdrhI/XKJOI6nPDIt3etlSP1IUxHG84Qy4c2GPZ0iSIJrJTB7b0dH00FSDbEpppTtTz3cFO5tWBhGqVFPVCDgB3uwfvmx2e+9DBlMtIKR4TIEzHNhhmmbNpVMMizDnQQYlWZZSUlW17HK5eIyxR9Jx8/KXXr352KMP/++WaHTLrhaK59aOnPG1X738qEkZ4EAcaBQDltFw9ttjI5LEB0+c86PrzvtHDAQJ6FJVpvO519b88OSjZ18Vj9dTCPXu8aUjRFoqgVNVa1w06iIJXrnx8fRxra3RF3YNtBoYHV3kd7m27Y1c3j3QVKEw10SIbfb71xLdy5ubNr1fV3Tk9oQGC5ieqSE6YGKr5uepVQtbQ6v3RdJT2A7v6S42IUxheYeKxfZKnel6sD/zSKWsOA2GQsfGzHtmN/N3zmvveWOn0o+IqRMT6TOdTu8Gv18kov+U2pahoWNqluU8tLv7+UReDqmWLqYnE0dE/LG1glMsKWo96uCg7mTZDCgln8zyImadGSfGVqHgkTo6wKilawGDZ8SaYnS8/Opr31p25OL/Rgjn4vHtwVakLV87csYNv3yxQQi8RYOMUcMMurfGUACXnzDn+1efs+B60o/EDjAMQ2kaanr+1bU/O+64BdexuyhE330v0j8er5uZjMdX1Nioy4ELGEt4Ml3p8rNsbsaMGSQvAmwdmZxV1+iWhTOiT08JtB2dtm4dP7+3t+XxnX4aFYyD1clJR7KGFj26NfXDfolvFxCCpU3ep09rbjp7b1aV/Xnue7WvTQhTWFmSLKSou7p+8MbkeqVGATh5uKSF+trphzfdtFO03VlPQJKk5sl0+qTujo57pyIlFAq47c8vbLp75VvDR4aCgaQmWYJJYQ6bKiUgTiZeBBSNmZlt3o0nH9b7GT9Xz+gcp/p8vnoulxNIsyzL1DRN0ADclYo+d0P/W/99yrJjPgygFHw+H8mI1GjPrh4576bfrfgzIQROxw1C2K5P3HOjKQ0uO3H2D649e8lnSK9hPCx0ok4lk6nFnnp1+S8Xz573XZfLt9E03fXW1nc6T+3wZaCJQvW1LdWblq+euJzGUNcxgG4g3kszOYPVNbcgSplSOhwNBnJXX7josqYpkimJHNU03BSP/6N+RCKbncGY5oQieCO/Wpl8Y6hcD1gGgiObPC996ri2Y6ew3NO6i00IU1h+ogg0WE/ox28MbaiWLVHlBf6CduFXx3b7vxqJRN6u3Exy/pG4ptFE4pxwILDS4WiUOdvrIZ2IuTfevXrNG4PpWZqhAm3yQAsMGHoNRIoEEvGATQPmtTsmr7tw8TkiW54kCUlV1YwKApM1DInneSpP1GgazQlj45nTh4ZHLzvyiEXXc4ZeD4WaGl9g0p5aM3bp1+9+5T7VUhtBScALAObejwwW0uGKE+f99LpzFn2S3GM8l2vmTJPXWNa1clX/jbM7m+9qiYVXKoqihMNlPZfzccSfgmVl1jAcRpWqUlSVUp7sz9/x8HMjH2RYB6jIAE2jQDQR6Oz2SElgAfwcVfv6J5cu6g4L+0zgSsYyODZ2eDQQGHPtoocg6d9CodDE4GB2xm/eTL6c02k/IJZZ2Op67Jojm86cwnJP6y42IezH8r/w5tilHOerFgGOD5jFzSKuVLrat+c7dLvdJIFpw7NPluXmfL7S1NISfX1fZ1aST+EHv9rwyoZkvQeRLzc4QFbVRj4DQg4aZwEyLJjVIiY+ffnSUx1CpUirYtiyrG6eR1s1jfZgrBuKIrkMzIubBoevz6ZzC3q7257QlZJmIKagK7UC1vn6pnx14b0vZa9weZ2AFB1k0wIG/VPh5ncgQkyTR3W71x03O3wfQ2m0auEml+io8aKHfnPjlg/P6Y3/prWl6RGOpyss8DUS2kgaTxSgBqcydU3ytnnLdz+y4Rd/fj5xDUngorEyGBYFDpMFnQXAigI0L4KHQtI3rpl3TG9H+B15GHe3RERROTaWPKS9valhhdmZqm0smTxcy4y5q5qDNmIzdagX9LpFR7y8nljYHW9U0bbbnhGwCWE/dgcpyuL3++WxstriYKuyrJpBq2L10jSgYNC3UhTFndKCMDY2uaCtrYkQwl4/wRhj8aY7N6xasSU7h0Tp0YYAdVUB0U2qnXGgoBLwjBNmtTgnLzq1+xMiLrKlKlxWqcizTKVYq0tcwNTlmmHqmBdd5vDo5Gyn003P7Gt/jcP6ULwj/nuHS9jEW4Hya9sGP/Dd+1f/wgQdWM0Ci2u8tntFgGE4uPT42Xe8/+jZX8C44B5N5I+pVirzVc3semvbyJk0suSmpvg6RZKcpmUihqYZUXQYHq8vxYv8UJPH/5iOtfJT67JfeX515VyipNSZKhiAwGnyoFMa0KS8m8lBzCmWv3hl1yl9Xa3vKCG3uwEmk8UOl4upu93ut70jy+Vy7+aRsWuag/57m5ub+5PJJE/8JrZhzPcAmFM5wu3HdnhPdrUJYT+Wdadtu0EM5bJaDQadJH15rlyeWymVYm6/f2vE6yWxCJDNZpsMw+Di8fjbSr3dPWoSTzpu/0lq3YaJeq9m5oAxBHA4nVA18oAMF3DERwizEHVr5tJ57KMel2oC7Wv3eUIaQ1Xybpd7G8sxG50COy46PaW1b26+zeV2TXZ0RG53ATPq8/mID0TjrX9y9eBl37pn1e8NpAOrG2CyfMMfYa/NlODacxbffMWph3yV9CNmUY3ReEZjQms3D9/I0pTU3tn+Cx1jC2saJ9Xl7ppUnyXLakxVVaquaZSu17LrR/EJG8fds7GBAbN18naCQyWEQOIvMKjgAD9Dqzd+qm9uTyQysK9l2TYysrC3o2Mt6Zcn1pVEehZN06ZCUwG3S+hndV3eVX+yr/vZv29HwCaE/dwJxISWKattrCXlWE3j3bFYBmPsaqRHTxfbdamODNYjrkpaV2u5UT8db85zhi4xLC4yDKueMyf8/V2lhizOur/947dWbkpasxhaAaNeBUH0gGZhQIgGMC1ArAaz2yLD157ffWrEssrYYVlqzdtB8ZZsWYpOaiiQAiomLXIvv/rKz7s7u55ujUYf4DjIenYJZHr0tZGrb/ztM3fxvAi0KoPOuvcpIQDS4LrTD7/l8tPnfqkhmo9jsUonnTrPCxsHRz8n1aXWJQvnfg4ACt5qVSm73UTJSdyvPZIk5UjdxWg0qv/04XV3PPxa8kMixQPoCljAAPkPmwxQSAad4iDIccqN18ye390aaZDqzvbcQOnaQllq00AgylaElCojmXTzYX1tv4xAbYtp6qzTyWRJQpR0uhYlUeKkYGw4HK7v68i2n8v/nu9uE8IUl3hHFiOUrtWClkK10WytwAOPfT4fqeD8dsIR0u+x1WOf/82K3LdFjgUwvaCpFeApDVqbgoPXHd9+vBCAsp4uB+v1fLBY1zsfeKb4401JM4aRBAJFEQ08yQ8A2KSAskwwaRlmtvhGP3PVgsM5TVMDAUnP5QJ+AKnK8zyvaRpvMAxHvP5fWrXqtq6OzodiweByYIx6fBeR+qkNk5ffePezv7OAA87SoG7xwMOeTzTEAqEjCq49ff6PrjptdiMXI5lroVBw6rpujmdLl0xmS8ceceiCb2ClVNN1vdrS0mImAGhUrTqa3W6SAbmRt+EXD77167+9PvEhhnyDiPJUcIGqKiBwFOhqDUyWg4DDCZecIH6yMxZ7TRBF09WMBo2iO/DbVckH1g5kFmu0h2JpUjFGBhqZsGxm6MELFwY/Wq/XlZ0u1UR6I3g0ciyGQtJUE8FMcRu857vZhDDFJcZvYQ5mb4Rk0s+43W6XjBAFJuMKe/jxd/vOP7+lduWPlifvoSkWOFwETLEAlgEe1pKuOtT9gYBbSLl4sezxBIuqKrO3/O715VtzuEtWyo0MR0Bvz3jEAgckMpjiNJjbFRi56vSus7ta/P0kxDoajZK07Nvl/ZERruTzCaRK8ksvrfr2okWH/1gQrK3kQ73zRSHd/vba4HW33vfi7USmcCJLMWiHQKwIezo2kL8zFAVXn334zVecPKNxZCASEsBGRCow9785cOJgInHyIXOOu2EfUZPoZw+8/run+0uXkeoTqlIDzuUAkjCGtVyADRlMjgWfwGpf//iiOT0R78BoPj9bq1YFoyp7ftcv3zFQQjNowdOwuBiqBCIDcP4hwdvOO6Lts7suYSaTiZmmaTIMQ/Ja4h2JWKl9WXumuA3e891sQpjCEpOIRtXn0/VKhW/xJGoIzdHI30jogd/vHyUVlXb1CHx5UDr/rhdGHtIVmfgaA+ZdYGIT4n6++PkzYr078xGQr221Cv6v3/XSms3peisplQ4GBZihAFsKUDoFmGVB1yowp801/In3LzmjI+4e2vVZb+G3uDlojkZcirly2LH8mWduXnr00V/vicUasRG7ti1bkouf6U9daWKEkSphTAmggL7dMwkTO+R2CcDCFmEkCpsWoymy65TFvfcsXdDxlx2/v/1yDQ1Ntr+6dvVHLzv/fTfs6UtMrAEbAain7l31u8dW5S9yCl6gsAYK1oCjDVA0Dlw8Awbo4KTM+jc/u2xO1y5+CJkMdt3+2vDqbWlpBhCvSssEi3UAcZ+4aFHkp+cvCjXMoTvbjlqbDZ0Jy7IM0SOMl8sBxeOpe7NZdn9T0E9he7ynutiEsI/lnJwstq8tS58Bk2UQY012OKk/zm6NkHTqHoxxsyAIhYpstAi0lJUkyzJNlluXlD/0hzXFG1iSIJl2gMWJoJsGNPm4/JePbe+IRFCjLgI5XlQq4Ht29ehXX35z04Ven3cYGwxdlWtet4MtgoYdqukIMTSoApUvtnrx2iVLZvxCody0pkgiQ9F1AB0YQCqFECVrlmtd/4aL5y9Y8AcPSzeKn/L+pjSwIHQ4obCvRCv72tlbJ3OzagbjRErNoE3VVCgQ+jdse98RC+f8nsOUYjA6Y5qcSdMUjWhGo5CC6gYX3rru9TNGctZhEtvkMWQ9yGJsAsvpplRHlNctg6S6CvW8u7uldetFZ3Zdtesxh2D01UdGtw2mpS5kakAhBBbrhHq9DucdEnpyWav1eUGgSzRNq6IompW81EMLuMpxXEXX9YKGUOytPPUJIjRgy6r1xehfzohGh/Y11+n6u00I+1j5NRP6SX9YtemvpZLm5Jyssazd89OFvHFrgbUOZwzc6/f7J3mnOMyZ6npSTYjc7tktlat/+Wr6LkvTwEQKGCYAMg3ojoey3zu/q+XdL+ZYKjW3VJEC82d0vTg5iR2msyIImqarKs+xrMzoomgwkkRPpIqLn3pl9cffmuSWGqzHYakI0SJW5brEOEVeIhmdqzVFdDgcspOnZTA0oBmlZCKKPe6Qlvs/cs4Rnz/Qjf7SqolL73ti7c15meqkQavRSJM1hKlCBQUDXlcdm6pO0RQwrECTClQ0gEXTYLY5qxtOW9p5W3DpkscdAJRVLPKWP68wpZAoqj49FkMkTyQQslFMOjK/1b981zESieXGvw1t2pyq95KK0ZapA4NIslkLLjg0/v1zDos3XKpTKey0rFKoXM4u1XXTgykssxw/mVSFBU8OSd+ryRJQNAunzQx+7n3zorceKA7v9etsQtjLChMz45qRyin3rJ14oqowAAILJ7UL9xwVUD6GRDHupN1qKOQg0Xokmo/UAmic6V/elLjy2SH9my7KGjAMlw8wFkxN4kWRq1x5ZPNxfj+Qr3ejLBs5bmweGDs1EnAtJ0E9RFeB5iBS6fht0ZwUKYnH3VkiPr82sP4jP/rDylslhmGQgYBjeFClOgg8CxZxRaZ5UngWeBYB1jUwKTcYGODsJW0PfPmKIy450A39/Lrhi2+6+/E7yjrv5YhijwYgLsg84wZsqoAtnZwywKJowBgBSbhI0ju+f+lht5991JzPE7fmHcVqSXUlMm+CGcm98LZn1OaB0aP6urU3SKDUDrdnlANwPvJK6q9bxrOLBHegyCBLogzJpClK6IvQz563uOtTu1ptyuVyQNd1sa7rPtAAD9XMY/+4Uf55WVbBonk4d77/R5fMC+13sZoDxe3/b9fZhLCPFduUSMy4Z01heVnlYgpFw9kz3DefPy/2VYwxn0wm6V2VdsT8mBnbFuE84ULN51NbUeMlaFggxrLZpkRBOmlpX3sj5+DOwiVbRtOX0Dw/2Bv3v7C3oZB4CpqOUv2ZsVO/d/eK+0uaSbPAgoJ04BhqR9QiBUYjrwkAi/B2CwWigAROnzrPf+8NHzrp8gPdoE++kbjyu7958k6dD3KmqkFD7CHHIVQHbGnAcwwoqg4G0MDzJD27Bdgy4Lxjoz/73PtP/sSO+RICeNuV+92FYNNppVuqDLd29s56Bxbjqdq8UjHd3hLretnvR2/XbiQEMzAwuigY9GzcWYOBKBWxA2MHdljVarU+ni+d+qdt8FDdopFGC3Ben+t/3zc7SGpC2G03CNiEsI9tkahUgrmC0oYoRke6hurlQjTscY+Ewx5yJkfEzr/DJOkZH08fK4qOLeGwZ8vubptIZGfIcq2pp6fjRSJV5HLl+YVqdWHE3/KnXTf67q7d8UKh5W9uPeum32z4M4l7MBHAdplkz43QA0mEct6RHXd87gNHX3egb8Fjq8auuu3+F+9Q1IY0BBaigehIrB0EtKf7XrSs5/ufunBJQ6yfSts8PHaOU+RSLdEoqXhtVasQGE5sPXP+rBn3704HQuJHhseTi1wCk4xEIgPZejbuAAfU64Yrn8/MVDBr0S5HVcEUy2JTDjPilpaWfSeZncpY34t9bELYj1UlYm6pVHKNj48f6faHJYbnxJZw4DmSJHV4ePRcvz/0hs/nXL8nExchjsHB0VNDodhWnueN0fHhi4Kx0CNhz+4JZNehNQhhAJgXqlvO+uZv1v+JEIJFIVJYba8zoBFqEMd5Szt+ev3FS9+hkd+PqcOjK0euvu2Bl36hasRDAgBTTIMQTHI82Eu7eFnvrf914WLiuDSlRqJGN27cdlVzc9tjXi+f2DI09rGgx/tiKORduycnI2IKTSRSC3mPo8iYpmCaZlsmVTiKE9i1Lpf4QiwWI1IFoU7ivrwPCp3SMN+znWxC2I+lJS90LpdzklimRCb/P6zoiXTFQj+bzGaXeUTxtXDYT3Ij7LF+AnlUulCYXy7UT6VZSgTE5LpaI79HCDUsAntrOyQE5vn1m99386/7HzSs7WXZLSK6761ZVoMQLji662efveSoT+zrOXv6nUgIt/5h+R2qhhoSwlQJ4ZLjZ3zvk+cfPmVlJtEd5HLlhel88eJYtGllLp88oq+7/RaEEAke22OrVquRQqF8GkZ0e71WO5JmIBXwBe9mGNjg9ydlYio+0LlPp+tsQpjiapPzKsn0Q9M0JViCUwKtb3gy+R2sm9aMGd3f9bnFlwCgvLMQ67vPx42XqOHUA871/dvurUr1lkWLF5wjABB/gYaT0d6+XjsLy27OVN5346/WPaCbWoMQ9iUhEMciQgjnHtnxk+svPvJTU5zuP3X7+4qha7//x1d+qukUQxyWpn5kmPH9T114+JSPDIQQZBmaEqnUpyczuZMPW9D7WSfPk+jHnVWriIRC9BCNJLC75KOgq1X5iNVr1v7K7fZQzW2x3zs47skygOU02GQgIGZ3zc94oDi816+zCWE/VpgoEsmmIi+7LMvxyUz+i9WKtMQwtFJvb8ctpqYRV1niY1CxLMtJqgpRFFU3TdNgWVZWFLNVM8354+MTN9SlemDWrDk/FlmThO+WMMaFQEAdRmjv5cxXbB09+Wt3rnlK0eQpSQiIRBdiC84+vPVXX/7Q8Vfvx3Tf0fWh5zd/+sd/XXGbabENreVOQtjXkeGasxZ98cpTZn5nT88lRFsoFEj8Q4xETlssa6oGdI4n0l8anUguWLJo5vdFQVgFpllhGCavaVoTRVEqTdOGZTGqgSRGoAXJMCCcyeaudDhF4n/g9Hq9Lwf9nkd3VMtW9hV1eqC4vNeuswnhAFYUZ7PusWr1VHcolMImzMgVCidVy0Wmu7PjZxjjnGEYSjgcTqZSpTBN6wpxmJFlRFOU4ksk0p/gHY4gTTOeXKEwc2Zv552A8ISpaZMURQ0Eg0HiCr3HtnLT2KlfufP1J2RVmpKEwNJ0gxDOOqz5zi98cNlHD2C6DQeqB1/Y/D+3/3Xl90yLbewZE6gpKRWvOmPhDVedPnuP5d1IBSZyBEMIeRs17gCcNUlfmExlLnJ5vDlFqVDtbS03MwBljLFpGAaRskAQBMk0TZ5hGMOyrNax8YmrRYcz19PVfouqApdMjp3kcAj90Wj0lQOZ83S9xiaEKa48yVtAPmA5AK4yNLY4Hg9vFUUxm8lkljkcHjWXyyzL5Yuxttb4z0mmJEmSEIk7Iv705BEkzqBWU3qr1fKSaDS2heH54NDw8Cc9HrcS8Hifpyh6OcuiomSxcAAAIABJREFUEa/Xu9fQXyIh3PCLNxoSAmJJktS96xCIhECsDOcsbr3ri1ccd+0Up/tP3f743KbP/PThlbdamEONFO4YNQgBb9cx7rFd/b5FX/3QqTNv3lMH4jdA0zQn6XoMGYbfArppcHDo0tbmlicFgRsZHk9c4PV4n/N7fK9yHDYx3p4mmtR1JMcGXQff+Pj4dU63oxoKBB8PBLwrCdzELySRSBzj57hNzkiEKBWJO/PbBXIPFIf3+nU2IexjhUdUPGt0pHBRRVLaOQalvDzaNrcp9pjT2Tj7c8Vipo+ieFbD2JTKtbgsa7Qr7F3LW1a5Hq4bTIL41QE4HA52YGDo0nh76ysOxmlSlB7CmIptHRj8WGtr+7Net/svimKUwmHn5N6GtGLLyBlf+fmqR1VdaRACNveeRp1YGbYTQtsdn7/8mAMyOxIJ4Y/PbvrsTx9Z+R0Lc43hEQmBQ+Y+rQzXnnXY1644pe/GPc1pR9JWD8dxTpMW+dGRoU/xLF2NR0IPMwyTq8oQGBnaen53Z89POc4qMAzD1mo1CWMc5DjOGB3PfcAf8I743PwEcFwl4HJt3uH4RJgKrxooXlezzO6cJHc6GHpwVix411RTtL3XX/7dzc8mhH2s+kBBnXvbs/1vlKGVp6kaXLskdtExLY4/kcuII5KWTndIPE82X0llGLmaSoUnytKyYS10SYC11hsGDmq6jEFXsWqh+JkLYpdhzLl4HjDSNDop6cuSmfzpc/vavwSaViX5APd6ZNhaPvNrd/zlNwWJCoosqbyEG668hq4CJmK86IC6LDX+5hQ50FQMJo3gvCNaf/bZS5YdsJXhgSc3fOkXj6/6et0SOQ5bQJO4AkYADZOAIw04hgEiC5FMSIAZoHc4Rl15wawbPnT84j0eGQghCILAmmbFIWliVzYxcVZry4xnKLc85jJohRz+H12duB9TnASCuywybIqxFF0yqQ4vpw/0+Y2HnE7nJCEHEmwWCARI6vm300ANFWrzf7x860sZPe6xjBJ88tj2i49ucfxxOr7sU5mzTQj7QGljXjvizhc3P5NTPE5s1eCC2YEfHeWlv/3/sfcdUHIUV9evc/fkPBtmo3aVhSIKICQkgRBJBJlgk2yiEWCDE7bxbxtsg7EBG4tskk3OwWABEgIkJATKeRU37+zs5NAzHav+U6NdvMiKCPyBmD6Hw8J0V1e/V3276tV79yIn60W0fQKlhh20xdHCqPIWXac7ysvL1XfWhH/x9Kr079SCBqbDBUgrAIdV8FgZuHZa3VinSEVFIEmMqg00oNri+VMkgdta5nd86Ha7P83E21vXXn5v00/ueXnpzRrjsrAUDYpOchMx0AzJUiKZisSlNCBTBVLLQDM8IAbg7Mk1f//5Ocd+7iXDPxesuemxN9b8Kkc5REJrTshZNdMERrAAmYOQug1SgohpGgwTA0cyJMGEa0+e+IfvnFJfLJ3e21FUcc7l9ITDwe/s7J7js7E7LBZ/knWgpJGh3QWaZ59Z3vnW1kg+mNJoEFkWGFMGAsHHDwm+dvFx1edms1l7oYCcokgxDoejtVAo+BOJnB+Aym/LUnOe3dB5aw57QWRUuGRcxQVTa6WnD+bl+CaeUwKEA84Q8PB/r9o0ryuFBtqsXOyE4aHbJlTZXk0pSlkmq54fi2Ynmwgjkc4/x9F4vQiQXZfmr3quSf+5qpnAG6TAibACmQQQ5OuOD472cKiLbF8KgsDb7en8qqbMWeF4umZwVd3rVre1qGQk2+1ZcffWGoQAUCoF0qam1Sdtb4tNbIqh4Sbt4AxTZQTg9OIEnqJNXTelzkh0YHl5+VaGxgZS8gKiGKFgapZjBnufv+j0CTcTmbhDjbiTHIgPPtoy+/01XVcotMWCdJWnGcMgmRCdHZnBleX+rRhpFAYKUyyLDcOQGKAxNnWmxq1sPu/4o39RUV/R2pXBPhNnUMjhyIXDRbJlnGNTQd6QuJScGRCJp48bM8B+N8/zqgKK087ZCWriu95p/WhHAhpMRgDDMIDGRjF+ceIA/uUT6z03FMAIyrLciAxzsMft3kyLfIRn+Ha/39HVFIPxb2/a9YeuqFIrCGbqtDE1P5sQcpLdh9KxFwuUAOEghkU4i/1gA5AADCcA2VosqhSRzEVZTg5NF6CGYpX1UAA5n89Lm8Jw7Uub1Z9RyAQVYzA5EUiCXMBG538y0d1QW+sPky+jRmsuvRAIvfzelofXbe8cLElSnMYCwgw2TVRQJCxig+UkmtYLLiHfdcww37Ozpo16mKTw9tcu7CsEikajlmVr1l86esK4J2p69Riam5OuAmVIEs4la2trtQ/X75xJS5Y8Z2qGhjFyUGyx2pC8eCyHEcLcp5l8pLoKRENzACRCoVAqEon4yvrxLISzYf+Kj3ecc/qMyX/vL1ZD2iM5FWRLsTsHzgVvvnFjLO9o2JUWxyjZAmcVuKxm6rxFgJRsKhZG5+m8rrq9Vsm49MyGM4awlWtjtla3z1eTSKVS0h8XdG9uSejlLGBQlDwwFkJFAXB8Nf3xtErmRxaHNcXzYl6SKIowWO3p0p7dFHegApikvuQgXP6NPaUECIfp+mw27Nd1QWIVJa+wrEIION7dEP3+wx+G7ydTekwhMHq/bA5ex1eOEWYFneJ6N02r4HRCvGBpePjlVS+vaUmGyNdP5GxAsxyoWgZ4YMEQNdC1nDm2MfD+Hy+fftKBKMFenv/uz0fPmv7XOooiyU6fHiQw+PayHRc88taGeSrinaApMuYkC4ULJJmKvPskMapPj5L8TWNSKqFozBmTBs777lkjf00i9f2Tpwhd2YfLN31/9inH7TPPoBdsmDueWPzcO+tSc6ySB/JyBiSHDfRCBhAtAI9YYDgBRKzA9Rc1zqqocK6wkw7naaa9kBv85HrlzR3RgoM19aLSlMFKoOk6nDXCO//CSf7ZRBWa7OJYLBazP4fkYbr2G3l5CRAO0+3xeD6EMWCvVyJ04LilpYVZH8U/fWpD4RayASAqaaA4sTiQHRZGOWcI/T0rR+U0pFEGYkWHyCtPvt1xX1NEDxlEQIWWgCw1KA4B6KSi0AGGmYeRA+zLb5977KQDdffVdxb+ctzE8Q/2sTL1P/+Vj7Z89y/Pf/yoqlIUpytAWwgl2f63LVUWwTmT6h67ZNqgH/j9fjI7+nRbY1tz94TW9vZJJ045+q8H6tezC3b8/p8LN9/E0Hwx4KkgsmVqgMgiMFQVDIYHn90Kc8+pOq3c6diRLMhD86lYOc9Iqec3Kfe1psFJ81LxWl3TCFTC9Ebrwjljg98ipeCOXsJgh8MRO1BfSr/v2wIlQDiM0UE+YtFoNAAC2LGCM6T6MRaO+XZmqdOXRcQb1WzW5NxuRlcVmsV61uuyJeaMtH3bbuOjOIexpiXtndHEyOfejd25PYZqCckqjzlQFQy8pUhJDFhlgBUYOKrB+cFvrxh//IG6u+C9lT8f3FD/ZlWVZ0Pv15l0q7gMeHPJ9ovufOnjxwHzNKPnitRuCvrPtuWe3IrkvxkO4Ozx1Y9/69iauVVVVZ+Zbu/a1XNcezgyfuqxI+48UL+efqf51icXbvwF4YxkwATVZEEQOcC6CQxHKNUocPESzJki3hRyubfzNgkqyqyrNIWzvr459c9wUqnVKMFiqqpuqhndYXfB0AD71kgfflCSuAxRb+J5XinNEA7kif3/XgKEw7AfAYRUqrtao+wDw+H4IN1UuwZIzEJ3fX12VWtsKiv36D5n1RaLxTDIgjqmchWDKhxNePt2ARoaSPIM3hVOVj3w4o5F6zvlAdhMA6EppxkLEMl2ChDwmAWT0mFQtW3d1WeOP3dASNzWP36wZ/cXr1hzvd3p3j56YG0xcEZqIPrW968v33XRH55e9k+aEYHSs6AwEljItuF+DtPU4YIpgx6+5txjSA4DCUh+WiS0qmn9BbJGB6YcNfwvBzLj3+fv+turSzquo1QEPKUXt0LJzAdwACg6CZhnQdRN+PUVoyaFPNxmwRQsWMqaVJ6mExQ3kEJIM01W5ykcTyYjA2Ta6qoMWFboWcUny/lGjmMZm9u2vdznI1WRB6j4OlBvv7m/lwDhEHy/RyCP7ACwLV3dF8RjifEel22RVRRXa5rWFQqFjHXrNk8oK/Nu6x+E67tVXzvkZW0ON1fc93znG5u7jOEUIwNtIMDAACMyoBRMIEWRhIEo6FAzk0cIz9glLauZUpXV4SiITCEusE7FbbVu5QU6zot8eldr96kCI6SnjB/0N1J52as2RajdmFeXbr347pc2PqyhAvAGCXbu1o3c30HYkC6Y0XD/1Wcfd31LSwtdV1dXjE2QnYcV63ddSXOGXj9k4AuQBMizWZY2TVsulyvTVdOj65okK5JXURJ4aVPs/JWb9RmmbgBIJCYrAK8JoCMDOAIOjBUcLAXXXxA4cdyQxncjkeQwniecayhIYpRGkZJNTGhYQ1gDFI50jS2vr5kvGIaGEKqIxdLTcnm5sW5ww11uUewqqTQdwsDud2oJED6f3YpXdXVlJsfS4emCIMQ9dutHkiR1FQoFUvjkkWXV7nRa1/VnVNrzViSw35nNOu97dOuS1a3yEE4wgNJN0A0MnIVoOlCgm2ngWR4mDAksnHvmuHOdTshGM2qtVkA+Q+mxxLJ4OIUVNS/LLgMDtbOl45R0Ousd1FDzb13LcQixjEAZHXaLt31jT3b8k4sjP2RFCjgd7ZaDP8AIoICHE0Y43ps+svx+La95rVZbrqClXQgz1lXrd1xmE6V8bU31m6ahCwwGzHK0yfKCKfJ8lmbFgl2it9G0mX5rTc+Ni1cWZhNCFSwqoBgmWAwWkEUHpKmgUxJUOhxw9VnBmZUucSnDSI2iSEtIR+OBAjcC5GEY1m9g9A5CqDvekxglWq1NdhffZBZMnmEkTVbk4RSis7RIRSr9/o0RACEIkO+d2ewf+Q5jHBxJl5YA4SC9ubNLG/dua+pPSHJKNrm7fWSAv89rFZsZi8baebsiy7KV4ziTYZhsR0d4vNUqtphm1Y4D6RWQJcPfnvz43ztizDCK1oEhym0MW9xes/BCkaPQUAowcXBg6a+vPGbygbq7vT06tbW1c8bYYSPvYtkc19wdG4q1vIILLPdJW/dpjy3suJERoDhDUICUT++fL8QwWThhmG3JtBFlj3IMB16vpw14pFsFh/zJ+p3XD6yXXhk5cMh8ao9djT37+fjbG//yyoKu6xFmAUkqFDQF7BQHBUwXCWhJwNDDMfDTbzfMqgpYN3GczWYWUuOB5W7GFJSReqZimxSzGTC1JJPLOHPZPOuvKHtKYtQtCCFd1wW3z+ds6u7urmlJm1PWxqgrs6zdL1Dp5hMHha4f6qIOKCJ7IPse6b+XAOEgPbx4a/zyx9aEH8oyNqqBl3ddNaV+Rp1baslkMl5GVXmdQ5ai5nFxp6H91GDQ96+ysrLWA3AcUM0d8ogHX1v50uY2pcE0SYUACeTxoKoqWDkGDEoAZCpw9FDvqv/3vQnHHYiApTUcH7Zxy7a5p06fVExT7tOMILORV97fePndrzXdb4BanCHoDAfU7lqhfR6EEOk70+v/Nmdi3S+DwSDZZfgUQV5Z+MlfJ4yqf6DC52s6kBkfe7Pp4Vc/aL2MxDApHkFe08HLi1BQASSaAZXSwGcR4QfnDzyzxuPdjHnFiVT5eoq3XFC0C02TLVECCGCaZjvGOBruDnucgbKFbsZ41KRRWNdFdyDgLuo9ro3oJ93/fstbGgKQmEz6qglD54yskYpK3aVj3xYoAcJBjo5FW9NzH17dcW+atsBgrtB+3fQhU2tdVDNZo2OM7QzDcLquc4lEYjQAA46K4KL++gJ7uw1Zh3d3p6oWrN5585aW9BSPw9Nls4qRrKp5DMO0WxgqXTAYG8cjubHS/sHsyfV/OFCWIdkGXbLik1vPOGnqZeTclmi0vMbnI1tx5qsfbrr8Ly9uelBDCggmgMHyBwQEUqdw8cyBf7pi9jEk/ZjsWHwaVPzXO0vvPHbcmLs9HqntQGZcvKHr++t3ps+gNFU3KQrHE/l6Ny/1qNhwC8BQ4WQ4UBEMZk+fUnWF1+kI59T4WLfFUqbqcIthGFaGYSgCCqTaUdNNU5IszT09PT4V07mglf6NwEsrC7TAB9y2taQvy5uz5z++IvKMYiACCJmrJg0/d1S1+PaB+vlN/70ECAc5Aj7elT9n/pbIbYZodbi0ZMdxNda/lrmllSJtKBzHGTRNs4QUpaWl7cxQqO4ZUaSSdrs9uT8Jsfb2dikUCmkrN6w8jZVc6WAwuLGidx99447OY4cNqFhxqOIqCYydSxcuufeYE46b66WoTH/dyZfeXzf3Ly9tvtcADUREAnkHloMHE+A70+rnXf2tiTf0j96TwOjzr334+MnTR/74YPf++wdld3ZkBtZX2lvDAIwtm5Wae3pGZrMwZlDI+RTLSoGckRxuZaRKAHoMxngQ4Ukg6s6macq6roPVak3Lhby3I5qorfa7bxdFywfJvOqtDvoWd3d3u7dFCnM2Z7lzk5QlKDByeNag8p8O83AfHqS7v7GnlQDhEFzfmyJMKhuLZJ3huDo00r5tos1mS0h2R49m6P68nKsu93leM01T9/l88X290IRW3WKxiLFwbmha7fRUBKuX0zSd7xN7Wbdp54yRwwYc8hSX8Da8/vbiZyYfPeYmr9e+qRd09JYWYNe0rr/y7le33k22McmSgRAo0//JM9qrJWiag/OOq3lg9oSKH4VCIbUP4OJx7Hh/+Sf3nH3K+KsOtIzZW8Obt7WcOnRg7ZvRaJNd1x2mJKn8ttbc+X4Hs9NmKysINkbDBaMaUVQdUcgilYxFKkeaTiOEJIZhGISQJRxPT+QAdnq8ntdjiUQVUNRWvyvwjtdr6ejG2FpGUfLe6OwOwe3fqFNLgHAY7iYAEUkmhyV64hMMEyoTicSw2gG1z1s5aQOZIciynA8Gg+Ql+kyEm3y10+k0kYJzrNsWnVs1QHzRIUkdPouPULsX6yS2t4enSk7rxr1lHO53zU9SlN9d9vyYsSN/T6bPzbhZrIVaA1qAfaV53dy7XtlyJwEEsmQgEuykInF/B9kEvfCEuvuvnn3Mdf0JRnpyPWUffLD9rm+dcszlFEWRSP5+j16qeqKBSURYLat3Nt8wZkDdnalUKsgUGNmUTCOr0I1dzVun1tYPWY2FHBJ1ERkstgssS5mm6esVcY1QFMUahlFBQEI1oHFzU9OZdruzze9xPVdXU/kA4ags5SIcyCN7/70ECIdotyIIRMBCiekgrXMFv98aJoG7VEofumr75l81Vjie83vKlkuSFNvfl5O0s2VX9ykeq9AWDLp39J0by+crqYLp6urpPoMWpO1D6ypfOhjl4qJwTDZsZzHr+nDp1r/X1Pmeqa0J/Ntr8Xb0PeLzH7f96N5nF99pmAwgTQBOUgCh4rp8n1YgSHbVWcfecem06iKVOuEvUMtVlN3FTl+zesNVs0+Y9gODRzqtKDThjSRxBkVRXJTVmrepNFuAAgE+QpHGmABumuZEQzWGtHW0ntZQX/8Hl8u+gABK33Ii250NdKcTJ4UGVi8WAUg6OJmREaZnugAgSgAkHkLnAVxKxhiZibVMimfRtNq6ur97HdyL2WynRdNEQsVuBIPBYuVo6Th4C5QA4eBt9ZkzyVScBLoI/wEZoK3dyZlWt3s7B2kz3qmMZwVbT03IVpzyE91Bkyt4GF5SGRqYbE72F5ScX8+p5SOHVhMBkk9nEPF4fBhZM0diybNMDJtGDG6440BJNkVZtDDwEZp8PG22Dau33+7xCUsGVle/YQvaPn0pFq1uvfj5Nxb/pKaqZj2D7WZOi0s6xRKOwj7lZxoRCTlCbEBhhsxkUolkxYlHD37xnJnDSXFT8cB4E796nXhaW1v7STOOH3gTQrqp6xbDNE0kiiKfN/JlNNDlkklxWLA4MTbKAJBb100/RXOOQkE9KhLpHlxfV/Ogx+O6C4CkNYHc91XftCt2XZqyj3XbqI9cItdkGKZXRyYt2PmdFRysh0TC2lMw6hQ1V1VdX78kmjVGpNLJ0Y0h/0OxWMyDJQmrVmu6VNl46IO7BAiHbrNPr8C4XaKo3fn9O1paprtralb2BvLoRAEqUi27JOQvsy9pyv1iXWv8WJbGKsKYUSnWQxsqHlLu3HjNibWfKVjKEkCg6YZYOjtFVpTu4YMa7zrQ9Lc3tsFHIcpRMcqxYUvbhSKLYsNrB73uqNhd7NMei1Uu/2TlhZOPO/bRA+1+9DcJkb1/e+lHN4wcMfD1ITUNq0jsg+d5dnNz56yeZGb05KMaf48kyULl8xThMSAp2jRNezRTG2TlRFbRzXE0bdjJzAAhbKEoTsxkc8MTiXhdVVX50x63+1HSPQAgM6ricumN1V3Pv7U2co5VklDOMGgKmyAyWC8L+uSTB7Df5Tmux2uxdLrdInk2kjlJdXb2jA+Fgh+RXR/Cx4CQP9snJHsYLv7GXVoChMNweXMsM7jO52jq6kpUMwyvBnu/xr3rZVJSbHQlCzX/XN7z8sfN+TFc745dgbODaCowtdG7+Nrpwal9QS/y70QiMQFjujGTL4xMxJNo7KihvzzQVuPaXeHxq9b3/FTBeRfNClyiW2vAkE0GAuXtDklsY3iHurlpy/gxo6ueOn1C/T2H+sgbdySnvbhw+R8ClQMjFpaRdS1l6exODzEZyT/Az71rAmcXWZwfUet9OVQufkhIU3Ud13I0W2aCPh7AcBG6OYQomgKWSaTSwwxDF8orfK+4rK75OtI7OY5roajduo0vrUm89uyyjtks4ZGgcbEikzVlqPTbC1dPrhxXXbabN7H/c+BmLLZKreU1wZquZDIpxt1upbEXYA71eb/J55cA4XN6vz2d9qxsk3/tYm3tsVy2ZvQA30MNHmHj3pp74L22lz9qM84y5BRgUwOZdwHhTjummnvrmpOHnEzW/72swEw8lToZMDOooBveru6e0ODa8uucTuc+VYsI0crGdnzuY8+t/Xtc1ShRsoGmMoCZDNAcC5whQ8GQgGUouOL8cdeePtZ376E+8kdbsmff/cSHz2YNhtPyWQh6XJCWZUCMBIKRA8xaQWIUOOeEwY8fM7z6dzStsRTPOFlDrkMUfwLDUEEAzCFSdIRp1NXZPY5lmazL6VztDXgWMqBvAuB2kmJRskx5fmVq/itrwieqBAgwAwxLAY81qA7YEz+aWlfv8VCEw+EzR2c8X7Vg4857XVZ3OyVBx3C35akBFZ4D5kccqi2O9PNLgPA5Pby1OTP42S0dL7bF9YEqIOqE4eWPnl4d/ClAAvKmGQz5/c07duxgHAzjemhN4fW1cWE8h1RgaQQyZwPOKMBRHthx1nDr9xgGc6IogMAwYkrOnstykhsDo3d395QNa6j4DkIo5fP5ilNjUmBElOBDoRDZHkAAq6iPN/qPv++Zba+lDJBIBMDQGWCEPBgYAW8CKJgHESi45PTaG+dMGfinQ33kFVsTJ//p78teUlhRIpVFoFPA8Qg0RHgTGUCMFXA+CpedOfTBE0cHfmGappXnwWEYuXEGcpxLAQQAEE0EoU1E6buaW8c6HLZui1VqFyS+C6lKj2rgHhoZqwAEZcHW3J+WdChjiHYlMgQguvIM6FDpFPJXjndMNhVqR3iQrzCNzMC6uizIVi7t6Mx95+H1bX9jVQEc9mzy4qGVs8cNCpTyDg7R2SVAOESD9Z2+q6tQc/+Kne/FFalOYSiYWi0+fVYte5Us+w2HI8F7vd5P9RofXhx+ZmFT6nzaVIHBOuisBJShwqhq97qfnVo3gfAlcpwsyLJcFk9kLlE0/ShNN72t7R3BYMD9IcswnbzAt5AEKI7jgBO4Lh7zWwQBYuXl5cmFK9rmPPJC0zNpMGmaJozIAlCMBqpBA0ezoGMWXCwP3z2t4upZk+vIttwhHcs2JM969Lktz0bVPK+TkmzKDpqeBFGQQDWyAIIXKDUOF53SOO+Yo2y34zwu1zA1BpnyTKVAn4iwLmmaxhgGQhgxRmtbu1hTW6XabJY2t9v1ocjDEoaXPvHYbLuInsILn0Rf+de68OkaMkHCGFSEgMEaHl5XvvLGU+qO3XMJlUph97Id0Rsf3ZW+UTQsYLelMlcdVXH8qNrdacyl4+AtUAKEg7fVZ84kwat5q1PvqRlwZihkP22E/5ZZDc69rs+f/iT5+CurOi4RWQZ4WjURIzBKPg8ThtV/fP1Uz8T+Dedj+co8p4eQTg3Z1dZ2eUXA/yRFQw9CFGMaeo1maCFN1QqmiTeCCS1ke2Jzl3nOa4u7fqhwBiCUB/KVxGACy7gAOLXIgszmFfW67wy9/ISJjU8e6iOv3pWccttf33tNk1hXHiPgaC9QkAAKYWCxAZgNgqkm4MxjA8+OqXM8Q9NcuYLYaYIIoyw842Y4xmBYKsOyYpRluOSunS2zamqr3+UFdq3faX0QADr776S8sjrx7AufdJ7HCRYgMjOaCUAhFYbUBJr+38zg2L3lPWxpzh7/2PbI04zMMYiNpS8dXjN7UN2BaywO1RZH+vklQDgMDzc3N4sORy1vmlFEuBT31VRrHA/duHPX7Eqfc5GakQOmKEkOydYVtODmPYVZIpFUPWNhiOTT4G2trb8JulzzPTb+WRYZCYZhOZMSAyZiVZEx2+x2e5ZkQi5a03bGvOfWPV/AIs9hE1gEYJCdetYFhq4AYm3AagW46qz6G2ZPbjwg3dmez7F0U/KMv/5zzasFGgNSs2Bh7aDiPJiUBShUAMw7AGsF+P7pNf9vdrVwR07yORCNnJihR6pImcExNMUzIBPKNFXT/J3dPceWV9Yspnlpmc9peXTPXRQSF5F1KpQuyBXtBceISrfwSWf7zkkD6gYsGxyQlu9PFr61NeazWHB2f/44DJcf8ZeWAOF/4GKydRfXaV9DwLmDbNtha9BSZoP0vtKacXu7lBKEwR2RyE1WKRiE3o8rAAAgAElEQVT2OR3zEKdETdm0IX43C7Ou64m+6sNFq9vnPPjCpmdyJsORDB4WU6DjPOimABKnQlZH4LPa1MvPbrxixpiaJw71kT/cEDv7r4+tfiEHQOoSwcJYQUcFMGkRWJwGkBygyzm46JTQbeedMO6XZPZkmmZQZ5iAhePKNNMcgwxcBSzLqAVtQKS7q64iVPk2zwvPBJzWf++rP8X8DTPhqaz0thOWqZjL5SGamYfa/9L5B2+BEiAcvK0+95nNzc2u2traHJkWE0AQBIHbnyBLUd4MoYGZrHZ1HitCwGO/3wpcs8ZxisfjyYXDYZFlWZp8BclW5Turtl30yCtbH0wbjEDEXVmTBqBl0EwRRIoFnaKA1hS46ryh153yObYdl27smnPvs5uezAEWEdKB1jlAWAZgRRAQBWQZIdIA3z2j8bZjGl23Eb0Jko+QR3mHgGkHRfENBtBHAc0HMrns0elE1FlfVX4XrZuLHH7/tn0ZNhLJBU0uI1R4Koq7BTt3dgx0uSq7vV7q0/jM53ZK6cK9WqAECF/ywCgOajMjlJeXk+QbKpvNelKpgrO6Orhzb7cmWYfRaFSkREdFKpWfkcx3DAxVVjxkw3w0Z+QsNhbyhQJDZObzPp+vsKM9XbN6R9s1zy1ouSGLWCBxfyJ1yosGEH1aXWWJshrYaQxnTS2/78KTBx+SnBtJenp7ddfce59eeU8WG0R1GVhDAkzLQKgUkCoBbeWB1gpw2njP0lnja66z2Ww9GMewaPIGonUHzVh4BaEGmmZ98URihqrkherqijt0Pd/u81XtU7quqys2mLVyZsDp3E6AryOaGWACstX2ch58ya77RjZfAoQvye194inN4dzkoJPeYbFYSF4+SRG27mztGtxQW7lsb7cmcQny/wWv1yZnMo3ZnvzI2tqqf5smIirzLpYVkxynK7KsBzL5XG06yVfsiqRmLFuXPFM2MEvUmLGGGZbXcrKMXaIdpzSsmpxu4tlTGx8dUe14s6KifJvNRnUf6NHJlD2ejk/c1i7PeGtJ29Uai0kcUdBlRhQEnZClAMMTDuSc6BJENGN08I2GgPCOxEumx8+stVicROKe1TRNMAzDQ4KB6XT6JFU3BX9F2WuUxuZ8Pss+AaG9PTzebpe2u3pFZ0h/27u7R9iEYLvbvTuJqXR8sRYoAcIXa89ia02JzLGywVZSikkj2hDGVrqIOKwCkPUA2NG2bZtHDxo0bL+lzSRBp6Ojw5mKhQfbXP7VtbW1ZEOBFPpQXV1dQ3uSuYmagVFdhedJhknT3QnLgDxCnMBCwTQFBrEq6myNT6oO1XzCO6UcZ1K8X+K7NFYWursSs9w+26oqz26q9r0dsVisMhpNNvp85iqfb1C+OayEeJue64jEG6Od8gifT9wsWMQcKvB2jVasGARbjY/eINF0vrk7daFmZLxBd/VmC5ffxHFSpyiKhqqqXLQ7erxgEdptNtt2JElm0PafWos9+9Ha2jHDVW1f4wAH4ZUoVmCta41/qyWlTff7yla6QG0bWiku/BJc+I1tsgQIX7Dru7PZwLOrWp/ZlTDHIA3BrMG+B08dGfptb9mvnXADtra2jqitrV20r1u3RaMV4YQ+QQELH483V/uD5VtoitIkCqm8qRlqOjmQ4Tjwl1ctsynpqCMUSsEO4KABtF4JtaIWw5o1TceOHj14KblPf6KUWB5X9sRaJnOGwDfUlb/Qnw+RnBcOR4+RlUKZw+NcHXS5PrO0ITsA4fbU8BGjGz4T7e+bEbW0tPC8I+iX1Z6je1qzp1QEHW8VTJ5WGVFUDCYYi8fHOuzCx1Ye2lwu567GgHWvuQJk6dTeFTnV53aslCQp2heAfXVzz73/2tIzFzMWcNKo+8bTBzQQzoMv2I3f2OZKgPAFuz6Nseeuf29fuSVN1QmMBY735l6deVTNz0Qq2y04HJXY5F3JcPvQmvoqMmsggcbP1B5HZbl8+dbMLxes7bwogxxORSey7hzocgJCVq1z6rDAnQMrnfN9lB7XBUHTeV7kdV3N5VxqVdVu3UJC707+tXl7y1ifaIkF94hX9L68bLwjPiaaSwypqQktkCQpXCgUylu7uk8VOLEQ9JUvtFige8/+dXbuqIp0mgNHHz1w8b5qLEg5eCzW7gPNZV/Vk//JJ1taTt6VMCopRxnkCyrYWRPsVCY5vKFyyWVT6s7Y0wUklVtRlGBrOHqFN+R9lTXpGErkUQEj6d2W+J8XtuRn6yBCnccevmFcaGAgQO1zy/cLdu8R31wJEL5gF7dhXPHcW02vbUsbY/KMnZ4dEv4xvsb6R4egd8kqnq6AZWpXW0t1wGVdbHM41nBUJkbTosrzDsPlEiPptrT0Qcq8/aXVsStyqgkMQ4GJEWBDgSqvJX3Ncf6JA8u9OwF20OGwlbHb7VZd1zWPx5PuLaoigUsX0WbMZKIeU8GO6gEDVuzlpRPJzKArJY+NhLtPt1qlbqQjyiJxO6vKA+Rl/4w2ZN/1GzZsOFFk7bkGsWYN1AIhf9krmUIxCNjRIUiS1/O393Z9vCtJVeqYKkqwAUnhBg6mDgws+N708lkkthKJRASKEoOapvgpCmyZPJrWk8geV1duf4kTLU2MADtpzpn/sCV+44JNPdeYnEQFbFTb706srf+CXfiNbq4ECF+C+9e3R6cqIHo1WnCX8bC2wc+v6v1y8wAghcPRowTBjHtYS3ecFoM6UuxyHlnttNaayWTE5c3qzQt2Kt9CjADIkIEuch+a4LeLyasmuSdZOdRms9mKFM+6rhs8zxOCV4NIzJO1Qi/dGFUoFMT2hH7G+GHV8/bFapTC2J0Jx6duamq6yut0bj16zPCbqP1MwdesX3Om2xFos1r57X10b/syIfnSd3TEfY+uSX+4I2rWEs1KMBXgRA6QjmBSJf/hySOd3xdpRmOsrCoSfW0ogNvN5nM5PZiRlfqKYAVZWn3KgESWNDui+lGY5hQe51O1fmspL+ELHMMlQPgCjbm3pvqv3QllGuFjTCaTXsMweL/fT7YiyYtNgoVFGrJEIiGs7IIfPbms5Td5gwWBNYEu1j4gcFrpwjXH+0Z5edzFcRyrqiwPIMsWiyEahoUQvdKEZgwhROTPsSAIemtP4rjhA2re3hMQiqQqAHRbV8/UfCFfUTWg9u1UJDIsl1e9g+qqSbIQ4Y38L+n0FStWn19ZWbaQpulCWVnZftfuZOmSSqWsf1wU37wtYpYzNADPAuQRAEdTcPJA2wuXTqk4txcsyQ4MGY9kuWNGM5laStMon89H5N3J/9f3R2n/JbvxG9N8CRD+B67uJ91GXkIcDocJCPjLy8s/k8NPukKyGt9YF/37/K3ytxDvgIKhAY0FYHQdPDaAG08uG2j1F7r0Dh1xHEcHg0GNKE6Ta8lWpQ0Aq0QngmE4AYuopycyYPDg2mV7rvdxGnvWd3Vd57FRHzud5SvtdiAl1lRHd2xyJh0PlQcCSzyez5YPky/+2rVbTq4cNWQhRKNwoPRgAgjRaIv3vo/Ut1p69JFmvgC8wEKGAAJDweSg8tLJI8su7N1BKRLX9sY3uHA4N0AQtM7+RWL/A1d9429RAoQvcAiQ2UDv16xvcBNx1P9iMe3o6PBms2qFz+doEchnXI9oqmo1slmlEVjMt2T4U99Y0/H9jEFbKaAYnhWAw1j3uqT43JkVE4M2G4m6/9fafY/ZCNuaB3+ks3OMqeYpp9vVAYyNFygzj7Md9p6exNG+qkYz6ODnk9kK0TsgcQeGsRbS6fiAnlhsvNVlW+sUA7vShmLlJD5tFHRXJq3UBap9Ky0uMXYw0X1CC3/P2x3LdrYlh4osC7qpQR5okCQJZjZK9w/yFJ5gWBHxNDLcgtAukEAp7fLFYj21dl7bUlW178SlPtf1BlHJWCbPUJJsO4wxXQKEwzDewV7an769PRYrb+lRZ2Z1CHkctm02iekRc92ZQqFgE+1udWBd1ceESn1bHIarFLDZSKzGbreFdSMvaSYXnNTg+MeB7kvut2jDrhs/WJO8NIaEeoHScwxLsgZZ0YMzkeMbbLcNrPB9oAqORhtX6DRNUxVFMUkSiGiaJlmQGVKK3R6JjV7cZvn5zni6nhFElagiIMxJkt0WHVFleeHEse7fHgwobOoozMjJssPudIR7oj2NlRWVq1QD3D4MawnNWUdHPFQoJPyGIct5bBu2KSdcFcurtXaqsHlGlfeG+vqK1v09czHVm2VpwzDQ/rQ0D2S30u+712al40u0QO+sgSwTRMput7Ym0ElvrAv/PpZHIZExY1OqpCeGB5mnvA7HLgVx5ZV+x9b+3WltjdTX1AQJTwDs7E6MqA+6CSsTiR3uV4Ptjaaev7z2QfT6OAUgIBUojoeCgWGQC7Vdfkz5jAFKuj1fUeHJ5/MVNE33AMmYQsgg//TGG8iWqP3plenn1rVlj1MQBg7lsYmJPCyvThnoevLKmQMuPxjTtff0NIb8/jbCmdja2uquqalJ9pep790dISnb/Ibu3Hdf3CzPi2EenCKCcwf5rhhi9z3Vt6W6t/uRYqq++ElpiXEwHtn3OSVAODz7HfLVS1tTVzyytP2hHGUFG2fC94ZI504eWvkieclj+XyZ32rt6t/otuaeUQPrAkV5sh3R1FgH1jr9fj9ZMuxTUIGA0EtNyfufX5S4gmE1YIw8aEQjUrRBvbXQMnd6zTEkOh+Px0MsyxZTpTHGJkmJNk1BL8qlaZqe8/n0J97cuWpTGIbmTaKRmAeKYQGbFpjaILx4zbTycw5kgM6MMiifyFoba/1FoVUSzOw/rSezmY4MuLlCRCVByo93xM58YnX8lRiygIhycNHR3nNnNAZIzsY+j3g87iCAgBBCJUA4kEf2/3sJEA7Pfod0dSKBnWsS8hWvrdxxk0zZXSbNwXVDtRl15Z5VsixroVCIbK8VYwPkpc7lwJPIJAdWV7hJHgGJwtOdnZ0jnU7nTrvdTr7q5Dyy1VicLZClRt/OwL9W98x7ZEX2WgvKAotVMBkraIwFasR8xw9n1U+s8lk6SXoyIT+1WCzZfD5vI+rVRBmJNGWQyglF0Z9el3t7dZs8WaNtwCANMKJJDTRMqeZfnTtrwFl9YrJ7MwT5rXVn67hARU2bJBVJUPYpAEGAoiMDjtZY/PgVLZEfdOWgHiSn8N06c9rQhuot+7u2r4KURCRJPsYhOaV08mcsUAKE//GA2JkoVO9si56CeY4Gk2KHubmXLRYqS75w/Yt4el9wMdrRURWoqipW+xFAyGTUukwmMSAUKifFUSRDz0o271OpVCUluZh4pK2Co6jUx+3mL1/Zon07TzPAaFnQEQWcKEKjQ++49LjA1IHB4C6ShixJklWW5aDNZovm83m7pmlQUVHR3tHRgUOhELpjfuvy1S3xUYQEhTbyRQVmRAFMqhXfP3WA9AOaZrM2G6vxvE9xOIAUPBFlpuIWYk9PYgItMJrkdHZYAeIEaJLJpLX/S9tf77HPFSQmYJpWERwAIYeD8EbsV16KLD8ikQjJ8YADbYX+j939tbtdCRD+j11WFENJpewulyuzZ1yATIVRoVDmD4WKnAG90XSuPRI7QaSZpN/vXteTlscbcsKr65TdYCU9UOl9w0FR8fc3h3/26KLttyusFzwSA5qqg45MGGBF0TPHBS4tc7Of0JLLweM01jSKKCuzPM9HTdO0y7Lm5HlrRNNSjkc/KXy0vUf2EECRWIQ106AIkevUoyrfO2Ni2emWLEiqmq6WlXyNaZoSLwgpm93SqanImszIIwfV4n8AlJPofzHzkWyr7o8L4vO6g8xGSrsMn9d6/7muBAiHb8MvpYXWlDY2lsdDlJxc0VjtftkvAEnQQem0UpvIJk/obO+YHfD7V0s2sdnndC4kBUA5AIcNdjMxrd3ecW6H4ZjOmnKE1tRMNpurZwQb57LQTQFRWclRVNbi8wFvGHmr1ZpTFIVRFMXP22wyY3JKT6p7gpzOWVXRJ2RUypNIZ2tCZd73OIbTcoZWw2hpetqI+jt6g6YkxZBs91FZTaspZLOhHS3tFwgcH6uqKn+CEcW4V5LCW9PG8Zs78pfTpp722qU1k+uK9GmlbcIvZQR9vkZLgPD57PalXkVUi59/d+fCpoRxtMTS5vAy65oJIeGPVpyKckBRdk8gFUvLJ4iS2FXmcZKsQvL1JV9IEoNAPT09tryuNzorKppdAIRdiN61a0sdYq2cz+HoUpSUK5WSBxVAGF3lcy0wTZPjOGuGpmlB15WBiVRitKIZfCDoexp0fTNFUdZ4PD6w0mrd5K6rK/IQdHd31wV1vRtCIa03vkFyMHTydzKZHJTPa4HKyuC67u74AJNhNKzm0Os7lAcWd+JJNIWh0c1svf7kARPcAGRmtG9xyS/V0qXG97RACRC+gmOCZAT+7u3mHZuTdAg0BaY0eLadOtZ/co1I7erNaaALBajo7Ok4qTLgnS9JEtFGxCSgiDG2trS0NNbW1pJAnBqNyuU8b6jptOLO5eTK6urAVpKApCiKO5HIHiMXctXBssBygRUzqqo0RuOxqaSeqrKy+mmEcIRlcbgjEqkRJCnnEIRwX/1COo096XSkwuOxRa1Wa09vlmGR0rGlpWVwbW0tEV7J9jfvs6vCr7/VYpyu6yrUSoXNv589fGRphvDVGoAlQPhq+aPYGzJDePadjW83xdCxNDLNyYOCr3/76IrzSPpxLyA4SUBRlmVfNCGPrK0KLCCAQK5t7ew83io4unw+O1GUNiOpFKkGpLCiSNFodGAwGNygYWyxcFwS4wLO5pmZ8UR8Ks8TBQeKaD50u73uhViHBEJIE0WmY9f2LWODFYGtDGON9U9XJvGAVK4w0e92rLXZbEUGps54vEpVFEt9ZeVn8inIb29siNzx3vbkFchUlWq3peniGQ2nEy3Mr6ALvrFdKgHCV9T1a7tyM+OacBTD0JqPKWwdXmF7u39X+9KUN7dEzrJbnBsFvxDOdXQM5ThrIRR07yBTd1K1GI1GBxGtxWKdQkd4Snl51Ts6JTAWFqualqFZi8XS0R6+trsrPMrr80SqqyoeZCmqg4ABTdNyToG6VCJ+VFVl6I080WP02rb1Rf3JbCSS0+qyyXiF0+NYz+lWpSfRNnxgfTWpnfivxCmytbgjDTU2BjIGA3yVhdonfdpX1C1HfLdKgPA1d/H8TR0Pvt2iXGlBdM5nV9tumDp4ZBiAL++NJ3QmEsfylMQabD6ai2X8YORjDQ1Dt6ZSKVvaNMuT8fh0CwLRbrNHotnsFFbgO71W50uiSHeS5CRVzdbldcNldwfaOMPQ9kaD/uxHO/+1KomnGIjmBtvwkiun1p9yoK3Cr7nZj9julwDha+7aZzem//XyltRpvElByKlkb5vV6CKP9GmyUjLpknVdtBpGZoesjcwzPBu02Lfm8/ky1szIeYqqdtlsMVF0ybKaLsvl81WmrFGS09sMTns6E5MbKV02RwwMEQ5IUoL8X1/+h5a2fbyoUxuPEQUTfNRHN8woyq2VAoVfw7FVAoSvodP6d/n5lV2vvrY9ewYDHFQ7zczvTm4g7MbFRB6St5BOp6s0iiIUK/G3mpIvbIyakxwCn3BwWvz4auHigNtaLBwyDF7CWM6SZUAikx+1JWb8cHNSH5MFxhPi1XVnjBxwRrX/s2nVff14ZFn7wnc7tBmUacBEP/X+tTMaT9qXCM3X3NxHfPdLgPA1d3FLV2zIyh7jtzTNmTYJt8xs9P2y75EwxmIikfDLIjL5rJl+aWd2zaIWo9HJsBDyGt3XjvQ2+v1+EmewiqIoRCKRXENDg55KpRyvbUovebctOxxTVhhskXedP6F2UkPZ7nTpPY+Vzckzt8n4XNoEvU7S3powsOyZr7lZv7HdLwHCEeD6fgQs/8W/QOoVkIhMf1ROPdBpfrKo3RzhwBRUBVDLOTMGDRpGUVpzMxbr6oopx0W2ZpL19+THne8uastONgwWBtu1tnNHlx3bGPJ2HAHmKj3CfixQAoQjeHiQFzydTtfqOqcoSiK1Nin8eUscnykgLe210xtPquMv9/l8pB6C7Eh8Wi9Aagma4vT1KyOZy1SadVdLxkfH1fjn1le498tLcASb8hvzaCVA+Ma4+tAelGwR7szlPCK2mXQOChUVVJHzsd9yhCQhkdJpEjws9Ku4LM4yDu1upbO/KhYoAcJXxRNf8X7sFnAJE41KQrxKyGKdAHo5EZ4HkFQiJ8kBkLwCQrxKziE7EqU6ha+4X/fsXgkQvmYO+7/ubjKZrEEIzQCAEE3TKdM0yTJiq8/na/q/7lvp/odvgRIgHL4NSy2ULHDEWKAECEeMK0sPUrLA4VugBAiHb8NSCyULHDEWKAHCEePK0oOULHD4FigBwuHbsNRCyQJHjAVKgHDEuLL0ICULHL4FSoBw+DYstVCywBFjgRIgHDGuLD1IyQKHb4ESIBy+DUstlCxwxFigBAhHjCtLD1KywOFboAQIh2/DUgslCxwxFigBwhHjytKDlCxw+BYoAcLh27DUQskCR4wFSoBwxLjy6/EgvbTwYzHGJ2KMF/l8vie+Hj3/ZvSyBAjfDD9/KU+ZTCanAsAohNAoiqJGkb8P4UYJjPGVXq/3pUO4pnTql2yBEiB8yQb+XzTfJ9ryZd+LULLFk91zJV76ia6YtdigAfO7mdfQbuEoYBgGKIqoTRvA8zwghAj7M9A0vVtKHiEg2o4UoOdMTbnXE6hY8mX3u9T+wVugBAgHb6uv7JnhcNhP09xklmVG0TQVMgydZ1lqBcbm+x5PcP0X2fFYLPZdhmF+Ypp4GMdxYJo6sCwLqq4BTbGEnLH4/wgwmKYJLJiAMQVEQh7hIiAghmEWsRT1VwPjZq/Xu/mL7F+prcOzQAkQDsN+GGNCTvpfwiWH0eRBX0o4DwHAJPyFhBTVwTocmMEeVTfLOYnKGkY+pwDKVnor2w+60YM4MRVNjQWOG5tTcueJFjGINdODEXKIgmSqqmbSFFYQNhVJ4toLikqLLBVBCHJAs1lMsYphoJRJUSsZLLbRNJI9HqntIG5bOuV/ZIGvLCCQl21DRB7mt+JuQdc1mnbTKivzAas1eigvIWmnNZ8PMoZFpSigsnLK7mONeJ+K8aHaeVckEkymTY9oE+VUKlfr9fjbA7yY8Hio9KG21Xf+js7OKl2jGRWZvJnPiZglTOgYmwYlkD8Rg4jUOmDEsBiZIk3TpsPmjAhuS0QoFLTy8nIzGo1ypmlKFEXly8rKZPLc5Jo+W21vaRkDlEBk4wEhjDCPMaVRFMuaJibK0eRUnS5egzjOtDCsxrJF6bZEf9GVeDzuYFk2YDKMhEzTQq4Dw7DrOrbY7VKXIite0SpGcoV0jcDyGYricrmCFkxlZX80nh3c2hmZ0BONOXRNT2CKSXucYnttVWhNdX3VCm91WUsZRRFOxn0eO9p7GgAEMExsMqypiyLGVT7fIWlEdnd3W3d1xwdaBFE2DYbREEg2GgpeL99qmiY2DJuQSMQHYAulOV2BbpahGEORrQ1VgfZDFaBJpVLumGzakGFwOmcacjLnIT6t8Dl3ED993jHzZV33lQUE8sBvrOq6/s2thf/HGHoKAWfxiLhz9lGOXx09yL/wYAg8ib7Aws2xb72/PnqDbLAuhAxMM4iZNSp026zhrocP1aikvV/9bcGLTW2xEawoUCyLUUGn7I1B5v1Lz558/aCqQxuY5KWd/+7a2fc9+o/b0wXDRzMMYjBCLENjVdNZYFgOEEUkmMgCnC6u1BGiOY5DLpcr53K7ctMmDHlm+sxJf61wOGJ7e55oNGrf3pmcevtdD86LpQsBbJBXgDEpikHAcoyBNUTW9r1H8Q+apjHLsmRqD9UBb8uIoY1Ljz1m1MtHD6n7mEjM78tu/WMZGGOJEK2u2dl94pJlKy5csmTpybvaOt0FRQcELFA0meAQlNNBEjhdEoR8fXXZrmlTJj0zacyw+WUeW7vb7VYI0Pn9/nxHR4crp1G+ux94/L7NTS2jOMGiGxhxHJKVs8887b5zTpkyz+fzyQfzsbh13pO3vb/0k+/oJuYMluYEA+jjxw1++Vc3Xn0F6dK7H64++c77nnooZ2qcltdNi1U0KFNnzzxl+gOnnTl9HpvLqaFQSN2HoC0VDoel8vJybdX6zWNvv/vxebGkXEG8xtAsICRz40c0LLj9Nz++kKh5H+oY/LLP/0oDwsPvN9/35k7lakYrgAIW8PJK+rsTnedPG1b31sEa5q1N4XOfWtZ2Xx5ZveQajgV83sTgT88a5r/zYNvoO++t1V1z7nty2WMxlbYDjQBQARDvBQeOpa47f9IVp09sfPGQ21yy+YRf3PLH17MGI2GggUIaCCwNuoGA4gTABi4G5chLSwJz5G8SmCNM5+SFtdIm+P32tisuO/e2s6Yf+9Ceg5TIuS3ftHP8NT+79b1MAXMsRZO7gKobgGiOfN6LbfeBAmm/d2ax+54mBp5H4LVz0TmzZ/zjnFmn/LlsHwpO/Z+9HWPppUefu+PF+R9+L5XKSAVVA4oVigHH3ffYHWSkaBpkWQaLJAADOmA1DyOHDdhw9mkz751w3Njn6tzuFFkSVVRU5AmAPvHKO9fe/8jzv4/Juh3TPHBmFupCZbt+dO1lVw2vC3x0oK/u64vWn3H73/7+WE8y60YUAh0D1AU8PXfefP3J44bWru57hh/c8tDLb7y75CxBsEJBUYChEVT67N2/+dk1500/eghRt94nozTpZ0sL8Pc8Oe+hN99bcRFCLLCMBTS1AJVBS/THP7zk6tlTjv5K7q58pQHh0WU98xat77iWNw0ocD6wUPnU5ePsp00aXbP0YF+8hRu6T3tiafh5BSQJDB1onoJvjy/7+exRvtsPto3ihwxj+qYH5r+4dEvqrAIwIHIIkKKAydoA52WYOqrq5cvPHv/9xnJ79FDaffWdD0/57Z/veVKhre6CrgNlKCCxNJhAA6J4YGgSpDOLIOEloI4AACAASURBVND3opKZQt+BEQ8Cg8EpQuGSC+bccfUFp/+6//0x3sR/tBaNu/ZXd72Vypt28l0mIEACfCbLgWD8BwB6n3P3h7sXGEyGB0XOgctpA1PL4dNnHv/Cjy+/6rJAgCICL3s9mpPYdcvv/vCvFWs3TzZpcXf/obgaKT4HQ3YZeoHNxBgsNgcoiga6roPLJoEqp8HrsiZOnTXzqUvOPOXmUMgR77tRe3u7dP8zC/7y2oLFV8oqFOc2lJGHmVPGvPbLuZfNra72d+2rX7siueDPfvWn19dvbRtv0jQwDAYrA5nvX3b+b68676S/9L9uw/bIgF/ecudr27uiwxR9N/iCmYdTj5/wwnVXn3dNQ1lZbE/9ib4ZEplJPvfG0nNun/fI3UnV9HIMD0jVyZhRvn3OzHt+dc1FPz2UMfK/PPcrDQgPLI49+l5T5/cEU4cs5wMbzqtzJ1lnTBp+8IAwf0PX2c8sjz5lUKKIVBlYUYCzxvp+ffbIwB8OZnrZ54zlG7pm3vnowvu7DaleYwxgTRWsJg8aJwMHLpBoFL/u4imXnDCq7K1DkUJ/8+0VJ/7mjnueT+qMC2EGLCwANlQgC3uTFgAMtTgzIP98elC7t/LIy1WgBbDxLOi5DAQdYvbH117+kzmnHfNQ/0G09OPtk37yu7vnxzKak3zpyJfYAAw6RQND7Z519AHAf0BndwsMZQCmWNA1CgRWANBzcOE5J933qx9eeM3eBmpbNFpx258efOS95ZtnUawdDNS7wqAQcAxr2K3WbMDn3mmR+BxZV2fkgr87GqvVNOANsi1JdjEpAxhsgiBy+NIzpv1p5tUX/ppIzvXdb932jtBNv79n/o6O7uEaZQHOVEBAaeX7l5x7y9xLz7ttb/0igH7L3x6544VX35+b1ymBF1gwzAKcMeno5+649UcX7M1nr7z+/kW3zHv8QcUESQMKWEBg41Hsx1dc8IvvzJm1zyXnli3Ntb++46Fn1+3smUBCvwQMLBzGo4+qfff2G3/2nfJD/GiUAKHXAo8v7p73zpbwtRpNg4losAuSfuU460mTh5e/d7BGenNt+Nyn1qSfMzWzuBwXAOGLxnl+OHN0xT2HojB085PLn5+/tOMcOwdQMLOg8QaImhfItFOAPBgcCxOGhN687uTjzqmqoohQyUEdry1cfuKv//zgS4qO7CRMUNANmDCk7r1Tjj3qpbSquFjBrmiGLrI02ePnDU01LNmC5m5t6xjy8eo14/MF5KBsXsC6CpwhQ11tdeTem2+cUF//H9m1D1etm/ijmx+cH8/qLgJkOkXBgOqKDd85YfQjOs0BIExCF4wJmOZ5TiMvTyaV9SZSyeAn67dMaenONSBGAJoyi0sYj9eu3HbTNWfMGDfknf4PSb6Mv7zjn/e88K+3ruAkHjRFAJozAamyNm5o/dJTT5z8zLihAz/yeGzNwWCQrJ/x1q2tobZId+PqtZtPfPuD5ed2xgvVJs0XtyrJkkJidLjh6m/94LI5p83rf6+3P1g1/dY/3v90l0wHKSkHYLLgl7yFu3//w8njRv5n6t93zesLls655Y4n/pnWKIuJcsDTGtSHqpruveWaaXV1dd37ctYPfnvfUwve++A8TIvkMwAcTUFdpbvp1l/88IxRQ0Lb9ryOBCzveuydu+YvXH6lhrqxQgUowZShzAktv/35dZdPP2b8uwc1MP6PTvpKzxAe+yBy78LNPXN1dve02cbwyrWTHCccPbzyoJcMC9Z1zXnsk/gLuoEoE9PAM4AvPSYwd+aI4AMHa/N1zd0T/vjoRy/ujMshjgbgaQaCASGOVcCdKcpHQwwQWMBv47pvvHjCaROH1Kw62LbfeG/FCb+87d7XcgXNQgTQBKsdLp5z4m9+fuW3btlfG83JpGv1srVn/v2pf/16Y0tPnUWSgDE1oBmAX1x3yTUXnjn9vr7rl32y4Zgf/u6+N1N5w0XrCgDD4eOOHfvCrT845zISsNtHcIyJxWKWNdu6Jz3wxAu/27StbTxGFGAwir64+OxZ9/72houv7d/H+R+umH3zHx9+NKsZ3lwhAxLnAYHJJ2afMvPxqy4749aQ4z9T/z2AhIpEIuRek//x7Ku/2byjbVKuoALDCcAChkE1nq2/uuHKM8cdNehTMZiVGHNLHnj65w888/YtiCJLLAw8YJg2Ydgbv/nRJef3jyVsa43U3/S7vz7T1NIzPqPoILAM2AWU+NmPr7r2vJnH7Fep+oM1O47545//9mhLOD4orzMgSRJQakY//7RpD/z6p1f8eM/A4KuLVpzyp7sfezSazASBQsAIDgAlkZl78Zxbv3XKcfNILORgx8b/xXlfaUB4fHH4vnfWx64GgS5OjwWKUX9wrO/EscMCB53dtmh92xmPLI+/QAHLKYgE1DBcflzF92cO8zx4sAZ/4LU1f3n+7a3XK5xenBG4QcyfPXPkHzleNx5+velWRKWAMq0AigHnnlb3hx+eedyvDrbtf7+74uRf/Om+l1UDi7qqAf3/27vOqCiybb0rdyCDIigOKpgwYg5jzqijYhqzjjmCmFHBhCgGFHPOjI7OmDCNOecxISoiBlREyXSorjpVb5129Dlclfa+mb591yv+6Fp9qvY+3z711Tk7FU1Dvy5t5oSO6G7RPTbEHg5etHFXFG9CFE4Q0hkM0L6Rf9yyOePbYh1wduH5G7frBYevOphjlBwZSQAeCVC/brW9GyOCOhW0S8LX7z5xrtuipbHLMrONrhJlAILUQAXvEjeXzx7U4MODh52I08fO2H/uamIziaaBJrEXhILurWou7Tlh+ATfr0QnPsXqanyi3+zI5TuTX6b7GSUCkMQAg3jo/2O7iEkju4V+OjYhJcU1auHWrecvJ7WWVSRQHA+sQMBPPQLCx/zUZcaf82dnL9kRuXXXoTEiS5AYI1KQUd/ANgsmjeo6paBjI3bKbt51aHDMup9nGWSVsx47WWUEHo7Mq8lBQ35q2cjfHPHCeSEJz54VmjMvdsfl+HuNOC0FvF4FIGZCk3r++0NGDhxW9iv+DUvXyz89zqYJYePZ1yuP3nk7lOQI8xmXlkh5ZAPPdkU8yYvfOTllWgLOyVuvOq27/DKWpjjWKDNmYulfz31MmwquMQU9DPj+L97pi4auOH7iyRtUBlG5IFEylNJwD2aN+KElqzXlDY86npihy3UhkQpkiYSibuTDGQMaNrHU+AeOX+wwOXLVLomgGSTg8zoBg7q3njN+iGWE8OpVjtuIsMgT9x4+ryTjtGFGBeWLOtxfPTek5p/5CMSl2/drjJyy5Fh6Lu+oZWRAQECdGhXjwoYGdi5RooQ5N+Frf4np6Q6TJiw88TDpbXWeyAaJUIOnfeH0jSuCqvoUfZ/4dOz8H21CZy7ZkityrrwgAMcIUN63xJXl4ePbfeuZec+BU93mr9q2NlMv2gsSCVpGDd+5ax7PCh9S19/X9y9O23OX71QLnbP+0Js8XWGBEgA7X7wLubyKmDqyfe1KPjd+OXG9S2TUyg05JsJOwjNHPFQr63M5KnRU4NcckB/wwMen58+zHVds2Rq9+9iFPiTraN4haQgTVCpb8sLs8cMCS5QobHZ6zluyOWz7vvNT9TiaSGBZdlCiEEqePGFM7yY1Kli8qy3IHv/k7zZNCBvOpK4+mpA1mKQF8xmZIyhhWIMiHbxdiDMFhZf+fDvQJ+Lf9lx/PmUjIcuESHAgkST0re0e0raiy2JLCGHb8TsT1u77YxaitKwkCYB9W4F1Sy0e263+WCwjfPu57ccvPulB0BTQjBoMeTwMCygf0rddlUWWGO7wmWttxs+K+U2QSFYSRcBe98HdWy2Y9A2e6GFTFh06feVWa6MAQHIa8Halnq6PHF/X29v7NV7Q124lVhoZFn0yLVPnrKYlcxZS/TpVDq6dPbaDJQ5QHPabFbNr69mL9zoJVC6IshoKa53ztq4IruJbvHgSnufMhZtiduw/NRLRGhAFAziwcnZI8E9BfQIabLIEh3xHCGZY6OLYYxf+CCRpEmREgR0tC9Mm9OvQuUXDQ/nvt3rLnqBlm/ZH5IiimlIxwAg0fO9f8XivHo1mLlrxy9KHyc+qGBABLKUCd3vy9bQJ/Qe1qlcrzlK9cPTgys2kKjMWLY999DzdF4drOQqAAZEPGtBlfOWeAatyr9ysNnXmmgPpvMnNKAqAj38OKrVxzIC24/t3a7/KkrwZS/X5J8fZNCFsPJu6Ju5h7iCQdECJenBU2esH1HHqUqtcMezJLzBlWJYTuQPxhYf/ci1tkWjIBkQwQLIc9KzhHtKuknOBD2x6uuwwZd2B0/Evs6uKBAmszIEzp0+dNrRFi+qlitzFhjl952nrhRvPb0gXhCJAkUAhRyjrId0c16dG+zJeXgVm0B04fqXDxIiYXQhoBkcS8KQGdm45b/zQbpMsNfyQyQuPnL50u6VMMWAUEfgWVj/dtGhKfS8vr5fvF/ODKqPClp7I0iFHFSGAQTBB3ZoVT80f36+dJcSanCyrQhfOPnLjTlJDRJuAZuzAXWuXuj4mpCbeIWAZfUfPOnHuelJDxkENiDeCj4dzwsbVMxp8KWHqa3PDJLb94KXucxav2YpIkTQaEGhVDPQObDFzyvBeYfmvxf6EjZPm7zh+6V5nEe+ABBbsGQ14F6UTEp9llwNOBr0Bv1BoIah/9+kj+gdEWoqt+cUSH89C+fLytr2n+s9fviFKkBkHHA3Bx4+izuonY8b2G7Jn99HRl648aofTsRDOIREQtG1e85fRfXoP9vZ2yrbk5fMtOv1TY22aEPAO4UhC+mASR5wkBCznCI2KU0sLu9vdAYHHzj0eAOlkghQpCVGyOZsPQCJIgcIpvyAzCRnyDxeeo74snw3mUD7DQvcaruPbV3ZfUBCohy4+7jNv5/kNImIpgRRAJbHQpGLhHWGDm+AsM3MAPyMjw3HxrpubTt1/2UGQENjTjgCQx/du5z++b9OKf/GMf07eIUwI81b8LEgkh0TZHAkZ1LXFoknDe4QUpB/+HcfWR02OOPng0dPynFoNvICgRhnPK1FThzX28vIyRzvO37xbfXTo0pNZOsleQ0pgkhE0qFvlyNqI4ICCiBVHDg6evdVseuSyXwwGWcMDDg6QUL2017Vdq2fVwTuMhy9eFB0eNPfC8wzxO5HkQUtT0KByhV9XzB8baMkcPjfm5OWEauHzl8WlZea5IxKAlCVoUrv6nhVzRnf53MN14drtClHLtm659+R1VVKlBhlJZmLiOA70Jh4c7LRQvXypU7PCh3f5knOzIF1TUlJcozftXXjw9/O9EcGSRpMIakaWSngVT0pNfeetE0wMxWG/gQClijgnzpgwsFuNKn5/FHRfW/rdpgkB+xB+v/tqKM2RYEIk5CAn8ICMdFHFOBoEkaYZR5CRHj+YH3YL+F9MCjj33xzWcpKyHj2V3Cq4kob3pbgULXerXmhyB3+PryYmYWfS9OV79hx/bGpHmQAIFQCDwDC1f9OOTaq4H/3UiHvPPO6zeN+VjbJMkSSfByaKhaq+7qfCf/T/oaCaiYO/X+oUumDNVhMiNHiB4ZTewd1bL5g0tItFySubYuNGL964OzLPKKhxBiK+vl3jqjsXho3u/kHHi9fiqwbNWn4iM1dyZiUj4OThBnX8j8wc3TXwzwzA/81d/pPosJPs7du3qgePU6otXL1zRWJKWnlBlgFJNLAcCV3b1Fk+c0x/c5ThTkJCxaHjo06+0zNuJsgDSuDFId26R0wY2flf3uaWLv74tDS7iUFzrye+yC4j0gLgNIxqpctejl0xpf6XjjkbdsQNXLHlUEymKVclyHrQUO4gmt4By7qAgz2XGx0R3PhbIkCf0/XstYc1w6Ni9qRm6osJ5tCoAZDeHigGZ5YawWikwUnN8eNHBA7v2b7ZZkuOZJZiYo1xtk0I51JXHbmfPoQUCBA5PcjAgVZEIAoUgFYE4AnAHu2C/niZA07SmWkCEaTct47nqIAKbsu/dt3ZuykBszdfO8DzmYSB14CjVgNli1MXpvdq07pQISL302sfvH3ruWzLhd9uPMmoCSoKKBMLzoSY+VOv+sM61Cyx80ty8Nb4wPGLHact3BJrMAEjCtmgVrGmAZ07RYUM6fDVKMOL7GyXS+evtF+wfk90Vo7OUUKUmQlVpKybPnHEoM4tan0Mp124fb/C6HExl7NMSEuyepBNAL4lSj9p8H3l7Yysk1mSEpAs0ri+wYRkjlFz+uxcQ6HXaWnet289bZ6R/lZDkQzOUgCDiQcPN7vM6Jljm2OnHZ7bhZsJdcZOWXj0nd5oj3OpJIMMIYP6hwzv26zAY9mXsMGEEBoac/7Bo5TKBCOBSaSgYunifyye3Lfulxyh+JrwaYsP3X6Y9j2SKUByDrCUJFOSE9G+VfUNkZMGDfx3tu440vLhuvh4mb2XENcrMmbj3EzKrbC9YACRocBIUkAgEVSIFzo1r7/lp15tRlrisC1o7Vr7d9smBLxDuJ82lAYWeM4EvMCCHYjAm1gQVSKQIguc/PWCMQkZZRPtQGgxGSAB9AjBoEbewwL8XL6ahxCx8cT2Y3+k9xBYGZCJALWkMw7oXDu0d6Ny/7LIk5OTVWfuZk+IPRo/NY+kGJyvzyEE/n4ex0I6len0tXP64TOX20yYte5XgwlxJCUArj2s5ON9p76/X5xAywhIRpIQzndDJEWzSJAQo9ObHFNSXpe+dfdeNaNIO2Dfg2DkzTUQ1Sv6nJs3eWorT0/iY7z78h9JvuPCY869ycpzl0gdMKQKZBMBgpQuqlkP2mAwgL1WDaJJAIahzLUFnFoDPM+DzAhAc3bmM7iDRg2EoNP36xawJGToj1M+LNZr8YlVh46Zc15HMBqTbARGJKFPp7bzQkd3sdgPkn/h305N1U4IWfBH0rM0X5lBgFO0a/mVPjd/cq+WH45C+a9ZF3towJI1O1YiVs2aTCJwNO7XgGMqCFzs2NTIWeM6fF+59JVvecjyFWyZieH+/aceW347PPXnY5eG2wEJBrzzZGmgAEHVkt9dnRg0qKd/+WJJ/w75fItu/8RYmyYEnIdwNP7NMJZUgZ40AG8AKO4Ar0lZxRoJg4izakVa4wBmny4O2Jn3uzi/HWfiIwCZtKNy37zWqUuocLYjQqAXTdJPjX1Gta3g+DFx518W49Ms/+kxB/a94+liONVfQwGUdCHuzA7p1szDnvhsrcL9F2m+i9Zf+DXhTUYFYGlzAZGzxi53Upca7er6e535kvH2HT7TaerCLbEmRLAULQKPZOBkErS0lJONBAcaaFyNSOBKTXwPUZRIICigWQYEQQRBZIGhAFSMDE5qInX2jAldG1Ur85c8jTPX4qtOnLbsdDYvOoiQByAzQBNqoBg98BLuaiSaU6MlvPsy8WBnJgcDaFQqMIoymGTKXIugJQVd/w4tlo4d0TP80zLgu4nPSw0JmnXpda5QiOAI4GQCAurV3LZgxtDe/+6ivX7/qcfEadFXXufkevGiCQhEQrO61X9bOXck9iG8b9P0yd+lG3fLRURv//nB87RKiBTMCU2IB5ApBwAqAzSsWqpevvzvETOH9PoWR+cn9QnUp3JPXXlQffritfvS32R5GiURmwSc1HTemIG9h/fp2Oi/tk+kzRPCgbtpwziKBpHgwZ5iMlpXdgrzdnG7RZB6kRYlE0EiQZRk8wKh/nQq4v+TJP5FUl19a+p1NiFruCiQFE47FSQk9GzoPa6dn+PSLy3WBT9fWr7//LPhmHGQqAdnDZ3ZpGapnb1aV53mYW+fl5EB7Pt6ozdyXh5oOU4tZjCs4+646/Mv3klqxxPACQICluago3+pZcF9ao/+0tviyKmLraZEbtqdYxC0SNKDzGiBkUgAZASB44AWRLM3O38rMpyXIYoi4Go8CkzgpJFTp44fMajl99UO5p/XhWv3K4wPX3I6Q8+7AoUfLjXwPAKCzgWC0ADNspCnN4CK05jbnunyckDF0sAbjGBvx2H5+gplfS53btN0+Q/Na/6a//644Gjo5Ojr8U8zyhMqAhhZhsoli16Zv2ZWoxIEUWCew+fscOT07e+nzVm6L0M0OZurLgUJurVttmzWxH6j8o/HO7SF63ZtOHL2zo+4mIplZHORmJuT85u0bModqCxzlSVhkGBQ7zbhIUO6mZOWLPnDxwVzPZj5jfPekYz/cIpycMT6QzfuPG6AQ85IMoGHE5eyNmJaLYri0319fb9YJm6J3P/UGJsmhI3nUlcdepA5hJEBREkAZ0J+0be+4w91/bwt9tzG3X/Xe9fFVzE6IzhqGLypA9Strtek9hUdPhtlSHqVUXzy8rgTr3V2PkjKBop0AYNOB8WLOZk4yviakWgRZBVD0rIoULkGMSeXZWgHkWI4IVOXVyQ9hy9MMY4gIhOoaAAPezJxVM+anWuX9fpsK7ODx860nzJv889GRKhpBoFAcEAKCEjEg6hSgWBEZkL40I8QLxT8Rsd7IPzwcpCbWbt6xXMDe/8YVtOvxK3PLaSLdx6WHTc1+sybjJzCjIoAUlKBilWLpXydr0o5JjuRIFiSYeV3mTqvpy9e2am1jkDTjLkvopu9lD16UI+RjWr4/IoQUnl5eWV8TsbQSfPizlxLaqMTjTg9HJxpMjc6MrRlPX/fS//O4g5ftHX+zr1HgvIkxDhq7YE06vTBw/uO6t+t5Yb891uybs+EdTv2TjcAoSUpGsAkQuWyJa536dR8wcr1+6NS3731MiITrkQAd3v7jPBJA7o3q1/1d0v0+rPRDO6M9ZdyZ+x07joi7MT1e0++p1nO7D/wcGSfL5k3vW6VMgWHmy2R/Z8YY9OE8D7smDYYKykACQ4S8bZvM02LxqU/v/A/+6a59yJwx6WM1XrEuqpBACSLpi7f+0zrWMFh/ufGr4+7ERb7+50QHVLZk6QJKFkCQaSAYmhz5R5B4R4FuJZfAiRlAqNyBhLZgSTqgKB0Rpp2UIkmnBGpB0IyAkNzcmBj34hRnWpN/dQ59UH2gaNnO0xduDVWlCmViHRgEBAUd3N7W6KI80OdLGpYgkT4OpJi8L8gyyLQFM27uTi99Cpe/EHd6n5H6lQu/cfXmm2cu3mv8rhpS4+/zePdSAoBKVBQv6Z/3MSQ/v1ED/sc1ZNMteQkyw/u3m8YvXLjgtR0vW+OARGcyh4okYfW9f1jxwwcMLxECeesLy3SVdt/Hbdo+Z4okaOAJAAYEUHr5vW2LJw6bNC3dhk6f+uZX3hk9G+v3mT6GikZWJECN630Knru5Kaf1jNgXU5ev11rxpzVe15n8kWBkQCQAVxVdqlTg0cMDWhedd/qbQeDlq//Za5eQiqCYYAwklC7qteJaRMH9vMtVizFkocOR1zyEwJO1gqZvebI9ftJ3wMuEEMSFHVVpUSFj21Yo1LpJ5bc1xbH2DwhnHz0ZjDeLou0A2gFSd+vKdWxoW/Jv1TZfQ3YozeSu225kb3KBFonVswFmUR81/q+YT/4Oc7Pv42/n2b0jVp7bF9ymq6cIAnmpqGEZACOcgDBJAHQyJy6jAScq4+rDwXAsQ9S4kBGORKQvIEinbXmmn+KB1pmwSgTUMbN7u7Yng16VizpfD//+ffwyfNtJs/bsktnAq2JxwTDQb9O7SJCR3QNx9tU3DcRAFjsPjCnWPxvWPCj57ughXX5xoNKY2cuPfYmh3cHQgBOJKBxHf9dyyJHd8+Pwc64k12XrNq8NEtPumPfAYgI7DnZ0LxB1R3DRvYZhxuWfE7e7QdPyoyZvOTU6+wsD1zvQQENKpqRZof06x7QvM5uSx1suD5h3ca4qCOnrvQXZBFEigTSgKB1g4o7l0aMx/kfH9/UuAw6cuHqbfeSUhoaJRZEZAQW6fTDe3WJHDOk2yysJ37Djw+P2bjv1NXewHIEdpxysij+2LFFzPTgvrg46eMx4Es4fo7IExPTHeasWPvb5dt3m8gyZ67OLFpIm7Isckw9v1Kl/mv7RNo+ITxIHWwSTSAzzmAvSrpBzYgOdUqXPl7QQ/Dh95N3Xv6w/lL6Nh2httOgHCApydipnu+MjuUd5+VfDL9efDBgeeztVUZRYlQqEYwCBTyDveb4XE+BDLkg0/j5VIEgAtAUAbjdoTn+T+gMBM3RRpOWIRkeEMoFRnIFntGDnUAYhnesMiqwWfn1nzipzA/00eMX2wbPWfurSLAMQRmBkAV5YKe24eOG9/hqtaOl88fjzl26XSt4zvKj6XrZkZB5UMsENKvpFxs9r0lfgqj+L228Vm2NG7tm62+zMw2SmmJYc3TGTg3QLaBh5NRRfSZ/SXbovO1rdx86NBAxpJk0GZoGX2dIDho9fFTzBlU/myqM/Q84aoDfwsnJaa57j8WN3L779OgsHhwIlgBcoVpIZZc1LaR3n3ZNax740NgWb9mjl20KXffLqTCRluF9arIGapf/7mzkpN6dihUr9rGpSvzjFz6jp674/fHrd940y5tTmx1ZJidkTNeRXQOa/lsOQNyaLih8xZEb8Ql1RYkDIFnwdFW/XRw+tmG1it4J32IfWxprs4SAnTZ74o2rziTm9cINMwRSA24EmTesCRvgX7L4WUtBvJCUEbD6RGqsTkL2rGwAhrKDdhW1M5qWsV+MG5m6uLjkmkNJrzK/i9516Ze7Sbk1QJSAVSHZQADRtlzhbfZ22lyGYQQkAwUSLgLGXm6JlEGiHDWqTJ0g2VNqRk+aJKBFAr3JEksduX0/MI/VsFoBgSjS4F/G5XjMqEat8289f794o+WEOct35uTyjgw+/5IkdGtVf1H4uAET/67899tPn5YYNHr+zexswUkGo9kn0aRm5Z+XzQ368Us4LlqzY8b22EPB2RJhT1GY8kSw46iMvt06zhvZtwMOveLdyl/Sx09dj68/N2rJxpfvdD56RJoLrSgkg6OG1rduVGtTm6Z1dhR1dU12dDQaDQaGJ0mSKFy4cB7O9rz1+E2VnftOIfIIKgAACtlJREFUjjl/+VZHI8Kt2xGQ1Pv2rz3aN105M7jP8E91PX0loU7YnEW73uj4YjhHgQEairqyKaMGdwjp2Kr5rvzz2vDzwWEx63fOyUOMM8JaIyOUKO7xJHL84B+LuGru/klK39RFu9/oyDNXb99pAIwWsBPZ04VNiV0+v6qn5+f7W1q6Zv+T42yWEPAbYNmZ5+uuPsrpg6vUjDIHjkDmDQ5waV+7WCGLG6ScTszqsubEyy08SalI4IGQaOhQyX5uI296Nk3TZKFChYz4wYu7+KjHyt0XorJE0pNCHNAyBUWL2cVH9KnY8NO3zafG+lIb9tTU3MJztxzeeeNpTqP3nY40oKEMaeP6NenVrOp3f3Fmnb7+oHFQWNT+XJ1gx1AU5iLo2b5B9Izg/sF/18K4nPis/IigiCtGE2VnMGab24G1rl9r+9LZI3p9bZscPn/Til+OnB2KnQK8SQSGJsBJy7wd1r/rlL6BLf7SMegDFlv3nui/fM3WuRk65I4bipinL4mgpkhwtlOlFS/qmejtVfyBRq02E7FeZ9Lee5RQ89W7d8Uy8nJcBBlIjUYDEu75KElQo7zPlYg5Qa0/rW59+1a2Hx4advDuw6cNcOcnAijM1PywvoEzxgz44bMdk5KTM52Wbt669Ldj53qrtE5mwpFMJmhVp/Lu4CF9RiKUk+Xj44Pb2n+xV2J+2/cZGXHu6t0HdU1AmcO2xQtpUzYvnF7LkirKv8u2f/d9bJYQ8ERXnHy+4dyD9P4UASBSDDhI8puR7YsEVPIsZHEDkvNPdW3WHk7czDNqNxKXpQqEFFjFcWpg7WIfFw5uNrJy+/nNlxLeBSBapFjSAfdrF7q1Lz17SLt6syw5Z+Y3zNrDN8Ji4xLDTFQeQRK44EcvNahafNfcwS3/8lY+fjG+Vcisxb/lGUSV+atGNAW92zWICQvqF1RQnYGli+FWUkrpgcFzbubpSa1JyDETQqu6tWJjZg/r8bV74AcvdGHMtlNnL7WnVHYANAcmPhfcnbhXk8YOGvZDwxr781+Pj0QrNh8Ijt0TNzY7T/AwEYI5PGoO+xGEeXdCEZS5fyJuJ49E3P4ZAS4MkwkJaJICo14PHMVA5fIVboWP7trfL1/0JGxJbNTOfcfH8YgEbFNSNkHdauWOTJ86onspF5cvtsO/dvtxhckRi3c/S80sQzIaEHkRHNVE3oCenWaO6NMWV7/ivgaMJd2QsV9hYMj8E+dvJTQWZcbcis6rkPrFqoXT6voWc7XIWWmp/aw5zmYJAQO+7OjjTaeeQR98epcJEZxklD4swLNttWKuly0F6fwTY/vVh+6t11GsGy55YCRSCqxROLRrzSIfK97237wXGL3t6koTci0kEkZz0LmYBj2dMqpO46oeJZ5aKuvTcXey5JKzFx278ConqwhCEjCcGhg5N2/2sB9a1fFx+Fgbf/zi3bbBYQv2CRJJ4iiCgBD07thoRfiYAZgQ/pY23fefvPqu96iwhPRMo5rlZMApTs1qVDuwJiq4fUFzS0nJcZ2+cOnOS38kNjUixvxA04QRvD0cHweNHjykZS2/k/nvES/LbPzBC503/7wn9OnLd+VMokRwWg2YJBly9DpgOQpokgDRZDQTBcuo8TcnAOde4QQyOw6y6tf1P/zToH6T/Dz/+iGXXw5f6TI3evW6XKPkgCM+OJJT1N3+8axpo3rUq1Dm2tfmg9fUjr0ney1YsWlprlF2omgVCAIPxdy0b6aMGdSvVeNqRz7nQPzcPXHRV5+R4acu3k2qSzFqQCYeirvbv9q4cn5170La1wXhaqu/2ywhYMC2nXwYcSDRNJnB3m7SxDuzTGafpsV/rOFlf9pSQH9/ZOjx29kHc/QE7SkTEiJF4FtWcZ/XrYa72amIk1r2X3oxP+5ycm8jT2tZtYaQBZ2hZe3i28b3+n7U/6U4Zfn2C9G/XkoegpBAkKyaIUESAuv5LhjWtcbHOoUzF261mDgn+mejKHEkgJhnNLL9u7aOmTyy/wRL51jQuFuJiX5jJi/6PSM914VRyQZRItnGtavvXTJjTM+CrsW/377/uMK0yKXbUl7rfIy8yLAMiRCfI/lXLnt1SL8eIXVr/GtFH36wbiU88Tly7NZPF6/eaJf0IqUkIhmVRL3/viNONuQYnHAlmysTcQN6rYrKqFSu1M2ObRutrlO59HFXV9ecT/XDH8mZOGX+9mcpb6uJokxJkoRwf/Q+PdovHjugy2xL5oLDhYs37V1w9Pj5XkiiSImkNBpK0Ner6hs3enCvcT4+PhZ96SpZllWLpkTuPHHlbgsGN46UEVHS0+1xVMSUQB+vwo8t0cUWx9g0IVx/lFpLR9FFGWTP8STPERIQDX3td3ztYyH5QX4ly5qk+9kBoopjRRlRhuwcl1Ju9sf8vrP/+E3B05cS22UKoitBMxJJMrIs6sny3oVP/F+3fs+yspyTnxtqm2QDQ8gqGomkyk0lv67+SZNYvEXdf/JGB5mU8QebpAyd3rW0p/vN2tXKWXwsKmhh4fP9oXO32tEEjRAyEDpR0nq6FHlWz9/b4qQhvMt4lPi8hoFHapqhBFnkSZomhUq+vmd8fIqkfcUXwSQkv/ZMfPys8v1HT+o+TXld/tXLtBLp6RmeFEWJ3t7FHhVydX7uV8Hnop/fd5c9PDyefKkbVnJyWpGkly8r6niTE4giZadVZwskJ7esU/7Et+ymbj9OLfzwUVIDmiGlXF50UhOEkTTp5VrVy+39Up3E5+Z38sofAXoDaEQBMSxNII6m9U3qV8K9Ov6WnV1Bdv0nfrdpQvgnJlzQljAxMZH7b007/Sfw+sJ22ZzX/63ftvzze5Tywxcv3LPe6jxohjVVq1jy4bcmLv1d8yxoLfxdcv6b7vP/jhD+m4yj6KogYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRuB/AEQBtcR0EHD0AAAAAElFTkSuQmCC", + "url": "https://github.com/hellracer/cs-haproxy-bouncer", + "description": "a minimalist bouncer for haproxy", + "stars": 6, + "downloads": 0, + "readme_content": "IyBDUy1IYXByb3h5LUJvdW5jZXIKCkEgbWluaW1hbGlzdCBjcm93ZHNlYyBib3VuY2VyIGZvciBoYXByb3h5CgojIyBJbnN0YWxsYXRpb24KCk9uIERlYmlhbiAvIFVidW50dQoKYGBgCmFwdC1nZXQgaW5zdGFsbCBsdWEtanNvbgpgYGAKIyMgVXNhZ2UKClRoaXMgaGFwcm94eSBleHRlbnNpb25zIHdpbGwgdHJpZ2dlciA0MDMgLSBGb3JiaWRkZW4gUmVzcG9uc2UgaWYgdGhlIHNvdXJjZSBJUCBpcyBiYW4gZnJvbSBjcm93ZHNlYyBsb2NhbCBhcGkKCiMjIENvbnRyaWJ1dGluZwoKMS4gRm9yayBpdCEKMi4gQ3JlYXRlIHlvdXIgZmVhdHVyZSBicmFuY2g6IGBnaXQgY2hlY2tvdXQgLWIgbXktbmV3LWZlYXR1cmVgCjMuIENvbW1pdCB5b3VyIGNoYW5nZXM6IGBnaXQgY29tbWl0IC1hbSAnQWRkIHNvbWUgZmVhdHVyZSdgCjQuIFB1c2ggdG8gdGhlIGJyYW5jaDogYGdpdCBwdXNoIG9yaWdpbiBteS1uZXctZmVhdHVyZWAKNS4gU3VibWl0IGEgcHVsbCByZXF1ZXN0IDpECgojIyBIaXN0b3J5CgpJbml0aWFsIFJlbGVhc2UKCiMjIENyZWRpdHMKCmFuZXppcm92aWMgQWRpcyBOZXppcm92aWMgLSBodHRwczovL2dpdGh1Yi5jb20vaGFwcm94eXRlY2gvaGFwcm94eS1sdWEtaHR0cAoKIyMgTGljZW5zZQoKICBBcGFjaGUgTGljZW5zZQogICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uIDIuMCwgSmFudWFyeSAyMDA0CiAgICAgICAgICAgICAgICAgICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy8KCiAgIFRFUk1TIEFORCBDT05ESVRJT05TIEZPUiBVU0UsIFJFUFJPRFVDVElPTiwgQU5EIERJU1RSSUJVVElPTgoKICAgMS4gRGVmaW5pdGlvbnMuCgogICAgICAiTGljZW5zZSIgc2hhbGwgbWVhbiB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgZm9yIHVzZSwgcmVwcm9kdWN0aW9uLAogICAgICBhbmQgZGlzdHJpYnV0aW9uIGFzIGRlZmluZWQgYnkgU2VjdGlvbnMgMSB0aHJvdWdoIDkgb2YgdGhpcyBkb2N1bWVudC4KCiAgICAgICJMaWNlbnNvciIgc2hhbGwgbWVhbiB0aGUgY29weXJpZ2h0IG93bmVyIG9yIGVudGl0eSBhdXRob3JpemVkIGJ5CiAgICAgIHRoZSBjb3B5cmlnaHQgb3duZXIgdGhhdCBpcyBncmFudGluZyB0aGUgTGljZW5zZS4KCiAgICAgICJMZWdhbCBFbnRpdHkiIHNoYWxsIG1lYW4gdGhlIHVuaW9uIG9mIHRoZSBhY3RpbmcgZW50aXR5IGFuZCBhbGwKICAgICAgb3RoZXIgZW50aXRpZXMgdGhhdCBjb250cm9sLCBhcmUgY29udHJvbGxlZCBieSwgb3IgYXJlIHVuZGVyIGNvbW1vbgogICAgICBjb250cm9sIHdpdGggdGhhdCBlbnRpdHkuIEZvciB0aGUgcHVycG9zZXMgb2YgdGhpcyBkZWZpbml0aW9uLAogICAgICAiY29udHJvbCIgbWVhbnMgKGkpIHRoZSBwb3dlciwgZGlyZWN0IG9yIGluZGlyZWN0LCB0byBjYXVzZSB0aGUKICAgICAgZGlyZWN0aW9uIG9yIG1hbmFnZW1lbnQgb2Ygc3VjaCBlbnRpdHksIHdoZXRoZXIgYnkgY29udHJhY3Qgb3IKICAgICAgb3RoZXJ3aXNlLCBvciAoaWkpIG93bmVyc2hpcCBvZiBmaWZ0eSBwZXJjZW50ICg1MCUpIG9yIG1vcmUgb2YgdGhlCiAgICAgIG91dHN0YW5kaW5nIHNoYXJlcywgb3IgKGlpaSkgYmVuZWZpY2lhbCBvd25lcnNoaXAgb2Ygc3VjaCBlbnRpdHkuCgogICAgICAiWW91IiAob3IgIllvdXIiKSBzaGFsbCBtZWFuIGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5CiAgICAgIGV4ZXJjaXNpbmcgcGVybWlzc2lvbnMgZ3JhbnRlZCBieSB0aGlzIExpY2Vuc2UuCgogICAgICAiU291cmNlIiBmb3JtIHNoYWxsIG1lYW4gdGhlIHByZWZlcnJlZCBmb3JtIGZvciBtYWtpbmcgbW9kaWZpY2F0aW9ucywKICAgICAgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0byBzb2Z0d2FyZSBzb3VyY2UgY29kZSwgZG9jdW1lbnRhdGlvbgogICAgICBzb3VyY2UsIGFuZCBjb25maWd1cmF0aW9uIGZpbGVzLgoKICAgICAgIk9iamVjdCIgZm9ybSBzaGFsbCBtZWFuIGFueSBmb3JtIHJlc3VsdGluZyBmcm9tIG1lY2hhbmljYWwKICAgICAgdHJhbnNmb3JtYXRpb24gb3IgdHJhbnNsYXRpb24gb2YgYSBTb3VyY2UgZm9ybSwgaW5jbHVkaW5nIGJ1dAogICAgICBub3QgbGltaXRlZCB0byBjb21waWxlZCBvYmplY3QgY29kZSwgZ2VuZXJhdGVkIGRvY3VtZW50YXRpb24sCiAgICAgIGFuZCBjb252ZXJzaW9ucyB0byBvdGhlciBtZWRpYSB0eXBlcy4KCiAgICAgICJXb3JrIiBzaGFsbCBtZWFuIHRoZSB3b3JrIG9mIGF1dGhvcnNoaXAsIHdoZXRoZXIgaW4gU291cmNlIG9yCiAgICAgIE9iamVjdCBmb3JtLCBtYWRlIGF2YWlsYWJsZSB1bmRlciB0aGUgTGljZW5zZSwgYXMgaW5kaWNhdGVkIGJ5IGEKICAgICAgY29weXJpZ2h0IG5vdGljZSB0aGF0IGlzIGluY2x1ZGVkIGluIG9yIGF0dGFjaGVkIHRvIHRoZSB3b3JrCiAgICAgIChhbiBleGFtcGxlIGlzIHByb3ZpZGVkIGluIHRoZSBBcHBlbmRpeCBiZWxvdykuCgogICAgICAiRGVyaXZhdGl2ZSBXb3JrcyIgc2hhbGwgbWVhbiBhbnkgd29yaywgd2hldGhlciBpbiBTb3VyY2Ugb3IgT2JqZWN0CiAgICAgIGZvcm0sIHRoYXQgaXMgYmFzZWQgb24gKG9yIGRlcml2ZWQgZnJvbSkgdGhlIFdvcmsgYW5kIGZvciB3aGljaCB0aGUKICAgICAgZWRpdG9yaWFsIHJldmlzaW9ucywgYW5ub3RhdGlvbnMsIGVsYWJvcmF0aW9ucywgb3Igb3RoZXIgbW9kaWZpY2F0aW9ucwogICAgICByZXByZXNlbnQsIGFzIGEgd2hvbGUsIGFuIG9yaWdpbmFsIHdvcmsgb2YgYXV0aG9yc2hpcC4gRm9yIHRoZSBwdXJwb3NlcwogICAgICBvZiB0aGlzIExpY2Vuc2UsIERlcml2YXRpdmUgV29ya3Mgc2hhbGwgbm90IGluY2x1ZGUgd29ya3MgdGhhdCByZW1haW4KICAgICAgc2VwYXJhYmxlIGZyb20sIG9yIG1lcmVseSBsaW5rIChvciBiaW5kIGJ5IG5hbWUpIHRvIHRoZSBpbnRlcmZhY2VzIG9mLAogICAgICB0aGUgV29yayBhbmQgRGVyaXZhdGl2ZSBXb3JrcyB0aGVyZW9mLgoKICAgICAgIkNvbnRyaWJ1dGlvbiIgc2hhbGwgbWVhbiBhbnkgd29yayBvZiBhdXRob3JzaGlwLCBpbmNsdWRpbmcKICAgICAgdGhlIG9yaWdpbmFsIHZlcnNpb24gb2YgdGhlIFdvcmsgYW5kIGFueSBtb2RpZmljYXRpb25zIG9yIGFkZGl0aW9ucwogICAgICB0byB0aGF0IFdvcmsgb3IgRGVyaXZhdGl2ZSBXb3JrcyB0aGVyZW9mLCB0aGF0IGlzIGludGVudGlvbmFsbHkKICAgICAgc3VibWl0dGVkIHRvIExpY2Vuc29yIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsgYnkgdGhlIGNvcHlyaWdodCBvd25lcgogICAgICBvciBieSBhbiBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eSBhdXRob3JpemVkIHRvIHN1Ym1pdCBvbiBiZWhhbGYgb2YKICAgICAgdGhlIGNvcHlyaWdodCBvd25lci4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sICJzdWJtaXR0ZWQiCiAgICAgIG1lYW5zIGFueSBmb3JtIG9mIGVsZWN0cm9uaWMsIHZlcmJhbCwgb3Igd3JpdHRlbiBjb21tdW5pY2F0aW9uIHNlbnQKICAgICAgdG8gdGhlIExpY2Vuc29yIG9yIGl0cyByZXByZXNlbnRhdGl2ZXMsIGluY2x1ZGluZyBidXQgbm90IGxpbWl0ZWQgdG8KICAgICAgY29tbXVuaWNhdGlvbiBvbiBlbGVjdHJvbmljIG1haWxpbmcgbGlzdHMsIHNvdXJjZSBjb2RlIGNvbnRyb2wgc3lzdGVtcywKICAgICAgYW5kIGlzc3VlIHRyYWNraW5nIHN5c3RlbXMgdGhhdCBhcmUgbWFuYWdlZCBieSwgb3Igb24gYmVoYWxmIG9mLCB0aGUKICAgICAgTGljZW5zb3IgZm9yIHRoZSBwdXJwb3NlIG9mIGRpc2N1c3NpbmcgYW5kIGltcHJvdmluZyB0aGUgV29yaywgYnV0CiAgICAgIGV4Y2x1ZGluZyBjb21tdW5pY2F0aW9uIHRoYXQgaXMgY29uc3BpY3VvdXNseSBtYXJrZWQgb3Igb3RoZXJ3aXNlCiAgICAgIGRlc2lnbmF0ZWQgaW4gd3JpdGluZyBieSB0aGUgY29weXJpZ2h0IG93bmVyIGFzICJOb3QgYSBDb250cmlidXRpb24uIgoKICAgICAgIkNvbnRyaWJ1dG9yIiBzaGFsbCBtZWFuIExpY2Vuc29yIGFuZCBhbnkgaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgb24gYmVoYWxmIG9mIHdob20gYSBDb250cmlidXRpb24gaGFzIGJlZW4gcmVjZWl2ZWQgYnkgTGljZW5zb3IgYW5kCiAgICAgIHN1YnNlcXVlbnRseSBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrLgoKICAgMi4gR3JhbnQgb2YgQ29weXJpZ2h0IExpY2Vuc2UuIFN1YmplY3QgdG8gdGhlIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mCiAgICAgIHRoaXMgTGljZW5zZSwgZWFjaCBDb250cmlidXRvciBoZXJlYnkgZ3JhbnRzIHRvIFlvdSBhIHBlcnBldHVhbCwKICAgICAgd29ybGR3aWRlLCBub24tZXhjbHVzaXZlLCBuby1jaGFyZ2UsIHJveWFsdHktZnJlZSwgaXJyZXZvY2FibGUKICAgICAgY29weXJpZ2h0IGxpY2Vuc2UgdG8gcmVwcm9kdWNlLCBwcmVwYXJlIERlcml2YXRpdmUgV29ya3Mgb2YsCiAgICAgIHB1YmxpY2x5IGRpc3BsYXksIHB1YmxpY2x5IHBlcmZvcm0sIHN1YmxpY2Vuc2UsIGFuZCBkaXN0cmlidXRlIHRoZQogICAgICBXb3JrIGFuZCBzdWNoIERlcml2YXRpdmUgV29ya3MgaW4gU291cmNlIG9yIE9iamVjdCBmb3JtLgoKICAgMy4gR3JhbnQgb2YgUGF0ZW50IExpY2Vuc2UuIFN1YmplY3QgdG8gdGhlIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mCiAgICAgIHRoaXMgTGljZW5zZSwgZWFjaCBDb250cmlidXRvciBoZXJlYnkgZ3JhbnRzIHRvIFlvdSBhIHBlcnBldHVhbCwKICAgICAgd29ybGR3aWRlLCBub24tZXhjbHVzaXZlLCBuby1jaGFyZ2UsIHJveWFsdHktZnJlZSwgaXJyZXZvY2FibGUKICAgICAgKGV4Y2VwdCBhcyBzdGF0ZWQgaW4gdGhpcyBzZWN0aW9uKSBwYXRlbnQgbGljZW5zZSB0byBtYWtlLCBoYXZlIG1hZGUsCiAgICAgIHVzZSwgb2ZmZXIgdG8gc2VsbCwgc2VsbCwgaW1wb3J0LCBhbmQgb3RoZXJ3aXNlIHRyYW5zZmVyIHRoZSBXb3JrLAogICAgICB3aGVyZSBzdWNoIGxpY2Vuc2UgYXBwbGllcyBvbmx5IHRvIHRob3NlIHBhdGVudCBjbGFpbXMgbGljZW5zYWJsZQogICAgICBieSBzdWNoIENvbnRyaWJ1dG9yIHRoYXQgYXJlIG5lY2Vzc2FyaWx5IGluZnJpbmdlZCBieSB0aGVpcgogICAgICBDb250cmlidXRpb24ocykgYWxvbmUgb3IgYnkgY29tYmluYXRpb24gb2YgdGhlaXIgQ29udHJpYnV0aW9uKHMpCiAgICAgIHdpdGggdGhlIFdvcmsgdG8gd2hpY2ggc3VjaCBDb250cmlidXRpb24ocykgd2FzIHN1Ym1pdHRlZC4gSWYgWW91CiAgICAgIGluc3RpdHV0ZSBwYXRlbnQgbGl0aWdhdGlvbiBhZ2FpbnN0IGFueSBlbnRpdHkgKGluY2x1ZGluZyBhCiAgICAgIGNyb3NzLWNsYWltIG9yIGNvdW50ZXJjbGFpbSBpbiBhIGxhd3N1aXQpIGFsbGVnaW5nIHRoYXQgdGhlIFdvcmsKICAgICAgb3IgYSBDb250cmlidXRpb24gaW5jb3Jwb3JhdGVkIHdpdGhpbiB0aGUgV29yayBjb25zdGl0dXRlcyBkaXJlY3QKICAgICAgb3IgY29udHJpYnV0b3J5IHBhdGVudCBpbmZyaW5nZW1lbnQsIHRoZW4gYW55IHBhdGVudCBsaWNlbnNlcwogICAgICBncmFudGVkIHRvIFlvdSB1bmRlciB0aGlzIExpY2Vuc2UgZm9yIHRoYXQgV29yayBzaGFsbCB0ZXJtaW5hdGUKICAgICAgYXMgb2YgdGhlIGRhdGUgc3VjaCBsaXRpZ2F0aW9uIGlzIGZpbGVkLgoKICAgNC4gUmVkaXN0cmlidXRpb24uIFlvdSBtYXkgcmVwcm9kdWNlIGFuZCBkaXN0cmlidXRlIGNvcGllcyBvZiB0aGUKICAgICAgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YgaW4gYW55IG1lZGl1bSwgd2l0aCBvciB3aXRob3V0CiAgICAgIG1vZGlmaWNhdGlvbnMsIGFuZCBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0sIHByb3ZpZGVkIHRoYXQgWW91CiAgICAgIG1lZXQgdGhlIGZvbGxvd2luZyBjb25kaXRpb25zOgoKICAgICAgKGEpIFlvdSBtdXN0IGdpdmUgYW55IG90aGVyIHJlY2lwaWVudHMgb2YgdGhlIFdvcmsgb3IKICAgICAgICAgIERlcml2YXRpdmUgV29ya3MgYSBjb3B5IG9mIHRoaXMgTGljZW5zZTsgYW5kCgogICAgICAoYikgWW91IG11c3QgY2F1c2UgYW55IG1vZGlmaWVkIGZpbGVzIHRvIGNhcnJ5IHByb21pbmVudCBub3RpY2VzCiAgICAgICAgICBzdGF0aW5nIHRoYXQgWW91IGNoYW5nZWQgdGhlIGZpbGVzOyBhbmQKCiAgICAgIChjKSBZb3UgbXVzdCByZXRhaW4sIGluIHRoZSBTb3VyY2UgZm9ybSBvZiBhbnkgRGVyaXZhdGl2ZSBXb3JrcwogICAgICAgICAgdGhhdCBZb3UgZGlzdHJpYnV0ZSwgYWxsIGNvcHlyaWdodCwgcGF0ZW50LCB0cmFkZW1hcmssIGFuZAogICAgICAgICAgYXR0cmlidXRpb24gbm90aWNlcyBmcm9tIHRoZSBTb3VyY2UgZm9ybSBvZiB0aGUgV29yaywKICAgICAgICAgIGV4Y2x1ZGluZyB0aG9zZSBub3RpY2VzIHRoYXQgZG8gbm90IHBlcnRhaW4gdG8gYW55IHBhcnQgb2YKICAgICAgICAgIHRoZSBEZXJpdmF0aXZlIFdvcmtzOyBhbmQKCiAgICAgIChkKSBJZiB0aGUgV29yayBpbmNsdWRlcyBhICJOT1RJQ0UiIHRleHQgZmlsZSBhcyBwYXJ0IG9mIGl0cwogICAgICAgICAgZGlzdHJpYnV0aW9uLCB0aGVuIGFueSBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUgbXVzdAogICAgICAgICAgaW5jbHVkZSBhIHJlYWRhYmxlIGNvcHkgb2YgdGhlIGF0dHJpYnV0aW9uIG5vdGljZXMgY29udGFpbmVkCiAgICAgICAgICB3aXRoaW4gc3VjaCBOT1RJQ0UgZmlsZSwgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QKICAgICAgICAgIHBlcnRhaW4gdG8gYW55IHBhcnQgb2YgdGhlIERlcml2YXRpdmUgV29ya3MsIGluIGF0IGxlYXN0IG9uZQogICAgICAgICAgb2YgdGhlIGZvbGxvd2luZyBwbGFjZXM6IHdpdGhpbiBhIE5PVElDRSB0ZXh0IGZpbGUgZGlzdHJpYnV0ZWQKICAgICAgICAgIGFzIHBhcnQgb2YgdGhlIERlcml2YXRpdmUgV29ya3M7IHdpdGhpbiB0aGUgU291cmNlIGZvcm0gb3IKICAgICAgICAgIGRvY3VtZW50YXRpb24sIGlmIHByb3ZpZGVkIGFsb25nIHdpdGggdGhlIERlcml2YXRpdmUgV29ya3M7IG9yLAogICAgICAgICAgd2l0aGluIGEgZGlzcGxheSBnZW5lcmF0ZWQgYnkgdGhlIERlcml2YXRpdmUgV29ya3MsIGlmIGFuZAogICAgICAgICAgd2hlcmV2ZXIgc3VjaCB0aGlyZC1wYXJ0eSBub3RpY2VzIG5vcm1hbGx5IGFwcGVhci4gVGhlIGNvbnRlbnRzCiAgICAgICAgICBvZiB0aGUgTk9USUNFIGZpbGUgYXJlIGZvciBpbmZvcm1hdGlvbmFsIHB1cnBvc2VzIG9ubHkgYW5kCiAgICAgICAgICBkbyBub3QgbW9kaWZ5IHRoZSBMaWNlbnNlLiBZb3UgbWF5IGFkZCBZb3VyIG93biBhdHRyaWJ1dGlvbgogICAgICAgICAgbm90aWNlcyB3aXRoaW4gRGVyaXZhdGl2ZSBXb3JrcyB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbG9uZ3NpZGUKICAgICAgICAgIG9yIGFzIGFuIGFkZGVuZHVtIHRvIHRoZSBOT1RJQ0UgdGV4dCBmcm9tIHRoZSBXb3JrLCBwcm92aWRlZAogICAgICAgICAgdGhhdCBzdWNoIGFkZGl0aW9uYWwgYXR0cmlidXRpb24gbm90aWNlcyBjYW5ub3QgYmUgY29uc3RydWVkCiAgICAgICAgICBhcyBtb2RpZnlpbmcgdGhlIExpY2Vuc2UuCgogICAgICBZb3UgbWF5IGFkZCBZb3VyIG93biBjb3B5cmlnaHQgc3RhdGVtZW50IHRvIFlvdXIgbW9kaWZpY2F0aW9ucyBhbmQKICAgICAgbWF5IHByb3ZpZGUgYWRkaXRpb25hbCBvciBkaWZmZXJlbnQgbGljZW5zZSB0ZXJtcyBhbmQgY29uZGl0aW9ucwogICAgICBmb3IgdXNlLCByZXByb2R1Y3Rpb24sIG9yIGRpc3RyaWJ1dGlvbiBvZiBZb3VyIG1vZGlmaWNhdGlvbnMsIG9yCiAgICAgIGZvciBhbnkgc3VjaCBEZXJpdmF0aXZlIFdvcmtzIGFzIGEgd2hvbGUsIHByb3ZpZGVkIFlvdXIgdXNlLAogICAgICByZXByb2R1Y3Rpb24sIGFuZCBkaXN0cmlidXRpb24gb2YgdGhlIFdvcmsgb3RoZXJ3aXNlIGNvbXBsaWVzIHdpdGgKICAgICAgdGhlIGNvbmRpdGlvbnMgc3RhdGVkIGluIHRoaXMgTGljZW5zZS4KCiAgIDUuIFN1Ym1pc3Npb24gb2YgQ29udHJpYnV0aW9ucy4gVW5sZXNzIFlvdSBleHBsaWNpdGx5IHN0YXRlIG90aGVyd2lzZSwKICAgICAgYW55IENvbnRyaWJ1dGlvbiBpbnRlbnRpb25hbGx5IHN1Ym1pdHRlZCBmb3IgaW5jbHVzaW9uIGluIHRoZSBXb3JrCiAgICAgIGJ5IFlvdSB0byB0aGUgTGljZW5zb3Igc2hhbGwgYmUgdW5kZXIgdGhlIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mCiAgICAgIHRoaXMgTGljZW5zZSwgd2l0aG91dCBhbnkgYWRkaXRpb25hbCB0ZXJtcyBvciBjb25kaXRpb25zLgogICAgICBOb3R3aXRoc3RhbmRpbmcgdGhlIGFib3ZlLCBub3RoaW5nIGhlcmVpbiBzaGFsbCBzdXBlcnNlZGUgb3IgbW9kaWZ5CiAgICAgIHRoZSB0ZXJtcyBvZiBhbnkgc2VwYXJhdGUgbGljZW5zZSBhZ3JlZW1lbnQgeW91IG1heSBoYXZlIGV4ZWN1dGVkCiAgICAgIHdpdGggTGljZW5zb3IgcmVnYXJkaW5nIHN1Y2ggQ29udHJpYnV0aW9ucy4KCiAgIDYuIFRyYWRlbWFya3MuIFRoaXMgTGljZW5zZSBkb2VzIG5vdCBncmFudCBwZXJtaXNzaW9uIHRvIHVzZSB0aGUgdHJhZGUKICAgICAgbmFtZXMsIHRyYWRlbWFya3MsIHNlcnZpY2UgbWFya3MsIG9yIHByb2R1Y3QgbmFtZXMgb2YgdGhlIExpY2Vuc29yLAogICAgICBleGNlcHQgYXMgcmVxdWlyZWQgZm9yIHJlYXNvbmFibGUgYW5kIGN1c3RvbWFyeSB1c2UgaW4gZGVzY3JpYmluZyB0aGUKICAgICAgb3JpZ2luIG9mIHRoZSBXb3JrIGFuZCByZXByb2R1Y2luZyB0aGUgY29udGVudCBvZiB0aGUgTk9USUNFIGZpbGUuCgogICA3LiBEaXNjbGFpbWVyIG9mIFdhcnJhbnR5LiBVbmxlc3MgcmVxdWlyZWQgYnkgYXBwbGljYWJsZSBsYXcgb3IKICAgICAgYWdyZWVkIHRvIGluIHdyaXRpbmcsIExpY2Vuc29yIHByb3ZpZGVzIHRoZSBXb3JrIChhbmQgZWFjaAogICAgICBDb250cmlidXRvciBwcm92aWRlcyBpdHMgQ29udHJpYnV0aW9ucykgb24gYW4gIkFTIElTIiBCQVNJUywKICAgICAgV0lUSE9VVCBXQVJSQU5USUVTIE9SIENPTkRJVElPTlMgT0YgQU5ZIEtJTkQsIGVpdGhlciBleHByZXNzIG9yCiAgICAgIGltcGxpZWQsIGluY2x1ZGluZywgd2l0aG91dCBsaW1pdGF0aW9uLCBhbnkgd2FycmFudGllcyBvciBjb25kaXRpb25zCiAgICAgIG9mIFRJVExFLCBOT04tSU5GUklOR0VNRU5ULCBNRVJDSEFOVEFCSUxJVFksIG9yIEZJVE5FU1MgRk9SIEEKICAgICAgUEFSVElDVUxBUiBQVVJQT1NFLiBZb3UgYXJlIHNvbGVseSByZXNwb25zaWJsZSBmb3IgZGV0ZXJtaW5pbmcgdGhlCiAgICAgIGFwcHJvcHJpYXRlbmVzcyBvZiB1c2luZyBvciByZWRpc3RyaWJ1dGluZyB0aGUgV29yayBhbmQgYXNzdW1lIGFueQogICAgICByaXNrcyBhc3NvY2lhdGVkIHdpdGggWW91ciBleGVyY2lzZSBvZiBwZXJtaXNzaW9ucyB1bmRlciB0aGlzIExpY2Vuc2UuCgogICA4LiBMaW1pdGF0aW9uIG9mIExpYWJpbGl0eS4gSW4gbm8gZXZlbnQgYW5kIHVuZGVyIG5vIGxlZ2FsIHRoZW9yeSwKICAgICAgd2hldGhlciBpbiB0b3J0IChpbmNsdWRpbmcgbmVnbGlnZW5jZSksIGNvbnRyYWN0LCBvciBvdGhlcndpc2UsCiAgICAgIHVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyAoc3VjaCBhcyBkZWxpYmVyYXRlIGFuZCBncm9zc2x5CiAgICAgIG5lZ2xpZ2VudCBhY3RzKSBvciBhZ3JlZWQgdG8gaW4gd3JpdGluZywgc2hhbGwgYW55IENvbnRyaWJ1dG9yIGJlCiAgICAgIGxpYWJsZSB0byBZb3UgZm9yIGRhbWFnZXMsIGluY2x1ZGluZyBhbnkgZGlyZWN0LCBpbmRpcmVjdCwgc3BlY2lhbCwKICAgICAgaW5jaWRlbnRhbCwgb3IgY29uc2VxdWVudGlhbCBkYW1hZ2VzIG9mIGFueSBjaGFyYWN0ZXIgYXJpc2luZyBhcyBhCiAgICAgIHJlc3VsdCBvZiB0aGlzIExpY2Vuc2Ugb3Igb3V0IG9mIHRoZSB1c2Ugb3IgaW5hYmlsaXR5IHRvIHVzZSB0aGUKICAgICAgV29yayAoaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0byBkYW1hZ2VzIGZvciBsb3NzIG9mIGdvb2R3aWxsLAogICAgICB3b3JrIHN0b3BwYWdlLCBjb21wdXRlciBmYWlsdXJlIG9yIG1hbGZ1bmN0aW9uLCBvciBhbnkgYW5kIGFsbAogICAgICBvdGhlciBjb21tZXJjaWFsIGRhbWFnZXMgb3IgbG9zc2VzKSwgZXZlbiBpZiBzdWNoIENvbnRyaWJ1dG9yCiAgICAgIGhhcyBiZWVuIGFkdmlzZWQgb2YgdGhlIHBvc3NpYmlsaXR5IG9mIHN1Y2ggZGFtYWdlcy4KCiAgIDkuIEFjY2VwdGluZyBXYXJyYW50eSBvciBBZGRpdGlvbmFsIExpYWJpbGl0eS4gV2hpbGUgcmVkaXN0cmlidXRpbmcKICAgICAgdGhlIFdvcmsgb3IgRGVyaXZhdGl2ZSBXb3JrcyB0aGVyZW9mLCBZb3UgbWF5IGNob29zZSB0byBvZmZlciwKICAgICAgYW5kIGNoYXJnZSBhIGZlZSBmb3IsIGFjY2VwdGFuY2Ugb2Ygc3VwcG9ydCwgd2FycmFudHksIGluZGVtbml0eSwKICAgICAgb3Igb3RoZXIgbGlhYmlsaXR5IG9ibGlnYXRpb25zIGFuZC9vciByaWdodHMgY29uc2lzdGVudCB3aXRoIHRoaXMKICAgICAgTGljZW5zZS4gSG93ZXZlciwgaW4gYWNjZXB0aW5nIHN1Y2ggb2JsaWdhdGlvbnMsIFlvdSBtYXkgYWN0IG9ubHkKICAgICAgb24gWW91ciBvd24gYmVoYWxmIGFuZCBvbiBZb3VyIHNvbGUgcmVzcG9uc2liaWxpdHksIG5vdCBvbiBiZWhhbGYKICAgICAgb2YgYW55IG90aGVyIENvbnRyaWJ1dG9yLCBhbmQgb25seSBpZiBZb3UgYWdyZWUgdG8gaW5kZW1uaWZ5LAogICAgICBkZWZlbmQsIGFuZCBob2xkIGVhY2ggQ29udHJpYnV0b3IgaGFybWxlc3MgZm9yIGFueSBsaWFiaWxpdHkKICAgICAgaW5jdXJyZWQgYnksIG9yIGNsYWltcyBhc3NlcnRlZCBhZ2FpbnN0LCBzdWNoIENvbnRyaWJ1dG9yIGJ5IHJlYXNvbgogICAgICBvZiB5b3VyIGFjY2VwdGluZyBhbnkgc3VjaCB3YXJyYW50eSBvciBhZGRpdGlvbmFsIGxpYWJpbGl0eS4KCiAgIEVORCBPRiBURVJNUyBBTkQgQ09ORElUSU9OUwoKICAgQVBQRU5ESVg6IEhvdyB0byBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLgoKICAgICAgVG8gYXBwbHkgdGhlIEFwYWNoZSBMaWNlbnNlIHRvIHlvdXIgd29yaywgYXR0YWNoIHRoZSBmb2xsb3dpbmcKICAgICAgYm9pbGVycGxhdGUgbm90aWNlLCB3aXRoIHRoZSBmaWVsZHMgZW5jbG9zZWQgYnkgYnJhY2tldHMgIltdIgogICAgICByZXBsYWNlZCB3aXRoIHlvdXIgb3duIGlkZW50aWZ5aW5nIGluZm9ybWF0aW9uLiAoRG9uJ3QgaW5jbHVkZQogICAgICB0aGUgYnJhY2tldHMhKSAgVGhlIHRleHQgc2hvdWxkIGJlIGVuY2xvc2VkIGluIHRoZSBhcHByb3ByaWF0ZQogICAgICBjb21tZW50IHN5bnRheCBmb3IgdGhlIGZpbGUgZm9ybWF0LiBXZSBhbHNvIHJlY29tbWVuZCB0aGF0IGEKICAgICAgZmlsZSBvciBjbGFzcyBuYW1lIGFuZCBkZXNjcmlwdGlvbiBvZiBwdXJwb3NlIGJlIGluY2x1ZGVkIG9uIHRoZQogICAgICBzYW1lICJwcmludGVkIHBhZ2UiIGFzIHRoZSBjb3B5cmlnaHQgbm90aWNlIGZvciBlYXNpZXIKICAgICAgaWRlbnRpZmljYXRpb24gd2l0aGluIHRoaXJkLXBhcnR5IGFyY2hpdmVzLgoKICAgQ29weXJpZ2h0IFt5eXl5XSBbbmFtZSBvZiBjb3B5cmlnaHQgb3duZXJdCgogICBMaWNlbnNlZCB1bmRlciB0aGUgQXBhY2hlIExpY2Vuc2UsIFZlcnNpb24gMi4wICh0aGUgIkxpY2Vuc2UiKTsKICAgeW91IG1heSBub3QgdXNlIHRoaXMgZmlsZSBleGNlcHQgaW4gY29tcGxpYW5jZSB3aXRoIHRoZSBMaWNlbnNlLgogICBZb3UgbWF5IG9idGFpbiBhIGNvcHkgb2YgdGhlIExpY2Vuc2UgYXQKCiAgICAgICBodHRwOi8vd3d3LmFwYWNoZS5vcmcvbGljZW5zZXMvTElDRU5TRS0yLjAKCiAgIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvciBhZ3JlZWQgdG8gaW4gd3JpdGluZywgc29mdHdhcmUKICAgZGlzdHJpYnV0ZWQgdW5kZXIgdGhlIExpY2Vuc2UgaXMgZGlzdHJpYnV0ZWQgb24gYW4gIkFTIElTIiBCQVNJUywKICAgV0lUSE9VVCBXQVJSQU5USUVTIE9SIENPTkRJVElPTlMgT0YgQU5ZIEtJTkQsIGVpdGhlciBleHByZXNzIG9yIGltcGxpZWQuCiAgIFNlZSB0aGUgTGljZW5zZSBmb3IgdGhlIHNwZWNpZmljIGxhbmd1YWdlIGdvdmVybmluZyBwZXJtaXNzaW9ucyBhbmQKICAgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuCg==", + "version": "v1.0", + "download_url": "https://github.com/hellracer/cs-haproxy-bouncer/releases/tag/v1.0", + "asset_url": "https://api.github.com/repos/hellracer/cs-haproxy-bouncer/zipball/v1.0", + "status": "stable" + } +] \ No newline at end of file diff --git a/blockers/list.json b/blockers/list.json new file mode 100644 index 0000000..1050b06 --- /dev/null +++ b/blockers/list.json @@ -0,0 +1,36 @@ +[ + { + "name": "cs-nginx-bouncer", + "author": "crowdsecurity", + "logo": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAABmJLR0QA/wD/AP+gvaeTAAAJIElEQVR4nO2de3BU1R3HP+fukheQlJdVIAgiFKUIhSoEeeRBEqzN0KGBsRaTEHBaa4UAikAgBAkglPJsxzIdSAhFrGGYKaIhYReiVR61EEWLBErBgoISsLwSILv39A+GsToE9t69zzSff3N+5/fd882es7vn3N+BZppppplmmnEhhYWFSmFhoWK3jnAQdgvQS2rpY8NVVV0BRAhFTPVlba+wW5MeXGdA2rq0eNUjFkjJOL6pf5tQg5N9ub5/2aVND64xIK00raUaVF6QQr4IRDXS7DrIP0R4PXPKx5VftFKfXpxvgESMWJ/+lISXgXtCjKpFUNQ2OvZ3ZWPLgmbKCxdHG5C8Pv0RIVkBJOjs4oBETtmZU/mOkbqMxJEGJP7psc7eoLrwFvO8XrZ5FDmpMqvyuAF9GYqjDMhYkxFTH9EwXQp1Oohog7t35PrgsVsAABKR3HXkmIA3uBXBKBAtTMjiATEwqMrs7j/pfjmr31PVVVVV0oQ8mrD9HZBSPPJhFLkCyWAr8wrYjyLyfFnb37Uy7y102EPy+h93UmhYZOA8r5dtQSmeqxq//YQdyS1/4RlrMmKuRF1/TkhmA62szn9rZL2QYlW9GrngvQlbL1mZ2bo14OY83yL4FyHJBCIsy31HRAsEQ7xK0PL1wZJ3QGpp6g+DqmeFQD5qRb7wEX9XCebtytnxnumZzOw8dW1qR9XjmQtyIuC2Xy2lEGxWGzwv7Jz41qdmJTHFgITXx0RH11+cJCT5QGszclhInZCsDrS8VlQ1tuqy0Z0bbkBycVqGEGIV0NXovu1FfiYQs3zZFRsQGLY+GGZAUknaAAWxHBhqVJ8O5X2pyryduZW7jegsbAPSN6TfEwiKQpATcMo3a/ORQrAZEXzel+X7dzgd6TZgzOtjIs7XX3wGyUtAbDgiXEydkOI3V1q2XrxnbFm9ng50GXBjnldWgLxPT3wT5JSAfD3rgyYDktel9xcKy4FhmuT9nyAk+0DJ840v3xtyTKgNU9anr0WSQ5if5wfHJ5DZezQ92/UgyhtFXUMdJy+c4oMzH/JGzTbOXP4inO516QCoqT3C5kNb2HMy5LFrDBVBiT+7YkIojUM3oCQ97I9eEwfk8sT3xzb694AaoKS6lD9/XIY07pOeJh2vfvQa6w6UhJ3Dn1MR0tha9u10cHzCbQcfwKt4mTggl18P/JVtOp7s8wSDOg80Lf+3scyAzN6jQ247qlcGWX3H2aZDi9ZwscyAHu3u19Q+q984RvXKsEVHz3Y9Dc/bGJYZEO3VvsX77CPPMKSLsRtloeiIaWH0dnTjOPoXSkUozBw2g9539bZbimk42gCASE8E85PnEh8Xb7cUU3C8AQCxkbEsSVtEh5j2dksxHFcYANAhpj0LRxTRKsIh28gG4RoDALq16Uph0hxaeMw4NmQPrjIAoN/dfZn+6DSEsP1IkyG4zgCApG6JPD0gpJ9aHI8rDQAY2zuTnz5o3TdWs3CtAQC/fPhpUrun2C0jLFxtgEAwbfAUBnTsb7cU3TjOgI+//Iem9l7FS8HwfO5r080kRebiOAPy/QUc/+qEppiWES1ZNKKI77a6yxxRJuI4A65cv8Is32zOXjmrKa5dTDuWpC4iLirOJGXm4DgDAM7W1TLTN4fL17UdROsU24milHlEeRt7iNJ5ONIAgBP/OcHcXS/REGzQFPdA+17MHj4Tj3DHESXHGgDw4ZmDLH53KVJq2x8e1HkgkwY9a5IqY3G0AQBVJ95m9b7fa457vOeP+PlDPzNBkbE43gCArTXb2Hxoi+a4nB9kMbJHugmKjMMVBgCsef+P7Djm1xQjEExNmMzgeL3PeZuPawyQSH67ezn7Pz+gKU4RCvnDZvBghwdMUhYerjEAbhzcmldVxD/PH9MUF+mNZH7KPOLjOpukTD+uMgCgrqGOfH8BX1z+UlNcXGQsC1Lmm6RKP64zAOBc3TmmV87gwtULmuI6tg612Ip1uNIAgM8ufU6+v4Crgat2SwkL1xoAcLi2hqK3FxGUji4JdFtcbQDA3lP7WLVX+xc1p+B6AwDePPIWGw9usluGLpqEAQAl1aVsP+q+wolNxgCJZNmelew+ucduKZpoMgYAqFJlwTsvc+jsJ3ZLCZkmZQDAtcA15vjncvLCKbulhESTMwDgwrWLzPLP4Xz9V3ZLuSNN0gCA05dOM9tfQH1A1/PTlmGZAaEMRF1DnaE5j5w7SsHOeQTUgKY4o3XcDssMOFJ79I5tamqPGJ63+vQHLNu9UtNjr2boaAzLDAhlR0vPrlcoVB7bQUl1acjtzdJxKywzYM/Jvbz60WuN/n3jwU3sO/U30/JvPLiJlXtX33EqNFvHt7H0SXm4cWIhs/dovtf+xqOgh8/WsPnQFstedNvoNiR1S2JIl8F0iYsnLiqO+kC94TpCfVJeS62Il5DyeRNKCjcxZD1CLPVnVxSE0lpbtRTnFFt1KpqLhOsaRLvKDTsVAfulZIp/fMVfdcTqRCKSS0ZmCiGXAl109+NuTgtkYZuYuLV6L4oIexoxueS8UzGsFL5h87gJly44FUMvCzJ8oJJK0wYqKitADDK6b5uplsg8o69DMec/9euLdxYDd5uSwzpMvRDI1KkixKunnEoDyFfMvvLEkrn6NpevOZVtEiVvZ065tjOQOrB0MEYUj0yUQi4H+lmZVwOfCEVMsfJaREs3ZHzjt1cNPZEwQEA2YE19ytA4hyCvbUxsH6vvpLRtOnDI+tAA8hVxTS3w/cKn7aCpQdg+HyduSL/fq7JQSsZYnNqHqkz255YfsjjvN7DdgJukrE9PApYj6WtmHgmHEXLqzuzKcjPzhIpjNuX92RW7hh5P6G/i+nAeQZ5677U+Thl8cNA74H9JLE78jpfIGVKQB0SG2V0DiOJgRIv8qiffqDVCn5E40oCbpBan9pCKsiCM9cGnQt6unAptFUAsxNEG3CS1ZGSKilwGPBRSgKBGSKb5cireNFdZ+LjCAIDEXYle76cRuRIxH2isLMp5KVjSLjp2ednYsutW6tOLawy4yZCNj7eJuh54UQqm8PVtfAEQ6yJUMbs8t1xbmRWbcZ0BN0krTusVFGIZgEfKqZXjKw/bramZZppppplmtPBfF3sPBXFW2BYAAAAASUVORK5CYII=" + },{ + "name": "cs-wordpress-bouncer", + "author": "crowdsecurity", + "logo": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAABmJLR0QA/wD/AP+gvaeTAAAYRklEQVR4nO1dd3hUVdr/TabX9N4IJCGYkJAECF2T0KSoGLDifrqAfDYQRNT1cZfdz3VXmiiK4u6KIr0LCkozVCEBAmlASMiENNInkymZ/v2RZJhzp9w7KeDzbH5/zT33zHvOPe8973nbORfoRz/60Y9+9KMf/ehHP/rx3wbWg+6AKyQv/yEkKlA802gyjVS1G+Nb1LqINq1BqjOYuEqtgaPVGz0AQMjjmGVCrpHPZRukQm6bj4hfIRZyijlsdk55nfpQ3srHax70szjD74oBics2i2OCQxYqtfpZ5fVtSbfrlVKLpWc0WSxgUKCsbYC/9JpUyN2bU9WyseqTp7S90+Oe43fBgNlrjs9QqHXvXpY3jlKo9ey+bEsq5JqTInyuS4Xc1Yffm/odwOohi3uGB8aAAS9uEiQlhK7Ou904r7JJLXgQfQj3lWiTB/j8u6jS9Hbp+mm6B9GH+86AxGWbxQMCAjdcLG14tr5Vy3VVl+3BQlKkL4YN8EFMsCcGB3shKkAKqZALLxEPYj4HAKDWGaHQ6NGmNeB2vRIlta0oqWnFVXkTrlU0w0wjxwI9hYYRMQFbatS61y+vmKnpvaelx31lwKw1xxddKq1fWdWs5jurE+Itwuy0KGQMDcGEuGB4iXk9arNFrcOp4rs4WViNvRflqFU4H99wX4lubFzAu9sXZa7rUaNu4L4wIGvtyfiqJuWhnNKGKEf3BVw2stKi8MKEGGQmhIDt0TfdMpktOJpfha1nSrE3Rw6dweSwXlq0f1mwn3jm/iWTrvdJR2zQ5wyYtebo0uyi2lUKtd6Dek/M52Be+mC8/VgiQn3Efd0VAvVKLTYcvY51PxVAqTXY3ZcKueb0hJAPflg2+aO+7EefMSD6jcP8CH/LL9nFNQ9TRTCH7YFFU+Px3hPD4Ct1Ko0AADUtGlyr6JDlV+VNkDe0oVWjh0KtR6tGD5PZAomAC5mQCz+ZADFBnogOkiEp0gfj4oIQ6Cl0Sb9B2Y6/78vDhmPXYTSZiXssFjAtOfw3k9CcfmRR3yzSfcKAaSt/CrpT315QVNnsR703Li4IX/xxDIZG+Dj9/5XyRvyQW4H9uXIUVrb0qC9xIV6YlhyOp0YPxMhof6f1rsqb8Po353G+pM7uXmKkT0Okp+fQg+9PtL/ZQ/Q6A2asPBpzo6rlSlmdUmJbzueysfL5kXh9SjxYDlrV6IzYdKoEnx4uROldZW93CwAwKFCGVyYPwfyMOMiE9gqYxQKsO1KI97blQG8kZ0N0oEyVEuubuvP1iSW92adeZcAz606mnb1x93R1i5pQXQYFyrBjcQZSB9pNCLRq9Fj7YwG+PHYdjW3tvdkdp5AJuXh18kN45/EkeIrstayc0gY88+lJyBvaiPIwH7F+/JDA8dsWZeb0Vl96jQFz1p0c/NuNu/nUwc+ID8HetybaPajFAmw9W4rlWy/iruLBeAb8ZQL8dU4qFmTG2WleLWodnlxzHKeKa4nyMB+x/uGhQYlbXs242Rt96BUGPPrRYf+yelXZrdpWqW35EyMisW1RBgRc0rtw624rXv76rN3DPSiMHRyI7157BAMDiO5DZzDhD19kY/eFcqJ8UKBUHRsmjT68fPrdnrbdYwZEv3GYL+JrqwooC+689MH4asE4uzfrh0sVeHHDKbRq9D1tulchEXDx+R/H4A8TYohyk9mCl78+g03ZpOhPjPCpN4pN4UUrnurRg9jp5u5iQIDlGHXwnxgRaTf4JrMF7+/IxZNrjv3uBh8AVO0GvLjhFN7dlkO4LtgeLPxr4XjMGUXakPl3mgNCOZIjPW23RwyY88nxpSeLasbblqXHB2P7ogxi8I0mM/7wRTb+ceAaeupe7isIuGzMGRWFAE8hbtWSWpgHi4XvX0/HpKGhRPnxwuqM2Z8cX96TdrstgrLWnow/UVCZ36q5Z+FGB8mQ+9ETxIJrNJkx9/Ns7Prtdk/62aeYmRqBL+aNRRiNNa5Q65H63n6U19/TjrwlPHP6kKD4vcum3OhO292eAVVNykO2g8/nsrFjcQYx+GaLBc+v//V3Pfj/83AMDiybTDv4AOAl5mHnm5ngce4NW4tK71GjaD/Y3fa7xYCstccXUx1rq19IQ0oUqef/bc8VOw3i94ToIBm+mj/OoWHoDMMH+uHj50cSZRdu1cc8ve7kq93pg9sMSFy2WZxzq/5j27IJQ4Lw6qSHiHo/XKrAh/uudqdP9w1vTksAn+t+AG7R1ASMHRxIlF0oqVszesku144nB+C4+4fIwKAvCy5VWD1oHLYHPntpDPEWmS0W5JTWY/Gj8eBx2JCJeGB7sOAl5oHL9oC3mA8vMQ9SARc/X6vCBzsvEW2MiQ3EB1nJMFssUKj1UGj0UGr10BnM0OqMUOsMVlcBiwV4ifjgcjwgFnAg4LLhJeqgL+ZzcKKgBh8fvObwWcYODnL38a1tfjl/HFLf3Q9DpwPvTpNKkDQ8cj2A+W7RcqfygBc3CbQ8rtI2krVsxlCsnJvmDhkCJrMFgrnfwGS+px7tWpKJ2WkOQwduw2gyQzB3k8Oo2LWVT7p0CtJh6eYLWHe40Hod7CXSi3jeMnfCm26JoKT4sDW2gy8RcLH88SR3SADocEM0KNtRXKXABzsvEYMPAJtP3cKNGgU0OqPbtLugN5pR3azG6h8LnIYky+raHJYzxfuzkiER3HPq1So0vIRIzscu/mIHN0SQhZVXvv2PtiWvTh4CP6l78fQFG8/g21MldoNuix+v3MGPV+4A6GDyAH8Jcj56ws6l4QhvfHMeW8+VQqGmN/ZOFFTjiRGRzDuPDvdE17rhK+Vj4cQ4rPmxwHo/r7zpZcCyhGm2BeMZ8NjHR5+zzV4QcNlYPC2Bec87kTk0xOXgU6FqN6CwsgU/dTKEDiNjAhgNPgBsO1cGrd69WbYvR05cvzUjEULevff4TqNKOHvtiaeZ0mPMAKXWsMz2+ukxAxHsJWL6dytmpkZCxHd77ce2s2WM6j0xPJLRTAE6PJ7rfy52qx/fn74FtY1oDPIS4smRA4g6zar2ZWAIRgwIW7JLmFfRmGhbNnc86bT6/kyp0yC3LcR8DqYmhTHtnxWHr1aiWUW/tkmFXExOZE7/nz9cdSsOYTJb8M2vpCd67vho4vrS7cbkkJc3Mno7GTEgLcznFaXGYK0b7itGenwwUWfNoXyr3KbD7FHuazg6gwl7LjIz6tyhr1Dr8e429+IrG46Ss2bi0FCEeN8b7zatwWNU7MB5TGgxYoBSq59lez1n1EB42Cj+uWUNyL/TjC1nSpmQw4yUCEJuMsVWhvQfc0MMAcCm7BKcvcHMta/SGXCzphUFd5qtZWwPlp3arNIZspjQY8SA8vo2QtfMSAgh7u/pdDccuVrJaDpLBFw8Osx9MXT25l27MKEjyIRcTHFDzFkswBubzttlRThCi6pjgd9LmY3plDGR17clM2mblgGj3z8UerteaQ0VcdgeGBdHWpDHCqoBdOjeOxk63rojhiyWDs2lL+hfq2jG1ydcOzRNZgvKO1+AvRflxL2HhwQTLviyujbZiLd/ojW1aRkQ7COcYWvHpEb5ERkF9UotrlU0Wa+3nGYmJmamRlpzO90BYzGUGum2mPvrnisOk7S6UNGosioaRVUtqGu9F8v2EvMIZ6TZYkFoAGc6XZu0DDCYzYSfISmSNN3P3qgjgiwXS+txs6aVjizEfI5bYqIL16sVuFLeSFtPKuRiSlIobT1bNCjb8dUx59mIV+VNxPW1imbiOpHi1rCwWKPo2qRlgKbdEG97HRviSdwvrrJPnNp6ltlb2h0xBDC3CWaPGug27e9OOU/7yS4iN9rkyckXgTo2aq2RGDtHoGVAs0oXTjQSTDZyo1ph958tZ0oZhR67qw1tP1fGyJqemRLhljYEdMywPMqb3oVsShbH1XKy3mAKA5pV7bR+DloGKDV6IlcjipK6UVJrL27kDW04fZ0+5aS72lCtQoMThfTbvqRCLqZ2g/65m/YZiBWNKhRRZntlk5q4jvInx0apNZAFDkDLAK3eROTwUROsnFmnfS+GmNGf0w0xVOFA1d12tsxuVreoyWenjo1Wb3S5AQVgsgbojYSMkApImm3tjrWG3RfKGTm6uiuGDuTKaXe+dJe+2oEbfOd5+3WH6vSTUvJNNXoTbcP0DNAZiTpU1bHNidrWqtHj4GV614REwMW05HDaelQkhPsQ1rgzSIVct31PnkLyTS6sbEH+nWa7etQZQH05NToj7QLU48QsV4vhltO3GNHojhhy5z9zRrtH309Gxjgcvf2A62dnCloGiPgcwj6nTk8BzzmTf8mvZpR4OzMlwi2jjMWCnQvYJX03jb74cG/i2pl1L6Q8O1Uci/gcWvcwPQN4HGLEqY3IhM430RlNZuz8jV5nF/E5mDqMuRgaHROICD+JtQ06uGv02RqbuWUNTvcrUJ+dakWLeGzaRZDJDCCoUvM6Q31cu72Zeki7K1L+tjevV+lHBUiJQNMOF74n6r42JWVshDyOc79GJ2gZIBVyCZ3MNi0PAG1G2eXbjXb6syNMTw5nFCljsYCsTtevUmvA6kP5di4BR5iREsGIvu2CbbZYXCaWRfiRz15OUV9llLFzBFoG+Ir5hCpD9fPEh5Hy0hGYOOg6jDJ6MTQ6JtDK9AO5crQbTNhyhn6xZ0p/io3hdvZGHaqa1U7rplB2/NyoJsfGV8KX07VHL4IEnCLba6rlOzSSPq9m69lSRjo7EzFhW2fn+Y7FcdtZZq4JOvpeYh4RztzhRPvpwvCB5Ka/klrSLSPkcwpBA1oGcNhsIl5n63oGOrLY6FDVrLbzozgCnTZkq/00trXjeGccolahsf7uCf2skVFW35HRZMY+is+f2pdUSi5sPkUUerBAG+ukZUBFU+tBW4PnSnkTsRCHeIsQF+JFRwbfM7AJ6LQhW+1nX47cmhboDn1XYujZcYOsv48X1qBe6VyFHhLqRRyjoFDrCSeeB4uF0qr2H+n6RMuAyx9l1Q4MlFoXE6PJjDOU+CkTS3ZfjtyhiU+FKzFBih9SPBy4VOHUKmdC30fCxwSbSJ8z48tKhxIDzi6uJcTgoCBZa+Gnj9PuK2ZkCUf5SYg05xMFpCeSiexu0xpwIFdOW8+ZmLAVP7UKDU5fJ18Cjc5olzTlCDOc0J+WHA4Ou2M42g0mHMitcEnnqdGDiOuThaQIjPKTMNKPGTFAIuLts73ec7Gc4HZadABigjzt/kcFE5vAmRiyFT+7frvtcNFlKoYczdjpKRHW30euVrrcx5Y8wBcPhd0TuyazxS5GLBJy9tB2BgwZkFPVslEm4loFbnWzGidtokMsFrBwUhwtneMF1ahpoT+Ox9GMsi1ztuMmu7jWzkfvmD7pouayPTDFRvvp0q6c4QXKTspjBdXEMTieIp45r6D6P7QdAUMGVH3ylDZ5gC+RZE91tL30SKzD7f+2MJkt2M4gq4FqNLFY9xggb2jDhVv1Dv9ntlgYxSGmJ4cTYmh8XJB1QVW1G1wmmAXIhFiQSb5s1LFIifK7LP/2JUbpdoy9oVIhf5Xt9e4L5cTb7C3mY9Gj9Mm6rmKuXRBTtJUxsfeMrx3nb7sMdzIxykR8DiFyZqTe+30gt8JlWvyyxxIJ5t1VaLGfsl54irmrqP9zBsYMOLR80o5wX4lVL2s3mLDupwKizpLpCbTp6oWVLYxcB7YiJyuNXvx0obhKgcu36bMmbOnPsGGGK/oBMiFemTSEKFt9KJ8IPEX4SbT735rESP4DbsUDWJbkgb7f2JZ8eew6GpT3Zpq3mI8PnxlOS4nJW9olhmx9Pzc7z4Gjp08vhqYN6xBDQ0K9EB0kA9ARXj2aX+X0Px8+M5x4+5vadHbJXMkD/Da6cxKjWwGZH07ceCvQU2hVttU6I/55gNyINz9jsN0GNiqYuA7EfA6mDQvH6JhAhPt2iR9m6Sjbz5XRuqlFfA5mpEQQb/++HLndMTVdeHRYOOalDybK/m/vFahs3PPBXiL9LXXLO4w62Qn3ImJHFulGxvhvsy1a/0sxIVI8WCxsfu0Ru/ioLZhmNcweFUW4npnuN65XavFLPr1rYvaoKMy0kf/OXM9eYh6+WkBuZy2404wNlCSu4YP8vnX37Ai3Q5LVav2rYT5iq9wxmsx4/ZtzxMIYFSDFl/PHuaTDRGefnhJhtTivyptw3UEOkjMwCYdOSw7H6E5f1l2FFqccpNKwWMCGeWOtsxDo0Lb+999niVkW4SfR5hfXLGbcwU64zYDLK2Zq0mL9ifMRzt2sw2c/k46/58YOwtLpQ53SOZArp3UdiPkca9DD3d32By/foT0URMjjWBNqd19wbNz9OSsFz4whrd51hwvxWwmpCqfFBixlqnraoltB+T1LJq1Pi/Yn5uvyLTl2nVo5dySeGu04L0fN0HUAdGRF76AxjqjQ6o2MN3QAjteXeemD8ZfZKURZblkD/rQ9lygbExtQsmtx5ldudbAT3c6KCPYTz/QS86xz0GAyY+7nvxK5Mh4sFr579WGnzjom2hDQkfDLZF+APX1m4dCKRpWdcTcjJQJfzh9LlLWodXh63UliofYW800hvtLH3O5cJ7rNgP1LJl3PHBr2lu3CVF7fhllrjqHdZq8Yn8vGvrcmOdx4/WsRM9cBnWvAGU5fr2XEuJ0U4+6lR2Kx962JVucc0GH3zFp9jKDHYgGZicHv7X6z+8eX9SgvaM+SzHWZ8aGnbMtOFdfimXUniQWKx/HAzjcz8WfKdDZbLNh2zvVbarZY3BIltug4l45edd1u04d3HkvCvxdOANdm8E1mC174PNvOAzspIez47jcnMbZ6HaHHiVk1JtXkxEifBtuyg5crsPBfZ4lFjcUCVsxOsVNR6bSh09fvotpFXJYOdGLuRo0C1yqa4SXmYesb6fjHcyMIddNktmDBxjN2W5KSIn3rGu/cmdbtjnWixwwoWvGUPiLA56HYYE9irm/KLsHstcft8kPnjo/G5X/MsoYy6VwHdIEROtysacXFUsfOO6BjcZ+SFIb8VVl4diyp7egMJjz32Ul8S/FfDQqUqSI8ZUmXv15IHwGiQa98LKHk6HeaR55dsEepNr7cpjVYbfWbNa04f7MOjw8fQGTQ+Uj4ePGRWAR7i3HhVh0AlsM0coPJjPkbz0Dj5m52KgQctlNFwGLpOPPBUdb3zJW/4MhV0jUR5iPWjRgUlLT/nczKHnWqEz2eAV3Yu3jyrQlDAieE+YgJ5Tu7uBap7+1HbhkhpeDBYmHhxDiUfvo0BgZKHXo4TxTW9Mphrjt/u+3UxZAeH2x3YNPF0nqkvrvfTuaH+Yh1YwYHjN+9NJ2ZesUAvfq5kIIjm6sfeW7BDrMJLzWrdNYzhRRqPTafvgWJgIu06ADigQVctl1ZF/6+P4+R55QOGr0RKVF+iAt1nTxgtliw9qdCzF2fjWZK5nNssKdqVEzwsB1vZhQ4+Xu30GszoAsHl04tTQjziqYuzHqjGUs3X8D4vxxiNKgWi+PdN+4iPswb7z6ehJhgmct6efImjPvzIby95SKRbQF0LLixYf5R2xY/zMxwcQN9dnx9/IpdvBC2+MiJopoMR8fXvzb5Ibz/5DDa+EFdqxbnS+pwraIZxZUtqGpWo7JJDY3OiFaNHh4eLEgFXEiFXIR4ixAVIEV0oAzDB/kjLcYfATL64+s/3JeHDUeL7VwRLBYwLSniVG25fFJvLLiO0OcfcHjusxOvHMuvWd/Y1m4n7h70Bxw++bEQ638pchgB85HwzZMTw97evjhjbV/24/58wmT1L3E1Le2HLpTWRzu63/UJk+fHR2PS0NAH/gmT0bEBJaG+0sd6YuEyxX39iE/WmmOv5JY1rHX12apgLxGy0gYgIyEUDz8UBG+x6y9s0KFZpcOp67U4WVCDvTnlLjeMRPpJ2sc9FPT2ltfSP+9Ro27gvn/GKnXFIVGoiLc+t7Rh7t1WrctPJDn6jNXAQCkkAi68xTzreW2qdgNa1N3/jFWwl0g/PNrvu/yimkXdcSn3BA/sQ27RbxzmJ0RyV1253Ti/sknl9nmbvYEIP4k2Ocr36wMXFcuxu2enoHcXv4tPGT656th0pVb/3hV506gWte6+fMpQLOCu+vlPUzf/137K0BHCluwSjgjzWaDS6J+UN7Yl365rkzHZV+AKHiwWBgVKlZH+0isSIWdPXkH1f+63mHGF3xUDqIh/e1dQdKDXDABpKo0+vkWtj2xrN0i1OiNXpTNyu/Ywi/gcs4TPMQj5HINUwG3zkQgqxAJ2IZvFyimp1B5ikqXcj370ox/96Ec/+tGPfvSjH/cL/w/RdOpfEcCqbwAAAABJRU5ErkJggg==" + }, + { + "name": "cs-firewall-bouncer", + "author": "crowdsecurity", + "logo": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAABmJLR0QA/wD/AP+gvaeTAAAO10lEQVR4nO2deXRUVZ7HP/fVmlRCErJvQkhCEkJCQgFhTQBlCaI20CAgyKBGzWjPONMObqg96sHpFnV6tM/x2GL3uHGOM+fQC3bjQhM2lQ4DjRA3BLUhUAkkgYQkVamqd+ePkJCQKrLUq0p5Tn3+eq/evb/7e+/73l1/7xWECBEiRIgQIUKECBEiRIgQIUIEDDHcDviC1Wo1NBGWrFcceqeitH574EDdcPs0WH5wAoyxzrxOrzrvRIhyYCKg63G4ScBfpGTL14c/3QHI4fFy4PxgBBhrtcahGjYjWA0YBpDlC6R8NiUqbGtVVZXL3/4NlR+EADnWkjlSFVsRJA4h+z5VGpZ+c3jvOc0d04CgFyBn0owcqboPAFE+mDlqcJin19RUXdLKL61QhtuB/pBu9xZ8u/gABU6zfaMW/mhNUD8BuRNLrCrioEbmOoSiK/zq4P6vNLKnCUH9BKhCLNfQnFGq6mMa2tOEoBYAlYnaGpTLRxfNjtbWpm8EtwBCjNfYotmo2BdobNMnglsAZMxgUkdHRzEqPR0hvDdtEjnfZ7c0RD/cDnhj9OzZZprt5q79/LxckhIT2Lv/UzqcHb3SCiG4/54KVixbgk5ROP7NSR564klsdfV97ArEZP97P3CC9glQWlpMXduL5s/j1Zf+k6cff4znn30avb73fXPjgvmsWr4MndJ5OtlZY/j3xx7xZjrLXz4PhaAVQI2MdACYTSZ+Unk3NpuNkydPYC0uYm5Zaa+0t69eCcDB6moOVlcDUJA/juIJhZ5Mmwii8w4aR67mu6qqDoD8cXlERkRw953rWbNqJcePH2fmtJLudJGREaSlpvD2m29QeU8FlfdU8M7bb9GZN9eDZdkMqIE4h4EQtALQeZE64uPisNls2Gw2nE4n2//wexIS4rsTxcaMBOi+6ABbL293HeuNaPGn04MlmAUAaLx48SIjRoxAuVy/nz9/nsbGpu4Etvp6pJRcunRlmqelpfMan7X1XR4QQTZFHdwCCNHwxVdfYzAamFVaRphJclvZOUoN93L0uSPseqKGX66toeHYc5TOKO7ONqVkKlJKDh463MekhLTCwkJLIE/jWuj6TzJ8xCan3mp3OEaZzWb+9Y4Z3DdzG/G6w3x7qpX0BAgzuqk/105RwieUT/iO4vEJxCUXcs8/P8n+T6vZ9sftnswKF6bfNdhOnQn0+XgiaMcBnYgGgPPHnid2XC16nYs2vaAou/OoXgejkwWqBIU2yrK+pCzrSxyndnLkhIUYSyJNrX3vMSFkIVAdyDPxRpBXQTTeNbeOTSu/R690LmqFm0HX45omxQqUHgPfCy2SP1Y1s2C8jefWfOfFsJzrN58HSVALICUNyyfX0eHsP62jA7btVnn5f90UZQsiLb2F6WVXsGD27NlB8fQHtQAKNNjdRv70scppLwuKHU748K8qz73tIjYKHl2nJyu988pbkq/3Zjq2ttmx0C9OD5KguAu8oUraH383ndf/8TQ7D1zivX2SjBSB2QhuCd+dgbMNkmkFgg1r9Rh7nI0zYhYJWc8QHlZBW3u7B+uyAvDYSgeS4O4FpaQtq79onGFKX8NtpU2MS2ugqUWiqhBuEhTlKCyappCRItBdfpZdYQW0pj5LW/JG9AYLp2vP8PU3J/rYFjA2LinlvQZb7bD2hoK6ChJC3Ajg1qVyMXMbptgiphcolBYrTMkXpMVD18yzakjh0nWvcDH7IzqibqJrtbV8/g1ezatCPOP/s7g2QStA9qSSeUiZD2CJCEfqYmge8zvssXeiGpJB6EDocJvzaE3ZxIWcAziil3L1MndRYQEpyUkeyxCIBbmTps7297lci6AUID8/3yhU8XzXflJiZziQVMJpTX2WprwjNBScpaHgLBfG7sYedxdSMXm0JYSgfP48r2W5VV5NsVrDNT6FAROUAnSYIp8GCgAURSFv7Fif7N1UvhCdznNzJyA7UjU861MBPhB0AuRMnLpCwL917ReMG0d0tG9hQQnxcUyfWuL1uBTcP1xVUVAJkF00vQj4DT0q8iU336iJ7R8tLr/WYUVVeaOgYOag1qC1IGgEyMoqNwmdfEtCd30cHR3FnFmzNLFfMmkSyUnXDC1Ndxhcr2lS2CAIGgGUqKZNXb2eLpYvuQWDcSCB0AOwrygsLu938Ls0p3jaHZoUOECCQoCxE6fMQvJAz99iR8ay6sfLNC3n5kULvDbGXUihPp9RUjKUKOwhEQwCKKC8xFW+VKxfi9ls9pJlaMSOjGVOaX9Vmog2uPiFpgVfg2EXYKx16lpgQs/fiicUsnihfwLY1t22EiEElvBw8nK9dG+lWJtdPL3U80FtGVYB0qZNCwO6pgNcAJbwcDZueLB7DVhrMjMymDV9Gq1tbdjq6ln546UYDcarkwmE+iuWL/f7XNmwCmBxcA+SNIDkxISLAA/cX9lfb8Vnbl22BICmpgvs/fgTNj70UwyG3hPDAsbnnDi10q+OMIwCZGWVmyTyQYDw8LCPJIzMGZvNomtMG2hFUWEBo9LTAag9c5bqQ4d54L7KPukkPIqfr9GwCaCMaFwHpAJy3epVJltdvVi3euU1A2u1QgjBTYuutDHv7fiAycXFTBjfJxh7XJa1xOt0qhYMlwAKiA0A4WFhHztdzhkjY2KYOW1qwBwoyL8y5FBVlT9/uJNVK/p2exUp7vWnH8MiQO7EafOATIB/ua/SUX3wsLJw3g19gm79SdaYMb0a+qOf11Ay2dod4NuDxf58qWNYBFCRd17erL/++jk5X359nIXzvK7f+oWwMDNpqSnd+42NFzAZTSSnJF+d1GDQORb5y4+AC5BVPCseuAVAp1N22Wz1SRaLhcyM0YF2hTGjR3Vv6/WdPc5wD4M/IfHbAn7ABRDCtRQwAsTHxZ+qq6vTFRXmB6TxvZoRkSO6t1Mv3/kdnmJghNbvql0h4AIoyO5+5qhRaUKVKlmZmYF2A4CIiIjubWtxEVJK6s95iH+RMtdqtWozK3gVgRVg+XKdlMzp2o2LjY2Oi43lurS0gLrRRUREZ4yu2WRi3ty5nDpd6yWEBV1HR1iEpwO+EtC4oNyTp8epgu6gfZfLPSo7cwxxIz3F8fufyMsC3LhwPpERFnbt3uM1bbte+OVaBfQJcKH26mKcPPntOICYmOF5dVcIQXR0FBXr1wHwyV+9xus2f3N473l/+BDQJ+Du0jpHTrrdmRjlNLy9P573/3YyZceHH7Fwnl8Hm15pbrnEkw8/xIjISBqbGtn/6QFvSY/hpxc7AiaA3GXMRTn7Dpe/9TMl8xJPR6SxafOLmM1mZs+aGShXurllUTmWCAvfnz7Du9u24XZ7fnVMIPf7y4eAhCbKg4Tj1H+IoLu7IwSU5jXzbZ2BX//PYdJSU/0+FhDuC0SdXIql9hH09s/Y800Sz7z0Gjuq9nH2fBPR8fFEREWjSjcddjsAYUYVo0E+ajt15nt/+BSYJ6DN+DKC/Kt/FgKeWnGamtPh/GzTf3C2ro7bV93qNzfMDb9F39b58RXjxfdIb6vD7sjrPi4l6AxGYpPSKC84/+36GcfDxiTYE4WQv6CU6UJo/3al3xthWWXcgBTrvR0PN7l54fbv0Skqr7z2OpueewGXyz9fGDO09q5JrAmH0Ov6XtO8hPM8teRYRmaiPUkIBIgSdpu0iY+5Cr8IIP+ESVaZZ8kq45sI8fP+0ueltlExt/ONxu073ucnDz5MY1NTP7kGj3C39trXKSqq2nsEPsLUwcPX70URV7W5gjLNHUJDAeReYuQe4+Nyj2kvFlMzQu5BiDUDzV85v46MhM5698jRo9xReT9ffPm1Vu5dpu+Ttcb6GQkRrYQZnMzM+DsvLX2P5BEev2zm8bV7X9FsAkbuNv0euNkXG9UnIlj7q2zk5ZvPZDTxxCMbmFOqTQ8p6vhc9O3Hhpq9jlJHitbtgJZVkM9D9cmZl1gxtaF739HhYONTz7Dlv9/01TQAQvp07RLZY/yRJo70QEMBxF4trPx08RliLO7ufSklW954i799dtR349LjPM8gEK/L3Ybi/tMNHC0F+EALK1HhLh5cXNvn92M1X/hsW3H53LBHgbJH7jbdJ3dp04XXTgBLezXg7jfdAFg6pYHi0Vd6LEaDkUkTi3wz6rYj3M0+egZ0VrUvo5iOyl1mn+dQNBNATMIJ9L11h4CiwNMr/o5BL1l6802885tfk5sz9Jc0mltaeHHzg2j8lZpcFLnVVyNajwM0G0FlJ9upnFfHsc8/x2Qa2lqIqqps//P7rF5fQUu9Vp8f7YXPdZp244Aqw2QgQyt7APfeYCPceZS1d1Wyfcf7uN0Dq+GcTicf7PwLd1Tez6bNL9DY1ERhhk6T6rEH34Hq87yJluOAfcAMrex18f05E4t+nofLLUhOSmTB9XOZWjKZ3OxsjMYrMZ3t7XYOHTlC9cFD7Ny9l4bGhl52Xr37RG1ZXnOqBi65kfwXDsfjYgGt/Se/NpoIID+yJGJw2bSw5YmH3xnFtureq2aKojAyJgaj0YjT6aShsRFV9V7H79xYczYttqNPzMngkAdQ5H1ilvP/fLNzBW1mQ3Ud6f6c11sw4UIfAVRV5XxDg5ccfYmNdEb64MI5EA9T6vhtcI6E251HkdRoYssDcZG+t+1GHWFDzLoFxZEjyuyv+2M6WpMnQCzCIfcY5qA6H0GwHtB0kdelYgfaQTSB9NTzcABtIBwg20DYQRolMlogkoE8VSJ1g1uAqgcqRJnjD1qcgzc0j4aS76IjMawE3PNATANK8FUQIbaKUvvqoWa3Wq2GTzbX1BgUmT3ALB+gN6wVMy71/fSuxvg9HE1KBHuMuUhlKoKFdH67eZCCiLtEmX2LT37sNv0S+Kf+i+IFbI4NYoU2o/r+iwswchd6FNNchPgHpFwC9Pcm3klUxwQxB5/+fkTuC7sOt1oNJHhJ4kDwgCh1vOJLOYNlWP9BQ+4lBrdpFUKsAznFQ5LPUOWtYk7Hl9qUZx6Dqj4JohRIBASCWuADJC+KMsdxLcoZDEHzFyadYwnnDFDiADeqqGF2+wEhgutDqyFChAgRIkSIECFChAgRIkSIED9g/h+02l+jofHlGAAAAABJRU5ErkJggg==" + }, + { + "name": "cs-custom-bouncer", + "author": "crowdsecurity", + "logo": "iVBORw0KGgoAAAANSUhEUgAAAuwAAAHACAYAAAD5pj0sAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAATiAAAE4gBo4oJKAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7d1/mJ11eSf++3NmMhMBIfzQVUgiorW1KK6dJjPnTMKOiOtaa11b44/dat1aabWK2l7dar/ttvvDrXa3rVh0FbHbgq7VdK3aKlURZk3mnDPhmvo1iKj1ByURqhQNSAgzmXk++wdhVQSSzJznPM/Meb2ui7+8rvt+/yEzb54593kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO6Tqg4AlK/ZbJ5WFMWjhoeHTy+K4vSIOD2lNJRzPiWl1Kg6H1CtoijuaDQaRc75O41G458WFxdvHxkZuW3Xrl23Vp0NUNhhzZiamho+dOjQE1JKT04pPSUifjwiHhsRZ0fEyZWGA1areyLiHyLipoj4Ys75841G43Pz8/M3zM3N3V1tNBgcCjusYtu2bTunKIoLc84XRsSFEXFq1ZmAgbCYUvpcURRXR8TV69ev3z09PX1P1aFgrVLYYRXZtm3b5sXFxeemlJ4WEf8iIk6rOhNARByKiE5K6dqc88c6nc5nqw4Ea4nCDjXXbDYfFhE/HREvjYhnRcRQtYkAjurGlNIHFxcX/3zPnj1frzoMrHYKO9RTY2Ji4oKU0ksj4nkRcVLVgQCWoYh7n7xfkVJ6/8zMzHerDgSrkcIONXLeeeedeMIJJ1yUUvr1iDir6jwAPXRXSumylNIfzszM3FJ1GFhNFHaogcnJyYcXRfGLEfGGiHhU1XkASrQQER8oiuI/z87O/n3VYWA1UNihQmNjY2eMjo6+Ouf82ojYUHUegD4qIuJ/55x/t9vt3lh1GKgzhR0qMDY2tm5kZOTXI+K3I+LEqvMAVKjIOb+nKIo37tmz5/aqw0Ad+bYJ6LNWq3X+0NDQX0fEiyNipOo8ABVLKaWxRqPxik2bNt2zf//+6yIiVx0K6sQTduiT7du3P3pxcfG/R8S/qToLQI11Ukqvarfb/3/VQaAuFHYoX2o2m6+KiDdFxClVhwFYBRYj4u0LCwu/NTc3d3fVYaBqCjuUaGxs7JSRkZHLI+L5VWcBWIW+GBEv6HQ611cdBKrkM+xQklartWVoaOjqiJisOgvAKnVGRLxs8+bN39q3b9/fVR0GquIJO/ReajabF0fEH4SjUoBeufLgwYOv3Lt378Gqg0C/KezQQ9u2bTt1aWnpioj46aqzAKxBX4iIn+t0Ol+sOgj0k8IOPbJ9+/ZHHz58+KqU0lOqzgKwhn0n5/ycbrc7U3UQ6BeFHXpg27Zt5ywtLX0yIh5XdRaAAXB3SukF7Xb7Y1UHgX5wdAorNDk5+ZNFUVwTEZuqzgIwINZFxAs3btx4y/79+x2jsuYp7LACrVbrgpzzxyPitKqzAAyYRkrpOZs3b0779u2brjoMlElhh2WamJh4TkR8NCJOqDoLwIBKETG1adOmof37919bdRgoi8IOyzA5OTkR95b1h1WdBYD4F5s2bbpj//793aqDQBkcncJxarVaT8o5fyYiTq06yzFYjIgvp5Suj4ivFEVxU0R8I6V0e0rp9pzzPUNDQ177DQPs8OHDI+vWrTuxKIqTi6I4o9FoPDrn/NiU0mNzzk+KiHNjdTycKHLO/6bb7X6g6iDQawo7HIdWq/WYnPNMRJxVdZYHcTgi9kTENY1G49p169Z1pqen76k6FLB67dixY+jmm2/+541G42k556ellM6PiJOqzvUgFnLOz+52u1dXHQR6SWGHYzQ2NnbGyMjI7oj40aqz3M89EfHRnPP77r777k97CyBQpqmpqeFDhw5NpJRenFJ6YUScXnWm+/luURRPm52dnas6CPSKwg7H4Nxzzx05+eSTpyOiWXWW+6SUdkfEFSMjIzunp6cPVJ0HGDxHfjb+VES8NO59w/O6iiPd51uLi4s/ed111+2rOgj0gsIOx6DZbP5RRLy+6hwRkSPiY41G400zMzOOq4Da2LZt2+bFxcVfTym9Imrwmfecc/fw4cPnz83NHa46C6yUwg5HMTEx8TMppQ9Htf++LEXEByPi9zudzvUV5gB4SFu2bHnU8PDwr0XEK6P6z7q/udPpvLHiDLBiCjs8hC1btmwaHh7+bFT7Gc2/yzm/qtvtzlaYAeC4bN++/dGLi4tviYiXVBgj55yf2+12/7rCDLBiCjs8iKmpqeH5+fnpiJisKMKBiPi9jRs3Xrpz586lijIArMjk5OTTiqJ4e0Q8saIIt0XEUzudzjcq2g8r1qg6ANTVwsLCm6K6sv7h4eHhJ3Q6nUuUdWA1m5mZuXbDhg1PjYg3R0RRQYRHRMT7duzY4WWRrFqesMMDGB8fH2s0GrPR/7cBL6aUfrvdbv9B3HtgCrBmtFqtC3LO74uIR/V7d0rpV9vt9jv6vRd6wRN2+GGNlNKl0f+yfnNK6fx2u/2WUNaBNajdbl+TUnpKSulT/d6dc/797du3P7rfe6EXFHa4n2az+YqU0kSf185ExFPb7Xanz3sB+qrdbn/rrLPOelZEvKvPq09eXFz8/T7vhJ7wkRj4Plu3bj19eHj4iznnM/q49m8WFhZeODc3d3cfdwJUrtVq/WbO+c19XJlzzhd0u93pPu6EFfOEHb5Po9H4b30u61cuLCz8rLIODKJ2u/2WlNKvRv+OUVNK6dKxsbG6vJEVjomLaTii1Wo1I+JPok9/eUop/Y9Op/OKW2+91bfAAANr3759123evPnrEfGvoz8/fx85NDT07f3793tbNKuGJ+xwRM75P0X/Pib24bPOOus14bgUINrt9pUR8Zo+rnzj2NjYCX3cByviCTtERKvV2hIRfTlGyjlfe+qppz7vIx/5yOF+7ANYDfbv33/d5s2bT4j+vP/ixEaj8c39+/fv6cMuWDFP2CEics6/1adVnx0aGnruVVddNd+nfQCrRrvdfkNEXNmPXY1G4zfOPffckX7sgpVS2Bl4ExMTT4yIn+nDqgNDQ0PPn5mZ+W4fdgGsRnl0dPSiiPhs6Yty3nTyySe/pOw90AsKOwMvpfTb0Z9/F161e/fur/VhD8CqNT09fU9RFC+MiH483Hjj1NTUcB/2wIoo7Ay0Vqv1uIh4YR9Wvb3T6by/D3sAVr3Z2dm/Tym9qg+rHjc/P/+CPuyBFVHYGWg551+O8o+vP79hw4ZfL3kHwJrSbrffG/35PHs//sMAVkRhZ5A1IuLFJe/IOefXODIFOH5LS0uvj4jbS17TOvLXVqgthZ2BNT4+/vSI2Fjymiu8Ahtgefbs2XN7zvl3Sl6Tcs7/tuQdsCIKOwOr0WiU/e0Adw4PD7+x5B0Aa1q3231XRMyWvOYl0b8X58FxU9gZSOedd96JEfG8ktf8h127dt1a8g6Ata5oNBqvK3nH41ut1kTJO2DZFHYG0kknnfSzEXFSiSu+GRGXlTgfYGDMzMx0I+KTZe4oiuLny5wPK6GwM5ByzqUem6aU/rjT6RwqcwfAIEkpvank+S/csWNH2d8aBsuisDNwjryK+vwSV9wxPz//zhLnAwycdrv9mYjYVeKK02+55Zanljgflk1hZ+CcdNJJWyPixLLmp5QunZubu6Os+QCDqtFovLnM+UtLSxeUOR+WS2Fn4DQajTJ/IOdGo/GnJc4HGFgzMzN/m1LaV9b8lNJUWbNhJRR2BtHTSpy9a/fu3V8rcT7AICuKovhfJc7fPjY2tq7E+bAsCjsDZWpqan1ElPbVXTnnfrxGG2Bg5ZyvKHH8SSMjI1tKnA/LorAzUA4fPtyMiPUljb9n/fr1f1nSbAAiYnZ29gsR8dmy5qeUfI6d2lHYGShFUWwvcfzV09PTB0qcD0BE5JxLeziSc95W1mxYLoWdQfOUsgbnnK8pazYA39NoNK4tcXxpvydguRR2Bs15ZQ0u+RcIAEeMjIxcFxF3ljT+Udu3b39ESbNhWRR2BsZ55513YkScU9L429vt9t6SZgPwfaanpxejxJcoLS0tPbms2bAcCjsD48QTTzwnyvv//GcioihpNgD3k1Iq86+ajy9xNhw3hZ2BkXM+u8Tx15U4G4D7KYpirqzZJf++gOOmsDMwGo3GY0scf32JswG4n5RSmR9DPLvE2XDcFHYGRs55Y1mzU0o3ljUbgB/W6XS+HRHfKmn8Y0qaC8uisDNIHlnS3KX5+fmbS5oNwIO7qaS5viWGWlHYGSSnlTT31rm5ucMlzQbgQaSUvl7S6NNLmgvLorAzSM4oY2hK6ZtlzAXgoeWcbytp9KlTU1PDJc2G46awM0geXsbQnPPtZcwF4KGllMr6+ZsOHTp0Qkmz4bgp7AySdSXNLettewA8hKIo7ihr9sjIyGhZs+F4KewMklJ++KaU5suYC8BDazQapf38XVxcHClrNhwvhZ1BUsoP35zzYhlzAXhoOefSCvvQ0JAn7NSGws4gSWUMzTkXZcwF4KhyWYOXlpZ0JGrD/xkBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhB37A5OTkxNatW59QdQ4A4F4KO/ADlpaWnj40NPSlZrO5u9ls7piamhquOhMADDKFHXgwkxHxwfn5+X+YmJh48/j4+MaqAwHAIFLYgaM5M6X0m41G46vNZvODExMTF1YdCAAGiT91A8dqJCJ2pJR2NJvNGyPiXQcPHrx87969B6sOBgBrmSfswHI8MSLeeuKJJ97SbDbfNTk5eW7VgQBgrVLYgZU4OSIuKori845UAaAcCjvQKz9wpNpsNs+qOhAArAUKO9BrZ6aUfjMivuZIFQBWzp+ugbI4UgWAHvCEHegHR6oAsEwKO9BPjlQB4Dgp7EBVHKkCwDFQ2IGqOVIFgIfgT9FAXThSBYAH4Ak7UEeOVAHgCIUdqDNHqgAMPIUdWC0cqQIwkBR2YLVxpArAQPGnZWC1cqQKwEDwhB1YCxypArBmKezAWnLfker1zWbzU45UAVgLFHZgLUoRcWEcOVJttVq/12q1Hll1KABYDoUd+AHr1q3705zzf4mIf6w6S4+cmXP+3Zzzza1W672tVqtZdSAAOB4KO/ADdu3adWu32/2dO++88zER8YKIuDoicsWxemE05/xvc87tZrP5d61W66LzzjvvxKpDAcDRKOzAA7rhhhsWOp3Ozk6n84yI+PGc89si4q6qc/XIU3PO73KkCsBqoLADR9XpdL7Y7XZfWxTFWSmlX46Iz1edqUccqQJQewo7cMxmZ2fvbLfbl3U6nScXRbE9InZGxGLVuXrAkSoAtaWwA8syOzu7u9PpvGB4eHhzSukNEbG/6kw9ct+R6j5vUgWgDhR2YEV27dp1a7vdfsudd975uPjekepacN+bVD/lSBWAKinsQE/c70j1iWv5SHV8fPzHqw4EwOBQ2IGeW+tHqo1G4/OOVAHoF4UdKI0jVQBYOYUd6AtHqgCwPAo70FeOVAHg+CjsQCUG5Ej1G45UAVgphR2o3Bo+Uj0lHKkCsEIKO1Abg3Skun379kdUHQqA1UFhB2pprR+pLi4u7nekCsCxUNiBWhuQI9U5R6oAPBiFHVgV1viR6k84UgXgwSjswKrjSBWAQaKwA6uWI1UABoHCDqwJjlQBWKsUdmBNcaQKwFqjsANrkiNVANYKhR1Y8x7gSPWGqjP1iCNVgAGgsAMD4/uOVJ/kSBWA1UJhBwbSfUeqjUbjMY5UAagzhR0YaDMzM7c4UgWgzhR2gHjQI9WDVefqEUeqAKuYwg5wP/cdqY6Ojm6MiNenlL5cdaYeue9I9fpms3nV5OTk06oOBMDR+TYBgAcxPT19ICLeGhFvHR8f39ZoNC6OiOfF6v/Z2YiIf1UUxVJEXFt1GAAemifsAMdgDR+pAlBzCjvAcVjDR6oA1NRq/7MuQCVuuOGGhbj3e9x3TkxMPDEifiWl9PKI8E0sAPSUJ+wAK9Ttdm888ibVM1fTm1RzzqnqDAAcnSfsAD0yOzt7Z0RcFhGXrbEjVQAq5Ak7QAke4Ej1G1VnAmB1UtgBSvR9R6rnhCNVAJbBn2kB+sCRKgDL5Qk7QJ/dd6QaEc2IuKmqHCklR6cAq4An7AB95iAVgOPhFwVAH0xOTj485/zinPNrIuJJVecBYPVQ2AFKNDk5+aNLS0v/riiKX46IDVXnAWD1UdgBemzHjh1D+/bt+6mU0sVFUTzdZ8UBWAmFHaBHtmzZ8qh169b9wv79+1+VUtpcdZ5j4D8kAFYBhR1ghcbHx8cajcZrI+JFOed1VecBYG1R2AGWYWpqav38/PwLcs6/llJ6StV5AFi7FHaA4zA+Pv4jKaWXz8/PvyIiTvPxdADKprADHF1jYmLigpTSayPi2eGz3wD0kcIO8CBardYji6L4pUaj8Ss5501V5+mhu3PO70sp/UnVQQA4OoUd4H6OHJFelHN+SUrpYTnnqiP1yldSSpcvLi5evmfPnturDgPAsVHYASLiWc961uiBAwd+JiJeHxHNqvP0UBER10TEZRs3bvzQzp07l6oOBMDxUdiBgdZqtR5XFMUrDhw48EsRcXrVeXroQM75iqIo3rpnz56vVx0GgOVT2IFBdN8R6UU5559NKQ1VHahXUkpzEXHZ/Pz8e+fm5u6uOg8AK6ewAwNjbGzslJGRkZdFxMURcU7FcXppPiI+mnO+pNPpzFQdBoDeUtiBNe++I9KI+PmIOKHqPD30jZTS5fPz85fOzc39U9VhACiHwg6sSd93RHpRRFxYdZ4e+n9HpKOjo381PT29WHUgAMqlsANryuTk5Jk554sOHDjwqoh4RNV5euiOiPhAURSXzM7OfqHqMAD0j8IOrAVpYmLi6Smli4qieF6srZ9tn00pvfOuu+563969ew9WHQaA/ltLv9SAATM+Pn7y0NDQi3LOr42IH686Tw8tRMRHcs6Xdbvdq6sOA0C1FHZg1Wk2mz+Wc35lSunlOecTq87TQ7fmnK/IOV86Ozu7v+owANSDwg6sCueee+7IySef/Nw4ckSaUqo6Ui/NRMQljkgBeCAKO1Br27dvf/TS0tJLc86vjoiNVefpoe9GxPtTSn/Sbrc/X3UYAOpLYQdqaXx8fFuj0bh4cXHxX0fEuqrz9NCXIuJ/jI6Ovmd6evquqsMAUH8KO1Abk5OTD885v/jI0/QnV52nh5Yi4qqc8yXdbvfTEZGrDgTA6qGwA5XbunXrExqNxi8WRXFRRJxadZ4e+sec858PDw+/Y/fu3TdXHQaA1UlhB6rSmJiYeHZK6eKIeHpErJkr0pTSXM75bQsLC++fm5s7XHUeAFY3hR3oq/Hx8X82NDT0spzzqyJic9V5euieiNg5NDT0h7t37/5c1WEAWDsUdqAvxsfHxxqNxmsj4kU557V0RPr3KaX35Jzf3el0vl11GADWHoUdKM3U1NT6+fn5F+Scfy2l9JSq8/RQERHX5Jzf1u12/yYckQJQIoUd6Lnx8fEfSSm9fH5+/hURcdoaesnRt3LO/zMi3tntdm+qOgwAg0FhB3qlMTExcUFK6bUR8exYY0ekEXFZzvnKbrd7qOo8AAwWhR1YkVar9ciI+Hc551+JiLMrjtNL8xHx0ZTSH7fb7U7VYQAYXAo7sCxHjkgvyjm/JCIeVnWeHvpqSundi4uLl+/Zs+f2qsMAgMIOHLNnPetZowcOHPiZiHhdRLSqztNDRURcExGXbdy48UM7d+5cqjoQANxHYQeOqtVqPa4oilfccccdL4+IM6rO00N3HHkT6SW7d+/+WtVhAOCBKOzAg7nviPSinPPPppSGcl4b31543xHp/Pz8e+fm5u6uOg8APBSFHfgBzWbztIh4eUT8SkScU3GcXronIj4YEW9vt9t7qg4DAMdKYQd+QM75lSml/1J1jh66JaX07qGhobfv2rXrtqrDAMDxUtiBtShHxKcj4rLR0dG/mp6eXqw6EAAsl8IOrCV3RsRfNBqNt83MzNxQdRgA6AWFHVgLvhgR7zx48ODle/fuPVh1GADoJYUdWK0WIuIjOefLut3u1VWHAYCyKOzAanNrzvmKnPOls7Oz+6sOAwBlU9iB1WImIi5ZWFj48Nzc3OGqwwBAvyjsQJ19NyLeHxGXdjqd66sOAwBVUNiB2kkpfTki/rTRaFy2e/fu71SdBwCqpLADdVFExMdzzpd0Op1Px73fpQ4AA09hB6r2zZzznw0PD79j9+7dN1cdBgDqRmEHKpFSmouIy0ZGRq6Ynp6+p+o8AFBXCjvQT/dExM6hoaE/3L179+eqDgMAq4HCDvTDV1JKl+ec393pdL5ddRgAWE0UdqAsRURck3N+W7fb/ZtwRAoAy6KwA712IOd8RUT8cbfbvanqMACw2insQE/cd0Sac76y2+0eqjoPAKwVCjuwEvMR8dGIeGu73W5XHQYA1iKFHViOr6WULpufn3/P3NzcP1UdBgDWMoUdOFZFRFwTEZdt3LjxQzt37lyqOhAADAKFHTiaOyLiAznnt3a73RurDgMAg0ZhBx7M36WU3jU/P//eubm5u6sOAwCDSmEHfsDQ0FA7IpozMzPdqrMAAAo7cD8zMzPXVp0BAPieRtUBAACAB6ewAwBAjSnsAABQYwo7AADUmMIOAAA1prADAECNKewAAFBjCjsAANSYwg4AADWmsAMAQI0p7AAAUGMKOwAA1JjCDgAANaawAwBAjSnsAABQYwo7AADUmMIOAAA1prADAECNKewAAFBjw1UHAKA627ZtO7UoiidXnYP+KYritm63e2PVOYBjp7ADDLClpaWtEfG3Veegf1JKH4qIn6s6B3DsfCQGAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpsuOoAAFSn0+l8ampq6mFV56B/vvvd7y5VnQE4Pgo7wGArpqen76k6BAAPzkdiAACgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhZ2CklBZLmjtUxlwAjmpdWYNTSofLmg3HS2FnYOScF0qaO1LGXAAeWpk/fw8fPjxf1mw4Xgo7g6SUH76NRuOEMuYCcFQPK2vw8PBwKQ95YDkUdgbJPSXNPa2kuQA8hEajcXqJ4w+VOBuOi8LOIPlOGUNzzmeUMReAh5ZzLquwH+p0Ogo7taGwMzBSSv9U0uizSpoLwEPbVMbQEn9fwLIo7AyMoihuL2n0w7du3Vrmn2UBeGCPLWNozrms3xewLAo7AyOl9I9lzR4aGnpcWbMB+GFTU1PDEbG5pPGl/b6A5VDYGST/UOLsJ5c4G4D7OXTo0BMiYrSM2Smlr5cxF5ZLYWdgNBqN0n4A55zPK2s2AD8spVTag5KiKG4qazYsh8LOwFhcXCytsKeUxsuaDcAPSyltL3G2J+zUisLOwJidnf1GRBwoafxPjI2NeYESQP9cUNbgnPPny5oNy6GwM0hySqmsH8Lr1q1b1yppNgDfZ8uWLY+KiB8rafz84cOHv1LSbFgWhZ2BUhTF3rJmp5SeWdZsAL5neHj4gohIJY2/cW5u7nBJs2FZFHYGzWdLnP2cEmcD8D1lPiCZK3E2LIvCzkDJObdLHP+jrVZrS4nzAQZes9l8WEQ8t6z5Oedry5oNy6WwM1BmZ2dvjIhvl7jiJSXOBiDieRFxSlnDU0rTZc2G5VLYGTQ5Ijolzn/x2NjYuhLnAwy6ny9x9pc6nc43SpwPy6KwM3BSSp8sa3bO+YzR0dGfKms+wCA78u0wzyhxhY/DUEsKOwMnpfSJMufnnF9X5nyAQTU8PHxxRAyXuOKaEmfDsinsDJyZmZkvRcRXS1wxNT4+vq3E+QADZ2xs7JSIeGWJK3JRFJ8pcT4sm8LOoPqrMoc3Go03lDkfYNCMjo6+JiI2lLiiPTs7+80S58OyKewMpEaj8Wclr3j2xMTET5S8A2AgnHfeeSfmnC8uec2VJc+HZVPYGUgzMzM35Jw/V+aOlNJ/LXM+wKA46aSTfiMiHlHiivmI2FnifFgRhZ2BlVJ6b8krntlqtX6u5B0Aa1qr1Xpczvk3S17zsU6nU+Y7OmBFFHYG1vDw8PsiYqnMHTnnt05NTZ1U5g6AtSznfElErC95jY/DUGsKOwNr165dt0bEp0tes3FhYeF3St4BsCY1m83nRcSzS17z7Q0bNlxV8g5YEYWdQfdnZS/IOb++2Wy2yt4DsJa0Wq1HRsSlfVj1v6666qr5PuyBZVPYGWgbN278YER8rINEGgAACCJJREFUpeQ161JKf7F169bTS94DsFY0cs5XRMSZJe9ZiohLSt4BK6awM9B27ty5lHP+w7L35Jw3DQ0N/XlEpLJ3Aax2ExMTb4iIZ/Zh1fs6nU7ZD21gxRR2Bt6pp576PyPilj6senar1fq1PuwBWLVardb5KaX/2IdVRc75zX3YAys2VHUAqNpXvvKVpc2bN6eI+Jd9WPf0zZs3f2Hfvn1f6MMugFWl2Ww+PiL+NiIe3od1/7vb7b6jD3tgxTxhh4i466673hkRt/Vh1VDO+X0TExMX9mEXwKoxOTl5ZkR8KiIe2Y99RVF4us6qobBDROzdu/dgSultfVo3klL6y/Hx8fP6tA+g1rZt23ZqURSfiIiz+7TyY7Ozs3N92gUrprDDEfPz838UEf/Qp3WnNBqNTzSbzSf3aR9ALTWbzdMWFxc/HhFP6tPKhZzzb/RpF/SEwg5HzM3N3R0Rr+vjykdFxGdardb5fdwJUBtHPgZzbUppoo9r/6jb7d7Yx32wYgo7fJ9Op/PhiPibPq7ckHP+ZKvVen4fdwJUbmJi4olFUXQiom8fD0wp7RsdHX1Tv/ZBryjscD9DQ0OvjYhDfVw5mnP+i2az+drwPe3AABgfH39GSml3RGzu596iKF43PT19Vz93Qi/4Wke4n5tvvvk7GzduHE4pTfVxbSMi/tWmTZv++dlnn/2Jm2+++Z4+7gboix07dgxt2LDhd1NK746IE/q8/pPdbvf/6/NO6AlP2OEBrF+//i0ppS9XsPq5S0tLc61Wa0sFuwFKMzk5eeb+/fuvyTn/bvS/f9wdEb/a553QM/78Dg9iYmLiJ1JK7YgYrWD9QkS8JSJ+v9Pp9PPjOQC9liYmJn6h0Wj8t5zzGRVl+KVOp/OeinbDiins8BCazearI+JPKozwtZTSxe12+2MVZgBYlsnJyR8tiuLtEfH0qjKklD7QbrdfVNV+6AWFHY5iYmLiL1NKP1dxjA9HxBs7nc4XK84BcFTbt29/xOLi4m9FxKsjYriqHCmlL4+MjIw5NGW1U9jhKKampjbMz8/PRcQ5FUcpIuLjKaX/1G63r6s4C8APGR8f/2cppdenlF4T/T8qvb97IqLV6XQ+W3EOWDGFHY5Bq9XaknPeHREjVWeJiBz3Fvc/arfb03FvkQeoTKvVelLO+dUR8bKo5u7nh+ScX9ntdt9ZdQ7oBYUdjlGz2fzFiLg8avTvTUppX875vTnnK725D+inLVu2PGpoaOjFKaWXRMRTq85zP5d1Op1frjoE9EptigesBs1m840R8V+rzvFAUkpzEfG3OedrI6Lt22WAXtqxY8fQLbfc8tSlpaULGo3GhTnnC6Ke73P58MaNG5+/c+fOpaqDQK8o7HCcJiYmLkkpXVx1jqOYj4huznlXSmlvo9HYe+DAga/fcMMNC1UHA1aFRqvV2pRSOjfn/OSIaOWcz4+IDVUHO4rPjI6OPnN6etrL51hTFHY4fo1ms/neiHhx1UGOU5FS+kbOeX9E3H7kn/mIuDvnPF9tNKAiwymlh8e9T8pPP/LPoyNic9TjZud4XD86Onr+9PT0gaqDQK9V9lVLsIoVCwsLvzAyMnJaRDyz6jDHoZFz3hQRm+7/P6Tkv92BVW3/4uLiszudjrLOmtTvVwPDmjA3N3d4dHT0+RFxddVZAAbc1yPiadddd92+qoNAWep4LAKrwk033bRwyimnfGBkZORHUkpPqjoPwAC6oSiKp3e73ZuqDgJlUthhBW677bal/fv3f2jz5s0Pj4hm1XkABsj/WVhYeMZ11113W9VBoGwKO/TAvn37Prl58+Z7IuLp4ZgboGwfiYjn7dmz566qg0A/KOzQI/v27ZvZvHnzrRHxrHAfAlCWd27cuPFln/jEJ3xNLQPDk0DosVartSXn/IGIeGzVWQDWkHsi4g2dTueSqoNAvynsUIKtW7eePjQ09GcR8dNVZwFYA74YES/odDrXVx0EqqCwQ3lSs9m8OCL+IFbfC0gA6uLKgwcPvnLv3r0Hqw4CVVHYoWStVquZc35/RDym6iwAq8hdEfGrnU7niqqDQNUcnULJ9u3bt//xj3/85UtLS+siYmv49w7gaD60uLj4nNnZ2V1VB4E68IQd+mjr1q1PGB4evjTn/IyqswDU0FcbjcbFMzMzH686CNSJwg4VmJiYeE5K6R0RsbHqLAA1sJBz/uP169f/3vT09D1Vh4G6UdihImNjY6eMjo7+Vs75VRFxUtV5ACqwFBEfTCn9Trvd/mrVYaCuFHao2Pj4+MlDQ0OvzDn/+4g4reo8AH1wOCL+otFovGlmZuZLVYeBulPYoSampqZOmp+ff3lE/PuIOLPqPAAlmI97n6j/R0/U4dgp7FAzY2NjJ4yOjr4s5/yyiNhSdR6AHrgpIq5cXFx8x3XXXfePVYeB1UZhhxprNps/llJ6Uc75JRFxTtV5AI7DHRHx0ZzzFd1u99MRkasOBKuVwg6rQ2NiYuL8iHhpo9F4Ts75jKoDATyAu1NKV+ec3zs6OvrXvvEFekNhh1Vo27Zt5xRFcWHO+cKIuDAiTq06EzCQFlNKnyuK4uqIuHr9+vW7lXToPYUdVrkdO3YM7du37ydTSk/LOf9ko9F4cs75ceGNqkDv7Y+I61NKn11aWppeXFycmZubu7vqULDWKeywBjWbzYdFxI/lnB8bEWc3Go2zi6I4M6V0ekScERGnR8T6uPdnwIYKowLVuyvu/ZrFxYi4PSJuTyndXhTFNyPippTS11NKNzUajS/u3r37O5UmhQH1fwFiYtgzpiU5kgAAAABJRU5ErkJggg==" + }, + { + "name": "cs-cloud-firewall-bouncer", + "author": "fallard84", + "logo": "iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAABmJLR0QA/wD/AP+gvaeTAAAgAElEQVR4nO3deXhV1d3o8e865+QkOZkDIQwJQ4AQQAEZFGQKJCCzghynqq9tb23f2/pW66PtbXvvS/WtVatgqx2uvtqq19sBfdtah15FHOoMVBEIyCyCEKaEISM5Z90/NmkpAjlrn33OPsPv8zx5gGQPK5uzf3vtNfwWCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQiUm5XQDhrOrqap83u6QSX7hShVV/pRgQ1pQr6A50O/nlBzKBwMndGgGt0UcU6gRQj9Z7UGovsAetd6F86zqa6re89tprHa78YiImJAAkNzVz/uVDwlpNUFpP1HguAD0MyIrR+dpQ1IFer8PqLY9Hr3z5uWe2xOhcIg4kACSZ6vlXd/eFOmai9BxgJlDiZnkU7NaaldqjXvCHjv/xxRdfbHOzPMKMBIAkULNwYTd1wrMIra4EqgGv22U6I60/RfGlFc8/s8LtoojISABIUEuWLPG8tWZ9LWG+ouFSIMPtMkWoXWt16SsvLP+L2wURXZMAkGAmLliQFwhnfklr/W9Ahdvlsam+I6AGvbZ8+XG3CyLOzed2AYSlev7V3X26/VZC6msaXeh2eaJU6msOXwE85nZBxLlJAHDZ3LnXFLWp9m8RPvFNUHlul8c5ajwSABKeBACXVFdX+3y5JV9r0+0/QFPsdnkcp3SsuiKFgyQAuKBm7qJpCs9DaD3M7bLETFhtc7sIomsetwuQTmprgwUz5i3+icKzAkjdmx+4687vjtZaX+x2OcS5SQ0gTmrmBGeh9GNa08vNcmT6/WRlZRIIBAgEsgmHw7S2ttHW3k5bWxtNTc1Rn2PKxPGMG33BAmCB1vot4B7gOaWUjvrgwlHSDRhj1dU3ZGXkHr9Ha24iDtfb78+gX3k5ZX16UVbWm/KyPpT16UVpjxJyc3LweM5d6Wtrb+fAgUMcPHSI/fsPsnPXp2zfsZNtOz6hsfFIl+cfNHAA9/7H/yIvL/f0H60FlgJPKaVCdn8/4SwJADE0ffaVA5Un/IxCj4zVObxeL1VDBjNqxHBGnX8ew4YOwe+PzZihAwcPsfajDXz40XrWrtvAvvr9f/9ZIDubObNqueHaK8nMzDzXYT4CblJKvRGTQgojEgBipHZucC7oJ4Eip4+dkZHBReNGUzt9CqNHjSA7y50G90OHG/h09x6ys7Oo6N+PjAyjwLMcKxDUx6h453TL27qYEFehmQ4MwpohuU0p3g138NQD09RON8oVbxIAYqB2TvA2lL4bhxtZh1ZVUjttCtOmTDxTFTsZHQH+HXgoHq8Fwd9rb1kvpqG5Hricf0yHPpM1KB7OUPzm3knqWKzL5hYJAA6qrq72+QLdH0TxNaeOqZRiyqQJXHPFQioG9HfqsIlmFXC1UrHpOrzlTT2cENcBN6AoNdy9FfgziicLOnhxyTSVUvkQJAA4ZPbs2ZknPDm/BxY4cTyfz8v06slctXgh5WW9nThkojsG3KiU+q0TB7v5Dd1Laa5AcT0w2oljavhMaZ5WHh5bOlmtdeKYbpMA4ID58+cHWkKZf0Ax04njVU++mP92w7WUlro61d8tTwJfVUq1mO540ws605fHTDTXAZcR2xmUdUrxxAnNYw9OUQdieJ6YkgAQpZM3/wsopkZ7rPKy3nzja19m9KgRThQtmX0AXK6U2hHJxrf+VY8Jh7kexTVYqc/iqR14SSmeOJ7NHx8eq07E+fxRkQAQhWAw6G9o5g+g50RznEy/nysWX8rVwYWmLempbB8wRyn1wZl+eNOruizDxxe05svA4PgW7awa0Cz3eHny/knqTbcLEwkJADZVV1f7fDndnyHKd/6K/v34/ne+lS7v+aaOA4uUUi8D3PK2zlYh5mnNjUANif35rVOa5crHr+6fqD5xuzBnk8gXMKHVzFv8kNJ8PZpj1E6fws1fv7GrgTNpTUPbyt3c9fx2+pys4idb/2cYWKkUT3qaeea+S1ST2wU6lQQAG2rmLb5dae6xu38gO5tvfv1GpldPcrJYKWV/C3ywH1bth8OtbpfGMUeAZ1E8sWwSr5AAcyMkABg6OcLvWWwO8inp3o0f3fF9+vUtc7hkya+lAz48CKvrYedRcP3uiK1daH7j8/HIjye6N3VaAoCBWbOu6t/h7ViNtbiGsb7lffjRHd+nR0m8G6oTV1jD1iPWTf/RQWgPu10iV7g26lACQISqq2/I8uY0vWt3Ys/Qqkp++O//I1WG8EZtz3Grev+3/XDcxY6zgA8uODnc4oMD0OzuOL8m4A8oHi+YxMolSsU8HEoAiNCMeYt/ojX/ZmffMReMZMn3biMrK70b+462w4cHYPV+2O1ivmCPgkEFMLYURnQH/8mXuZCGTQ1WbWT9IevfbonXqEMJABGYMX/xTB3mL9i4XlWVg7j3rn93bcae2zrC8HFjYtxUpQEYVwrjekCe/9zbntoeseNofMp3DjEbdSgBoAvVl11W6DvhqwPzTD79+pax9J47yM9LoWS/Edp9HFbVw98OQJPLVfyR3WFCLyiz+fZV32z9Lqv2w7F2Z8tnyPFRhxIAulA7d/GjwJdM9+verZgHfvwflPZIn/H8jW3WDf/ePjhgPJLfOT4PVBZaT/vzuoHXoU+5BrY0JkyDpSOjDiUAnMPJ7L2vYHidAtnZ/PT+u9Kiq+9EGOoOwzt7rZvDza67slwY2wPG9ICcGI+obu2A9YetYOD2700Uow4lAJyFNdS35APQ55nu+51bb6Jm2pRYFCshaKx++tUnq/htLmb4K/BbN/xFPaEk250yNLRZPQjv7IVD7g5aMh51KAHgLGrnLr4J+KnpfvNmz+CbX78xBiVyX6KMzvN5YHix1Yo/tMhq1U8EiRQYiXDUYYJcusRysuFvK4YDfir69+OnS+8i099FE3MS0Vhdd2/sgU9cTIylgEGFVhV/RHfITMwF0v+uLWS1E6zeD1vdf0XYiubRjkx+/uB49U99GhIAzqB23uI70XzfZJ/MzEx+8ZN7U2pWX9MJeGQD7HLxxi/Jtm76saVQlKTDKBrarFrB6v3uNo4Cu0Ka2p9OVVs6vyEB4DTV86/u7guf2A4Y9d198bqruebKRTEqVfyFNDzwoTViL96yfTCqxOqv758f//PH0s6j1ivUhwessQYu2OX1Mu6+iWo/yMpAn+PT7beartJbXtab4KL5sSqSK1bVx/fmV8Dgws+Pzks1/fOtr4UVrg2Q6hsOcRtwG0gA+CcTFyzII6SMM/r+61e+mHKZfFbFKVt/rxzrST8mgtF5qaSzIXN4sTW4aM3JxtW9ccgWoOEraH07SmkJAKfIDvm/DBSa7DNtykTGjRkVoxK5Z38M31WzfTCqu/W0H5BiVXw78vxQXWZ97Wu2agWr6uFY7EZQFnzrDcqWwqcSAE5asmSJ581V628y2cfn8/Llf/lCrIrkKqeH73oVDClyfnRequkZgHkDYE7/f0yTXnvQGnDlJOWhBxIA/uHNVetmgKow2Wd69eR0Td0dsc4JOBeWQm5qvSXFlEdZw5krC2HhwNglSpEA0El5voKO/NJ6PB6uWrwwhgVKXvl+awLORT2hd47bpUl+2T6Y0NP62t9sjTp0ajCWBACgZuHCbrRro+y+kyeOT6k+/2gl6ui8VNMjAJf0g5n9nBl1KAEAUCc8izBcReaaK+Tpf6o7xkNWgo/OSyUKqwF1QD7Mr4Dvvm3vOCna22pGo64y2X5YVWUqL9Rpi9z87onm2qd9AKief3V3pc2W9aqdHvUqYEIkhLR/BfDqE5cAEcdQn8/H1MkTYlgi4RYNrDtoze8PaStv4HndwJ/CtZu0DwBKM9tk+wkXjU3LFF+priMMv9oIGw//43vv7rNu/vO7WSMVKwtTr3Ez3QOAArMlvWumTY5RUYSbXtn9zzd/p/aQNUx3zX5rxN7oEisY2M0vmGjSOgDUzr2yCkIRj+Txer1cMPL8WBZJuCSSuQ/H2uH1PdZXacCapjy6R/JOU4Y0DwCa8MUmNbqqIYMJZLuUd0rEVIPhoJr6Znh+J7ywEyoKrFrByO7WoJ1kkmTFdZaH8ARtkBJh1IjhMSyNcJPd4bUa2HbE+vqvbbHJRhxLaR0AtFKjTf7nR40wzg8q0kjHyQzJdYetmkDnyMjBhYmbeSdtA0B1dbUPzdBIt/f7MxhWNSSWRRIppKXDSgG2er/VRnBBibuZi88mbQOAN7ukEnTE63X1LS/D75fpbMJcQxus3G199cuDqX1gZEli1ArSdiSgx4vR47y8rE+siiLSyCfH4IlN8JMP3V0yrVPaBgAdDhsN5i/vIzP/hHN2HYP/vd7dxVIhjQOA8iijAFAmU3+Fw3Yft6bzuiltA0BYU26yfVkf48WBhejSO/vcPX/aBgBQRqv+9OzRI1YFSUimDVQu12ST1j4HsgDbufY6TBjSOAAowkbJ/AKBBOu/iTGv4Scj5O5S2UnLictmJ2FoGFohjQMAqKJIt8z0+/F6U3hO6BlkGH4ynM5amy58DvQFdti59mFaIK0DABE/0rOyIx4ukDJMA4CtD6EwrmmdiZ1rnyE1ACJehyYdJwD5pAYQF07UAOxce0+H1AAiDgDZaRgA5BUgPrIdGFxq59o3n5AaQMQv9V4n6mlJRl4B4iPXgcH4Nq59+MHZtEN6BwBxDqYBoNVmXvp0F3CgBtBqvsx4K0ppkAAgzsI01fSx9tiUI9UFHKgBHDWfU3Ck8y8SAMQZ5RumuToqAcCWQgfSiR1tM97ls86/JP104OrqG7IyAk1VYQ9D0LpSKV0Fngq0zgFygKKTf6bR6vPRyze8WhIA7Cl2oIfZxjLiezv/knQBoLq62ufPKRmp0bUaVQvHJ2nIUp3jIbVCBqZGzzQAxHAt+5TmREJRG8E3uQJAMBj0Hm5iOkpfr2BhGH1yzVm50WNFagDx4UQNIGUDwPQ5i/p58fz3hmb9BaWQjBxxZFwDkABgzO9xpg3AtPal4O9zEBMyANTOvbxCKfVNrfmqhiTOup68TAPAwVarPpYIaa6SRc+c6K+XBg63GO+0p/OvCRUAps++cqBHdfwQVFBr6aFwU16G9eGM9CWrPQSNbcm9SEa89QxEf4yGVmg3HAikVYLVAILBoL+xWd+iCS0BlXAzb/LzUmQdKAM+DxRlwWGDBTPqmyUAmHAiANQ3m++TqdjS+XfXn7I1c4KzGpr1Bg13Awl38wMMqhjgdhFcUWr4Ad1v48OYzpxYX9A0AGj47O7JqqHz367VAILBoL+xRf9Ya30TCfzq6PF4qK2Z6nYxXNEzcOYFM8+m3vRdNI15FJQ7sMi06TVXUHfqv10JALVzL69oaNa/A8a6cX4TwUUL6N/XKH1gyughNYCY6Z0DmQ7kmDF+BdAuB4DaucG5oJ8CCuJ9bhMej4fgogV86fqr3S6Ka0zfUfc2SU9ApAbkR38MjY0AoNh46j/jGgBmzAneoNGPxOO8mZmZZGVlEsjOJicngFKRfSzz83IZVDGAGTXV9OtbFuNSJrbSgFlPQHMHHGiBHumXPsFYhQOPv/pmawkyE2G3agA18xbfrrW+mxg8IMr69GLUiPMYNLCCsj69KC/rQ3FRodOnSTtZXijItLr3IrXzqASArniUtWBotHYeNd/HF3YhANTOXXw3mm87dTylFOcPH0rt9KmMGzOK7t2KnTq0OE2vHPMAcGFp7MqTCspznZkG/Mkxs+01fHb/NHXw1O/FPADUzFt8u1M3f0F+HgvmzeKS2mmU9jDK6i1sGpBv1hOw0/BDmY6qIs5HfW6mNQAFb53+vZgGgBlzgjecrPZHpbi4iOCiBcybNYOsLBlpEk+mjVX1TdZ7aXZCDDFLTEMdqLC2dNjoddFxDAA1cxbP00o/QhTv/D6fl4UL5nLdNUGysxJyjFDKK88Dr4p8EUuNVTV16imXagoznen/33nMfC5sWPP26d+LSQConXt5BfBkNMcfWlXJt276Kv379XWuYMKY32ONWDN539zSKAHgbEaVONMKvrmh621O01Sk+eD0bzo+FHjMmBszUJ6nAFvtnEopFi6Yw9K7fyA3f4Lob/gaUGfQZpBuRhitSHl2Nq7xe0umqc91GjpeAyjudfg+rRlvZ99AIJvv3nYzF40b7XSxRBQG5MPre7rerlN9MxxqhW7y1vZPirOgnwMDgA61WuMtTJypARAcrgHUzAnO0pqb7OxbWFjAfT9aIjd/AhqQb15tNek5SBcXljpT/bdTwwrFOgBUV9+QpZR+EBu/Y2mPEh64904GD6xwqjjCQXl+6GM4c22T+TtqSlPAGIdWmLcRXJtbAvz1TD9wLAD4co9/Bxhkul9BQT4/uuP79Ondy6miiBgYbth1taXRPFFFKhtU6MwrUXsIth7pervTvPzwWHXGTkNHAsD02VcOtDPYJ5CdzY9+8D3Ky3o7UQwRQ8MMG69OhOFjqQX83USHnm8bG8yXAtPw3Nl+5kgAsNJ4mSXzUErx3dtvZvAgqfYng7JcKDDME7hmf2zKkmyKMuE8h1r/bVxT7ffwwtl+GHUAuGRBcBBKLTbdL7hovjT4JRGF+Qi2usPms9VS0ZQ+1gSgaDV32GpbWXXvJPXZ2X4YdQAIdejvYrDSLliDfL543TXRnlrEmWk7QEcY1h7sertUlul1bnLUhwdsrASs+fO5fhxVAJh56VXlKL5gso/X6+Xmb9yIz+dAOhQRV4OLzFcNTvfXgEm9nZsXYedaKnj+XD+PKgDoEx3fwHDNvUWXzqWif79oTitc4vfAMMNawPYjZpmFU4nfC1MdWs6moc3W/P/NS6fw4bk2sB0AgsGgVxs+/YuLi7jumqDdU4oEMM6wOquB1WlaC5jYC3IznDnW+/tsLYT3OEqdczfbAaCxVdeA2XJdwUULZFZfkqsqsgYGmXh7b+SzCVNFpheqHXr6hzS8va/r7U4TVponu9rIdgAIh7nOZPv8vDzmzqq1ezqRIDwKRhvmYjnann6NgdPLzAPl2XxwwNbaiyuXTlWfdrWRrQAQDAb9Chaa7HPp/Fny9E8Rdlq13zxrR1Tqyfc79+4P9q6dgscj2c5WADjSFBoP5ERcGKWYWVNt51QiAfXKgT4R/+9bdh6FXWmSLmx2f6sB0Ak2r9vx1hB/jGRDWwEg7PFMN9l+xHnD6Fnq0EwIkRBMGwMhPWoB5bkwzsGPus1rtvzn09TxSDa0FQC0VtNMtq+ZNsXOaUQCG1tq/pT74IBZhuFk41EQHOzMqD+wuv5stp38MtINjQPAhGAwW6EvMtln7OiRpqcRCS7gM3/ShTSs6LJZKnlN7OXMgp+dXt5lo/dE8ddlU9T7kW5uHABymxgCRJyat6xPL0q6OzQTQiSUKX3Mkz+8ty81BwYVZlrv/k5paINV9bZ2XWaysXEACHsYYrL9qBHnmZ5CJImSbBhuGNtDGl5JsVqAwqr6Zzk4uv0lO09/2LF7L8+a7GAcADzaLADIdN/UZqe76/361KoFXNwLhjqYBbmhDVbbePprWLb8ChUy2cc4AGgVNgoAZX0k2UcqG1gAfQ3z3KdSW0C3LJg/wNljvvSJrad/Y3uIX5nuZBwAlFZGbzplkuor5U22EePfr7extHWC8Sr4whDn+vwB9jXDKnuz/h6OtOvvVOY1AFTEiY39/gyKi2WFiFR3QYm1lLiJsIb/2hab8sTLggrzNRO68qft1rUx1BRqZ6md89kYB6AjrvAFAoafCpGUPAousbGGy5ZGWHfI+fLEw7Bia66/k9YetJlHUbHsJ7XKVp+BnYFAkQeAbBn7ny5GltjrA//TdhtZblzWI9uq+js03gewkqj+eYetXRszsff0B3sBIOL/5qysbBuHF8lIAbNt5Hk53AqvGaw65LYsL3xxmPOrH6/81F7PiIJ7756sbOdfdnxtwFOFQpIRMp0MLYaKAvP9VnyaHEOEPQquqzJv7+jK4VZ4dbetXfd5WvhpNOe2EwAibmlsaUmhzl4Rkbk2RsO1h+C3m21lvHFMJOP3Fw40z4zcFQ08vdXeIioa7rrvEtUUzfntBICIJyc2txiuYCiS3oB887yBAJsbrbRXbinuorlqRl/nFvc41bt7bS+jtj10nIejPb+dABBxasLm5hY6OuQ1IN0sHAg+G5+sP223RsG54VwTmy7qCbNikMe2oQ2etdfwB4qbH5yjor5aNv6bVMQBIBwOs3efvRkNInl1y4KaMvP9Wl18FZheDiO6f/7740ohOMjZFn+wfsffb4E2o4G7FgV/XDZZnTPff6TM2zJV+BO0mhjp5rv37KW8zMH8SCIp1JTD3w6Yr2O/pdGaMTi+Z2zKdTZeBTcMtarjHzdYN+jQIhgSo3Fs7+y1vXZis0fzLafKYT4SUKtNJtvv+tRe86ZIbj6P9Spgx5+2w36Xmo+qiuDSCrisInY3f32z7T5/0Nx531Rld+/PMX8FUGqzyebr6z42PoVIDVVFZ65Wd6UtBL/emJrLi7ef/N3sVP2BzR1NZvP9u2I+HTiM0R390boNhEL2fluR/C6rsHLkm9rXBM9sdb48blu+1fYkKK3CfM2Jhr9TGQeAE805m4CIC9Hc0sKWrdtNTyNSRGGm/emyq+rhXRe7Bp329l77ayVq+OXSavWqsyWyEQBee+3XrWjeNdnnzXciTlEmUtDFveyNDQBrxuBu40muieezJqttww4N29pD3O5siSx2hwIbRaIVK18nHE7BFzoRsSsH21snryMMj2+EphPOlylejp+Ax+qsCT82dCi4xs5c/0jYSwuuWGmy/aHDDXz40Xo7pxIpIs9vBQE7DrXCIxuSs1HwRNi6+e2mQNNwh0mWX1O2AkBxQL2HwZwAgGef+392TiVSyPBu9vv3dx2D33zs7nwBUxr43WZby3p3HmB1c4C7nSzT6WwlM6qrqwtVDBk6FFTECf937/mMSRdfRFGhjeliImUMLrQSXzTbGCFe32y9ElQmSZKpP++Ad+w3YjYpD5c8NEEdcLBIn2N7OrAOe7pcevifttea3z79B7unEynC77Wm1GbY/OSt3G2Nokt0b++F16IYA6c1X1062WzMjR22A8DkC4e/gtZGuV1fff0tNm1Owc5dYaQs18qjb9cz2+CjBF5ufO3B6PIdalj6wFT1lHMlOjvbAWDJkiVhlPq/JvtorfnZLx9F62R6kxOxMLaHvWzCYCXNfHITrE/AfILrDsH/2WQrsWenVwpDfNvBIp1TVAmNK6qGb0bzDZPjHDx0mOLiIioH2xwoLlLGkCLYftReC7nGqgX0ybVy9CWCTQ1Wl6WNnP6dPumAS+6tjk2X35lEFQC2b647UlE5rD9wgcl+a9etZ9KEiygocDinskgqSlkDhNYehBYbjYKdQaAs11qmzE2bGqzuvigSnLZ6FLMemKLi+o4cdU7AcNh7F2D039fa2saddy+lrb092tOLJJeTYU3DtdsoGNLWU3dzo7PlMuHAzQ+aL98/Wa1xrFARinpNkx1bNzRUVA4bCpxvsl/jkSMcPHSYiy8ah1JOp1sQySTfD71zrJqAndpzWMMHB6xaQK8cx4t3Th8dhMc3RX3z/89lU9XPHCuUAUcWNeo/uGq1UupGwGiw57btO+kIhbhgpFHsECmoR8DKy2e3YU8D6w5a3YwD4vRm+dfPrIE+UTT4oeEXD0xVcWv0O50jAWDHlo1HBlQO8yqYZrrv+g0bycvNZeiQKPqFREronWNl5916xP4xNjdag4yqip1P49VJYy3g+dzO6I6j4I+79/HFuuU/cK1bzLFlDceOGv5uawdXAMYpIFb/bS0azcjzhztVHJGkBhZASwg+iTj39OftOmb1LAzrFlm6bxNhbc3pfz3axUwUr3YcZ+GvLlOuTnNyLADU1dWFBg4ZthnNtdgIvh+tq6O5uYUxF4yUNoE0N6TISgm2L4rVgz9rsoLI0CLnVu9tOjmrz4FBSGsyPMxaVqNcXx/ZwYWNYfvmum0VlcMKgAl29t+4aTNbtm1n7OiRZGZmOlk0kUQUcF432H0MDkaxtsyhVqthsaLAamiMxu7j8It1sCeqZTgA2Oj1MuPHk+wv5+UkRwMAQFH+pJXZuS21QLmd/Xfv2curr7/JkMpB9CixkVBOpASPglEl1gQgmym0AGt8war9VgCws3gpWFl8fl0HTdEvcVGnoXbpZHsr+caC4wFg79414Yqq4S+j+RfA1vCM5uYWXlrxGocOH+b84cPw+21kkhBJz6OspKKHW60qvV1hDRsOw9F2q3Ew0naBjrCVxee5nVGN7uu0pr2dmgenKZtJwWLD8QAA1gjBgUOGrgd1JVEMNtqydTsvrXyd4sICBvTvK20DaUgpK49AQ1t0QQCsavzmBhhUAIEunikHWuDROmtsvwPe6vAz86EpysXhSmcWkwAAsH3zxi0DhgzbrmAhUfTItLS08uY777Pi1TcAGFTRH683ZsUWCUgpq02gpcNq4Y/GkXYr0WimF/rmf/6DqbF+/uuN9rP4nOb1DA9zl12soix5bMT0TtqxuW5dxeDhzShmRHus48ebWLXmQ1565TWOHD1Gt+JimUuQRhRW9b0tyi5CsF4JNjVYwWRw4T/Slh9phyc2wht7HKnyAzyPj0vvnxjdCr6xFPNH6fYtdW8PHDwsE8VkJ47X3NzC+g0befb5v/Du+2vYf+AgCkVRcSE+qRmkNIW12EhOBnzcGH16sIOt8H49FGVZXY7/uQH2OtQxpxQ/Kwhxw91TVEJPeInbS3XtnOBtKH1PrM7p92fQr7ycsj69KCvrTa+epWRnZREIZJOTE8Cjop73JCKQm5tDaY8SPJ7YXu+PG+CJTfZmEcZYSCm+t3SyusftgkQirq1qtXZ+SzgAAANFSURBVPMWX4/mUewsSiqSRl5eLrXTpnDd1UHy8mz2vUXgQIv11DZdgDSGjivF1Usnq+fcLkik4lpn3r65bm3/QcNWK8UcbHYRisTX3t7Opo+38Pqb73Dx+HHk5sZmil5OBowusd7lGxxdMMuW3drLjGWT1BtuF8RE3F+ad2yt21o5cMTvtCd8MSDrhqew401NfLS+jjmX1MasC9fvtYJAY3v03YR2KXjD66V26UQVRSZAd7jSarZ16/rGMaOGP9F6glxgPHF+FRHx09DQSP++5fTvZ2tgaEQ8Cs7vBt2yrdmADrXgR0KjebAph2sfHJ+Y3Xxdcf3Gq5kTnKFU+CFQlW6XRcRGzbQpfOfWm+JyrgMtVuPgnlhn1dPUA9cvm6peivGZYsr1frMdW+q2DxnU/5Ew/jYUEzBMKiISXyCQzawZ0+NyrpwMuLAUWkPwaeyeySt8YS65v1qtjdkZ4sT1GsCpZs4PDgiH9Z3AVSRAcBKOeWXF80/Xxvukt7yhLwUeA2yuTfw5HUrzw/wp3LFEqSRcqfDzEqpz/KU/L9+x4vmnr/V6VZVCPwok9CAKEbF1bpx02RT1p44QIzU868Dh1mgv45ZOVUtS5eaHBKsBnG7mpVeV6xMd/6rR16JU7FqRREx5tB7/0gvPvOdmGW75q56P5udAmeGuLUrxg/wO7l8yTSXesKMoJXQA6LRkyRLP2+9tqNYefb2GRUCe22USEfv9iuefvtLtQgB8+2Vd0O7nDhTfILLa7+tKcWM81uhzS1IEgFONGXNjRnGPgxeGPZ7pCqZjdSNmuV0u8XlasdIfylz44otP2V0gOyZufVNPCod5GBh6lk0aUHxn2SQeQamUXscu6QLA6WbPnp0Z9mZVhbW3UqMqNbpKoQZoyFXoPKAQyAWiTAolInQM1Eeo8ONF2Z7Hli9fHnK7QGey5FWddcTDzSiuAgYACs024HeeMP95/zSVwMuPCiGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBAiMv8fEXkhdG5DOgcAAAAASUVORK5CYII=" + }, + { + "name": "caddy-crowdsec-bouncer", + "author": "hslatman", + "logo": "iVBORw0KGgoAAAANSUhEUgAAA+gAAAD7CAMAAADO105+AAAC91BMVEUAAAAAAAAAAAAAGAIAAAAAAAAAAAAAAAAAGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/0PkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABO1Pc90P8MrRk90P890P890P890P890P890P890P890P8Nqig90P8Apw9G0v0OryM90P8Lph+B3rwApg4HrR890P8AqA490P8ApAc90P8ApAcXtTsRryRGxm4AfQIAqhIDfw0Vt0MCwIm37NYAfAAAfQMAfACp58qg48ICwYuV37gAAAA90P8zNTAAfAABqQ0BqxAAoQMApAf///8AoAEApgkAowUBrhQBrBK6vbYBrxcApwuCgoLh4t/a29fc3drf4Nzs7Orj5OHX2NTl5uPn6OXS1M/V1tLp6ucAog7LzcfGycMFsRwCvoEQtirP0cw0xVcApRYvwlDw+/QBqSk7x1/Dxb8BqzEUty8qwEoBrTi9wLkJsiABrz/r+fECwYz0/PfAwrwvvcUYuTQmv0VXWFU4OjUbujgMsyPk9eTp+Ow/QDw0NjL4+/nb8txDRUEjvUEeuzoAjAMNtCbu7uxQUU99fn1dXlxvcG7U8NUgvD4Cw5V5eXhpamhjZGIBsEba9ejP8uIAphwCu3QApyAAkAn09PPE7tpKTEji9+4AqCSo4Ks0R1eU2po6PDt0dXTH68ix5LMBt2Se3qK369HA6cLN7c6C1Ii55ruKjIozja1dyWYBs1QBgg2L15EzYHZSxlxozHCZmpd50X9IwlNxz3citzIjriYNtVE+wEuo5sU1vUIsujuqrKgorT8ZriEZtCo7yfSU4b4nRSU0sdkRk0YzlbcyVWY0pcqQro0Kiiw3wOhJwu80iqoKkxwzaoInsqUzeJEzf5wepX10krMXnGHF4cVihqRgcoxmn8PC3sEzh6YBnj9Ut+Feq9KBhqI/x4Q0xNpb06MdozAKbgosNv34AAAAU3RSTlMAy4IG6ruk4wz8MfcW8XRkEJNv2cMk0rI4rItVXAybex4qQEbeTFBqH/L9zpcq4lo/u3ogqJM0eE01/WOth7xl6G7T3FT57OKpSbbmyl51xqN9dJdQW+IAAEF3SURBVHja7NtdasUgEEDh2YjvilFjCJKXEO4eZv9raaG0tC+Xtjf+JJxvD8McTZTGTCjzlo5lX7OP6nxep+WRtrkEawTAxRk7L6vTp/yeAuMOXJIpafL6e259zIw7cCXh4fU/3MSwA5dgD6+viHth2IGR2ZT1DHEJAmBEJkU90W4FwGBK1rPFRMMDA7G71pFnATACc0StaOK4DnRnV60tstaBrmzWFuImADoJWVtxjDrQRfDakksCoLHitTV3CIBnrr3Nv7DVgWbMpL1EPrYBbWxOO5r4XQ6oz3r9Oy7ggUtZtD/PexegptnpEBYBUInJOgpXBEANZZB1zlIHfrjd6fw7z/U7IHLbbCffgU+3znbyHfhw72wn34F3t8928h04WRgy28l34Eyzjm0VAK9KOroswBt7d7PTRBQFcPxCAUsLIiBooaCCokbFmBjjxvgQ93bFqkk/pvSLyIIHcOUCNtB0Uz4WtMvGhWnXdUPCvgsSoiRiiKYJdgFuPXNLh4GZqZ1pi870/DY8wT/nnjudAVnzGg6v5BBqnjfMDGaxdIQa8JKZw2N8nw0hw16w5tg7KZdKpePj418i+Fsun54csmbC0hEyZuIJa9BJybexsbG9vZ3Pb4F0Op0Bm5uby2B9ff3j+s6P7wfNKR4fqCNkxMQsM+6wXPCBSud53nkaiJnLOgfJZHJ1NbnzfZ81Cj88g9BVdn5Y8lVB5qDaeUaj81xuZWXNs7bzZY81Av9zE0K6GTy3l30yNY/tIMk7X+Wdc7mjA2YcfiEWoau4hzv1ycjX87RW5zxz3rnk02dWD7yRszrHkBY3uTozQ1puEwt4ynQ78QHFOJc6r3Vsh84v+Gpwrj/G5+kWcp1q6SBXp5tq6STm94bp9dt3kfK2XcocnGUOVDrnjvZZnfCXMxaFobfcW6agK3Og7Fzr2A6dq/pkJPUnBFkFht5qr5mC3sx558pje2Yrc6Fz7cx56gesLviGiyVh6C32iukCmdce54XiYiCazSayqag/EAbxRW9xt7CdXv5Ys3OQ+8L0ekqQNWDorfWI6VH2aY7zfMEbCGUTcyCRigrhOIDMAxVBkSAIwfe7W0kPaOQAj1+isCAMvaUmHrP6Hfo0Ovd55yFxLhsJxmNxLgykzIEA/Fy4mM951B3tscus98MZW9/I7ekpx0ifnSAM/Sq8ZPUrqXZeWAxB41xiIRiLQeVS5orKuXkQiQjFLY8qved301y92xzuQVd3x3CXk55zdg13Dz6cvkvaHYbeSs8ZZ2ycg914du5MNhKOiSqVKzIHPHJRBEQj0Wg0XFhRO79LQ90yV+83poYmO5y0Bueo67rDRtoXhq7wTxb0U7XKpVEeEmKcfJhz59NcEDP3S52DBRBa2vAoHTA93pD/mn285z6tT7/r4T3SpjD0FpplnJHL9oI3Ic3y4JK8cq3VHCJXZL4QAh+WFaX/ZCrM+M6qfdzlpLpc65lpy8GOoetmG5lyT4/Ym7mgK4b5u7mqUCBWoZq5wPlFyswrUqnQUkb7+G7i38Lyyg3oGmvDuY6h6zTl6qVc97hNx4KuZz0vBquVJ6Lx2plzisp551LmokDec8k+M/ma/gAqN6xj4AZpLxi6Lo5RKnJS0bUHxhd07c53BSlzf2xJ1nmYk2WuOczl01y0AAIZldLN+zR9poM2xjk5QtoJhq7HABQ++tBxg9jvuW9SSsdsRNOsoc4Li7LV/O/TXJG51DmvXMo8Crxrl0s37Zo+Pkob1zvZTg/dMHQdOmGKT1+Y7i6i5amhzotZaZov6djNlZVD5il55iAyX7hUujnXdBtk3hzOwT7SLjD0+j2g9GYfOWfvoXSIqHtmpPOCf+5MKq56Zg/WnOa8crVpDiJgfj6eVDxmM9uP3m3uYdo8zs522dUx9Lrd7afDdtLTLXKNDdgIsXXTXgdRNWug811pnAf1DHOgvZpHF6TMRf68eumm+d7M7VHaXP1u0hYw9LoNUidUfU16IDtDSF8XdTV04+6T8Urbefwvmfs5xWoeUgzzs8oBr1xU9Mh9M9fNu62zlzbdrbY4v2Po9bL300kiC51nf5329hGlCf2dF+LVzqOyQ/ulF9Rkw1wxzdXP7JHzYc4Jwjv5nVyOXfCffwAabkVaoWucWB+GXq8BSh2V0G8Sm2NMfJIOI72X3jH+U5myrPNotXNBNs71T/OU9jQHAgjGc55zX83zdgsf563RY/1NHUP/w965/LRxxHF87PVjba/xLn4b1zbYhlZNX1FV9VJV/RtmfcoJiVcJgSgcuHHJiQO9hMiX8jgkHCsOFpzJBcl3DpGiEimtIqJKbVW15y679jDGZj0zO7NxwJ8c2ksIsvjw+813fjNDSgHGQVt0gxSEUfM7TzMncf9ini+1PZ/Hh13n+muOLO+u5kjzWaT5/AUdkdy7DyWPQ+VcBMEyuOEMRScCKY1ET0MYkS709zAncZjniyiGu25tjs+0o57dANMcr+Z4BNe2vCX63BxmOh7IDfJN76icCyIUAzeboeikVKCGiZ6xWndQhD7W2yBnLllAnvc8ubJgNx3T0vxHO8utnt1k7oKVA8z0lx9AHienISc+gJ+0NkPR3ws+mGuJ7kunzUhuxPz8omxJHH4wdQ717bjm9vtpBl1BO5bBYQkc7vmcxf0V7KD6iU7KF+A9oXigeAI3+lTbUHRSPDBgid7G9F6DKcYkrse+2hLZftqj0+bxzt7+5sETQ9Of6tv7ezvHzdPHSw9xzU0wyzHP7xus4xNyg57HJePQDRI3OZIbik5KFnpw0VshXBqmWQ6z4CfQm2gcDtcc309Dns9uNJ8f1q5l0zj4hiVw+NLcAEluXiyJ7adv6YN9uCXjg+4Qv8HD70PRSfHCkGKJnlIUL7Rm4tQozDEUdHwk7vjn9pwMXsxbYNV8obmLLm63Y3tm7YrnncV8xRR9eeUYS94HuqRXI9AtKjd3dmYoOilJa1EeND8ZKWX8RwJgCsJxphX6DGIFLdC7ijmm+emu9RwyEfXmPLL8as++YrJssMswIPcDcJ1YCLpH6sZ270PRKb7JitwW3Uzdi0COQz/DqTU8iTtte/4Qed512nx9D723RMrmaVcxNzEtN1l7xDI2A9ymCF3Ff1MTuaHoxJQhDCDRgQZhJFmAsOqwoP/Y3lkzVOx92ryJPYdMw9F9bGk+h2lueb621sRK+qAG73noMtkbavpQdHJyF827agAMJFVVihBqTC+nohX6DkrcZ6/ZT5vG3lWjpdlRzVdwzU3q9FtsnwBXmQhBt9HAjWQoOjmSB8KA3HEc3SM5LOi/tJO43k378i5LOUc8edyh+XKH5o/WprGpmYE825JkyNuD6YDmHYmNlcuT+amiN5uizfKK4CYyFJ0CxQ9hsKhY/18MQuhXQCd3qQr6zs4GVtDnu/bNZ2fqjJ4jnq9dreZrLR4Z7NXavB3Ekq7EIRXxwEhZAV2UysUEeWcQqoKbyFB0GiQvhDAUTxf88dDFNyexDcUdtz2feYoKeo8huGmb55C3DhuNs5O35+dvT84ah1t2/XurmlueI8tNVge6pEsJSE7Ib3uxq1zVKrfZ86HolIQLEXSNaJh1yh09h4wi96Ue0zGnpueHVz1vnP/aKzp7+frdWe9ZmhlUzHHPLdGP6PfSPwduEaCxXCG6qfvWej4UnRp1rFhIF4pjKuhGJ+IP9Ewqitx7zLoeW57jmh++e92n8L56cdajfV/pXJsjzVdXN2oIfdDeVy1CQqJFBZChjFRuqedD0XnypU4E8ryJnmPpOrmy+Pxq2751TrYH9vL3Rtew3Nql5cYfy3LDc4N9+on3r4ArVIk1VwE5Usx3Kz0fis6Tr4hFv9D82dEyiuKuHkNd2L7i+dtXOjlvzq8s2g9X17qqucU0FscN1BysGuSrOUIuRq/1fBLcWIai8+Mjws697fkOepKl6ya4zc7l+duXOiX/1DqoW5pj1dxifX37Su8+KEMzGiRBUwE9SuH2eT4UHeHaa+hW2350dISiuJ+vvqy0U69ju2qNNzo9L0861+lYAoc8XzdodvXuAxHHTUACKhOAjarvtnk+FB3h2ivJF5pfiL53vy364pW7Y07xtn3rtc7Gq461+jHy/BGy3IShd/8YiEaOw/4UVMCKkr1lng9F58fHhJ272bYbnh+hzv3KfY+rT7C2/URn510N4xStzXHPNzY26Xv3u0A0OdgXn7PgLB+5VZ4PRefHXcKCbpXzvT2Uuf/SeUXUPJ7CvdOd8GsNY+PS8/VVy3LD8w363l38dFw4BPvhURxfZ3GbPB+Kzo9PdCIMzU3Pnz9CS/TOi+D2nxyi5fmvujNeY6Lvrl7R3OTxY9qZGfH3wUop2A+/zOGCKp6eq8lMOKkC95FL48a/rMjvVXRJTYYz4yVFugWif0YYkrU9f/4UnUTHNX+4itXzV7pTXuHNO+rZcc8fb9KfSr8DhFJ05yJH1Y88HwMsKOX8qFcLpD1xX/sL+eIef0DzjmYkIBZpPJ/zpypR1PuEgv7CyGTJXdHlzFQhkQpGYZtIPK1NldWbLPodnYi/Dc1Nz/futTE1R+8k1lE5t6nnTDW9fqm5JbmhucEx/SJdByJRoy4dJZWyzJ5L47GAbWAYSXirogp8KVbwRGBvKoV8yR3RMyOBeAj2JOTJVWUW0bXgtWicmsXgNYQBIToZO2Y5N5hBWVzH7c2nl0My5zoPzmuI5iquucX042m66yfEj8EWXTtIKqVZPFfLXn8UkpDS8iXulo94+uYXo4po0TO5ILQnlB6T6ES331WNqEIvMokDQr7RyWh5vr9/+Xgq/hTDg0vPz3Q+YNPv3ZobINGJOgjxY7Cyz72rIeQEpedyvpCCVPjLPC0fRZb3sWxSEid6OFeBJPi0MG3rbtMlTQEOJOA1jAJCvtPJaHu+v4hER5YbHCPPay91PrzENtPbS/N2MTfZpt9J14E4Rt281k32UHguVbMRSE8qLwEuhLOQnPiYINHHUpCcdJhO9BGbjxE4Z5yyX2DP3P81NDc9332KQnf8nUTDc1ReefE7Ev0QaW4w3eYZxSPK4mdmpCC0paICnqjEBTdTiEJGgkXVPc0RqUmuoiPN6ciGaURXIvBaMgLnMwqc59z1P9qe795DomOPHm9sbSHp+LF1GbxjTTuiSZHGiZ93j0FbouPgvVBNQCdEtZJ7miMSSc6iT6YgPZpMKrr9JQQF50XE5/iXyJc6GX8ZmpuezyDR8ddQ97doplfok/fnSHMMmjRO+CJdikM7QmXwHpBiceiUyIgEnIzsMhGZ4il6JgWZqGTIRc+IjOPyzj+DOzoZVjk3mEaiY+8kLmE3rfOkUWuDNMfZon9CWQeCGIO25MB7IBaEPEgkmT8UH2TFXyIQXfjL1TmJVHSQYo/j2KO4GO+xOH2/5fnmfbS7hj2HSjuOSj8K20SWY6BHlF/oBIhdpNsXjaAMXCfjgZyIxAALagA6wJfhI3o4BR2QUEhFn2KO49ijuKjMe4muW55vbm7+jEQ3NTd5WMfePeQKEn17ugf7NQPKnfvvgRAmoC2TwG1KlJbxb0jKDvuJyCQH0aWREHREPEkouhwVFsdpzjdsvyQWfdfyfPspEr0lucEiNnbOl5Nam16iP2NYMHwKhKBBO9LAbWIRyJWsDOiQNOiYUceilxLQKb4MmeigICKOs/8VEua+RP/N8tzgHhK9rfmDh6fUly/Tj7yfTneDhmAbOjlACD7b6LoE3EXNQt54VECDnIYcKDoUPVmBzolkyEQPw2uJqkKiuATgvkT/r1XPt3c7RH9oiv7gGYNwtL37znQ3p/T7a4JOsGX6VCZ3yQQhfxISIEdNQC7EHIke9kEeRMeJRAc2mUhMSBSXB9yX6H/ubpqebz+7FL1l+YOlpTr3zh1xYrtIZxH9ByCAnG0SJwFXqYagCNISIEVJQT6Eqg5En4hCPgRLRKLnbfohEVGcT+a/RP/T0nz7oImL/sDUfGmRf+aOeGG7SKdfMghapFcG6VE0JQKFUAAI0R0zIpJllmeS38cQ99iJThLHhQEzGoeE9AdK0Q8OTu/hZ1oMzw2wwsqdN2Siv9HJAfwJQyhigcbeX4ghz/7EJDusoudD0A28ZJ97QUAUlwTEfK0T8pdVzw8OpjHRrXK+uIhlYvxBLjd5if4R4I53sN4zFlXSo0lAgBqHBIgWPcPsObvoSZuPTuYexfkBOZ8Qi25pflBfvxR96YJFgz1sO5s7Z3ZpHMPgrZCRmZTdMpMscv8gSrpHAn2R/JAA0aKXfNAdvGSH3GCMexQ3BsjRyUW3PK+vYaJbms/ObmPnwrnzttZif7qbJ/QzsCIun0hCG7KAiA+ipMMil18y4kWXPdAlvIRz0B7uUZzE8YkWxEnL8/o8JrqpuQHjgRbKs6oH093U6UUXMRs3CqHjqagPo6RHFNJOUzwexgdtBYou+bjHcRqPy+o+00nZtTx/8mTxUnRTc4MFLPvmz2u7NO6ApZe4A3gTgAiiX7ziUaKQHSeBQ4aglxAvehG6hpc0rClwjuJKPN9iQmwbmpvPJ/54eRx90bR8dmGeKXTnErszLRo+B7xJ0e5JiccLxRBKEj4xKR4P48EDkaKXeMdxeS5T1d/p5KJbnh/+cim66bnBupATLQhM9K4TbOjG5991CgBnpNBAHWchKelxf1bzTo1NjCvKeKaan8olSCtxlqDRJCOYSAc0b66Q9cf5ii5RfL2Q8UkUchd3Xyd8HEQHaS5xHMG0XRVQ8KlOLHq99XziU0x0U/P5+VORu2u46I8tMN13ay3+0YlB+2uu7KJHZECH+JKe0ibVHnaEpwJRiGDbRMiQ6pUulhW8EZgYDUQZRWdv3H2BqYwMLlGqRX/IoehVvnFcmM+0pU5Mo/V84k/3ED8umJ67LfqG8ceR6Pyn3fMDdW7N9pL5eGFMsfk7oxXqn2wcyUNkuT+mgm6kyWyEi+hJoi8TDZR7uaJMJRyJLgW5xnEal2nLj3RiGu131TDRTctx0c90ERxi98aZOBb9W8CXHOTUrwku6b5i3wBHwq6Yo68loySa21xCpxajHET3kxTzERlcRzJAJTp5O6Hxi+JCCudnVJHo7WdS7yEemp7Pzc25J7p1u/u6U9HvAkYYfrKSgAKhJT0VkwAJoyFoz6SDqD9U6BPmeSNORR8jqOZFGdgxnmUXXQlxjONifIYzPtOJabTfW7qHeGBqbtAUK3oDzcCuWzgWHe2viT+LHgUuYldb0mVASrgCbUmzb16n+nevit+Z6HKwf56ogn5MVFhFB1ny9o49iisDGr7RiWmY5fyq6HNuiH6Gi7568WcDS91ZRP8acEWBcCCe9r2+pEcK4xyvrYhIlDNcCE0maikiTkQf6VvO81zvu/NS7O15eEVxFUDFlzoxDctzXPQlS/P795HoJ7oI0In049UWGw63174CXCkP3i56Z0n3UGiOj6tTlpNCP8NIy1A4zi66FOz3t5KkEWuERXT715nCnKK4EUDFtzoxDctzXPRFS3PhoqNh9xk+onM/kR4boLtlOlB96MpiSpSKbWFmmq/3hTnfW+FhWaEnVEDKRJRN9FFecZwcZRxEZh+MQwtlXHRL85WVY7Gin6Pja49aOBX9E8AKdbM4AWgQUdKDTN/CeNRu2oZlFi9IE0uqHlbR+/xFvwzIyUSZRFcjZHEcewUJAATxtRPsos9ammOiv9VFgER/1hZ9nVF0BECInjZVwPtE9sGsApiYhDaU6N+SDZYoX4tlEz3D4zYsxLiPRXQQ4BTHeXiVj7s6gkH0BUvz5WXBor+rtThaG0zRtcEM3S+YigESaEtjlfrpuUgY0KEEmUTP2of+Mm38EmIRPcMnjgtzew/ijo5gEX3F8nxZcOv+T63F3lqLARO9YNfkfrBUKYfj4hwuocIJRxhETxJckEPFCIvoIMUljitwCX7QRVLMos+blosX/QVv0XkPu2cHc3cNwb+kp2l7Zo3jYDHCQ5sTVAE9WRbRYzw+CTnK7c3G/7k7d96mYiiOn/toyLNJG5KGhkcehIJ4CJhYEOIz3KvuSIAoUKjK0A/ABDtbYYK1QmJgBqkLOwOqAAELCJWBDYkBp7mVGMDYf/tYvvxER8Sj/cX238fnnEkFsOhXM8/XnIl+K+OOX6JPSTJeyi8jyYFbU7F2RAAFfdEDk7FSWP1NKHcUj+PqwJWt7PEaLvpE8zVnoj/3VPTAwyctFogkmXNDb8bkAHxpqyt6L5EQNwihC4hOMxYOMYG9lkWnUgEs+o2J5g5Fv51hLPpRgtE7nRYox8xJKvg1FMP/F6Z1Ra/LYwKMKUD0svkmr2zxOJhmYKLfFpq7Ff1Gxh9Ef5mqY1v02KdOzxaZ1eiDtyDLwKqEEbU1RZ9LGE5R/ZK+6CS5HewbRnF1cryiTzxfXVt1JfpjT0WvyI6FOaasEWvNsQyqGemJXqyw9OicAUTfb/rhX6wBh3yeM/qtiear7kS/mrFqJrrtM7r0pyDPxJJtsLpilSrBHNYSfZSwxKItQPQoNozj6sDnBFPqPvZc4E70Rzvv38WXZ6LX/tMVXXI6ndVQ7CBXH+1AZ+ntEs6cvug0bxgWBMBFPNM9utDcuegC/0Tf4+njNcYCgVDjcq1MOMWajugB00DbISB6y2xzUQZ+M1dlXKb5nTuuRL98LcNYdLJK268pLfaYUT5n7uMqJZjREb3CNdC2CZzOpoziuIPAdoCr1n2iueCyK9GvTBrJ+ya6JGGdojwTKl+YNbke6g40RG+xdfSaB0TvmsRxjRowEp3r9VrmuWvRBZ6J/p9WxslOyHPqje1bbFU7gXpQcJiMGACiG8VxC0Dow/Ue/UGmuUPRr2esGYp+jACgcug25Zn9qh9gZUAx+w8JptnqGaIacLESGsRxbeRjU95hBhddKO5W9Bc3M0xFP05WOSgrCs8zXcmrPODWGKKuLnpBofkVyD5A9F4J3uh1FI6CWM84XHTRsNGh6Ms3lwWmop8hAOgEV4rIY6Jqqyzj70tkrLx4HSEzehLRlUP3UpHv4yZEbuX64NLRJYisCywuurDcpejLK8vi1++iPwREB7vAYqM7++Qbxc7CeNBYcDiuJDCx8oLXIkNqyqJX+NoCdBDRh+g+p1GBJvPK+7rDom8IzR2LvpJhKvoJAsCqOrrkEdXhdKEpyc1g0QOF1tAogaroVcZHhA1E9Ojw3+O4CIriQsI4mgpg0SeWiwlJzkRfWloSmi+t3DIU/SxZZX8eamCjYSEr7GEQvcmYRhZURW9xFijGyHf4EBjHteGR6PLZa7joQnOXoq8L08dfpqKfI6uUE+8rZlphZjmP6DHjO91pVdHLClrBTCGiV7E4rmN/Y5IKcNHv7Xh+15nor9YzTEU/SVYplvxuGles700EjKLXAA3M29EGypfdHcablRAL6/vAnzUilONpiot+bwcxyNit6Bt/FP1dqsEBskszgfNeforzQkNe0SPOARYDVdFHnJHoPCT6ADlNNCr26/XPpyks+vpEc8EjV6JvjFnf2LhtKDpZZh/8DJqfTjNhIFaNquqMB6NAuea0x3izEgJLgDRAX5DX68Olcbjodydccim6wFj0U2SZQ96mccWZJINT9B7nrUNLVfS6Qos7mFnsGzwL5AZt6Uh09H4NF31p1/PciX6CLDNKPC2CHTQTHmLVMaojxlm1gXIFLBlTx0RvVLTjuA5HrnsgNRT9ksC96DfMRL9AluklLO+mGA6WPKJ3OGfPFVVFDznn5XQx0emg9g9GgaWMN8VFXxlb7lb0BxmGop8m29S8nKcKbNsx0cucojckoiseoCqctRIhWlI3r7cHaJIJx1JY9OVLeRX9KNlmb+Lhk/RDCR+xaqnKiHG7FCifhyPWrbuUQDOOmwVGogPNpGSib+3wbZdnH3Z5spXx/j4HX7YyXnzPeP1hl6dbAl3RDxAAvHaWGsQAEB/xiV7lLFXpexHGTaOi1zWDyjbcYtO89cT97bcfF/3m58ev91NVCAEfE1YnAIa/Ep/oRc5/fMeL67UQFb1Y04rjOliJoflD1TeftzcX88Hm9uc3qQLHyTqNkm+5+6iUcBKrNryeJlOGqqIP/SuYGTOjFccVkHoM89j9x/Zirtjc/pT+k4sEgY/tGZJzGnECwFACO8+YdwfkLvsvwKL3deK4RgVfLfA07s3Xxdyx+fWfq/pJss9C4lccBwXuuOh7GKdMhqqi9zkPEIFEdDipjSPlYOUXdef2G0UVx/HZnb2yly5sL7QVWrelKFFRn4yJMT7wF5wHug273bR/gcnSILWRmlqIkLSSSIp9Eh5QqzFqTLR4IbE1GgEVCKAJLyVpSIxvPHB58XvOmTndXWbPztmes8HPzs6siWkU+tnfZc75zW5rkzwj0fz/krPXqH7HVIkubw2bmGyu+3Fhrd+mmtW5vlguer/eeVbatu08odCOy0oeiW6oSL//uPff6nPrtqESXf6N/xg9UzXsS9b2yNaevm1t9dmqMHjC2CytTr+iZwzmVP2kedHtkO//ru2yB4GYKdLf/X+Gc87afYnor1om6CMS4h1WS9lFGhBvT+eSSuWxXPSIuT6YnfAnOgiZm9E50LTooMd3Oy4iyQnNFOl3vHLi1XXKZw4faAQ/DafmWF1VS9+fskzQQWR0Wa3EzhIpgTYmuUbR+wzdSJdX3gH/y5aSRm6jy0VXH32TTEj+T40U6Y904dbvnltZOXfunXfefvutt95888tPP3njjddffz1/gJHHQS/5A8Vi/kB+pIhLvkgZoUcB50KhMDJeGKcXfBgfL4Dx8f37ceBNGabvYRwl5wM+lUqj9BhlB7uAsbFRvCjlmZmJxYkjR26sPyL7Py0t0YFcriGrhQwQGdkhC+gVfchc2ZL2L/pWc1834eZFB2Gf7bhtJpdiPN/Y89W7K5RzoFp0WO0AyWG4cyrmizhG8tRyUAS4UNFHACTHgX/aD9ELsJxeXd1ht2M7Dir6MJV7mAuONz5wy3Eqw/OZRSr68bm5m+s1pteL6S9YZggSGdGYpYDJlnufbWkWXR6zQrYxxQL+b31ENM4QUhd9yGc7Lit5souJIv1OjebLy8vw3COi5ytEdwJ7kQZ1KvoItx2eQ/ECPeNC/R6B547sBcjuBHUWz/ECpRJ1HZrjE1wHsJudx3g8L+FEbYfo88zzI3NzpxdO16heZ6XcXks/IsV8PJ6fHJUU5whtBkS3E6Ymb2Ti/kXPmfq6gambEt2O+mrH5WQ3DQwU6fer8uC7S8tgZblK9E9F6i4y97wjeh5Ad+46TC8y1YsFFtMd11k4L1DdqeZC9o30HWcAt2lEB7hA7xLshun8BVhEn5g4cvz43OnTZxZOVKu+eruFJTroIjLiCu0Uc7Mq4wOWAdFBp0QEjYrJRU8aG/SzczOig6CvdlxEd0NTPk7qr7VKW1aWILpXRP/ETd3zwnMKP0Nzajm/jFAK8J2V5/QTBIfkOBd4zo7X8DAN6q7g7MzgCTzVfEyU6G6RPlOen5+fgOlI3c9Q06erTF/7q3UlOthOpARsq0UENUinKnrE1HjMbt+ig5ChO+l2aJOi98d9pHrJhMKaeA2Pa7lV6fny0obo5x6J6KJGzzsH68ZxivTNGMEbpjvQD5DcCedI3jlOFHerdHouiSIdpg/zEl2Ec8BTd+TuXPSFhYXp6YeVpv9ruESXNH013Ao1cOM5a5sSvc/ACmC5ISCg8DeQyujao6ouOujyUVSkDXUSBTU30Ct77UsHl4Tpkq47d53Hc569j7hNd56803ehyOI5Yz+ERwuOHW7Ozv3mId3pycFvHs2Z7hxen7NLGe04iD5BU3d4fuLE9OHD1ytN97id/rxljAEiZ7ell5jy2o5dlinRc4ZWAPcQFdGDhuZ/dG5a9AEf7bis7v6C/AbbWkU8r/FciF7djWPR24nkOCOoA9Z+g+DUcByI4k4gBxAbn5w2uyjMcSrh7SbvaMpxqOfA7btTzV1myqwbh5COxJ2KXmP6LYXM3WQoFQWyTtLZpOLvVMo2JrqdMvL8uVhKKrpK9TRoaxw4rV4ODTb8HswZ7+M+W6fjDs8herXp+76+8s2pyWNgknJy9iTnPcEpzoeMH3744RvK94wLFy58y/iKcf78+a8ZP4MfwW/g0qVLv4KfwC/g4sWLf4KrV69eu3bt8uXLN2/eXJyfKfOYXobn8zSizyF1X0CNDtEPHXoo67w/Y5kDXshJdVj6QDrZmVRbWr3TMiQ6iBgpWnYTJdHtkJGn4HVpED3dsB0XMT908GnvgL58EAjPwb0rs+8fe59ZTj2fBTWen3LglsNzLrqjORCan6dUaA6o5sDRXHguNAc3J6jmZUR16jlMX2QRnYp+ZmGai35oXRLSn7UMYg8SOdmM1rkSMF3pV2rIoOhPmLjjkAkpiC6VBQzG9JVk6qIn4w1+QDJhfu/ji54B/e5RJrow/d7n74NjnEkwO1mr+Xs10VzEc655ZTQX4bxWc1CjeWU4n+fhHPASnTXdkbmz22sw/TBMP1w/pD9tGaWNyIGZeudKdGZUytothkSX/yKDdjObbQNqOVVQ44Ji9R8badCOS7fgebxPebbcDx6t9HzpO9fySRxAhPP3TtYm7SJrZ55vRHNJOGdZO6jUHHhl7W7jfRSizy8CJvocRKee05D+sG7j/UXLKHaUNGCwQ0+RkCCcQEbhNyqpb/lpSO2ewxM6FwQIAmqTfhIdRmZsBjdd6PeabsUJnhP30CsDOhedm37vJDTHi4kOy5npwnOf4RzUy9qBR9YORNbONHerc96SK6MZx3txaMahG4fUfZqZvrrRZ1BYLWO+SgchSVhVFdDb9LBkx6i2UiSk5kMoaaljBxRFB+3atxZ1JHSIDjql7bhcS570s/fRzH31qBAdnj84Bs+F5pV5u4jmXppzy+tV5z/LmnDcc6+sHYdzQkTnqfscv7027UT0qYd1cvfnLNN0kUakcpvOG5DRSkzv1DbdfEhiruIS4LBtYEpOQJ6DaHl4WayTaBJ9m7Qd1617rqV8vfu/GwH9bIXoL7uaC8tn3XjuUttr927CAa9wLjT3qs655rwJVxqr2rxWZktgj2PBDIp0nrpz0+vsYttrmSaZIo1ItFmbItZVUwDH/K50j+lbARRSXS/U00y7UV10tLT0Tu+LEF2iZxKSH5GMt2aD8wuOCRs573KF6A94F054LjSvtRxHTdour84lTTjvcM5fgJ7KYzMzNffREdOh+dTURuN9TW2gu/l+HOhK6nw6Kkz3mSJ26FvTG1IuW3pVC/SEuuhgp94bnNuIJtHBTkk7Lq2wxknDXtV3qzJ3t+t+b5IV50L0iptqOERxLsK5sFxU5z7COZDfOnf1xrmi647ba7REn6M1+gka0rnoFatmbpta/qoeBgWhpjupdl+cELnp7ZpmodqdUtFVby4m1KLpk1HSkID6JsJsv1pWEdclury32JuVPBJdK7Ul+trZjYj+kRvPRbd9lnfhuOcQ3bMHByTRXF6dc81FOJ/Zg3C+MXeCV+q8Rl+kRTrbvSZ6cTD9kGeR/rxlHtG8kRPJNPfDvS0Ox3y1Cfr0bbAPqUe/+JBKPA8RNdEFYY23PdqID4Ia5gpGNXYV5LxaM3Bi5ayI6C/z4px320XaXu+eGjxniJVwnp6rN+FKYAyiAxHXy/NlnrkjpJ8R99FZSN+oQe5oaMUZeORZtM1Wr86DCR+9roieJ0lsiauKnkkRoGUv/PYUaVb0ASIn+qTCzQ29orcRVeJJSzM7akRfFhH94KwbzMUqmQ+//unitevXL1/+3Q83pOy5scebsT3UaLjNX8xsnJ0r+8gWzLgRfeHMCaftPgXWPUR/yTKMSHl9Maiour07JOtqK48ilJPMEjXRQU9DJ2yfRiSIsuiCRn/8KZ91U2wr0Sx6LEUU6ba082J10/2giOh/c8+d8hyen9on9qNX714Dzl50dgJ8/xqfPIGj4GxvwQsb0ukngP0tYo6UM2qGb18rYciMO10GB4fGc/5296k6t9eQuzs1OqgU/R8zq+LkbST9qtu9cvO6bFFX6tiUnQkQddH74w3V7LAak+wm/gg0GTd3xvz8LWaJP4IGH6uRs7Szo3pd3FFH9KWDzg4WHPyu2vl3vGbGifkTxQNsXJwzHRKK40RHTlDVceYjImE49MbVHRc3DMnH3ZFxuHBK/FyC8DCcR3d6heZiaNwEHyWF1F3cR58CDzfWxrU4oIMh4pfBtL8g2x+MEuDL9A4Nc1Zi7UROqMlf5MRuu+Hq3ijZlOh2Y0OzOYWmp0bRnyRqZC0DvFK1o+Wsm7o/qLh7Dj7a5zEc0jnnmefUd+DMm2DgI87jMJ07zthPP/BYzi84sAOdms5OdJcq3qNsjBSOEhWdwne0AGf32hHsXmPNONf0qaq2+61WB3SQJv4JpPsbWberK+4nzXMVkiSInba/vD1MFERXe+JbVl6p59oV/uiUF5sKwlukmrdFCdEuOmgnSqQtA+yoFH1ViH6lwnOwz3vwhKM3U74Iyembj5FCFGchHRRHxtk4KQomUHDR+TwpMe7Z+cB0h+9489kT7I0XE54juu50BexxRHSxYMZT9L1WC9lJiJLruUzdIJAOJwhQML1d/u80ZnuUKIiu/Kzmzl67nmC5sNKfW9OLXEBX3ewm1jZIFAgae5Z1ImmZ4Jkq0d0a/QvqudiT+rfnhBmetfOLKNHZIeI6B5rjGHGnT/CDX3hxDty5cXwQ7Ojw8CgubOQz78OJSVKjZSE6Xxm3IBXdaiV2mCgy2N23q79KgMz2tp4ub+XkJXhfwwxfTjpOlERXD1mpyIDt8f2yNUqUCDS1PFEw2OMR1u2h7gRRIqhh+FxLn+S1w0v0e7Q8F/H84z885rrzd9654Ow+vgFdOFxY6g7cKp2Pk2KD3XkbriB0Z+NlgKs6S9zxGVcc9MRMx6kkVsC699ER0Z2Fcd6p+2tWS8lkSTMkQtlAuLs73N45GCKqpLb4eWhMuEGlkAsQH4Q2+3THUDjY27+h5kBfN7Vch+hgm/+v1/RAUljY0dsTThFVghpGY0k6Kgb4j71z+ZFviOJ4zfQ8untmzMOMGYwxT8QjEu9XRLzfr16Ymeg20X+BjSAWJMSCRFgIsbJDJMLa2los/SVi5XvOt+r07Xa7teq+3Rf1uX2rm9WP+DhVp6rOuS1H9D/8KRkeh3skt2Yc43mmjQOT7bQ9pOAU1oIVwWE5F+wv4RHDfQ1Y+Vyo5YovJSXAbTqu4yud4pC8vQbTub32Rn5Ev8pNli2IOlmWDocLqysbA4J6fX5IT0f9L5msHM9szlw6V2tEMRNx7y2HGv7viv+zmuJFir7VGJ7LXEFcl7NG/wOSE4j+PYrG5YhOxSl7C99AV+l0/RxgaNLxc67VtdizpOF8vefAKVWn6fj4qu4ywnQN6BhhPEUPLZlYS4qi50f0W9yk2VlqTJYrhynAREF2q/nTkF1oPqLo1ePGhKDo+ezUGhNjdvx9bsm1rihu+2tEv0eDOfgBov+cWwWWjnPq3pLfJvo5Rt+QSRo0NZW2DpD7XLfSX+pCqzzLYHtrhEGdI4/LKO+Fa6o8Gce5O+gWnQF94hytNCbJtcNd4SIre0drvbHmSi5O40Un9cn9Y89EFpsrXPTRt17ZEr0orvprRP8tRPQfPv30h99zRe9OyIGWEuo9M+0uU3jfrkUKuovuzMcxE0e4TlfPmXbHq8JL7p3T9mxZd0nGvadLdJ26s2Ycd9d6Rb/ZTYH6JGfvs/94/nzp5VevXnNYP9g52b32H69N5+KLbxQvOvc9JsVsdBGi6fUBuD1HdB/PfwBv5IoeMu6t0GER+KiuhjdlZO817dQC1X1sB01z3FqvYWBAtzk7Rl2i4y8gu7reaclE0xnRJaDnZd1vcFNh69LGpFjvTTsXzFzcbZjJiV4ZmKgoXvTR/+3UXXGsPfoX0X08V37J771miXci83fZQUdMx0DJYbjQ1G8Yr0fjziWgd07H+bm7+A4oO9wW3/FDZMeQab32ipyXYe81LNJRd+Lzz/sl425y02F5pjEZrs65WFMoc9FldooXnSz3D51TFX2/Nuw/XJE8kys6Nf8aovfvpmpL9ZZ+RHJsr6nw8rTw0nPZWNNFehMfvALjOTjVR6M5R7wYwSmbMl3oSVhrycSz7ryQzppxeaLf6KYCq8EUTP61sGrRq4a5uPJLBYgeceVgWqKTIU/yr7pCebonGfebWE7PP/maouf1R6fjQH60JKa3zjHSb4nkqriaDs+Zc5fRB3KL58oFl+dQXUSX5ug2iWcyrrNIp+jWkkk8zxH9Kjc1KoWvFfOr0J008ihedLI11mg6Hxn0rqmN8x94JkL0qM5d1hK9UO7ujejmOciL6BbJMehXiwFdwIiATs0puqK7a/4EbDPcamEeTgeG9FMOdBxw2n5hVSeyxSH9pZaP8g/M3OWmSPGz6MWD/P3scXDZYoToYP/SMS5LViNEp1Lji+lLO9ujim4cD5d0KZjHeyI603Amem4yjobTd0NE157Jus3GzugYLBMHyzlnp+iZFbrm2iG7hnP2SMcrlvsbLcFz4JNxEN3utPRG9BvcdDksdmd5ZrnfmZHRWTroW218YtmJPRcnOutXjO+QQpTo8VeeDlzBMB+XjejUvJ/otrlmeTlqzlScPhrQ8aV6I7LLMRlEd4nmortxyg/gOp0fdktnP1UcfbUKFCb6OxCdXZNpeq/o17lpwgoGxXFFxeWztdIYmVUXITqpzo9p3l6JE50czI0r2TlG0XnMYTCbrnCe6Y7o1JzkrNH/somembgzljOcK/jR5tnXNmRn9YlMRBfDfTzvnJURzyG4VZHiJ6jO/ugf4sAM1+g5Ef1xN30KC+rHO0WGs8tdlOikAjNGZ3PNRYpOto7Hk2+LEz3+dt2uK56nu0U307/5RkR/v1t0qyzjZ+8YefgVXuNbvvBybOJpY2AyThLvIHNzzWbu1iRd+qMDCeb43bW9ZmfdNev+MUL6R/ln3W91JaCgoL5eLXLiOl+NFJ1URk0T8FZttOhkebMxMhsuQvTIOtrWh6l4bn20e+r+Nfnms296IvqblnU/4+jPwFrdCX7hh7+Rfp6Zvrd96l18V8uRj6PoMoaoDrWB+I3h1Idz7qJTdLRes04tXvS3upJxz7pycDT+bd3Fw+KWqPQ8WnRyOOo/83rFRYtuXDJiSq52pYsSPb6RPttdFM8z2YhungMT/UdfM+4siG5z95Za/jIt5+wdhD22NjfR8QoQHC+DOgbhNHz5oC6+i+TysmAceaWrOCS215B114j+bjgZV6KJO1lbX2qMk9r6mvs76tETVxaLjxedrC00RqCGlfFoopODkRKDc4cuVvT4k/hbbiI83ono9wTNxfS+WXfuoAffZfLO2ftZULzpvyA7p+3IyPE6Ol8BER0ExfEQmO6vtUi9Z/U903tNAzpFz7um+uiaKw/LVyyNT/O9/aFMuzw62V11o4lOrpkbNf8QL7pRma3Fz2uWXYTo0d2ZyLybDJWnLaKb6OD7XNENlT0M53piRjXvVI4DUB2PLwLrN9IxglAWkuXi5BuKS7U4v0hXyzl15/ydEZ0VZpB2Z++1nlYtd7tSMTbVF7bckGzUGhGsMBkUL7qxvBD/f5qRRTd2IoP6Eu4EFiC62xulfdVYl+nZiP4N+ap/RNc4rq63OGpMt+upraZl49oa0YEZboVgRXFLx/nzrzpmq8BiNLhI9xGdnVrouVxTLdUCPav6yhhSVAcuh/hSEvlVmUcXnRxcHhPOr3FkdNHJSYzqm1uuGNHr00/FkWcsosNzH8+/R0TvV3jiLGyhd9eYASz2zAGfVlsCOg+4Szyn5oaP6RhZdiIYL11U4TpFN9m19xqz7l90Ck8wopdrgZ5VfXY01VfW6+6fcUJbh2Zxt+KGEL1A1RdRFHo40YtUfebIuUJEBzODd/Mmx5Mi+gcQ3TyH6QPW6Kq6Ko4Xo2biNN9u83fO21kA9qXQuaEZYjqB5Bx4nwWDfjERZ8fiaDvG96Tcs07dEdC7RS/bAj1DlSUeopi/shKxFNtYbAzNyiVVB6JFH131Of4JhhK9ONUvw5yiONFXB+Vf9t3kuOpJP3X/xjQfJDrfUEYq3GBjdRl9mi1O3AFLu0umHTS74nl4PLyeiudUX4Ex3V9TxdQd22u8vAbT2ajFi16+Bfrorh9fve/iqJxsDxnFrl1zbryik+Vrh9zQnmedqwJEB/XZ4+HW5guHjkSLHt+dadtNkls/CKLT9B7Rvw2iW90JPuq57Kbji/P2MEJ00MYXK0mx8gSED7G83TH9gkVl7I4qqz3rCViWjvOy86y7mK5T93cz5Z7LuEAfxfWl+UvqbhT2Zy/721DKVUEhooP9jb91/VL+r6wY0Un9ir9zvba5WnUuVvTRuzOduInyBEU3zQdFdJpu19j0ErroTsPxxTW6hHSekrFluriutnPOLh9oDjAAMZynZl7pzN/hu0e213hN1dd7huZe9HIu0LupXjM7VOH22ubsYcWNzvLuwlzfGfv2Rj3vEtxCPusuiv3V9c1+sWxxYTd/wnK40IfYtWx9Y+GyWr8Z+xUn+Su+jYU+xKXIDxoktyX6ZHlBRee0Hfz0/U85Z90t3d6VjzNaQARn3YlQ0/3cV5zgLVUtISemd9bnpjoMz5x+FdmtmarCCjOcun8kogMWh3y64v4dLB9e0v8/u9ql21esHlbd+Ng62lifX1xqGEvH83uXXHNQcRMD5dO3UeN5yf4Ei/PrGydbbqJU6qvr86jxXLM/hf6rXnYTYrlWQEv0WNNVdJhO0X/KE13lJrK11ikYp70bOtP2JgvM+Lpxbas74Qu7A1/n2UaAgZFcu7XQ7wv1HC+z7uyPrhH9o+w11YdKmojrQ6V+dOXqJVesL2xvXraIKuPbC3tXzG4cbRWmX6W6vFWvby2vVdzUqOCPcLCPP8FUqe4f4N9DteImy9URLdEL40mIbp6DfttrtlLP2A6/MdjMvXMlnXP3l84tlENzQt/l7RSQkgew0aL4bWl3u9TSfdadoj9SiqssiUQfKseFtESPN/2e74PnYMAanbK3rMCM1XWXNxycOQc6bdd0HGlmRA+hnKt0loHVn8y9K6www0FqxtntNZR7BhrSk+eJknNUTEv0+E22e6g5yV5qsak7scYNbL4GKHu2rrvAGlJEjsvAeGL9FfHx9dw1oIPuenGh8gQ817bJnLqzlFQQvcQba4kE2C6mJXq86ff4PJzwa+4anak4M505OBZ75ipdR994DZr7+pAYGdVtf01DOr51EMs5cpWOFTro9GXqnHXngRkV/V0/dX/CJRJlph7REr1YrnsKnlPzX/uKTtc7u2tAZ/ECs3AI6RSd91Q1FcdDsO3QfY2OK3BcRj6Kr+puCfcQ0jNT906FmYddIlFqtgtriR5vOjXPFx1CexjTeRm9b113gFgOzQV8+6OwCmtPWO8GwnwcXlP9gudgs1l3nnXXSy0fSaeWO10iUWp2IlqiF84dT1Fz0L1GN9EZyK2wu8byv9Z1b7EbUzjwzpNxvI7e7qkDaw0WX7Hb6NYiPVSB1eE9W6Mj646NdEzdk+eJ0jNfaEv0+Nm7iT6wbTI/mWYtkJ3Lcx/LITZ054EZao6PDkD8tjqwtqcGzfUBGHnQXQYG9FdR113LPcPzL9ioJXmeKD2HRbdEjzf9V2XgfXTO3c10bqBjkLHZ1JfnZZh3DxdVYXoXzMSp7IPrunPmLh0ceNQdJ2bgeVqfJ0rPZlwfpuK56jnR/Lff+mbd5cOvll+o59Z1Pyc6a2+eq+VwHiMFt7m70FvX/ZVsXfcLzcdpWXeJ6GzJhJD+Vsq3J0pP/z30uaqbJjT9t19/y4vo2VQ7LcegmrORKkZEc3xJ+r1ttaRY/bXtv+C3JOIyovObvRVDHdiwiW7VnlkcMpOMS/vnidJTuaz44q/xpj+PgJ4vOuF1lpYl5fyddKbbNaxb0p2tGzDgxSAR3Rqv8b1gFOfAbDtHKn7BSTzQiA7P2U31oXQeLjFllvcq7m9YKEfFiX48/1fR3+yUe85uprf8SVjA7XNGc8A1OqHkPhXXtK7J2TqwLPZMz1/FL8ithBMzPBlnt9eS54mps85eeAOYbTRKdcz9L7yYG9HNcSousTz0VO1Ax2XkA3glPXunpd1x3dJx/poqHk26q+GM7Aqn7t705Hli6uwv4T553Q1gt9Eo1zH3HNMHTd0pewuyt+weeoucsS4kH7FbikmFzDsVt+7oNJ2I6LBbbRfHZQzBnKYzorOb6n1Vl0hMmb0GWFqtuH7sLDVKureW4bqHBpZ7BvqL8ZzGazg/E+dDEk5eDeXsj463SdlDMo6PLNQ1DcdjcTRdJafobNQiFWYoeto+T0yfrZpX9sTlU0eFn7LurWWo3tfvCGynvyIG1oyzis/WkgmPfqC6PtBbHzn72vSS2yqdvZLx8rKqXmbBxxef6DRZfP1LnIx7KKXbEyVgrxHYrOfl26+uNfqzWKY56b1e9O+y++hmuzxqO3XXfXRWgJWR9Z55KA5fzME1w7Rd3zYG20jHI+tzXmBjyh0/guTyJRFdknFp2p4oAxrQTfVr93s0371s6p2Sh+fuh/IjOt4WTbepu1qOoI6Xd9f08hplt8oTL/Hba07H1XVTXVxnMk4dx0cH9RyFJzBzT9P2RCno3TjbvKS+5sjayRWLjYHMuHJRvS+nlJQVheTILXS/Pm/KAl132VgDlk1VdYWOj26uWUS3qTsfrs45defmOX6o6Jn+6GnanigHB3kT86XjzcvnZ44bpPwp9wx39opuVWDFb6be9WEuLvRNxqeptHlshp1a2py+h80167LIVTpefqnjprv1R8elljRtT5SEIbrRlH0PvXf6ntupxaTHLwZ0noK1fFz3NrpWe9bT7qciuhWMU6+pt2biCPwmMNwOzED0NG1PlISDxgjUtlwJqdz5dvcaXb/1t15OxRCW6KBlZ+MAd9DxHSrA6oC0exueA4yctOObxgO9vmamM54r96VDMomyMExAL/Ep93xuva+nrjtvqLKhgyXdz5l3xw+M3FgLzVp4WqYpj52L40eGi9A42epNiOf6BtfBY+lOaqI01BsjMFfeNgQPP0bRuxukS2kZxnMA10V1wL4NwLo4qOpNoJZLWGdAt0KwvmMLHc8eg7WAfvu/pRdL4v/AEF0sS9Nu7R9Rvf3NzBqdgyXeobs+UBxy2zY6/W437eGdlqB4Wx33eTjznOgxmXA2Dtyfku2JErHzX5y4e+6+30d0s139FmB2aLIoM/YWgObivN1o4aenazI+wPqvQXO+kFz+Dhzn57F7XSJRIkYJ6Juln5ve+4BpzkDOJg5WeEJehnJupLckD4dXP5qMk1djuSlvDdIRxmUE6jlexnQ8t6c9tUSpGCWgz5XhGvrfUL3zAdtV4865yE7T8YrqQtNXk9IvfOTVHXTJxzHtzmhuYCv9Fbu/BpiRYx7u9pRrT5SM+UY8R+7fQOXeB85C42R5iUhul9LPhWA5gN4c9V6LWN61Uuci3fbW+C3FX4VXr0+aJ0rHYSOeWfcvoXLvgy+fmencWiNqN0VHUOfems7dgUhOz/GY5RjCYRkdwrydh+JeTZonSslmI5p19+8BqrMArNjuR4byM33OO6dlhJcY1FlJqsv0tibieACW91r4+JpxSfNEKTn4H8Rzz8M+qp9lV+gs744vX/Q5C4+6+2k7XiJ2c8h0Y4LoMlx/Z0rBJcrJNSuNODbcv44nbn+NG+msDxkkF8ebDO/NcGBGxJavpu+uCFR3v8Fm3VqoO+P5/fcmzROlZeuyRgS1ct1BH5bqvfefESsDq55Tc7vUYkdm8PGKn2aur6nmVvD5Fa098didac6eKDXVvcY/ZuUa92/l1jsfFMu95xh0fX6mBd1puT8ogxduE67Rqbq1U7V2LViZp0NwifKzuvRPb6b+2d7ZrDYMw3A8tKPrRjZI2UcpIRD2Ueg1GFNsjDGB0vMuOY2Bn2DHvf0UWzFjsC3s0trVL4mdB4iQZEX6R1A//4Ut02EOLDp0r49u4cEhM0E52Q5l9A6ecCaHONU11R79b0ME0VPPLl7Gcx6vOx+Ytsx46TVYYHVZOvau9ZsNoskuW+9xa2e9lQd/rqWgkJ2Ih9titFcvEjlyagTTr4AfJxW6WqwL4oHe0MMcqa+F9Dc8h9soThE7ERv55GpMcl7VWUI0Qmqsobsw3rt1uO3gzL14shda7IKMgzNyCtiJKJlf/3UAf7c+3u7zf7MVTIG1Y3YO+PY1uPyOwsmhzrYxku/JyImYycvZjyNfH6tllixzMHdp3l1+jhbuXrx9Y9S+U0zsKSUn0qBe3599Hwh7s3rOsxOgaQXnjEmpjNHafuidUUoyxrloKVQnkmOaXz6Ui1VVTBbl07I+3Cf+CRWg2ejcJux2AAAAAElFTkSuQmCC" + }, + { + "name": "cs-haproxy-bouncer", + "author": "hellracer", + "logo": "iVBORw0KGgoAAAANSUhEUgAAAQQAAAEECAYAAADOCEoKAAAgAElEQVR4Xuy9B7gdVbk+/q3ps3svp9ecdBICCYQSepWOFEFQBMRyvV6xK1dFUFSwYgEUsYCgoILSa6gJIYXkkHr62efs3veePrP+z9pJMGDKSaLe358z6+F5eHL2mpm13rXmnW99FYHdbARsBGwEdiCAbCRsBGwEbAR2ImATgr0XbARsBN5GwCYEezPYCNgI2IRg7wEbARuBf0bAlhDsXWEjYCNgSwj2HrARsBGwJQR7D9gI2AjsBQH7yGBvDxsBGwH7yGDvARsBGwH7yGDvARsBGwH7yGDvARsBG4GpIGDrEKaCkt3HRmCaIGATwjRZaHuaNgJTQcAmhKmgZPexEZgmCNiEME0W2p6mjcBUELAJYSoo2X1sBKYJAjYhTJOFtqdpIzAVBGxCmApKdh8bgWmCgE0I02Sh7WnaCEwFAZsQpoKS3cdGYJogYBPCNFloe5o2AlNBwCaEqaBk97ERmCYI2IQwTRbanqaNwFQQsAlhKijZfWwEpgkCNiFMk4W2p2kjMBUEbEKYCkp2HxuBaYKATQjTZKHtadoITAUBmxCmgpLdx0ZgmiBgE8I0WWh7mjYCU0HAJoSpoGT3sRGYJgjYhDBNFtqepo3AVBCwCWEqKNl9bASmCQI2IUyThbanaSMwFQRsQpgKSnYfG4FpgoBNCNNkoe1p2ghMBQGbEKaCkt3HRmCaIGATwjRZaHuaNgJTQcAmhKmgZPexEZgmCNiEME0W2p6mjcBUELAJYSoo2X1sBKYJAjYhTJOFJtMcKeHOjAJdtKVotKmpC1q9r+9p+mNZ3JQylVkcpqssh2tzgvzGaQTVtJ2qTQjvgaXHGCOEEN45lW0Y870Iqe+e2l0rJn/zyqh8gWBqxZlN3IufPq77sj1N/4FVyVuWD+Y+RFG0FXPpq796xiFnTQWqd49lKtfYff7fQcAmhP931uKARjKcycQk8MUdplnUKZWaEfUNbduG+d7efyaE214ce/zVrHia2zSgO2K8eMNxrcv29NBfr8r+8pmR6kcABOj2Sq/eeErPUbvrOzw8LOiUowlYH2+y2KQtxeiNeMcQQsYBTci+6P8UAZsQ/k/hP/iHP/LG+C2rJuTLgMJa3EGv/9gJ3RchhPTd3fn3K4e/8/jm6uc9FEr1tDlXXr+s69w9jeAPrye+9fiW9GdMi+fnNVN/+cKJsy7YVQrZ9boHXxm8bXVWuxAhmprpo59a1hH8bHu7r3jws7Pv8J9GwCaE/zTi/+Ln/WpF6snHhwqnAMPCTA81+tE53KzW1lZ5d4/pTxQPWT1WvDzq829AlizMC8Cfm5qacu/um81m3YM5/cg874kWc7XZrRHupWUdgcd2d0/S93frC4+/lqWPohEFC7zq2ssOaz+rNeSY+BdP1b7dfwABmxD+AyD/Ox/x29dG739qpHQxpinodlAjHzm6+dA2r7cGACZCyNr12ePjWETeqqPF48ljjOlksuqX9Ex7T3vPatIvJ0nNxUwm2tPevn6nyJ9IVII8r2rhcLi667126grGMRYfem7jw2uycDJDI5jjMV48b0HXRV1RV/rfOW/73v8eBGxC+Pfg+i+561QUdE+uGP7SBoW5jBWYmkuu1k7pCVzp8bByoVCQOjs7lV0HkslkYpFIJLXr31LVakTPZjtUi3KBW1TCkchmL0KFdxLJuPhuqQNjTBHCGR8vB14Zm/jftOWeT1OUEbJK64/tnv2/TU1IejcI5BoAoAGgoQC19Qz/km3yL72JTQj/Ujj/dTd7aWP6g1uBu0jQjGKrYDxy7Mz4g+TuhCTIS5VOpwPRaLTQ39/fGwwGR+PxuDwyMuLN5EtHtXXPfAsxhhRNpcqot/dta8PExERrc3Pz+Lu/9FsGhs/K50qzujra/x6PB9969yyGhoaiXV1d//TFxxhz69dvmuvxiJMdHR3kd7R58+YeQRAyHR0dRKIg5g9rx5jh2U2Zj63JGR+nFFnjHUL59Hb3NT2t3oF/HWr2nQ4WAZsQDhbBf8P1qVQ18ud1Iw+sLlnHIQPD7BDz6nmHdlzQGXGlMpmMC2OHk6IQXa9no3XVYmfP6FyHENIKhYI3n682W5YR8HgcW2KxWH7nsWESY4c2mo52dMSGdw4ZY8xvGx5eEvR6h4PB4Pj4eHq+xVhGezz+Dp+D0dFRf3t7+zuUhBhjZtPg+Eyk68jrFQebmpoaEkEymQwXi8VWn883RlGUbFkWVuNxqxMh5YH16dsfHyx/QqtUIeyli1cd1nrGIS3BFf8GCO1bHiACNiEcIHD/zssqFRy8Z8XQ86+XzHmmxUG3IOfPmR+5NIQqLzEMg1paWtBkJr80MTl5Rntn208EgJJlWZamaUY0GtU3bdo018E4ZE/IMxkIBMpkrOl0OqpSLrot7Jwk/y6XcSBRSi+MOOjXd9UPZLPZeKVSaenu7l61c475fN5Tq9XonaRAJIORkVRTtl4J9zSFt/r9fnlkBCiXK8cyDEOnUrlDOI6XwmHfUA0AVctlntV14+kUvuu5ceMsygBo9ujFDx/afOKcZv/afyeW9r33DwGbEPYPr3977214G89lWpufXj/8yw0l9QgTeHFWkH3jiDbHDaJWknRJmkFzrlhFkhaG4rEXfR7PcgZrBZZVZZcrRpSJOJFIOFIF+Xhwx/TDvPoLEAhYWwYnDxHdwWRbhJ+sJBKOqqI4mnt6kgghc3dn/eHh4blut3s4FApJpRK4J4upGbM7Y+vHx3OBkq4EzUrJvWDB3NfItSMjI7woijTP86ymsbyGtcjE2OilTqdro6VqFRCMhJfii28p/LlvpqyrQLeYoNMYPK4j8JW+ruib/3ZQ7QdMGQGbEKYM1X+mI3H06ejosEaTte5J3ZxbLhVntwc9T4Y4s18QBN6yLM/IePoThUJxrt/v28QwVM7N02tpjsrzfKBgGJYWj/sm/75y6BsvDZQurzL+IEsjnaIYgUJYDUHxzfcf2fWx3rj7n3QF757h8HCy40+bKncmy2afgjk/bZk1kecoRSoL81qdfz/9+J5rWgDURCLBG4aBMcYzipXaIppiuUqttsAhiJPN8fhDPI8m/H6/kgCgqolsi1GzBJeXrzgoXy4WQ/X/DLL2U6aCgE0IU0Hp/6APUcQNJhLdplR2zpgxp58oEmu1mq9e16PjqeS1Lc2RBwWGGTFkI6xpZa5Qrh9i8qICFi7xnDC2LgNXP7gmex3n9IKl1kE3AGgawcIoeuLL588/fapTuu3JoQfXjpTPsHivaCgyEDMBTxt4SQv927Pmej+mKAqrKIpoWaxPFCkqFAo1jiQYY/fo6OT5TU3h52k3ndPLNFuMJ1PcAId6enoMIpmkUilnLBb7J0Igug0AICZT4u1I3LLfYT6d6tjtfvuPgE0I+4/ZQV1BXvS1g6nTkNtvSAYKNnn1FzpdrneYAne8UFQul4sV0ulmfySySTAEQaIkd7kmL9YMI9DZEv9zvV4HihJ9AGqVoijKEgRTqtXEWi4XXpMVPvnXrfrlrCEDZaoWEj2UgVjocSsrbr5o3pFTncT3Hh/90+rhwjkqJbIOGkDTdBAdHBwSMv9+ejd8UhTF9LvNm+Pj282UIyOTsyr12pJQk+t5xLilmMuVHx7uDyPkQp2dnSmimHy36ZHoTx7fPHBLyeK6TUtEx3cLX5kV9bw61fHa/Q4OAZsQDg6//b56aw0vuPepdfdlsLOvoNPURxdyHz2hr/XOXW9ESCOXy7kUzEVT2cycjkhTQ8GnqpIrm00c0tXV9ayu6yJN03XD4ByiVTMNntdqpumkVLVANP5/fGXghw/06/9NAQYeNJBMGixGgMPi9AtfPavr+KkO/LYnxv6ybqx4hg4cx2p1AIYD2TTh2JnBP/7XCa2X7viC704PwSSTSa6UV47yOfAWZyhUMwzDSBVqLSznVWa0+4Z2N4axEu6+8/nVj4+rfK9uOuHqQ+mPnjCr/R34THXsdr/9R8AmhP3H7KCu2FzAR/3k6W0vF0EAFqtwydzATafPDd6ww2mH3JuIyCYhhWJxyDM6Ki1esGDuc4VCwTmaLR8XdVtrkaOZ4nlsmrVaKRwO1xMJEKAFgE2nqWg0KiUAhOWvpe/525u5i4jXAjkqaKYFIk9Dp0d789rzDzmyFaHduje/e3Lfe3LLoxvG4YyqgsDHyaAZJpiYg2U9jns/dmrX5XsDg4j+k5OFSDqf7ls4b9byZBLYYm1kRgwZQ4GeHuIfYb077mJdWjn118u3PpTWeSfHUnDpAv8Np88I3XRQoNsXTxkBmxCmDNW/puOQgvv+8OK2Z8bKUguHTOnYsHD/SfObrtd13QiHw2q1WvXqui4UdLEF0aKeyYwdFgr61ul12VWW9e4j56R/XSx2OYgGL1CpaFmnkwHg4zTNyoFAOgfQYeRyUviZjcmfP7sxc5rChnisq6DrOlDIhJlBavCS42ZeMrPJ+ca+ZkT8Gn74au6NrRNqj26xILBagxBYxgFHdHmeOHue56r2kCO1p6AnjDFLnrFu09DJArLqbDAykUtl5jT7vW9JCDtnUOY21NQkEeKo1WrecrnsSyto4cYifVmyLM/UNZk6aUb8xiU9/t/ua6z27/8aBGxC+NfguF93WT1ePb9Qr88KBXxrQzy/rcUDI4nEYDuwAVExdFemCqe8Nli4rKKCU5NrlOhwIdPUwSmwpYuPCB3vZRhZVVWdKORIcJGiKIZhtOCdfgCGwYmTsnFcuqrPVauqi2WoMb8/vAVzNE8pddEB5bKHolKurtjWAEINP4V3t9HRyUWlqtZheN31eh2FKIbVy1K5OVcqz434ghva3MyrczpDK/chIbBDuWrns5tqd4yMp7p5pweXalVPIOirqoruPLLN+ZMzDm36RiKRnmtZKtfW1raWKBBTGDvTyfoxbhcz3OURtuwXuHbng0LAJoSDgu/ALibKtHQ63RqLxYbJV5SIzeRvtVrNP5atzlw9UvzyE/2l00zeB5SlA3AOMAwDAg4EXzwp1umk9Vw4HNaIyF0oFBzBYLBCRkIchgqFgsBxHF83TRfNsoqczzeLorjl3cFJk5OTbZl6fVl3LPak2+3O7JwJxljYujVxusMhTrS2ht6RUalUKvm3JZOn9cbjT3izWQl6erQ9SQc7xzM0kev49ary00NpuY2iAEzAoFoIwFThtA727yfODF7v9zvSOx2oMMZOhFC9XC4HZFlmYrHY22M7MLTtq/YHAZsQ9get3fRtiLupmscQDJ2iapQss2o0GlWJ9ny7D/8IXyh4OI3jeAwQAlXFplxmazW5KRSKDlu0KPB6vc66KKlex1VybHiyv/i1+1YkvqIiJ3BaAQzaCSa2oMnH5n5w8YymPeU7ePfwyPOfWrXxtzO7Y9/mdX2UYTw+mlbrfr+/RCSLuqb1JsYKVweD7mfCLZGVyURiSTlbOS4Uib0Y8HLreJ4vEA9IWZa1eDxulMtl53A2f8bC3u579we2mx7etmpzUj1MN1RgWRrqJgK/k4Nz+oRvn3NE55fJ0UTXqSDisAchRLOgliqVWqBe1wLxePx1coTieV43DEP3+5MywGyixCQBUnQikWBYliXWUNidCXN/xmn3BbAJ4SB3AdnMhmGIDMM0lHR+v1/KZrNBBXNOJAgUZVgKa9aKxKef5/mwZdFxWa60Gqrqcvj921jEImSqrEZRKtb1ZCQSGX78zcy3730t8XkZc+CiLVAwCRC0oD3qzX/33LZmtJv0aLubBlFUvrx26M6ZEc93eYovuOPuEiEqEm9ANJc07WY0rEUTY6nLc7nSEdFY8IlY3PuI14GTLpdVIzpKIsWQe5MYCoSc7lR+/Ji5fX0P788YvvKX4cFNGaODoVBDj6FiBCyy4MxexzNLm6zP8TxVYZ0sZ2BxhkAhjgZ1QjURkynUL2wNC3calMAAQlWRqpUxdmMF834LYxOpKtKj3hSfzdLEZbpcLqvvNoEe5PJOu8ttQjjIJSe+/zSts4bBEBEeVOBdW1OlT4zXzGMszit0O/D98+P07T6fr1ZKlVpURB+ST09eirHJCA5HQtc1r2EZtAoM5kF7IxQK3f96Et/44BuZ63TgwLAwYEQBjU1oiXjwZ05rbWsWYWJvovrOKWVL9cMmh4eOmr9g7s92aPRNkl4tFqt5XS5XPZutNMlI80yOTl5arSjzeI5NNTX5HvIEnP0cNk2KclY9Hk+VSCTDGAuOstpUKWbbvE7/5kjkn30n9kBKrm/+fWTdxgmpGyMElKUBpnDDwenM+c1PLwnLX7IslVF1tb2mU6cJDEW7aH1QA14czSsXzWsP3II4R7/IQIJIBYMl7eTVo7WPGxTn5JCWPbnXeYWX54uqqhqqqlo2IRzchrYJ4eDwA3KuJj4BgiDoCkWxVZXrfnL90D3rxqpdCueFOV5z8NTZvo8GjGKmpFinaoz78Gw6ucjnFCZ8geg6D6UOUqxDBpc7LWJ1o9frHXh0Q/4X9702/lHNpAGBBRxNAWVI4Hdx8Mnjmk7taY2sQAg19AZ7ayNp6chcvTKnNyj+GeMSliRWdblcomRJHtZkjVqt1DeeLp0bCPoeawmHV1ZkuSUxlr7G5/aPtbUF75NlGQKBCrFcEBEdZbNZzjRNUZIkf3d399Z9PZ9IKAPjmZN/+Wrmz4kycugYgYO1QNcksDANZy3ufvT4PubDomkaDMNwFQO1IF3ysEa1XqyZR42X4BMh3njGsKhJsPQRimWULTJ/2ZPbqmdrtABeDsMnD3Uujftcm71ebwOP3cVm7Guc9u//QMAmhIPcDURCCAHUqrrOI7cblRAXe/ClbX99M292yUII5gm19CkzAzfE+coKluWdDBKaCoXkMofbv5EWAwUeGZOmqXI8D5O0ClVnODy5daJ08lC6dFpZw6F0DRb53M4R1pLUkEhlIi5+yElpSiTkfcrtdm/dm6QwMJpdxOvlMu/xpCxLdESjLpL4BCVSlYXlWu4ouaB1Nrd6f+ZyubJut7uWTqcZw4B5qVz2AzRNK9Fg+I+Yp9JNgUAyAcAaIyOYfIHf2ppYMGdGy7o9QUeIoCDLzdmx1Cl1McAUa3I0W5baWIevPJHJH+9z8kmfQA13xiJPRxl9BcfpgrmdFIjLMlYx41EtM5bJlq9oCXl+xSJuq65XNIyxY02e+q+H3kx+RgYeAjw2Pn1kfDHPGenWUChLXJ2nIjkd5JK/py+3CeEgl7dUKnWTW2gaUbgLdAGzkZc2JX4wWoXZeY0Rjw6pjx0zI/JFByuXLIvrQYzYlpoYOSHk9z/OCq4R4KiqKcsBmrZ0w0BSNBpdT+5HTG8CAJceGju0r7v9WfI3YkUAACqRq5xfrtT6OE7cMqM1cN+O37YrGrbrhRrOTW9uGTvG5UcpyuGvWjLjEfVCwjRN/3gy/xFOYGp9ne2/c7lcJM8BIsq5lpYWnegYcrlccyZfPKFQqrR2tzXdFYvVKuO5piCjm1o87q6u35pcPH9GfKfJkSj33hFzMDZZPTZXTB/eGml7Phzm1uwK8dB4bnHIyw263e4iMTHm8/nWRg55jLFlKQ7WYnSOYTSNNrh0Mnmu2xtYxVvUcKC5eTKTyYT7S/SHX9ia/izl8Os8MrUPzKRPc7JsWddDpXi84ej0jixRB7m80+5ymxAOcsmTVXU2Y8oCC1BmGKZWqVSqsmW1MCxrFCrSPEnCc2fN77wdFwrNGs3NUTEzc2xg20mzezu/gUxLwli3aJrWLIvYFzUcDP4jOUk2i926PNTX1Nb9DiciYqKs1yGYyU/Ox8DjsmKEXl2T+q+KpLsojjKxxdKGVZGrVaPJJzoqJktRDKbpnpj+dHsT/6TXHUg7gjAAFZD3lJCVBB5VVbWjUNAPK5W0npXbapcCRjrFIa0sKaGIkxvULaeLZ82qbKkCa9HGsYdG7vQ59BHEMGJfR8vzRPG4M9XaTpgHxzNnuJyORMTv3ESIJJfL9VIURfIoaKZp8hSly4QgQAWYmBy7hG2ekfJivDxsyZMQjWobtoycgRiU9XLUCM/zxKOz5nA4RFVVOZ2mmaZAYOwgl3RaX24TwkEuP0kewum6AE6MVdXgGMYt7fA6rGazY02Tk8WTwmHP625KLGgsyxmG0ZpMJo/t6YnfA3UAZySSJwlRa7XaLF3XqUAgQCIbG62UnVw0obBnzW4JfQcAyJfvnyL/JnPqzFWbxj98/2ObP183eZA1DXhaBMFpgK5SgFQEFoeBMS04aZH3b2cf2/Px5uZAdipWAmK2HEoWWzcO5C+7+9Gt39JMBBalA0no6sSGKRkOmjcAKOIsqcpwyuGBB993Ut//NAcCySQk+Sa0PYvSzkbul0hmzgWgHC3x0OMAoFer+WZdN1sxzWPLolRANMnpAIim64VcegnmnZWISL3AqipXxWwwlU8vbY1F/kT8Kggx5nI5ked5DmqATNE0iEn1IJd0Wl9uE8JBLj8xxxGTF8dxYqVSqcTjcTVZrfoFg3WYpi5U5Vq0UCq29rQ1P04iEguFdLtl0U5R9I87nXS1XC5LLS0tWqlUmkekhGBwe05D8vIUCoULSzVlTldb07f39gKvGywcfesvX/lbWed8DCuApVkgq1ngBS+wggn5WgX8ghMuPqnrWyfOD387Eok0XrqptldfHz7tJ395637Z4ryaKQHNscBrCtYoLzINGbBIA8gaXHPBwm+cd1T71/d03+3xGdmjajVlWWtr613kvS8Wi4cDgJem6ZyGcd60GNWysMEjupYppGYZGHPNIf9LLMty2ybLpzsETvJy5hscxxUqJu9wglQjhOApFCTo6CA6BLtAzFQXdjf9bEI4CPDIpSRrsQNjq6ozIkWpdNzvHyF/J5LD9hdbdCcy6aPdLn7Q7xK25fP5Fh3TwZAvslW0sCVTMmVZlshxnAtALAcC4hhJkU7SDmwdnbylycf/1eUNEqvC7rIYiwghedXW9Ek/+u2ah0sm5zBUExwcDxSjgqRQQIMKFs8Aa2A47+joj648a+Gn93fKL68aP/0Hf970qGaJSNdVoFkKGF0Cg/EBTytQNVRwcwJ88PTeb553dNv/7oUQmEpFPjRTLFzU2t78MwQgFPLFEziGSvIYDxiaVvMilIZwmDh26Ylt21rqqhrsmzv3zWSyGs6X83NjIddWmq7Wdd1pEGLb4fUZoGlaDum6SWIj9nd+dv9/IGATwkHsBuJ2nEwmWdM0cUtLC/kyYRgZYVBnp0I2arZeD4Wdo4XBQedhybLS19IUfV6VNU9V1mdEQ6G1TqOuIRFVKIoKmKbpoGlD9vmiQzsiH/mtw4nvBtzOV0Mh/8MNFwcAolQkzyF5BN6OVnxjtHL0rfe88nhONl0UtoCzEFi0CiZ4wGE4oWpp4GZp+MBJbTddeFL7jVP1dNwJzfNvDp/2gwfX/1XRBJ4CChDNAKOXQWUcIMgApoMDxjThQ2f2fvO8Y99JCDtTye8gOaFW09onkuMf6uvtvg1AEfJVfQFlGHkArYxUXKUcjkq1qoVkWmAlRXNzyoTudMaTk/na4R4XGp/V006UrmiiWvWQ+hKTk5MOp9Mp6DormgwlRLw8KRBDNLx2UpUD2Ns2IRwAaDtEenpwMrNkUw5dzIFWj7rZF6Jhx1pe1xsOSoqi6A6Hg69qQvCFTckfvzVZOdYCVNMMS2A4p9dBaYW+mHv1cbNDH+EswwGgEif+uiMUmthBCFz/5m33tre1/5Z1cOspDVwIgajoWpNq6E4LQ7ZYLnkdBj/cP1E/5e6H+28yOSdChgZYM4DiMGjYDQwqgUIh4BFtXnxC23cuPWXeV/Z3yi+u2nbOjx/u/40sMV6BdoBhAbC4DArHg4gpKBkaOFgeLlzWfMfSub6f8ghRBkK0L9BUJKoPHsASBEIdoCkAvm2bB788b2b3N8m/y+X8XKzrJmC6xDmdmbzKBFZtmbh5S7J6SFGlXADYUBmv15IqwuJW4b6TZ8U+TdNyI5tzNJpvlKwrlZocqTo9a6JYeZ9FMcjvoNd3e+nHd8ZH7O98p3N/mxAOcPXJF+8LT6b1bG4SYTEMR0XMJ64+un4OwGwrmc/3sqJY0k2TmPHQva8kn1oxqiwQiPO9qYFBc8CyGPqirvFPHBNeWNMgjLAZs0zT644GXzGqyqxyXV06NDJ8TTTg67cAJGRZiCwWSzMqxzPDPMv00zS7TRSZiRXDyuW//sumH+bUGrCMCUgmnr4kjMgFtEVBjSuAgES4/MTOWz5wYt+XyNin6sBDyOnZ9emLfvbQhvvqUgW5WAfohhtkKAJHC4AsGSgUAqQX4MoLZt68bKb/uwCiR1VxtKpW5gI23Kah+zVDjVKIt1iaJzkYz+qd0XOX0y1sNutSE0+ZGd2yCpyDSui6W/nrhuQjz2+rHoZITReKB02qAcuyMK/Fsf66Y4LLiOIQDw8TOCEtirThcAjpifKy76+rP0SZFLC8Bl8+sX1eT8D9toL2AJd52l1mE8JBLPlXHh0sDFbqfoNyw1Exes0JIelzyDSDBvAzRZbZSFFmmuPE3EObpQffSMIcy9QAaQoYlAN4pENfk5A5o0X9b0DQhgC3G7oS8PiCgxTDWEDRYjKVOWbBITO/wFBUFjgu6wJilwAigRDbP7G5NyogrRmon37rHa/8NaeqHMdTwGARgFLBNGngsAC6WCMCCHzwlO7vXNhJf23X4i1Tmf7fX91y7a//Nny7hWlWrdaBE0Jg0hVgKBZkSwIKPMDiGlz9gflfOGth+3fffc8dxwWXLINHUTT/xm2bvxMKB1exDBTHMspltKUAoqHC0bgfMWL/S0PaV1YktDaG5kA2FPA6hYb7dlRQc5ceFr1ExMWSpDMh06JCLqQWZYp1JbLa4j9l3NczmAGWluD6o+OHzwzvO+fDVOY/nfrYhHAQq337s5tfHSjrC6qKJS7tDj56XBP3Px4B1RSTa0OGjEA1CrJVdv75TfOe1RlmvkmpwFEEcg8gvQrzO9iNlywKvI/HmCgVgQ6LJ2cAACAASURBVKIo3ufzka8aKwMEhgfHv9DR3fotBwAJStpjhqM1A4XTv//LlX+pkGxpNAVg0GCgGtAMB4wBUDckcCIBrjz7kBsX99DfITqPPfkf7OZlpp5YP3Lxz+9d/xue97OyVAGgaECsAaYBDSlBl2kQaQk+fPGCG85c3LLX7EaN5LEjqSv8Ae+WgEccKNWMOaZR8xsYm5ailCQNm88OyD9fPlCfT5DCDA+6UgGKQtAb4ccvOix6sZ/WxmiaJlIOMdzQMu3gMunavPs2ZX4LGlI4F1SuPbrvjJ4Ab0sI+7m/bULYT8B27d5f0I9SipIvV5ZmxtzUhkN6Ik+n02kHEoSohbEVK5VS6ZDo+dOL8pMrxrUFGiMDTdNgaW6g1DIsme1affkhnuNNkw0JAiBd15lQKLSNKA2LdW3WRGLsurl9PZ8mVZn2NswNo8rJf3qk/546NoBmGLVc0loMq1x1eX0a6CaxYtBaTaJPWNpz51FHRL5LlHH7mvaO8msk45H+xOuJqx56bMMP3b5IieFwDWONqktKGFuC1+u0Bi2d4QVaV04/se/mpXOj+8xuNDqafD/P80o06n+5kk0uYSyDB0FMGBquaMhZf3RL4f5H1+ePIUcGDUTwijSYqgydfjNxzXG9x7VFhUESvk2sCjW329lwSFAUZd145soZ3d2PKZTAzfSgLbtL4rqveU/3321COMgdQMTh9GA6WNWqXRG3sBV5yVHfg6oqBC2lzI2UpWNe7Ff/d2PWiGqMSjyLgLa8IGAFDpnp2/TBBZ4jiMig63qRoihE8iEQCaFYVRZVqpUj2psiP5mKO+7OzU/+v3zlpktFkZpYPL/v+c2pVDtvMXylUG1/883155xw1vE3tHg8FWKvHx7GQmfnnl19if5grDzmXbd844dDoZYtzc2xNe3toUbKtOWvb7hIVdn4yUf3/Zxo/VM18MTdiMQT7LNlMoWjNU3vam6O/DWXyx3DcZahY97EACWd57NPrMrf92R/aqnIcZpi8hwxcZLkKq0+qnRSj/OmuIdZGwj4x0SRqiiKwhAxQc7lgjKl0L29h6yZSpHcfQ5ymnawCeEgF75YLPpIbYJCubbUHwwnnBwql+tKV7mmzQSpWvQ1hV5L5dHhqTqabVAKNkydpyyHt14udTkcinRMb/v1CGnIsqxkNBolbrukOKqQyuYvkTQj3tUcvXV/zYQvv7zuuljQtapnVs9q4g8RCASk8tiY+9WB5JWjufrs7t7o82Axhsh6qowpGxSNLbPhBAmIxoAxQ2PKNClMU8z6zfmznZZRuuTCJV/ZNXDorbcGTkjl1MUnLptzy/5CmM9X55SrleM725vuyRalYxjGrGoG+GnKSvIUNbxiMP/5wYy6JObhnzcoCgkMzhpAh3xOPjEvRD1RLBZ7Kxru9Dq50UiAW2+wfsfg1omPxmPuP7ZE7UpQ+7seu/a3CeFg0CNa7lKpizHreqZsnJ6va0dFeHqDrKouzhVItoQcf6nX63WSQSmdTvPk/yQ4iRgbxsaSszOF7KktseannU6urGkahTGuhMPhSSJ1JDK5S7CF2dZY+Df7G8H32LMrfzJzbtNdXdHW9YQQiImOlGR7/I3RK2/99XO/El2sioClLUyBCQap0NwIiNoBBfk3UVaScVqVepG94sQlt1977sL/IWnVdxZ1HRzLHb5ucNsVFxx/5H/tL4T1er1pcjJ7bk9P+6/K5dwcBjOmalkiTRsZS6oZE3npMM4XT3hZ462dWZCI5EPSxQUCKaWa9HsqNN1czuV6kaWKOudvUU1XV3er8IOAyzVIjjm2H8L+rsr2/jYhHBhuxLW4kQsxUy73OLWylKtSS9dtG7l+blf0tx6fb6VF0wYLxZKCmlDcJyR2mvlIqTav10tKssUnS+rZWC6J0XD0CUFgGrkDvV7vaCM1WCp7Ms1w6aawb/X+DJGIy489tvbew47quiHq8w3ukBDqABvpR1Y4rvrRH9b8XEMqGT8YgIFtOEXuuamMAR84YsbdFy5t+mRLSwuxbDTKy09OqrNe7H/tS5ecctwV+zM+0pdgt2Vg+Ly+ns6HSqVUK9IoWhdFxrIso5JM9GRk3NfW3ftYi4cf39VlmxxxOjpAzWazTuR0enDdcIBec7++afib4WB7siui/Dzc3NuIrrSPDfu7KjYh7DdiZCMPwADlzXrZcLhu1NIhD3a4zFxxcinHcTVV1ToDXu8an8/ZKGC6ry87kQQ2DqY/7gqgNW3+yEpyricJVwzOcAwOJM5r8gdf9zG+YYXBfopCLEe8dEyDt0RLNXSDcWiOlCmYutfrJTERbsuy3JLBBZa/tPyHxxy58LMiy74jueqLmyZP/eodrzyhmAoIFgKVpoHFe3fosygDPnTK/O9ee+bCL5A5kWK0oVJILEt65/MrVn/rfcceexVFKfWdiV53Byr5uhOJI51Os8SZqFr1utdszF87a2733VGXK73zmolspa9ezLb29nY9N9UvfLWKI6lqcqGHFlNqvehRAUSvK7Je0Czd3eyuwgAg1LudxOy2bwRsCWHfGMH4OBZdrhI/XKJOI6nPDIt3etlSP1IUxHG84Qy4c2GPZ0iSIJrJTB7b0dH00FSDbEpppTtTz3cFO5tWBhGqVFPVCDgB3uwfvmx2e+9DBlMtIKR4TIEzHNhhmmbNpVMMizDnQQYlWZZSUlW17HK5eIyxR9Jx8/KXXr352KMP/++WaHTLrhaK59aOnPG1X738qEkZ4EAcaBQDltFw9ttjI5LEB0+c86PrzvtHDAQJ6FJVpvO519b88OSjZ18Vj9dTCPXu8aUjRFoqgVNVa1w06iIJXrnx8fRxra3RF3YNtBoYHV3kd7m27Y1c3j3QVKEw10SIbfb71xLdy5ubNr1fV3Tk9oQGC5ieqSE6YGKr5uepVQtbQ6v3RdJT2A7v6S42IUxheYeKxfZKnel6sD/zSKWsOA2GQsfGzHtmN/N3zmvveWOn0o+IqRMT6TOdTu8Gv18kov+U2pahoWNqluU8tLv7+UReDqmWLqYnE0dE/LG1glMsKWo96uCg7mTZDCgln8zyImadGSfGVqHgkTo6wKilawGDZ8SaYnS8/Opr31p25OL/Rgjn4vHtwVakLV87csYNv3yxQQi8RYOMUcMMurfGUACXnzDn+1efs+B60o/EDjAMQ2kaanr+1bU/O+64BdexuyhE330v0j8er5uZjMdX1Nioy4ELGEt4Ml3p8rNsbsaMGSQvAmwdmZxV1+iWhTOiT08JtB2dtm4dP7+3t+XxnX4aFYyD1clJR7KGFj26NfXDfolvFxCCpU3ep09rbjp7b1aV/Xnue7WvTQhTWFmSLKSou7p+8MbkeqVGATh5uKSF+trphzfdtFO03VlPQJKk5sl0+qTujo57pyIlFAq47c8vbLp75VvDR4aCgaQmWYJJYQ6bKiUgTiZeBBSNmZlt3o0nH9b7GT9Xz+gcp/p8vnoulxNIsyzL1DRN0ADclYo+d0P/W/99yrJjPgygFHw+H8mI1GjPrh4576bfrfgzIQROxw1C2K5P3HOjKQ0uO3H2D649e8lnSK9hPCx0ok4lk6nFnnp1+S8Xz573XZfLt9E03fXW1nc6T+3wZaCJQvW1LdWblq+euJzGUNcxgG4g3kszOYPVNbcgSplSOhwNBnJXX7josqYpkimJHNU03BSP/6N+RCKbncGY5oQieCO/Wpl8Y6hcD1gGgiObPC996ri2Y6ew3NO6i00IU1h+ogg0WE/ox28MbaiWLVHlBf6CduFXx3b7vxqJRN6u3Exy/pG4ptFE4pxwILDS4WiUOdvrIZ2IuTfevXrNG4PpWZqhAm3yQAsMGHoNRIoEEvGATQPmtTsmr7tw8TkiW54kCUlV1YwKApM1DInneSpP1GgazQlj45nTh4ZHLzvyiEXXc4ZeD4WaGl9g0p5aM3bp1+9+5T7VUhtBScALAObejwwW0uGKE+f99LpzFn2S3GM8l2vmTJPXWNa1clX/jbM7m+9qiYVXKoqihMNlPZfzccSfgmVl1jAcRpWqUlSVUp7sz9/x8HMjH2RYB6jIAE2jQDQR6Oz2SElgAfwcVfv6J5cu6g4L+0zgSsYyODZ2eDQQGHPtoocg6d9CodDE4GB2xm/eTL6c02k/IJZZ2Op67Jojm86cwnJP6y42IezH8r/w5tilHOerFgGOD5jFzSKuVLrat+c7dLvdJIFpw7NPluXmfL7S1NISfX1fZ1aST+EHv9rwyoZkvQeRLzc4QFbVRj4DQg4aZwEyLJjVIiY+ffnSUx1CpUirYtiyrG6eR1s1jfZgrBuKIrkMzIubBoevz6ZzC3q7257QlZJmIKagK7UC1vn6pnx14b0vZa9weZ2AFB1k0wIG/VPh5ncgQkyTR3W71x03O3wfQ2m0auEml+io8aKHfnPjlg/P6Y3/prWl6RGOpyss8DUS2kgaTxSgBqcydU3ytnnLdz+y4Rd/fj5xDUngorEyGBYFDpMFnQXAigI0L4KHQtI3rpl3TG9H+B15GHe3RERROTaWPKS9valhhdmZqm0smTxcy4y5q5qDNmIzdagX9LpFR7y8nljYHW9U0bbbnhGwCWE/dgcpyuL3++WxstriYKuyrJpBq2L10jSgYNC3UhTFndKCMDY2uaCtrYkQwl4/wRhj8aY7N6xasSU7h0Tp0YYAdVUB0U2qnXGgoBLwjBNmtTgnLzq1+xMiLrKlKlxWqcizTKVYq0tcwNTlmmHqmBdd5vDo5Gyn003P7Gt/jcP6ULwj/nuHS9jEW4Hya9sGP/Dd+1f/wgQdWM0Ci2u8tntFgGE4uPT42Xe8/+jZX8C44B5N5I+pVirzVc3semvbyJk0suSmpvg6RZKcpmUihqYZUXQYHq8vxYv8UJPH/5iOtfJT67JfeX515VyipNSZKhiAwGnyoFMa0KS8m8lBzCmWv3hl1yl9Xa3vKCG3uwEmk8UOl4upu93ut70jy+Vy7+aRsWuag/57m5ub+5PJJE/8JrZhzPcAmFM5wu3HdnhPdrUJYT+Wdadtu0EM5bJaDQadJH15rlyeWymVYm6/f2vE6yWxCJDNZpsMw+Di8fjbSr3dPWoSTzpu/0lq3YaJeq9m5oAxBHA4nVA18oAMF3DERwizEHVr5tJ57KMel2oC7Wv3eUIaQ1Xybpd7G8sxG50COy46PaW1b26+zeV2TXZ0RG53ATPq8/mID0TjrX9y9eBl37pn1e8NpAOrG2CyfMMfYa/NlODacxbffMWph3yV9CNmUY3ReEZjQms3D9/I0pTU3tn+Cx1jC2saJ9Xl7ppUnyXLakxVVaquaZSu17LrR/EJG8fds7GBAbN18naCQyWEQOIvMKjgAD9Dqzd+qm9uTyQysK9l2TYysrC3o2Mt6Zcn1pVEehZN06ZCUwG3S+hndV3eVX+yr/vZv29HwCaE/dwJxISWKattrCXlWE3j3bFYBmPsaqRHTxfbdamODNYjrkpaV2u5UT8db85zhi4xLC4yDKueMyf8/V2lhizOur/947dWbkpasxhaAaNeBUH0gGZhQIgGMC1ArAaz2yLD157ffWrEssrYYVlqzdtB8ZZsWYpOaiiQAiomLXIvv/rKz7s7u55ujUYf4DjIenYJZHr0tZGrb/ztM3fxvAi0KoPOuvcpIQDS4LrTD7/l8tPnfqkhmo9jsUonnTrPCxsHRz8n1aXWJQvnfg4ACt5qVSm73UTJSdyvPZIk5UjdxWg0qv/04XV3PPxa8kMixQPoCljAAPkPmwxQSAad4iDIccqN18ye390aaZDqzvbcQOnaQllq00AgylaElCojmXTzYX1tv4xAbYtp6qzTyWRJQpR0uhYlUeKkYGw4HK7v68i2n8v/nu9uE8IUl3hHFiOUrtWClkK10WytwAOPfT4fqeD8dsIR0u+x1WOf/82K3LdFjgUwvaCpFeApDVqbgoPXHd9+vBCAsp4uB+v1fLBY1zsfeKb4401JM4aRBAJFEQ08yQ8A2KSAskwwaRlmtvhGP3PVgsM5TVMDAUnP5QJ+AKnK8zyvaRpvMAxHvP5fWrXqtq6OzodiweByYIx6fBeR+qkNk5ffePezv7OAA87SoG7xwMOeTzTEAqEjCq49ff6PrjptdiMXI5lroVBw6rpujmdLl0xmS8ceceiCb2ClVNN1vdrS0mImAGhUrTqa3W6SAbmRt+EXD77167+9PvEhhnyDiPJUcIGqKiBwFOhqDUyWg4DDCZecIH6yMxZ7TRBF09WMBo2iO/DbVckH1g5kFmu0h2JpUjFGBhqZsGxm6MELFwY/Wq/XlZ0u1UR6I3g0ciyGQtJUE8FMcRu857vZhDDFJcZvYQ5mb4Rk0s+43W6XjBAFJuMKe/jxd/vOP7+lduWPlifvoSkWOFwETLEAlgEe1pKuOtT9gYBbSLl4sezxBIuqKrO3/O715VtzuEtWyo0MR0Bvz3jEAgckMpjiNJjbFRi56vSus7ta/P0kxDoajZK07Nvl/ZERruTzCaRK8ksvrfr2okWH/1gQrK3kQ73zRSHd/vba4HW33vfi7USmcCJLMWiHQKwIezo2kL8zFAVXn334zVecPKNxZCASEsBGRCow9785cOJgInHyIXOOu2EfUZPoZw+8/run+0uXkeoTqlIDzuUAkjCGtVyADRlMjgWfwGpf//iiOT0R78BoPj9bq1YFoyp7ftcv3zFQQjNowdOwuBiqBCIDcP4hwdvOO6Lts7suYSaTiZmmaTIMQ/Ja4h2JWKl9WXumuA3e891sQpjCEpOIRtXn0/VKhW/xJGoIzdHI30jogd/vHyUVlXb1CHx5UDr/rhdGHtIVmfgaA+ZdYGIT4n6++PkzYr078xGQr221Cv6v3/XSms3peisplQ4GBZihAFsKUDoFmGVB1yowp801/In3LzmjI+4e2vVZb+G3uDlojkZcirly2LH8mWduXnr00V/vicUasRG7ti1bkouf6U9daWKEkSphTAmggL7dMwkTO+R2CcDCFmEkCpsWoymy65TFvfcsXdDxlx2/v/1yDQ1Ntr+6dvVHLzv/fTfs6UtMrAEbAain7l31u8dW5S9yCl6gsAYK1oCjDVA0Dlw8Awbo4KTM+jc/u2xO1y5+CJkMdt3+2vDqbWlpBhCvSssEi3UAcZ+4aFHkp+cvCjXMoTvbjlqbDZ0Jy7IM0SOMl8sBxeOpe7NZdn9T0E9he7ynutiEsI/lnJwstq8tS58Bk2UQY012OKk/zm6NkHTqHoxxsyAIhYpstAi0lJUkyzJNlluXlD/0hzXFG1iSIJl2gMWJoJsGNPm4/JePbe+IRFCjLgI5XlQq4Ht29ehXX35z04Ven3cYGwxdlWtet4MtgoYdqukIMTSoApUvtnrx2iVLZvxCody0pkgiQ9F1AB0YQCqFECVrlmtd/4aL5y9Y8AcPSzeKn/L+pjSwIHQ4obCvRCv72tlbJ3OzagbjRErNoE3VVCgQ+jdse98RC+f8nsOUYjA6Y5qcSdMUjWhGo5CC6gYX3rru9TNGctZhEtvkMWQ9yGJsAsvpplRHlNctg6S6CvW8u7uldetFZ3Zdtesxh2D01UdGtw2mpS5kakAhBBbrhHq9DucdEnpyWav1eUGgSzRNq6IompW81EMLuMpxXEXX9YKGUOytPPUJIjRgy6r1xehfzohGh/Y11+n6u00I+1j5NRP6SX9YtemvpZLm5Jyssazd89OFvHFrgbUOZwzc6/f7J3mnOMyZ6npSTYjc7tktlat/+Wr6LkvTwEQKGCYAMg3ojoey3zu/q+XdL+ZYKjW3VJEC82d0vTg5iR2msyIImqarKs+xrMzoomgwkkRPpIqLn3pl9cffmuSWGqzHYakI0SJW5brEOEVeIhmdqzVFdDgcspOnZTA0oBmlZCKKPe6Qlvs/cs4Rnz/Qjf7SqolL73ti7c15meqkQavRSJM1hKlCBQUDXlcdm6pO0RQwrECTClQ0gEXTYLY5qxtOW9p5W3DpkscdAJRVLPKWP68wpZAoqj49FkMkTyQQslFMOjK/1b981zESieXGvw1t2pyq95KK0ZapA4NIslkLLjg0/v1zDos3XKpTKey0rFKoXM4u1XXTgykssxw/mVSFBU8OSd+ryRJQNAunzQx+7n3zorceKA7v9etsQtjLChMz45qRyin3rJ14oqowAAILJ7UL9xwVUD6GRDHupN1qKOQg0Xokmo/UAmic6V/elLjy2SH9my7KGjAMlw8wFkxN4kWRq1x5ZPNxfj+Qr3ejLBs5bmweGDs1EnAtJ0E9RFeB5iBS6fht0ZwUKYnH3VkiPr82sP4jP/rDylslhmGQgYBjeFClOgg8CxZxRaZ5UngWeBYB1jUwKTcYGODsJW0PfPmKIy450A39/Lrhi2+6+/E7yjrv5YhijwYgLsg84wZsqoAtnZwywKJowBgBSbhI0ju+f+lht5991JzPE7fmHcVqSXUlMm+CGcm98LZn1OaB0aP6urU3SKDUDrdnlANwPvJK6q9bxrOLBHegyCBLogzJpClK6IvQz563uOtTu1ptyuVyQNd1sa7rPtAAD9XMY/+4Uf55WVbBonk4d77/R5fMC+13sZoDxe3/b9fZhLCPFduUSMy4Z01heVnlYgpFw9kz3DefPy/2VYwxn0wm6V2VdsT8mBnbFuE84ULN51NbUeMlaFggxrLZpkRBOmlpX3sj5+DOwiVbRtOX0Dw/2Bv3v7C3oZB4CpqOUv2ZsVO/d/eK+0uaSbPAgoJ04BhqR9QiBUYjrwkAi/B2CwWigAROnzrPf+8NHzrp8gPdoE++kbjyu7958k6dD3KmqkFD7CHHIVQHbGnAcwwoqg4G0MDzJD27Bdgy4Lxjoz/73PtP/sSO+RICeNuV+92FYNNppVuqDLd29s56Bxbjqdq8UjHd3hLretnvR2/XbiQEMzAwuigY9GzcWYOBKBWxA2MHdljVarU+ni+d+qdt8FDdopFGC3Ben+t/3zc7SGpC2G03CNiEsI9tkahUgrmC0oYoRke6hurlQjTscY+Ewx5yJkfEzr/DJOkZH08fK4qOLeGwZ8vubptIZGfIcq2pp6fjRSJV5HLl+YVqdWHE3/KnXTf67q7d8UKh5W9uPeum32z4M4l7MBHAdplkz43QA0mEct6RHXd87gNHX3egb8Fjq8auuu3+F+9Q1IY0BBaigehIrB0EtKf7XrSs5/ufunBJQ6yfSts8PHaOU+RSLdEoqXhtVasQGE5sPXP+rBn3704HQuJHhseTi1wCk4xEIgPZejbuAAfU64Yrn8/MVDBr0S5HVcEUy2JTDjPilpaWfSeZncpY34t9bELYj1UlYm6pVHKNj48f6faHJYbnxJZw4DmSJHV4ePRcvz/0hs/nXL8nExchjsHB0VNDodhWnueN0fHhi4Kx0CNhz+4JZNehNQhhAJgXqlvO+uZv1v+JEIJFIVJYba8zoBFqEMd5Szt+ev3FS9+hkd+PqcOjK0euvu2Bl36hasRDAgBTTIMQTHI82Eu7eFnvrf914WLiuDSlRqJGN27cdlVzc9tjXi+f2DI09rGgx/tiKORduycnI2IKTSRSC3mPo8iYpmCaZlsmVTiKE9i1Lpf4QiwWI1IFoU7ivrwPCp3SMN+znWxC2I+lJS90LpdzklimRCb/P6zoiXTFQj+bzGaXeUTxtXDYT3Ij7LF+AnlUulCYXy7UT6VZSgTE5LpaI79HCDUsAntrOyQE5vn1m99386/7HzSs7WXZLSK6761ZVoMQLji662efveSoT+zrOXv6nUgIt/5h+R2qhhoSwlQJ4ZLjZ3zvk+cfPmVlJtEd5HLlhel88eJYtGllLp88oq+7/RaEEAke22OrVquRQqF8GkZ0e71WO5JmIBXwBe9mGNjg9ydlYio+0LlPp+tsQpjiapPzKsn0Q9M0JViCUwKtb3gy+R2sm9aMGd3f9bnFlwCgvLMQ67vPx42XqOHUA871/dvurUr1lkWLF5wjABB/gYaT0d6+XjsLy27OVN5346/WPaCbWoMQ9iUhEMciQgjnHtnxk+svPvJTU5zuP3X7+4qha7//x1d+qukUQxyWpn5kmPH9T114+JSPDIQQZBmaEqnUpyczuZMPW9D7WSfPk+jHnVWriIRC9BCNJLC75KOgq1X5iNVr1v7K7fZQzW2x3zs47skygOU02GQgIGZ3zc94oDi816+zCWE/VpgoEsmmIi+7LMvxyUz+i9WKtMQwtFJvb8ctpqYRV1niY1CxLMtJqgpRFFU3TdNgWVZWFLNVM8354+MTN9SlemDWrDk/FlmThO+WMMaFQEAdRmjv5cxXbB09+Wt3rnlK0eQpSQiIRBdiC84+vPVXX/7Q8Vfvx3Tf0fWh5zd/+sd/XXGbabENreVOQtjXkeGasxZ98cpTZn5nT88lRFsoFEj8Q4xETlssa6oGdI4n0l8anUguWLJo5vdFQVgFpllhGCavaVoTRVEqTdOGZTGqgSRGoAXJMCCcyeaudDhF4n/g9Hq9Lwf9nkd3VMtW9hV1eqC4vNeuswnhAFYUZ7PusWr1VHcolMImzMgVCidVy0Wmu7PjZxjjnGEYSjgcTqZSpTBN6wpxmJFlRFOU4ksk0p/gHY4gTTOeXKEwc2Zv552A8ISpaZMURQ0Eg0HiCr3HtnLT2KlfufP1J2RVmpKEwNJ0gxDOOqz5zi98cNlHD2C6DQeqB1/Y/D+3/3Xl90yLbewZE6gpKRWvOmPhDVedPnuP5d1IBSZyBEMIeRs17gCcNUlfmExlLnJ5vDlFqVDtbS03MwBljLFpGAaRskAQBMk0TZ5hGMOyrNax8YmrRYcz19PVfouqApdMjp3kcAj90Wj0lQOZ83S9xiaEKa48yVtAPmA5AK4yNLY4Hg9vFUUxm8lkljkcHjWXyyzL5Yuxttb4z0mmJEmSEIk7Iv705BEkzqBWU3qr1fKSaDS2heH54NDw8Cc9HrcS8Hifpyh6OcuiomSxcAAAIABJREFUEa/Xu9fQXyIh3PCLNxoSAmJJktS96xCIhECsDOcsbr3ri1ccd+0Up/tP3f743KbP/PThlbdamEONFO4YNQgBb9cx7rFd/b5FX/3QqTNv3lMH4jdA0zQn6XoMGYbfArppcHDo0tbmlicFgRsZHk9c4PV4n/N7fK9yHDYx3p4mmtR1JMcGXQff+Pj4dU63oxoKBB8PBLwrCdzELySRSBzj57hNzkiEKBWJO/PbBXIPFIf3+nU2IexjhUdUPGt0pHBRRVLaOQalvDzaNrcp9pjT2Tj7c8Vipo+ieFbD2JTKtbgsa7Qr7F3LW1a5Hq4bTIL41QE4HA52YGDo0nh76ysOxmlSlB7CmIptHRj8WGtr+7Net/svimKUwmHn5N6GtGLLyBlf+fmqR1VdaRACNveeRp1YGbYTQtsdn7/8mAMyOxIJ4Y/PbvrsTx9Z+R0Lc43hEQmBQ+Y+rQzXnnXY1644pe/GPc1pR9JWD8dxTpMW+dGRoU/xLF2NR0IPMwyTq8oQGBnaen53Z89POc4qMAzD1mo1CWMc5DjOGB3PfcAf8I743PwEcFwl4HJt3uH4RJgKrxooXlezzO6cJHc6GHpwVix411RTtL3XX/7dzc8mhH2s+kBBnXvbs/1vlKGVp6kaXLskdtExLY4/kcuII5KWTndIPE82X0llGLmaSoUnytKyYS10SYC11hsGDmq6jEFXsWqh+JkLYpdhzLl4HjDSNDop6cuSmfzpc/vavwSaViX5APd6ZNhaPvNrd/zlNwWJCoosqbyEG668hq4CJmK86IC6LDX+5hQ50FQMJo3gvCNaf/bZS5YdsJXhgSc3fOkXj6/6et0SOQ5bQJO4AkYADZOAIw04hgEiC5FMSIAZoHc4Rl15wawbPnT84j0eGQghCILAmmbFIWliVzYxcVZry4xnKLc85jJohRz+H12duB9TnASCuywybIqxFF0yqQ4vpw/0+Y2HnE7nJCEHEmwWCARI6vm300ANFWrzf7x860sZPe6xjBJ88tj2i49ucfxxOr7sU5mzTQj7QGljXjvizhc3P5NTPE5s1eCC2YEfHeWlv/3/sfcdUHIUV9evc/fkPBtmo3aVhSIKICQkgRBJBJlgk2yiEWCDE7bxbxtsg7EBG4tskk3OwWABEgIkJATKeRU37+zs5NAzHav+U6NdvMiKCPyBmD6Hw8J0V1e/V3276tV79yIn60W0fQKlhh20xdHCqPIWXac7ysvL1XfWhH/x9Kr079SCBqbDBUgrAIdV8FgZuHZa3VinSEVFIEmMqg00oNri+VMkgdta5nd86Ha7P83E21vXXn5v00/ueXnpzRrjsrAUDYpOchMx0AzJUiKZisSlNCBTBVLLQDM8IAbg7Mk1f//5Ocd+7iXDPxesuemxN9b8Kkc5REJrTshZNdMERrAAmYOQug1SgohpGgwTA0cyJMGEa0+e+IfvnFJfLJ3e21FUcc7l9ITDwe/s7J7js7E7LBZ/knWgpJGh3QWaZ59Z3vnW1kg+mNJoEFkWGFMGAsHHDwm+dvFx1edms1l7oYCcokgxDoejtVAo+BOJnB+Aym/LUnOe3dB5aw57QWRUuGRcxQVTa6WnD+bl+CaeUwKEA84Q8PB/r9o0ryuFBtqsXOyE4aHbJlTZXk0pSlkmq54fi2Ynmwgjkc4/x9F4vQiQXZfmr3quSf+5qpnAG6TAibACmQQQ5OuOD472cKiLbF8KgsDb7en8qqbMWeF4umZwVd3rVre1qGQk2+1ZcffWGoQAUCoF0qam1Sdtb4tNbIqh4Sbt4AxTZQTg9OIEnqJNXTelzkh0YHl5+VaGxgZS8gKiGKFgapZjBnufv+j0CTcTmbhDjbiTHIgPPtoy+/01XVcotMWCdJWnGcMgmRCdHZnBleX+rRhpFAYKUyyLDcOQGKAxNnWmxq1sPu/4o39RUV/R2pXBPhNnUMjhyIXDRbJlnGNTQd6QuJScGRCJp48bM8B+N8/zqgKK087ZCWriu95p/WhHAhpMRgDDMIDGRjF+ceIA/uUT6z03FMAIyrLciAxzsMft3kyLfIRn+Ha/39HVFIPxb2/a9YeuqFIrCGbqtDE1P5sQcpLdh9KxFwuUAOEghkU4i/1gA5AADCcA2VosqhSRzEVZTg5NF6CGYpX1UAA5n89Lm8Jw7Uub1Z9RyAQVYzA5EUiCXMBG538y0d1QW+sPky+jRmsuvRAIvfzelofXbe8cLElSnMYCwgw2TVRQJCxig+UkmtYLLiHfdcww37Ozpo16mKTw9tcu7CsEikajlmVr1l86esK4J2p69Riam5OuAmVIEs4la2trtQ/X75xJS5Y8Z2qGhjFyUGyx2pC8eCyHEcLcp5l8pLoKRENzACRCoVAqEon4yvrxLISzYf+Kj3ecc/qMyX/vL1ZD2iM5FWRLsTsHzgVvvnFjLO9o2JUWxyjZAmcVuKxm6rxFgJRsKhZG5+m8rrq9Vsm49MyGM4awlWtjtla3z1eTSKVS0h8XdG9uSejlLGBQlDwwFkJFAXB8Nf3xtErmRxaHNcXzYl6SKIowWO3p0p7dFHegApikvuQgXP6NPaUECIfp+mw27Nd1QWIVJa+wrEIION7dEP3+wx+G7ydTekwhMHq/bA5ex1eOEWYFneJ6N02r4HRCvGBpePjlVS+vaUmGyNdP5GxAsxyoWgZ4YMEQNdC1nDm2MfD+Hy+fftKBKMFenv/uz0fPmv7XOooiyU6fHiQw+PayHRc88taGeSrinaApMuYkC4ULJJmKvPskMapPj5L8TWNSKqFozBmTBs777lkjf00i9f2Tpwhd2YfLN31/9inH7TPPoBdsmDueWPzcO+tSc6ySB/JyBiSHDfRCBhAtAI9YYDgBRKzA9Rc1zqqocK6wkw7naaa9kBv85HrlzR3RgoM19aLSlMFKoOk6nDXCO//CSf7ZRBWa7OJYLBazP4fkYbr2G3l5CRAO0+3xeD6EMWCvVyJ04LilpYVZH8U/fWpD4RayASAqaaA4sTiQHRZGOWcI/T0rR+U0pFEGYkWHyCtPvt1xX1NEDxlEQIWWgCw1KA4B6KSi0AGGmYeRA+zLb5977KQDdffVdxb+ctzE8Q/2sTL1P/+Vj7Z89y/Pf/yoqlIUpytAWwgl2f63LVUWwTmT6h67ZNqgH/j9fjI7+nRbY1tz94TW9vZJJ045+q8H6tezC3b8/p8LN9/E0Hwx4KkgsmVqgMgiMFQVDIYHn90Kc8+pOq3c6diRLMhD86lYOc9Iqec3Kfe1psFJ81LxWl3TCFTC9Ebrwjljg98ipeCOXsJgh8MRO1BfSr/v2wIlQDiM0UE+YtFoNAAC2LGCM6T6MRaO+XZmqdOXRcQb1WzW5NxuRlcVmsV61uuyJeaMtH3bbuOjOIexpiXtndHEyOfejd25PYZqCckqjzlQFQy8pUhJDFhlgBUYOKrB+cFvrxh//IG6u+C9lT8f3FD/ZlWVZ0Pv15l0q7gMeHPJ9ovufOnjxwHzNKPnitRuCvrPtuWe3IrkvxkO4Ozx1Y9/69iauVVVVZ+Zbu/a1XNcezgyfuqxI+48UL+efqf51icXbvwF4YxkwATVZEEQOcC6CQxHKNUocPESzJki3hRyubfzNgkqyqyrNIWzvr459c9wUqnVKMFiqqpuqhndYXfB0AD71kgfflCSuAxRb+J5XinNEA7kif3/XgKEw7AfAYRUqrtao+wDw+H4IN1UuwZIzEJ3fX12VWtsKiv36D5n1RaLxTDIgjqmchWDKhxNePt2ARoaSPIM3hVOVj3w4o5F6zvlAdhMA6EppxkLEMl2ChDwmAWT0mFQtW3d1WeOP3dASNzWP36wZ/cXr1hzvd3p3j56YG0xcEZqIPrW968v33XRH55e9k+aEYHSs6AwEljItuF+DtPU4YIpgx6+5txjSA4DCUh+WiS0qmn9BbJGB6YcNfwvBzLj3+fv+turSzquo1QEPKUXt0LJzAdwACg6CZhnQdRN+PUVoyaFPNxmwRQsWMqaVJ6mExQ3kEJIM01W5ykcTyYjA2Ta6qoMWFboWcUny/lGjmMZm9u2vdznI1WRB6j4OlBvv7m/lwDhEHy/RyCP7ACwLV3dF8RjifEel22RVRRXa5rWFQqFjHXrNk8oK/Nu6x+E67tVXzvkZW0ON1fc93znG5u7jOEUIwNtIMDAACMyoBRMIEWRhIEo6FAzk0cIz9glLauZUpXV4SiITCEusE7FbbVu5QU6zot8eldr96kCI6SnjB/0N1J52as2RajdmFeXbr347pc2PqyhAvAGCXbu1o3c30HYkC6Y0XD/1Wcfd31LSwtdV1dXjE2QnYcV63ddSXOGXj9k4AuQBMizWZY2TVsulyvTVdOj65okK5JXURJ4aVPs/JWb9RmmbgBIJCYrAK8JoCMDOAIOjBUcLAXXXxA4cdyQxncjkeQwniecayhIYpRGkZJNTGhYQ1gDFI50jS2vr5kvGIaGEKqIxdLTcnm5sW5ww11uUewqqTQdwsDud2oJED6f3YpXdXVlJsfS4emCIMQ9dutHkiR1FQoFUvjkkWXV7nRa1/VnVNrzViSw35nNOu97dOuS1a3yEE4wgNJN0A0MnIVoOlCgm2ngWR4mDAksnHvmuHOdTshGM2qtVkA+Q+mxxLJ4OIUVNS/LLgMDtbOl45R0Ousd1FDzb13LcQixjEAZHXaLt31jT3b8k4sjP2RFCjgd7ZaDP8AIoICHE0Y43ps+svx+La95rVZbrqClXQgz1lXrd1xmE6V8bU31m6ahCwwGzHK0yfKCKfJ8lmbFgl2it9G0mX5rTc+Ni1cWZhNCFSwqoBgmWAwWkEUHpKmgUxJUOhxw9VnBmZUucSnDSI2iSEtIR+OBAjcC5GEY1m9g9A5CqDvekxglWq1NdhffZBZMnmEkTVbk4RSis7RIRSr9/o0RACEIkO+d2ewf+Q5jHBxJl5YA4SC9ubNLG/dua+pPSHJKNrm7fWSAv89rFZsZi8baebsiy7KV4ziTYZhsR0d4vNUqtphm1Y4D6RWQJcPfnvz43ztizDCK1oEhym0MW9xes/BCkaPQUAowcXBg6a+vPGbygbq7vT06tbW1c8bYYSPvYtkc19wdG4q1vIILLPdJW/dpjy3suJERoDhDUICUT++fL8QwWThhmG3JtBFlj3IMB16vpw14pFsFh/zJ+p3XD6yXXhk5cMh8ao9djT37+fjbG//yyoKu6xFmAUkqFDQF7BQHBUwXCWhJwNDDMfDTbzfMqgpYN3GczWYWUuOB5W7GFJSReqZimxSzGTC1JJPLOHPZPOuvKHtKYtQtCCFd1wW3z+ds6u7urmlJm1PWxqgrs6zdL1Dp5hMHha4f6qIOKCJ7IPse6b+XAOEgPbx4a/zyx9aEH8oyNqqBl3ddNaV+Rp1baslkMl5GVXmdQ5ai5nFxp6H91GDQ96+ysrLWA3AcUM0d8ogHX1v50uY2pcE0SYUACeTxoKoqWDkGDEoAZCpw9FDvqv/3vQnHHYiApTUcH7Zxy7a5p06fVExT7tOMILORV97fePndrzXdb4BanCHoDAfU7lqhfR6EEOk70+v/Nmdi3S+DwSDZZfgUQV5Z+MlfJ4yqf6DC52s6kBkfe7Pp4Vc/aL2MxDApHkFe08HLi1BQASSaAZXSwGcR4QfnDzyzxuPdjHnFiVT5eoq3XFC0C02TLVECCGCaZjvGOBruDnucgbKFbsZ41KRRWNdFdyDgLuo9ro3oJ93/fstbGgKQmEz6qglD54yskYpK3aVj3xYoAcJBjo5FW9NzH17dcW+atsBgrtB+3fQhU2tdVDNZo2OM7QzDcLquc4lEYjQAA46K4KL++gJ7uw1Zh3d3p6oWrN5585aW9BSPw9Nls4qRrKp5DMO0WxgqXTAYG8cjubHS/sHsyfV/OFCWIdkGXbLik1vPOGnqZeTclmi0vMbnI1tx5qsfbrr8Ly9uelBDCggmgMHyBwQEUqdw8cyBf7pi9jEk/ZjsWHwaVPzXO0vvPHbcmLs9HqntQGZcvKHr++t3ps+gNFU3KQrHE/l6Ny/1qNhwC8BQ4WQ4UBEMZk+fUnWF1+kI59T4WLfFUqbqcIthGFaGYSgCCqTaUdNNU5IszT09PT4V07mglf6NwEsrC7TAB9y2taQvy5uz5z++IvKMYiACCJmrJg0/d1S1+PaB+vlN/70ECAc5Aj7elT9n/pbIbYZodbi0ZMdxNda/lrmllSJtKBzHGTRNs4QUpaWl7cxQqO4ZUaSSdrs9uT8Jsfb2dikUCmkrN6w8jZVc6WAwuLGidx99447OY4cNqFhxqOIqCYydSxcuufeYE46b66WoTH/dyZfeXzf3Ly9tvtcADUREAnkHloMHE+A70+rnXf2tiTf0j96TwOjzr334+MnTR/74YPf++wdld3ZkBtZX2lvDAIwtm5Wae3pGZrMwZlDI+RTLSoGckRxuZaRKAHoMxngQ4Ukg6s6macq6roPVak3Lhby3I5qorfa7bxdFywfJvOqtDvoWd3d3u7dFCnM2Z7lzk5QlKDByeNag8p8O83AfHqS7v7GnlQDhEFzfmyJMKhuLZJ3huDo00r5tos1mS0h2R49m6P68nKsu93leM01T9/l88X290IRW3WKxiLFwbmha7fRUBKuX0zSd7xN7Wbdp54yRwwYc8hSX8Da8/vbiZyYfPeYmr9e+qRd09JYWYNe0rr/y7le33k22McmSgRAo0//JM9qrJWiag/OOq3lg9oSKH4VCIbUP4OJx7Hh/+Sf3nH3K+KsOtIzZW8Obt7WcOnRg7ZvRaJNd1x2mJKn8ttbc+X4Hs9NmKysINkbDBaMaUVQdUcgilYxFKkeaTiOEJIZhGISQJRxPT+QAdnq8ntdjiUQVUNRWvyvwjtdr6ejG2FpGUfLe6OwOwe3fqFNLgHAY7iYAEUkmhyV64hMMEyoTicSw2gG1z1s5aQOZIciynA8Gg+Ql+kyEm3y10+k0kYJzrNsWnVs1QHzRIUkdPouPULsX6yS2t4enSk7rxr1lHO53zU9SlN9d9vyYsSN/T6bPzbhZrIVaA1qAfaV53dy7XtlyJwEEsmQgEuykInF/B9kEvfCEuvuvnn3Mdf0JRnpyPWUffLD9rm+dcszlFEWRSP5+j16qeqKBSURYLat3Nt8wZkDdnalUKsgUGNmUTCOr0I1dzVun1tYPWY2FHBJ1ERkstgssS5mm6esVcY1QFMUahlFBQEI1oHFzU9OZdruzze9xPVdXU/kA4ags5SIcyCN7/70ECIdotyIIRMBCiekgrXMFv98aJoG7VEofumr75l81Vjie83vKlkuSFNvfl5O0s2VX9ykeq9AWDLp39J0by+crqYLp6urpPoMWpO1D6ypfOhjl4qJwTDZsZzHr+nDp1r/X1Pmeqa0J/Ntr8Xb0PeLzH7f96N5nF99pmAwgTQBOUgCh4rp8n1YgSHbVWcfecem06iKVOuEvUMtVlN3FTl+zesNVs0+Y9gODRzqtKDThjSRxBkVRXJTVmrepNFuAAgE+QpHGmABumuZEQzWGtHW0ntZQX/8Hl8u+gABK33Ii250NdKcTJ4UGVi8WAUg6OJmREaZnugAgSgAkHkLnAVxKxhiZibVMimfRtNq6ur97HdyL2WynRdNEQsVuBIPBYuVo6Th4C5QA4eBt9ZkzyVScBLoI/wEZoK3dyZlWt3s7B2kz3qmMZwVbT03IVpzyE91Bkyt4GF5SGRqYbE72F5ScX8+p5SOHVhMBkk9nEPF4fBhZM0diybNMDJtGDG6440BJNkVZtDDwEZp8PG22Dau33+7xCUsGVle/YQvaPn0pFq1uvfj5Nxb/pKaqZj2D7WZOi0s6xRKOwj7lZxoRCTlCbEBhhsxkUolkxYlHD37xnJnDSXFT8cB4E796nXhaW1v7STOOH3gTQrqp6xbDNE0kiiKfN/JlNNDlkklxWLA4MTbKAJBb100/RXOOQkE9KhLpHlxfV/Ogx+O6C4CkNYHc91XftCt2XZqyj3XbqI9cItdkGKZXRyYt2PmdFRysh0TC2lMw6hQ1V1VdX78kmjVGpNLJ0Y0h/0OxWMyDJQmrVmu6VNl46IO7BAiHbrNPr8C4XaKo3fn9O1paprtralb2BvLoRAEqUi27JOQvsy9pyv1iXWv8WJbGKsKYUSnWQxsqHlLu3HjNibWfKVjKEkCg6YZYOjtFVpTu4YMa7zrQ9Lc3tsFHIcpRMcqxYUvbhSKLYsNrB73uqNhd7NMei1Uu/2TlhZOPO/bRA+1+9DcJkb1/e+lHN4wcMfD1ITUNq0jsg+d5dnNz56yeZGb05KMaf48kyULl8xThMSAp2jRNezRTG2TlRFbRzXE0bdjJzAAhbKEoTsxkc8MTiXhdVVX50x63+1HSPQAgM6ricumN1V3Pv7U2co5VklDOMGgKmyAyWC8L+uSTB7Df5Tmux2uxdLrdInk2kjlJdXb2jA+Fgh+RXR/Cx4CQP9snJHsYLv7GXVoChMNweXMsM7jO52jq6kpUMwyvBnu/xr3rZVJSbHQlCzX/XN7z8sfN+TFc745dgbODaCowtdG7+Nrpwal9QS/y70QiMQFjujGTL4xMxJNo7KihvzzQVuPaXeHxq9b3/FTBeRfNClyiW2vAkE0GAuXtDklsY3iHurlpy/gxo6ueOn1C/T2H+sgbdySnvbhw+R8ClQMjFpaRdS1l6exODzEZyT/Az71rAmcXWZwfUet9OVQufkhIU3Ud13I0W2aCPh7AcBG6OYQomgKWSaTSwwxDF8orfK+4rK75OtI7OY5roajduo0vrUm89uyyjtks4ZGgcbEikzVlqPTbC1dPrhxXXbabN7H/c+BmLLZKreU1wZquZDIpxt1upbEXYA71eb/J55cA4XN6vz2d9qxsk3/tYm3tsVy2ZvQA30MNHmHj3pp74L22lz9qM84y5BRgUwOZdwHhTjummnvrmpOHnEzW/72swEw8lToZMDOooBveru6e0ODa8uucTuc+VYsI0crGdnzuY8+t/Xtc1ShRsoGmMoCZDNAcC5whQ8GQgGUouOL8cdeePtZ376E+8kdbsmff/cSHz2YNhtPyWQh6XJCWZUCMBIKRA8xaQWIUOOeEwY8fM7z6dzStsRTPOFlDrkMUfwLDUEEAzCFSdIRp1NXZPY5lmazL6VztDXgWMqBvAuB2kmJRskx5fmVq/itrwieqBAgwAwxLAY81qA7YEz+aWlfv8VCEw+EzR2c8X7Vg4857XVZ3OyVBx3C35akBFZ4D5kccqi2O9PNLgPA5Pby1OTP42S0dL7bF9YEqIOqE4eWPnl4d/ClAAvKmGQz5/c07duxgHAzjemhN4fW1cWE8h1RgaQQyZwPOKMBRHthx1nDr9xgGc6IogMAwYkrOnstykhsDo3d395QNa6j4DkIo5fP5ilNjUmBElOBDoRDZHkAAq6iPN/qPv++Zba+lDJBIBMDQGWCEPBgYAW8CKJgHESi45PTaG+dMGfinQ33kFVsTJ//p78teUlhRIpVFoFPA8Qg0RHgTGUCMFXA+CpedOfTBE0cHfmGappXnwWEYuXEGcpxLAQQAEE0EoU1E6buaW8c6HLZui1VqFyS+C6lKj2rgHhoZqwAEZcHW3J+WdChjiHYlMgQguvIM6FDpFPJXjndMNhVqR3iQrzCNzMC6uizIVi7t6Mx95+H1bX9jVQEc9mzy4qGVs8cNCpTyDg7R2SVAOESD9Z2+q6tQc/+Kne/FFalOYSiYWi0+fVYte5Us+w2HI8F7vd5P9RofXhx+ZmFT6nzaVIHBOuisBJShwqhq97qfnVo3gfAlcpwsyLJcFk9kLlE0/ShNN72t7R3BYMD9IcswnbzAt5AEKI7jgBO4Lh7zWwQBYuXl5cmFK9rmPPJC0zNpMGmaJozIAlCMBqpBA0ezoGMWXCwP3z2t4upZk+vIttwhHcs2JM969Lktz0bVPK+TkmzKDpqeBFGQQDWyAIIXKDUOF53SOO+Yo2y34zwu1zA1BpnyTKVAn4iwLmmaxhgGQhgxRmtbu1hTW6XabJY2t9v1ocjDEoaXPvHYbLuInsILn0Rf+de68OkaMkHCGFSEgMEaHl5XvvLGU+qO3XMJlUph97Id0Rsf3ZW+UTQsYLelMlcdVXH8qNrdacyl4+AtUAKEg7fVZ84kwat5q1PvqRlwZihkP22E/5ZZDc69rs+f/iT5+CurOi4RWQZ4WjURIzBKPg8ThtV/fP1Uz8T+Dedj+co8p4eQTg3Z1dZ2eUXA/yRFQw9CFGMaeo1maCFN1QqmiTeCCS1ke2Jzl3nOa4u7fqhwBiCUB/KVxGACy7gAOLXIgszmFfW67wy9/ISJjU8e6iOv3pWccttf33tNk1hXHiPgaC9QkAAKYWCxAZgNgqkm4MxjA8+OqXM8Q9NcuYLYaYIIoyw842Y4xmBYKsOyYpRluOSunS2zamqr3+UFdq3faX0QADr776S8sjrx7AufdJ7HCRYgMjOaCUAhFYbUBJr+38zg2L3lPWxpzh7/2PbI04zMMYiNpS8dXjN7UN2BaywO1RZH+vklQDgMDzc3N4sORy1vmlFEuBT31VRrHA/duHPX7Eqfc5GakQOmKEkOydYVtODmPYVZIpFUPWNhiOTT4G2trb8JulzzPTb+WRYZCYZhOZMSAyZiVZEx2+x2e5ZkQi5a03bGvOfWPV/AIs9hE1gEYJCdetYFhq4AYm3AagW46qz6G2ZPbjwg3dmez7F0U/KMv/5zzasFGgNSs2Bh7aDiPJiUBShUAMw7AGsF+P7pNf9vdrVwR07yORCNnJihR6pImcExNMUzIBPKNFXT/J3dPceWV9Yspnlpmc9peXTPXRQSF5F1KpQuyBXtBceISrfwSWf7zkkD6gYsGxyQlu9PFr61NeazWHB2f/44DJcf8ZeWAOF/4GKydRfXaV9DwLmDbNtha9BSZoP0vtKacXu7lBKEwR2RyE1WKRiE3o8rAAAgAElEQVT2OR3zEKdETdm0IX43C7Ou64m+6sNFq9vnPPjCpmdyJsORDB4WU6DjPOimABKnQlZH4LPa1MvPbrxixpiaJw71kT/cEDv7r4+tfiEHQOoSwcJYQUcFMGkRWJwGkBygyzm46JTQbeedMO6XZPZkmmZQZ5iAhePKNNMcgwxcBSzLqAVtQKS7q64iVPk2zwvPBJzWf++rP8X8DTPhqaz0thOWqZjL5SGamYfa/9L5B2+BEiAcvK0+95nNzc2u2traHJkWE0AQBIHbnyBLUd4MoYGZrHZ1HitCwGO/3wpcs8ZxisfjyYXDYZFlWZp8BclW5Turtl30yCtbH0wbjEDEXVmTBqBl0EwRRIoFnaKA1hS46ryh153yObYdl27smnPvs5uezAEWEdKB1jlAWAZgRRAQBWQZIdIA3z2j8bZjGl23Eb0Jko+QR3mHgGkHRfENBtBHAc0HMrns0elE1FlfVX4XrZuLHH7/tn0ZNhLJBU0uI1R4Koq7BTt3dgx0uSq7vV7q0/jM53ZK6cK9WqAECF/ywCgOajMjlJeXk+QbKpvNelKpgrO6Orhzb7cmWYfRaFSkREdFKpWfkcx3DAxVVjxkw3w0Z+QsNhbyhQJDZObzPp+vsKM9XbN6R9s1zy1ouSGLWCBxfyJ1yosGEH1aXWWJshrYaQxnTS2/78KTBx+SnBtJenp7ddfce59eeU8WG0R1GVhDAkzLQKgUkCoBbeWB1gpw2njP0lnja66z2Ww9GMewaPIGonUHzVh4BaEGmmZ98URihqrkherqijt0Pd/u81XtU7quqys2mLVyZsDp3E6AryOaGWACstX2ch58ya77RjZfAoQvye194inN4dzkoJPeYbFYSF4+SRG27mztGtxQW7lsb7cmcQny/wWv1yZnMo3ZnvzI2tqqf5smIirzLpYVkxynK7KsBzL5XG06yVfsiqRmLFuXPFM2MEvUmLGGGZbXcrKMXaIdpzSsmpxu4tlTGx8dUe14s6KifJvNRnUf6NHJlD2ejk/c1i7PeGtJ29Uai0kcUdBlRhQEnZClAMMTDuSc6BJENGN08I2GgPCOxEumx8+stVicROKe1TRNMAzDQ4KB6XT6JFU3BX9F2WuUxuZ8Pss+AaG9PTzebpe2u3pFZ0h/27u7R9iEYLvbvTuJqXR8sRYoAcIXa89ia02JzLGywVZSikkj2hDGVrqIOKwCkPUA2NG2bZtHDxo0bL+lzSRBp6Ojw5mKhQfbXP7VtbW1ZEOBFPpQXV1dQ3uSuYmagVFdhedJhknT3QnLgDxCnMBCwTQFBrEq6myNT6oO1XzCO6UcZ1K8X+K7NFYWursSs9w+26oqz26q9r0dsVisMhpNNvp85iqfb1C+OayEeJue64jEG6Od8gifT9wsWMQcKvB2jVasGARbjY/eINF0vrk7daFmZLxBd/VmC5ffxHFSpyiKhqqqXLQ7erxgEdptNtt2JElm0PafWos9+9Ha2jHDVW1f4wAH4ZUoVmCta41/qyWlTff7yla6QG0bWiku/BJc+I1tsgQIX7Dru7PZwLOrWp/ZlTDHIA3BrMG+B08dGfptb9mvnXADtra2jqitrV20r1u3RaMV4YQ+QQELH483V/uD5VtoitIkCqm8qRlqOjmQ4Tjwl1ctsynpqCMUSsEO4KABtF4JtaIWw5o1TceOHj14KblPf6KUWB5X9sRaJnOGwDfUlb/Qnw+RnBcOR4+RlUKZw+NcHXS5PrO0ITsA4fbU8BGjGz4T7e+bEbW0tPC8I+iX1Z6je1qzp1QEHW8VTJ5WGVFUDCYYi8fHOuzCx1Ye2lwu567GgHWvuQJk6dTeFTnV53aslCQp2heAfXVzz73/2tIzFzMWcNKo+8bTBzQQzoMv2I3f2OZKgPAFuz6Nseeuf29fuSVN1QmMBY735l6deVTNz0Qq2y04HJXY5F3JcPvQmvoqMmsggcbP1B5HZbl8+dbMLxes7bwogxxORSey7hzocgJCVq1z6rDAnQMrnfN9lB7XBUHTeV7kdV3N5VxqVdVu3UJC707+tXl7y1ifaIkF94hX9L68bLwjPiaaSwypqQktkCQpXCgUylu7uk8VOLEQ9JUvtFige8/+dXbuqIp0mgNHHz1w8b5qLEg5eCzW7gPNZV/Vk//JJ1taTt6VMCopRxnkCyrYWRPsVCY5vKFyyWVT6s7Y0wUklVtRlGBrOHqFN+R9lTXpGErkUQEj6d2W+J8XtuRn6yBCnccevmFcaGAgQO1zy/cLdu8R31wJEL5gF7dhXPHcW02vbUsbY/KMnZ4dEv4xvsb6R4egd8kqnq6AZWpXW0t1wGVdbHM41nBUJkbTosrzDsPlEiPptrT0Qcq8/aXVsStyqgkMQ4GJEWBDgSqvJX3Ncf6JA8u9OwF20OGwlbHb7VZd1zWPx5PuLaoigUsX0WbMZKIeU8GO6gEDVuzlpRPJzKArJY+NhLtPt1qlbqQjyiJxO6vKA+Rl/4w2ZN/1GzZsOFFk7bkGsWYN1AIhf9krmUIxCNjRIUiS1/O393Z9vCtJVeqYKkqwAUnhBg6mDgws+N708lkkthKJRASKEoOapvgpCmyZPJrWk8geV1duf4kTLU2MADtpzpn/sCV+44JNPdeYnEQFbFTb706srf+CXfiNbq4ECF+C+9e3R6cqIHo1WnCX8bC2wc+v6v1y8wAghcPRowTBjHtYS3ecFoM6UuxyHlnttNaayWTE5c3qzQt2Kt9CjADIkIEuch+a4LeLyasmuSdZOdRms9mKFM+6rhs8zxOCV4NIzJO1Qi/dGFUoFMT2hH7G+GHV8/bFapTC2J0Jx6duamq6yut0bj16zPCbqP1MwdesX3Om2xFos1r57X10b/syIfnSd3TEfY+uSX+4I2rWEs1KMBXgRA6QjmBSJf/hySOd3xdpRmOsrCoSfW0ogNvN5nM5PZiRlfqKYAVZWn3KgESWNDui+lGY5hQe51O1fmspL+ELHMMlQPgCjbm3pvqv3QllGuFjTCaTXsMweL/fT7YiyYtNgoVFGrJEIiGs7IIfPbms5Td5gwWBNYEu1j4gcFrpwjXH+0Z5edzFcRyrqiwPIMsWiyEahoUQvdKEZgwhROTPsSAIemtP4rjhA2re3hMQiqQqAHRbV8/UfCFfUTWg9u1UJDIsl1e9g+qqSbIQ4Y38L+n0FStWn19ZWbaQpulCWVnZftfuZOmSSqWsf1wU37wtYpYzNADPAuQRAEdTcPJA2wuXTqk4txcsyQ4MGY9kuWNGM5laStMon89H5N3J/9f3R2n/JbvxG9N8CRD+B67uJ91GXkIcDocJCPjLy8s/k8NPukKyGt9YF/37/K3ytxDvgIKhAY0FYHQdPDaAG08uG2j1F7r0Dh1xHEcHg0GNKE6Ta8lWpQ0Aq0QngmE4AYuopycyYPDg2mV7rvdxGnvWd3Vd57FRHzud5SvtdiAl1lRHd2xyJh0PlQcCSzyez5YPky/+2rVbTq4cNWQhRKNwoPRgAgjRaIv3vo/Ut1p69JFmvgC8wEKGAAJDweSg8tLJI8su7N1BKRLX9sY3uHA4N0AQtM7+RWL/A1d9429RAoQvcAiQ2UDv16xvcBNx1P9iMe3o6PBms2qFz+doEchnXI9oqmo1slmlEVjMt2T4U99Y0/H9jEFbKaAYnhWAw1j3uqT43JkVE4M2G4m6/9fafY/ZCNuaB3+ks3OMqeYpp9vVAYyNFygzj7Md9p6exNG+qkYz6ODnk9kK0TsgcQeGsRbS6fiAnlhsvNVlW+sUA7vShmLlJD5tFHRXJq3UBap9Ky0uMXYw0X1CC3/P2x3LdrYlh4osC7qpQR5okCQJZjZK9w/yFJ5gWBHxNDLcgtAukEAp7fLFYj21dl7bUlW178SlPtf1BlHJWCbPUJJsO4wxXQKEwzDewV7an769PRYrb+lRZ2Z1CHkctm02iekRc92ZQqFgE+1udWBd1ceESn1bHIarFLDZSKzGbreFdSMvaSYXnNTg+MeB7kvut2jDrhs/WJO8NIaEeoHScwxLsgZZ0YMzkeMbbLcNrPB9oAqORhtX6DRNUxVFMUkSiGiaJlmQGVKK3R6JjV7cZvn5zni6nhFElagiIMxJkt0WHVFleeHEse7fHgwobOoozMjJssPudIR7oj2NlRWVq1QD3D4MawnNWUdHPFQoJPyGIct5bBu2KSdcFcurtXaqsHlGlfeG+vqK1v09czHVm2VpwzDQ/rQ0D2S30u+712al40u0QO+sgSwTRMput7Ym0ElvrAv/PpZHIZExY1OqpCeGB5mnvA7HLgVx5ZV+x9b+3WltjdTX1AQJTwDs7E6MqA+6CSsTiR3uV4Ptjaaev7z2QfT6OAUgIBUojoeCgWGQC7Vdfkz5jAFKuj1fUeHJ5/MVNE33AMmYQsgg//TGG8iWqP3plenn1rVlj1MQBg7lsYmJPCyvThnoevLKmQMuPxjTtff0NIb8/jbCmdja2uquqalJ9pep790dISnb/Ibu3Hdf3CzPi2EenCKCcwf5rhhi9z3Vt6W6t/uRYqq++ElpiXEwHtn3OSVAODz7HfLVS1tTVzyytP2hHGUFG2fC94ZI504eWvkieclj+XyZ32rt6t/otuaeUQPrAkV5sh3R1FgH1jr9fj9ZMuxTUIGA0EtNyfufX5S4gmE1YIw8aEQjUrRBvbXQMnd6zTEkOh+Px0MsyxZTpTHGJkmJNk1BL8qlaZqe8/n0J97cuWpTGIbmTaKRmAeKYQGbFpjaILx4zbTycw5kgM6MMiifyFoba/1FoVUSzOw/rSezmY4MuLlCRCVByo93xM58YnX8lRiygIhycNHR3nNnNAZIzsY+j3g87iCAgBBCJUA4kEf2/3sJEA7Pfod0dSKBnWsS8hWvrdxxk0zZXSbNwXVDtRl15Z5VsixroVCIbK8VYwPkpc7lwJPIJAdWV7hJHgGJwtOdnZ0jnU7nTrvdTr7q5Dyy1VicLZClRt/OwL9W98x7ZEX2WgvKAotVMBkraIwFasR8xw9n1U+s8lk6SXoyIT+1WCzZfD5vI+rVRBmJNGWQyglF0Z9el3t7dZs8WaNtwCANMKJJDTRMqeZfnTtrwFl9YrJ7MwT5rXVn67hARU2bJBVJUPYpAEGAoiMDjtZY/PgVLZEfdOWgHiSn8N06c9rQhuot+7u2r4KURCRJPsYhOaV08mcsUAKE//GA2JkoVO9si56CeY4Gk2KHubmXLRYqS75w/Yt4el9wMdrRURWoqipW+xFAyGTUukwmMSAUKifFUSRDz0o271OpVCUluZh4pK2Co6jUx+3mL1/Zon07TzPAaFnQEQWcKEKjQ++49LjA1IHB4C6ShixJklWW5aDNZovm83m7pmlQUVHR3tHRgUOhELpjfuvy1S3xUYQEhTbyRQVmRAFMqhXfP3WA9AOaZrM2G6vxvE9xOIAUPBFlpuIWYk9PYgItMJrkdHZYAeIEaJLJpLX/S9tf77HPFSQmYJpWERwAIYeD8EbsV16KLD8ikQjJ8YADbYX+j939tbtdCRD+j11WFENJpewulyuzZ1yATIVRoVDmD4WKnAG90XSuPRI7QaSZpN/vXteTlscbcsKr65TdYCU9UOl9w0FR8fc3h3/26KLttyusFzwSA5qqg45MGGBF0TPHBS4tc7Of0JLLweM01jSKKCuzPM9HTdO0y7Lm5HlrRNNSjkc/KXy0vUf2EECRWIQ106AIkevUoyrfO2Ni2emWLEiqmq6WlXyNaZoSLwgpm93SqanImszIIwfV4n8AlJPofzHzkWyr7o8L4vO6g8xGSrsMn9d6/7muBAiHb8MvpYXWlDY2lsdDlJxc0VjtftkvAEnQQem0UpvIJk/obO+YHfD7V0s2sdnndC4kBUA5AIcNdjMxrd3ecW6H4ZjOmnKE1tRMNpurZwQb57LQTQFRWclRVNbi8wFvGHmr1ZpTFIVRFMXP22wyY3JKT6p7gpzOWVXRJ2RUypNIZ2tCZd73OIbTcoZWw2hpetqI+jt6g6YkxZBs91FZTaspZLOhHS3tFwgcH6uqKn+CEcW4V5LCW9PG8Zs78pfTpp722qU1k+uK9GmlbcIvZQR9vkZLgPD57PalXkVUi59/d+fCpoRxtMTS5vAy65oJIeGPVpyKckBRdk8gFUvLJ4iS2FXmcZKsQvL1JV9IEoNAPT09tryuNzorKppdAIRdiN61a0sdYq2cz+HoUpSUK5WSBxVAGF3lcy0wTZPjOGuGpmlB15WBiVRitKIZfCDoexp0fTNFUdZ4PD6w0mrd5K6rK/IQdHd31wV1vRtCIa03vkFyMHTydzKZHJTPa4HKyuC67u74AJNhNKzm0Os7lAcWd+JJNIWh0c1svf7kARPcAGRmtG9xyS/V0qXG97RACRC+gmOCZAT+7u3mHZuTdAg0BaY0eLadOtZ/co1I7erNaaALBajo7Ok4qTLgnS9JEtFGxCSgiDG2trS0NNbW1pJAnBqNyuU8b6jptOLO5eTK6urAVpKApCiKO5HIHiMXctXBssBygRUzqqo0RuOxqaSeqrKy+mmEcIRlcbgjEqkRJCnnEIRwX/1COo096XSkwuOxRa1Wa09vlmGR0rGlpWVwbW0tEV7J9jfvs6vCr7/VYpyu6yrUSoXNv589fGRphvDVGoAlQPhq+aPYGzJDePadjW83xdCxNDLNyYOCr3/76IrzSPpxLyA4SUBRlmVfNCGPrK0KLCCAQK5t7ew83io4unw+O1GUNiOpFKkGpLCiSNFodGAwGNygYWyxcFwS4wLO5pmZ8UR8Ks8TBQeKaD50u73uhViHBEJIE0WmY9f2LWODFYGtDGON9U9XJvGAVK4w0e92rLXZbEUGps54vEpVFEt9ZeVn8inIb29siNzx3vbkFchUlWq3peniGQ2nEy3Mr6ALvrFdKgHCV9T1a7tyM+OacBTD0JqPKWwdXmF7u39X+9KUN7dEzrJbnBsFvxDOdXQM5ThrIRR07yBTd1K1GI1GBxGtxWKdQkd4Snl51Ts6JTAWFqualqFZi8XS0R6+trsrPMrr80SqqyoeZCmqg4ABTdNyToG6VCJ+VFVl6I080WP02rb1Rf3JbCSS0+qyyXiF0+NYz+lWpSfRNnxgfTWpnfivxCmytbgjDTU2BjIGA3yVhdonfdpX1C1HfLdKgPA1d/H8TR0Pvt2iXGlBdM5nV9tumDp4ZBiAL++NJ3QmEsfylMQabD6ai2X8YORjDQ1Dt6ZSKVvaNMuT8fh0CwLRbrNHotnsFFbgO71W50uiSHeS5CRVzdbldcNldwfaOMPQ9kaD/uxHO/+1KomnGIjmBtvwkiun1p9yoK3Cr7nZj9julwDha+7aZzem//XyltRpvElByKlkb5vV6CKP9GmyUjLpknVdtBpGZoesjcwzPBu02Lfm8/ky1szIeYqqdtlsMVF0ybKaLsvl81WmrFGS09sMTns6E5MbKV02RwwMEQ5IUoL8X1/+h5a2fbyoUxuPEQUTfNRHN8woyq2VAoVfw7FVAoSvodP6d/n5lV2vvrY9ewYDHFQ7zczvTm4g7MbFRB6St5BOp6s0iiIUK/G3mpIvbIyakxwCn3BwWvz4auHigNtaLBwyDF7CWM6SZUAikx+1JWb8cHNSH5MFxhPi1XVnjBxwRrX/s2nVff14ZFn7wnc7tBmUacBEP/X+tTMaT9qXCM3X3NxHfPdLgPA1d3FLV2zIyh7jtzTNmTYJt8xs9P2y75EwxmIikfDLIjL5rJl+aWd2zaIWo9HJsBDyGt3XjvQ2+v1+EmewiqIoRCKRXENDg55KpRyvbUovebctOxxTVhhskXedP6F2UkPZ7nTpPY+Vzckzt8n4XNoEvU7S3powsOyZr7lZv7HdLwHCEeD6fgQs/8W/QOoVkIhMf1ROPdBpfrKo3RzhwBRUBVDLOTMGDRpGUVpzMxbr6oopx0W2ZpL19+THne8uastONgwWBtu1tnNHlx3bGPJ2HAHmKj3CfixQAoQjeHiQFzydTtfqOqcoSiK1Nin8eUscnykgLe210xtPquMv9/l8pB6C7Eh8Wi9Aagma4vT1KyOZy1SadVdLxkfH1fjn1le498tLcASb8hvzaCVA+Ma4+tAelGwR7szlPCK2mXQOChUVVJHzsd9yhCQhkdJpEjws9Ku4LM4yDu1upbO/KhYoAcJXxRNf8X7sFnAJE41KQrxKyGKdAHo5EZ4HkFQiJ8kBkLwCQrxKziE7EqU6ha+4X/fsXgkQvmYO+7/ubjKZrEEIzQCAEE3TKdM0yTJiq8/na/q/7lvp/odvgRIgHL4NSy2ULHDEWKAECEeMK0sPUrLA4VugBAiHb8NSCyULHDEWKAHCEePK0oOULHD4FigBwuHbsNRCyQJHjAVKgHDEuLL0ICULHL4FSoBw+DYstVCywBFjgRIgHDGuLD1IyQKHb4ESIBy+DUstlCxwxFigBAhHjCtLD1KywOFboAQIh2/DUgslCxwxFigBwhHjytKDlCxw+BYoAcLh27DUQskCR4wFSoBwxLjy6/EgvbTwYzHGJ2KMF/l8vie+Hj3/ZvSyBAjfDD9/KU+ZTCanAsAohNAoiqJGkb8P4UYJjPGVXq/3pUO4pnTql2yBEiB8yQb+XzTfJ9ryZd+LULLFk91zJV76ia6YtdigAfO7mdfQbuEoYBgGKIqoTRvA8zwghAj7M9A0vVtKHiEg2o4UoOdMTbnXE6hY8mX3u9T+wVugBAgHb6uv7JnhcNhP09xklmVG0TQVMgydZ1lqBcbm+x5PcP0X2fFYLPZdhmF+Ypp4GMdxYJo6sCwLqq4BTbGEnLH4/wgwmKYJLJiAMQVEQh7hIiAghmEWsRT1VwPjZq/Xu/mL7F+prcOzQAkQDsN+GGNCTvpfwiWH0eRBX0o4DwHAJPyFhBTVwTocmMEeVTfLOYnKGkY+pwDKVnor2w+60YM4MRVNjQWOG5tTcueJFjGINdODEXKIgmSqqmbSFFYQNhVJ4toLikqLLBVBCHJAs1lMsYphoJRJUSsZLLbRNJI9HqntIG5bOuV/ZIGvLCCQl21DRB7mt+JuQdc1mnbTKivzAas1eigvIWmnNZ8PMoZFpSigsnLK7mONeJ+K8aHaeVckEkymTY9oE+VUKlfr9fjbA7yY8Hio9KG21Xf+js7OKl2jGRWZvJnPiZglTOgYmwYlkD8Rg4jUOmDEsBiZIk3TpsPmjAhuS0QoFLTy8nIzGo1ypmlKFEXly8rKZPLc5Jo+W21vaRkDlEBk4wEhjDCPMaVRFMuaJibK0eRUnS5egzjOtDCsxrJF6bZEf9GVeDzuYFk2YDKMhEzTQq4Dw7DrOrbY7VKXIite0SpGcoV0jcDyGYricrmCFkxlZX80nh3c2hmZ0BONOXRNT2CKSXucYnttVWhNdX3VCm91WUsZRRFOxn0eO9p7GgAEMExsMqypiyLGVT7fIWlEdnd3W3d1xwdaBFE2DYbREEg2GgpeL99qmiY2DJuQSMQHYAulOV2BbpahGEORrQ1VgfZDFaBJpVLumGzakGFwOmcacjLnIT6t8Dl3ED993jHzZV33lQUE8sBvrOq6/s2thf/HGHoKAWfxiLhz9lGOXx09yL/wYAg8ib7Aws2xb72/PnqDbLAuhAxMM4iZNSp026zhrocP1aikvV/9bcGLTW2xEawoUCyLUUGn7I1B5v1Lz558/aCqQxuY5KWd/+7a2fc9+o/b0wXDRzMMYjBCLENjVdNZYFgOEEUkmMgCnC6u1BGiOY5DLpcr53K7ctMmDHlm+sxJf61wOGJ7e55oNGrf3pmcevtdD86LpQsBbJBXgDEpikHAcoyBNUTW9r1H8Q+apjHLsmRqD9UBb8uIoY1Ljz1m1MtHD6n7mEjM78tu/WMZGGOJEK2u2dl94pJlKy5csmTpybvaOt0FRQcELFA0meAQlNNBEjhdEoR8fXXZrmlTJj0zacyw+WUeW7vb7VYI0Pn9/nxHR4crp1G+ux94/L7NTS2jOMGiGxhxHJKVs8887b5zTpkyz+fzyQfzsbh13pO3vb/0k+/oJuYMluYEA+jjxw1++Vc3Xn0F6dK7H64++c77nnooZ2qcltdNi1U0KFNnzzxl+gOnnTl9HpvLqaFQSN2HoC0VDoel8vJybdX6zWNvv/vxebGkXEG8xtAsICRz40c0LLj9Nz++kKh5H+oY/LLP/0oDwsPvN9/35k7lakYrgAIW8PJK+rsTnedPG1b31sEa5q1N4XOfWtZ2Xx5ZveQajgV83sTgT88a5r/zYNvoO++t1V1z7nty2WMxlbYDjQBQARDvBQeOpa47f9IVp09sfPGQ21yy+YRf3PLH17MGI2GggUIaCCwNuoGA4gTABi4G5chLSwJz5G8SmCNM5+SFtdIm+P32tisuO/e2s6Yf+9Ceg5TIuS3ftHP8NT+79b1MAXMsRZO7gKobgGiOfN6LbfeBAmm/d2ax+54mBp5H4LVz0TmzZ/zjnFmn/LlsHwpO/Z+9HWPppUefu+PF+R9+L5XKSAVVA4oVigHH3ffYHWSkaBpkWQaLJAADOmA1DyOHDdhw9mkz751w3Njn6tzuFFkSVVRU5AmAPvHKO9fe/8jzv4/Juh3TPHBmFupCZbt+dO1lVw2vC3x0oK/u64vWn3H73/7+WE8y60YUAh0D1AU8PXfefP3J44bWru57hh/c8tDLb7y75CxBsEJBUYChEVT67N2/+dk1500/eghRt94nozTpZ0sL8Pc8Oe+hN99bcRFCLLCMBTS1AJVBS/THP7zk6tlTjv5K7q58pQHh0WU98xat77iWNw0ocD6wUPnU5ePsp00aXbP0YF+8hRu6T3tiafh5BSQJDB1onoJvjy/7+exRvtsPto3ihwxj+qYH5r+4dEvqrAIwIHIIkKKAydoA52WYOqrq5cvPHv/9xnJ79FDaffWdD0/57Z/veVKhre6CrgNlKCCxNJhAA6J4YGgSpDOLIOEloI4AACAASURBVND3opKZQt+BEQ8Cg8EpQuGSC+bccfUFp/+6//0x3sR/tBaNu/ZXd72Vypt28l0mIEACfCbLgWD8BwB6n3P3h7sXGEyGB0XOgctpA1PL4dNnHv/Cjy+/6rJAgCICL3s9mpPYdcvv/vCvFWs3TzZpcXf/obgaKT4HQ3YZeoHNxBgsNgcoiga6roPLJoEqp8HrsiZOnTXzqUvOPOXmUMgR77tRe3u7dP8zC/7y2oLFV8oqFOc2lJGHmVPGvPbLuZfNra72d+2rX7siueDPfvWn19dvbRtv0jQwDAYrA5nvX3b+b68676S/9L9uw/bIgF/ecudr27uiwxR9N/iCmYdTj5/wwnVXn3dNQ1lZbE/9ib4ZEplJPvfG0nNun/fI3UnV9HIMD0jVyZhRvn3OzHt+dc1FPz2UMfK/PPcrDQgPLI49+l5T5/cEU4cs5wMbzqtzJ1lnTBp+8IAwf0PX2c8sjz5lUKKIVBlYUYCzxvp+ffbIwB8OZnrZ54zlG7pm3vnowvu7DaleYwxgTRWsJg8aJwMHLpBoFL/u4imXnDCq7K1DkUJ/8+0VJ/7mjnueT+qMC2EGLCwANlQgC3uTFgAMtTgzIP98elC7t/LIy1WgBbDxLOi5DAQdYvbH117+kzmnHfNQ/0G09OPtk37yu7vnxzKak3zpyJfYAAw6RQND7Z519AHAf0BndwsMZQCmWNA1CgRWANBzcOE5J933qx9eeM3eBmpbNFpx258efOS95ZtnUawdDNS7wqAQcAxr2K3WbMDn3mmR+BxZV2fkgr87GqvVNOANsi1JdjEpAxhsgiBy+NIzpv1p5tUX/ppIzvXdb932jtBNv79n/o6O7uEaZQHOVEBAaeX7l5x7y9xLz7ttb/0igH7L3x6544VX35+b1ymBF1gwzAKcMeno5+649UcX7M1nr7z+/kW3zHv8QcUESQMKWEBg41Hsx1dc8IvvzJm1zyXnli3Ntb++46Fn1+3smUBCvwQMLBzGo4+qfff2G3/2nfJD/GiUAKHXAo8v7p73zpbwtRpNg4losAuSfuU460mTh5e/d7BGenNt+Nyn1qSfMzWzuBwXAOGLxnl+OHN0xT2HojB085PLn5+/tOMcOwdQMLOg8QaImhfItFOAPBgcCxOGhN687uTjzqmqoohQyUEdry1cfuKv//zgS4qO7CRMUNANmDCk7r1Tjj3qpbSquFjBrmiGLrI02ePnDU01LNmC5m5t6xjy8eo14/MF5KBsXsC6CpwhQ11tdeTem2+cUF//H9m1D1etm/ijmx+cH8/qLgJkOkXBgOqKDd85YfQjOs0BIExCF4wJmOZ5TiMvTyaV9SZSyeAn67dMaenONSBGAJoyi0sYj9eu3HbTNWfMGDfknf4PSb6Mv7zjn/e88K+3ruAkHjRFAJozAamyNm5o/dJTT5z8zLihAz/yeGzNwWCQrJ/x1q2tobZId+PqtZtPfPuD5ed2xgvVJs0XtyrJkkJidLjh6m/94LI5p83rf6+3P1g1/dY/3v90l0wHKSkHYLLgl7yFu3//w8njRv5n6t93zesLls655Y4n/pnWKIuJcsDTGtSHqpruveWaaXV1dd37ctYPfnvfUwve++A8TIvkMwAcTUFdpbvp1l/88IxRQ0Lb9ryOBCzveuydu+YvXH6lhrqxQgUowZShzAktv/35dZdPP2b8uwc1MP6PTvpKzxAe+yBy78LNPXN1dve02cbwyrWTHCccPbzyoJcMC9Z1zXnsk/gLuoEoE9PAM4AvPSYwd+aI4AMHa/N1zd0T/vjoRy/ujMshjgbgaQaCASGOVcCdKcpHQwwQWMBv47pvvHjCaROH1Kw62LbfeG/FCb+87d7XcgXNQgTQBKsdLp5z4m9+fuW3btlfG83JpGv1srVn/v2pf/16Y0tPnUWSgDE1oBmAX1x3yTUXnjn9vr7rl32y4Zgf/u6+N1N5w0XrCgDD4eOOHfvCrT845zISsNtHcIyJxWKWNdu6Jz3wxAu/27StbTxGFGAwir64+OxZ9/72houv7d/H+R+umH3zHx9+NKsZ3lwhAxLnAYHJJ2afMvPxqy4749aQ4z9T/z2AhIpEIuRek//x7Ku/2byjbVKuoALDCcAChkE1nq2/uuHKM8cdNehTMZiVGHNLHnj65w888/YtiCJLLAw8YJg2Ydgbv/nRJef3jyVsa43U3/S7vz7T1NIzPqPoILAM2AWU+NmPr7r2vJnH7Fep+oM1O47545//9mhLOD4orzMgSRJQakY//7RpD/z6p1f8eM/A4KuLVpzyp7sfezSazASBQsAIDgAlkZl78Zxbv3XKcfNILORgx8b/xXlfaUB4fHH4vnfWx64GgS5OjwWKUX9wrO/EscMCB53dtmh92xmPLI+/QAHLKYgE1DBcflzF92cO8zx4sAZ/4LU1f3n+7a3XK5xenBG4QcyfPXPkHzleNx5+velWRKWAMq0AigHnnlb3hx+eedyvDrbtf7+74uRf/Om+l1UDi7qqAf3/27vOqCiybb0rdyCDIigOKpgwYg5jzqijYhqzjjmCmFHBhCgGFHPOjI7OmDCNOecxISoiBlREyXSorjpVb5129Dlclfa+mb591yv+6Fp9qvY+3z711Tk7FU1Dvy5t5oSO6G7RPTbEHg5etHFXFG9CFE4Q0hkM0L6Rf9yyOePbYh1wduH5G7frBYevOphjlBwZSQAeCVC/brW9GyOCOhW0S8LX7z5xrtuipbHLMrONrhJlAILUQAXvEjeXzx7U4MODh52I08fO2H/uamIziaaBJrEXhILurWou7Tlh+ATfr0QnPsXqanyi3+zI5TuTX6b7GSUCkMQAg3jo/2O7iEkju4V+OjYhJcU1auHWrecvJ7WWVSRQHA+sQMBPPQLCx/zUZcaf82dnL9kRuXXXoTEiS5AYI1KQUd/ANgsmjeo6paBjI3bKbt51aHDMup9nGWSVsx47WWUEHo7Mq8lBQ35q2cjfHPHCeSEJz54VmjMvdsfl+HuNOC0FvF4FIGZCk3r++0NGDhxW9iv+DUvXyz89zqYJYePZ1yuP3nk7lOQI8xmXlkh5ZAPPdkU8yYvfOTllWgLOyVuvOq27/DKWpjjWKDNmYulfz31MmwquMQU9DPj+L97pi4auOH7iyRtUBlG5IFEylNJwD2aN+KElqzXlDY86npihy3UhkQpkiYSibuTDGQMaNrHU+AeOX+wwOXLVLomgGSTg8zoBg7q3njN+iGWE8OpVjtuIsMgT9x4+ryTjtGFGBeWLOtxfPTek5p/5CMSl2/drjJyy5Fh6Lu+oZWRAQECdGhXjwoYGdi5RooQ5N+Frf4np6Q6TJiw88TDpbXWeyAaJUIOnfeH0jSuCqvoUfZ/4dOz8H21CZy7ZkityrrwgAMcIUN63xJXl4ePbfeuZec+BU93mr9q2NlMv2gsSCVpGDd+5ax7PCh9S19/X9y9O23OX71QLnbP+0Js8XWGBEgA7X7wLubyKmDqyfe1KPjd+OXG9S2TUyg05JsJOwjNHPFQr63M5KnRU4NcckB/wwMen58+zHVds2Rq9+9iFPiTraN4haQgTVCpb8sLs8cMCS5QobHZ6zluyOWz7vvNT9TiaSGBZdlCiEEqePGFM7yY1Kli8qy3IHv/k7zZNCBvOpK4+mpA1mKQF8xmZIyhhWIMiHbxdiDMFhZf+fDvQJ+Lf9lx/PmUjIcuESHAgkST0re0e0raiy2JLCGHb8TsT1u77YxaitKwkCYB9W4F1Sy0e263+WCwjfPu57ccvPulB0BTQjBoMeTwMCygf0rddlUWWGO7wmWttxs+K+U2QSFYSRcBe98HdWy2Y9A2e6GFTFh06feVWa6MAQHIa8Halnq6PHF/X29v7NV7Q124lVhoZFn0yLVPnrKYlcxZS/TpVDq6dPbaDJQ5QHPabFbNr69mL9zoJVC6IshoKa53ztq4IruJbvHgSnufMhZtiduw/NRLRGhAFAziwcnZI8E9BfQIabLIEh3xHCGZY6OLYYxf+CCRpEmREgR0tC9Mm9OvQuUXDQ/nvt3rLnqBlm/ZH5IiimlIxwAg0fO9f8XivHo1mLlrxy9KHyc+qGBABLKUCd3vy9bQJ/Qe1qlcrzlK9cPTgys2kKjMWLY999DzdF4drOQqAAZEPGtBlfOWeAatyr9ysNnXmmgPpvMnNKAqAj38OKrVxzIC24/t3a7/KkrwZS/X5J8fZNCFsPJu6Ju5h7iCQdECJenBU2esH1HHqUqtcMezJLzBlWJYTuQPxhYf/ci1tkWjIBkQwQLIc9KzhHtKuknOBD2x6uuwwZd2B0/Evs6uKBAmszIEzp0+dNrRFi+qlitzFhjl952nrhRvPb0gXhCJAkUAhRyjrId0c16dG+zJeXgVm0B04fqXDxIiYXQhoBkcS8KQGdm45b/zQbpMsNfyQyQuPnL50u6VMMWAUEfgWVj/dtGhKfS8vr5fvF/ODKqPClp7I0iFHFSGAQTBB3ZoVT80f36+dJcSanCyrQhfOPnLjTlJDRJuAZuzAXWuXuj4mpCbeIWAZfUfPOnHuelJDxkENiDeCj4dzwsbVMxp8KWHqa3PDJLb94KXucxav2YpIkTQaEGhVDPQObDFzyvBeYfmvxf6EjZPm7zh+6V5nEe+ABBbsGQ14F6UTEp9llwNOBr0Bv1BoIah/9+kj+gdEWoqt+cUSH89C+fLytr2n+s9fviFKkBkHHA3Bx4+izuonY8b2G7Jn99HRl648aofTsRDOIREQtG1e85fRfXoP9vZ2yrbk5fMtOv1TY22aEPAO4UhC+mASR5wkBCznCI2KU0sLu9vdAYHHzj0eAOlkghQpCVGyOZsPQCJIgcIpvyAzCRnyDxeeo74snw3mUD7DQvcaruPbV3ZfUBCohy4+7jNv5/kNImIpgRRAJbHQpGLhHWGDm+AsM3MAPyMjw3HxrpubTt1/2UGQENjTjgCQx/du5z++b9OKf/GMf07eIUwI81b8LEgkh0TZHAkZ1LXFoknDe4QUpB/+HcfWR02OOPng0dPynFoNvICgRhnPK1FThzX28vIyRzvO37xbfXTo0pNZOsleQ0pgkhE0qFvlyNqI4ICCiBVHDg6evdVseuSyXwwGWcMDDg6QUL2017Vdq2fVwTuMhy9eFB0eNPfC8wzxO5HkQUtT0KByhV9XzB8baMkcPjfm5OWEauHzl8WlZea5IxKAlCVoUrv6nhVzRnf53MN14drtClHLtm659+R1VVKlBhlJZmLiOA70Jh4c7LRQvXypU7PCh3f5knOzIF1TUlJcozftXXjw9/O9EcGSRpMIakaWSngVT0pNfeetE0wMxWG/gQClijgnzpgwsFuNKn5/FHRfW/rdpgkB+xB+v/tqKM2RYEIk5CAn8ICMdFHFOBoEkaYZR5CRHj+YH3YL+F9MCjj33xzWcpKyHj2V3Cq4kob3pbgULXerXmhyB3+PryYmYWfS9OV79hx/bGpHmQAIFQCDwDC1f9OOTaq4H/3UiHvPPO6zeN+VjbJMkSSfByaKhaq+7qfCf/T/oaCaiYO/X+oUumDNVhMiNHiB4ZTewd1bL5g0tItFySubYuNGL964OzLPKKhxBiK+vl3jqjsXho3u/kHHi9fiqwbNWn4iM1dyZiUj4OThBnX8j8wc3TXwzwzA/81d/pPosJPs7du3qgePU6otXL1zRWJKWnlBlgFJNLAcCV3b1Fk+c0x/c5ThTkJCxaHjo06+0zNuJsgDSuDFId26R0wY2flf3uaWLv74tDS7iUFzrye+yC4j0gLgNIxqpctejl0xpf6XjjkbdsQNXLHlUEymKVclyHrQUO4gmt4By7qAgz2XGx0R3PhbIkCf0/XstYc1w6Ni9qRm6osJ5tCoAZDeHigGZ5YawWikwUnN8eNHBA7v2b7ZZkuOZJZiYo1xtk0I51JXHbmfPoQUCBA5PcjAgVZEIAoUgFYE4AnAHu2C/niZA07SmWkCEaTct47nqIAKbsu/dt3ZuykBszdfO8DzmYSB14CjVgNli1MXpvdq07pQISL302sfvH3ruWzLhd9uPMmoCSoKKBMLzoSY+VOv+sM61Cyx80ty8Nb4wPGLHact3BJrMAEjCtmgVrGmAZ07RYUM6fDVKMOL7GyXS+evtF+wfk90Vo7OUUKUmQlVpKybPnHEoM4tan0Mp124fb/C6HExl7NMSEuyepBNAL4lSj9p8H3l7Yysk1mSEpAs0ri+wYRkjlFz+uxcQ6HXaWnet289bZ6R/lZDkQzOUgCDiQcPN7vM6Jljm2OnHZ7bhZsJdcZOWXj0nd5oj3OpJIMMIYP6hwzv26zAY9mXsMGEEBoac/7Bo5TKBCOBSaSgYunifyye3Lfulxyh+JrwaYsP3X6Y9j2SKUByDrCUJFOSE9G+VfUNkZMGDfx3tu440vLhuvh4mb2XENcrMmbj3EzKrbC9YACRocBIUkAgEVSIFzo1r7/lp15tRlrisC1o7Vr7d9smBLxDuJ82lAYWeM4EvMCCHYjAm1gQVSKQIguc/PWCMQkZZRPtQGgxGSAB9AjBoEbewwL8XL6ahxCx8cT2Y3+k9xBYGZCJALWkMw7oXDu0d6Ny/7LIk5OTVWfuZk+IPRo/NY+kGJyvzyEE/n4ex0I6len0tXP64TOX20yYte5XgwlxJCUArj2s5ON9p76/X5xAywhIRpIQzndDJEWzSJAQo9ObHFNSXpe+dfdeNaNIO2Dfg2DkzTUQ1Sv6nJs3eWorT0/iY7z78h9JvuPCY869ycpzl0gdMKQKZBMBgpQuqlkP2mAwgL1WDaJJAIahzLUFnFoDPM+DzAhAc3bmM7iDRg2EoNP36xawJGToj1M+LNZr8YlVh46Zc15HMBqTbARGJKFPp7bzQkd3sdgPkn/h305N1U4IWfBH0rM0X5lBgFO0a/mVPjd/cq+WH45C+a9ZF3towJI1O1YiVs2aTCJwNO7XgGMqCFzs2NTIWeM6fF+59JVvecjyFWyZieH+/aceW347PPXnY5eG2wEJBrzzZGmgAEHVkt9dnRg0qKd/+WJJ/w75fItu/8RYmyYEnIdwNP7NMJZUgZ40AG8AKO4Ar0lZxRoJg4izakVa4wBmny4O2Jn3uzi/HWfiIwCZtKNy37zWqUuocLYjQqAXTdJPjX1Gta3g+DFx518W49Ms/+kxB/a94+liONVfQwGUdCHuzA7p1szDnvhsrcL9F2m+i9Zf+DXhTUYFYGlzAZGzxi53Upca7er6e535kvH2HT7TaerCLbEmRLAULQKPZOBkErS0lJONBAcaaFyNSOBKTXwPUZRIICigWQYEQQRBZIGhAFSMDE5qInX2jAldG1Ur85c8jTPX4qtOnLbsdDYvOoiQByAzQBNqoBg98BLuaiSaU6MlvPsy8WBnJgcDaFQqMIoymGTKXIugJQVd/w4tlo4d0TP80zLgu4nPSw0JmnXpda5QiOAI4GQCAurV3LZgxtDe/+6ivX7/qcfEadFXXufkevGiCQhEQrO61X9bOXck9iG8b9P0yd+lG3fLRURv//nB87RKiBTMCU2IB5ApBwAqAzSsWqpevvzvETOH9PoWR+cn9QnUp3JPXXlQffritfvS32R5GiURmwSc1HTemIG9h/fp2Oi/tk+kzRPCgbtpwziKBpHgwZ5iMlpXdgrzdnG7RZB6kRYlE0EiQZRk8wKh/nQq4v+TJP5FUl19a+p1NiFruCiQFE47FSQk9GzoPa6dn+PSLy3WBT9fWr7//LPhmHGQqAdnDZ3ZpGapnb1aV53mYW+fl5EB7Pt6ozdyXh5oOU4tZjCs4+646/Mv3klqxxPACQICluago3+pZcF9ao/+0tviyKmLraZEbtqdYxC0SNKDzGiBkUgAZASB44AWRLM3O38rMpyXIYoi4Go8CkzgpJFTp44fMajl99UO5p/XhWv3K4wPX3I6Q8+7AoUfLjXwPAKCzgWC0ADNspCnN4CK05jbnunyckDF0sAbjGBvx2H5+gplfS53btN0+Q/Na/6a//644Gjo5Ojr8U8zyhMqAhhZhsoli16Zv2ZWoxIEUWCew+fscOT07e+nzVm6L0M0OZurLgUJurVttmzWxH6j8o/HO7SF63ZtOHL2zo+4mIplZHORmJuT85u0bModqCxzlSVhkGBQ7zbhIUO6mZOWLPnDxwVzPZj5jfPekYz/cIpycMT6QzfuPG6AQ85IMoGHE5eyNmJaLYri0319fb9YJm6J3P/UGJsmhI3nUlcdepA5hJEBREkAZ0J+0be+4w91/bwt9tzG3X/Xe9fFVzE6IzhqGLypA9Strtek9hUdPhtlSHqVUXzy8rgTr3V2PkjKBop0AYNOB8WLOZk4yviakWgRZBVD0rIoULkGMSeXZWgHkWI4IVOXVyQ9hy9MMY4gIhOoaAAPezJxVM+anWuX9fpsK7ODx860nzJv889GRKhpBoFAcEAKCEjEg6hSgWBEZkL40I8QLxT8Rsd7IPzwcpCbWbt6xXMDe/8YVtOvxK3PLaSLdx6WHTc1+sybjJzCjIoAUlKBilWLpXydr0o5JjuRIFiSYeV3mTqvpy9e2am1jkDTjLkvopu9lD16UI+RjWr4/IoQUnl5eWV8TsbQSfPizlxLaqMTjTg9HJxpMjc6MrRlPX/fS//O4g5ftHX+zr1HgvIkxDhq7YE06vTBw/uO6t+t5Yb891uybs+EdTv2TjcAoSUpGsAkQuWyJa536dR8wcr1+6NS3731MiITrkQAd3v7jPBJA7o3q1/1d0v0+rPRDO6M9ZdyZ+x07joi7MT1e0++p1nO7D/wcGSfL5k3vW6VMgWHmy2R/Z8YY9OE8D7smDYYKykACQ4S8bZvM02LxqU/v/A/+6a59yJwx6WM1XrEuqpBACSLpi7f+0zrWMFh/ufGr4+7ERb7+50QHVLZk6QJKFkCQaSAYmhz5R5B4R4FuJZfAiRlAqNyBhLZgSTqgKB0Rpp2UIkmnBGpB0IyAkNzcmBj34hRnWpN/dQ59UH2gaNnO0xduDVWlCmViHRgEBAUd3N7W6KI80OdLGpYgkT4OpJi8L8gyyLQFM27uTi99Cpe/EHd6n5H6lQu/cfXmm2cu3mv8rhpS4+/zePdSAoBKVBQv6Z/3MSQ/v1ED/sc1ZNMteQkyw/u3m8YvXLjgtR0vW+OARGcyh4okYfW9f1jxwwcMLxECeesLy3SVdt/Hbdo+Z4okaOAJAAYEUHr5vW2LJw6bNC3dhk6f+uZX3hk9G+v3mT6GikZWJECN630Knru5Kaf1jNgXU5ev11rxpzVe15n8kWBkQCQAVxVdqlTg0cMDWhedd/qbQeDlq//Za5eQiqCYYAwklC7qteJaRMH9vMtVizFkocOR1zyEwJO1gqZvebI9ftJ3wMuEEMSFHVVpUSFj21Yo1LpJ5bc1xbH2DwhnHz0ZjDeLou0A2gFSd+vKdWxoW/Jv1TZfQ3YozeSu225kb3KBFonVswFmUR81/q+YT/4Oc7Pv42/n2b0jVp7bF9ymq6cIAnmpqGEZACOcgDBJAHQyJy6jAScq4+rDwXAsQ9S4kBGORKQvIEinbXmmn+KB1pmwSgTUMbN7u7Yng16VizpfD//+ffwyfNtJs/bsktnAq2JxwTDQb9O7SJCR3QNx9tU3DcRAFjsPjCnWPxvWPCj57ughXX5xoNKY2cuPfYmh3cHQgBOJKBxHf9dyyJHd8+Pwc64k12XrNq8NEtPumPfAYgI7DnZ0LxB1R3DRvYZhxuWfE7e7QdPyoyZvOTU6+wsD1zvQQENKpqRZof06x7QvM5uSx1suD5h3ca4qCOnrvQXZBFEigTSgKB1g4o7l0aMx/kfH9/UuAw6cuHqbfeSUhoaJRZEZAQW6fTDe3WJHDOk2yysJ37Djw+P2bjv1NXewHIEdpxysij+2LFFzPTgvrg46eMx4Es4fo7IExPTHeasWPvb5dt3m8gyZ67OLFpIm7Isckw9v1Kl/mv7RNo+ITxIHWwSTSAzzmAvSrpBzYgOdUqXPl7QQ/Dh95N3Xv6w/lL6Nh2httOgHCApydipnu+MjuUd5+VfDL9efDBgeeztVUZRYlQqEYwCBTyDveb4XE+BDLkg0/j5VIEgAtAUAbjdoTn+T+gMBM3RRpOWIRkeEMoFRnIFntGDnUAYhnesMiqwWfn1nzipzA/00eMX2wbPWfurSLAMQRmBkAV5YKe24eOG9/hqtaOl88fjzl26XSt4zvKj6XrZkZB5UMsENKvpFxs9r0lfgqj+L228Vm2NG7tm62+zMw2SmmJYc3TGTg3QLaBh5NRRfSZ/SXbovO1rdx86NBAxpJk0GZoGX2dIDho9fFTzBlU/myqM/Q84aoDfwsnJaa57j8WN3L779OgsHhwIlgBcoVpIZZc1LaR3n3ZNax740NgWb9mjl20KXffLqTCRluF9arIGapf/7mzkpN6dihUr9rGpSvzjFz6jp674/fHrd940y5tTmx1ZJidkTNeRXQOa/lsOQNyaLih8xZEb8Ql1RYkDIFnwdFW/XRw+tmG1it4J32IfWxprs4SAnTZ74o2rziTm9cINMwRSA24EmTesCRvgX7L4WUtBvJCUEbD6RGqsTkL2rGwAhrKDdhW1M5qWsV+MG5m6uLjkmkNJrzK/i9516Ze7Sbk1QJSAVSHZQADRtlzhbfZ22lyGYQQkAwUSLgLGXm6JlEGiHDWqTJ0g2VNqRk+aJKBFAr3JEksduX0/MI/VsFoBgSjS4F/G5XjMqEat8289f794o+WEOct35uTyjgw+/5IkdGtVf1H4uAET/67899tPn5YYNHr+zexswUkGo9kn0aRm5Z+XzQ368Us4LlqzY8b22EPB2RJhT1GY8kSw46iMvt06zhvZtwMOveLdyl/Sx09dj68/N2rJxpfvdD56RJoLrSgkg6OG1rduVGtTm6Z1dhR1dU12dDQaDQaGJ0mSKFy4cB7O9rz1+E2VnftOIfIIKgAACtlJREFUjjl/+VZHI8Kt2xGQ1Pv2rz3aN105M7jP8E91PX0loU7YnEW73uj4YjhHgQEairqyKaMGdwjp2Kr5rvzz2vDzwWEx63fOyUOMM8JaIyOUKO7xJHL84B+LuGru/klK39RFu9/oyDNXb99pAIwWsBPZ04VNiV0+v6qn5+f7W1q6Zv+T42yWEPAbYNmZ5+uuPsrpg6vUjDIHjkDmDQ5waV+7WCGLG6ScTszqsubEyy08SalI4IGQaOhQyX5uI296Nk3TZKFChYz4wYu7+KjHyt0XorJE0pNCHNAyBUWL2cVH9KnY8NO3zafG+lIb9tTU3MJztxzeeeNpTqP3nY40oKEMaeP6NenVrOp3f3Fmnb7+oHFQWNT+XJ1gx1AU5iLo2b5B9Izg/sF/18K4nPis/IigiCtGE2VnMGab24G1rl9r+9LZI3p9bZscPn/Til+OnB2KnQK8SQSGJsBJy7wd1r/rlL6BLf7SMegDFlv3nui/fM3WuRk65I4bipinL4mgpkhwtlOlFS/qmejtVfyBRq02E7FeZ9Lee5RQ89W7d8Uy8nJcBBlIjUYDEu75KElQo7zPlYg5Qa0/rW59+1a2Hx4advDuw6cNcOcnAijM1PywvoEzxgz44bMdk5KTM52Wbt669Ldj53qrtE5mwpFMJmhVp/Lu4CF9RiKUk+Xj44Pb2n+xV2J+2/cZGXHu6t0HdU1AmcO2xQtpUzYvnF7LkirKv8u2f/d9bJYQ8ERXnHy+4dyD9P4UASBSDDhI8puR7YsEVPIsZHEDkvNPdW3WHk7czDNqNxKXpQqEFFjFcWpg7WIfFw5uNrJy+/nNlxLeBSBapFjSAfdrF7q1Lz17SLt6syw5Z+Y3zNrDN8Ji4xLDTFQeQRK44EcvNahafNfcwS3/8lY+fjG+Vcisxb/lGUSV+atGNAW92zWICQvqF1RQnYGli+FWUkrpgcFzbubpSa1JyDETQqu6tWJjZg/r8bV74AcvdGHMtlNnL7WnVHYANAcmPhfcnbhXk8YOGvZDwxr781+Pj0QrNh8Ijt0TNzY7T/AwEYI5PGoO+xGEeXdCEZS5fyJuJ49E3P4ZAS4MkwkJaJICo14PHMVA5fIVboWP7trfL1/0JGxJbNTOfcfH8YgEbFNSNkHdauWOTJ86onspF5cvtsO/dvtxhckRi3c/S80sQzIaEHkRHNVE3oCenWaO6NMWV7/ivgaMJd2QsV9hYMj8E+dvJTQWZcbcis6rkPrFqoXT6voWc7XIWWmp/aw5zmYJAQO+7OjjTaeeQR98epcJEZxklD4swLNttWKuly0F6fwTY/vVh+6t11GsGy55YCRSCqxROLRrzSIfK97237wXGL3t6koTci0kEkZz0LmYBj2dMqpO46oeJZ5aKuvTcXey5JKzFx278ConqwhCEjCcGhg5N2/2sB9a1fFx+Fgbf/zi3bbBYQv2CRJJ4iiCgBD07thoRfiYAZgQ/pY23fefvPqu96iwhPRMo5rlZMApTs1qVDuwJiq4fUFzS0nJcZ2+cOnOS38kNjUixvxA04QRvD0cHweNHjykZS2/k/nvES/LbPzBC503/7wn9OnLd+VMokRwWg2YJBly9DpgOQpokgDRZDQTBcuo8TcnAOde4QQyOw6y6tf1P/zToH6T/Dz/+iGXXw5f6TI3evW6XKPkgCM+OJJT1N3+8axpo3rUq1Dm2tfmg9fUjr0ney1YsWlprlF2omgVCAIPxdy0b6aMGdSvVeNqRz7nQPzcPXHRV5+R4acu3k2qSzFqQCYeirvbv9q4cn5170La1wXhaqu/2ywhYMC2nXwYcSDRNJnB3m7SxDuzTGafpsV/rOFlf9pSQH9/ZOjx29kHc/QE7SkTEiJF4FtWcZ/XrYa72amIk1r2X3oxP+5ycm8jT2tZtYaQBZ2hZe3i28b3+n7U/6U4Zfn2C9G/XkoegpBAkKyaIUESAuv5LhjWtcbHOoUzF261mDgn+mejKHEkgJhnNLL9u7aOmTyy/wRL51jQuFuJiX5jJi/6PSM914VRyQZRItnGtavvXTJjTM+CrsW/377/uMK0yKXbUl7rfIy8yLAMiRCfI/lXLnt1SL8eIXVr/GtFH36wbiU88Tly7NZPF6/eaJf0IqUkIhmVRL3/viNONuQYnHAlmysTcQN6rYrKqFSu1M2ObRutrlO59HFXV9ecT/XDH8mZOGX+9mcpb6uJokxJkoRwf/Q+PdovHjugy2xL5oLDhYs37V1w9Pj5XkiiSImkNBpK0Ner6hs3enCvcT4+PhZ96SpZllWLpkTuPHHlbgsGN46UEVHS0+1xVMSUQB+vwo8t0cUWx9g0IVx/lFpLR9FFGWTP8STPERIQDX3td3ztYyH5QX4ly5qk+9kBoopjRRlRhuwcl1Ju9sf8vrP/+E3B05cS22UKoitBMxJJMrIs6sny3oVP/F+3fs+yspyTnxtqm2QDQ8gqGomkyk0lv67+SZNYvEXdf/JGB5mU8QebpAyd3rW0p/vN2tXKWXwsKmhh4fP9oXO32tEEjRAyEDpR0nq6FHlWz9/b4qQhvMt4lPi8hoFHapqhBFnkSZomhUq+vmd8fIqkfcUXwSQkv/ZMfPys8v1HT+o+TXld/tXLtBLp6RmeFEWJ3t7FHhVydX7uV8Hnop/fd5c9PDyefKkbVnJyWpGkly8r6niTE4giZadVZwskJ7esU/7Et+ymbj9OLfzwUVIDmiGlXF50UhOEkTTp5VrVy+39Up3E5+Z38sofAXoDaEQBMSxNII6m9U3qV8K9Ov6WnV1Bdv0nfrdpQvgnJlzQljAxMZH7b007/Sfw+sJ22ZzX/63ftvzze5Tywxcv3LPe6jxohjVVq1jy4bcmLv1d8yxoLfxdcv6b7vP/jhD+m4yj6KogYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRuB/AEQBtcR0EHD0AAAAAElFTkSuQmCC" + } +] \ No newline at end of file diff --git a/ci.go b/ci.go new file mode 100644 index 0000000..8519c65 --- /dev/null +++ b/ci.go @@ -0,0 +1,155 @@ +package main + +import ( + "crypto/sha256" + "encoding/json" + "flag" + "fmt" + "github.com/crowdsecurity/crowdsec/pkg/cwhub" + "io" + "io/ioutil" + "log" + "os" +) + +type typeInfo struct { + Path string `json:"path"` + Stage string `json:"stage,omitempty"` + Version string `json:"version"` + Versions map[string]versionInfo `json:"versions"` + LongDescription string `json:"long_description,omitempty"` + FileContent string `json:"content"` + Description string `json:"description,omitempty"` + Author string `json:"author,omitempty"` + References []string `json:"references,omitempty"` + Labels map[string]string `json:"labels"` + Parsers []string `json:"parsers,omitempty"` + PostOverflows []string `json:"postoverflows,omitempty"` + Scenarios []string `json:"scenarios,omitempty"` + Collections []string `json:"collections,omitempty"` +} + +type fileInfo struct { + Description string `yaml:"description"` + Author string `yaml:"author"` + References []string `yaml:"references"` + Labels map[string]string `json:"labels"` + Parsers []string `yaml:"parsers,omitempty"` + PostOverflows []string `yaml:"postoverflows,omitempty"` + Scenarios []string `yaml:"scenarios,omitempty"` + Collections []string `yaml:"collections,omitempty"` +} + +type versionInfo struct { + Digest string `json:"digest"` + Deprecated bool `json:"deprecated"` +} + +const ( + parsersFolder = "parsers/" + scenariosFolder = "scenarios/" + postoverflowsFolder = "postoverflows/" + collectionsFolder = "collections/" +) + +var types = []string{ + "parsers", + "scenarios", + "postoverflows", + "collections", +} + +func getSHA256(filepath string) (string, error) { + /* Digest of file */ + f, err := os.Open(filepath) + if err != nil { + return "", fmt.Errorf("unable to open '%s' : %s", filepath, err.Error()) + } + + defer f.Close() + + h := sha256.New() + if _, err := io.Copy(h, f); err != nil { + return "", fmt.Errorf("unable to calculate sha256 of '%s': %s", filepath, err.Error()) + } + + return fmt.Sprintf("%x", h.Sum(nil)), nil +} + +func main() { + var generate bool + var inputFile string + var outFile string + var target string + + idx := make(map[string]map[string]typeInfo) + tmpIdx := make(map[string]map[string]typeInfo) + + flag.StringVar(&target, "target", "all", "decide what to generate : blockers|configs|all") + flag.StringVar(&outFile, "output", ".index.json", "File to output index") + flag.BoolVar(&generate, "generate", false, "File to output index") + flag.StringVar(&inputFile, "input", ".index.json", "File to read index from") + flag.Parse() + + if target == "all" || target == "configs" { + if generate == true { + for _, t := range types { + configType, err := generateIndex(t) + if err != nil { + panic(err) + } + idx[t] = configType + } + } else { + // update .index file + f, _ := ioutil.ReadFile(inputFile) + + _ = json.Unmarshal([]byte(f), &tmpIdx) + + for _, t := range types { + updateIndex(t, idx, tmpIdx) + } + } + + json, err := json.MarshalIndent(idx, "", " ") + if err != nil { + panic(err) + } + if err := ioutil.WriteFile(outFile, json, 0644); err != nil { + log.Fatalf("failed writting new json index : %s", err) + } + + /*Check if the generated index is correct*/ + indexContent, err := ioutil.ReadFile(outFile) + if err != nil { + log.Fatalf("Unable to read index : %v", err) + } + _, err = cwhub.LoadPkgIndex(indexContent) + if err != nil { + log.Fatalf("Unable to load existing index : %v.", err) + } + } + if target == "all" || target == "blockers" { + blockers, err := LoadJSON("blockers/list.json") + if err != nil { + log.Fatalf("failed to load json : %s", err) + } + log.Printf("Loaded %d blockers", len(blockers)) + for x, blocker := range blockers { + log.Printf("%d/%d", x+1, len(blockers)) + + updated, err := UpdateItem(blocker) + if err != nil { + log.Fatalf("failed to update %+v : %s", blocker, err) + } + blockers[x] = updated + } + log.Printf("Dumping updated items") + + if err := DumpJSON("blockers.json", blockers); err != nil { + log.Fatalf("failed to dump new json file : %s", err) + } + } + return + +} diff --git a/collections/crowdsecurity/.tests/apache2/acquis.yaml b/collections/crowdsecurity/.tests/apache2/acquis.yaml new file mode 100644 index 0000000..6988314 --- /dev/null +++ b/collections/crowdsecurity/.tests/apache2/acquis.yaml @@ -0,0 +1,5 @@ +mode: cat +filenames: + - ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log +labels: + type: apache2 diff --git a/collections/crowdsecurity/.tests/apache2/apache2.log b/collections/crowdsecurity/.tests/apache2/apache2.log new file mode 100644 index 0000000..cb6fa66 --- /dev/null +++ b/collections/crowdsecurity/.tests/apache2/apache2.log @@ -0,0 +1,4 @@ +93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-" +164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" +195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" +www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" \ No newline at end of file diff --git a/collections/crowdsecurity/.tests/iptables/acquis.yaml b/collections/crowdsecurity/.tests/iptables/acquis.yaml new file mode 100644 index 0000000..495444c --- /dev/null +++ b/collections/crowdsecurity/.tests/iptables/acquis.yaml @@ -0,0 +1,5 @@ +mode: cat +filenames: + - ./collections/crowdsecurity/.tests/iptables/iptables.log +labels: + type: syslog diff --git a/collections/crowdsecurity/.tests/iptables/bucket_result.yaml b/collections/crowdsecurity/.tests/iptables/bucket_result.yaml new file mode 100644 index 0000000..6348a25 --- /dev/null +++ b/collections/crowdsecurity/.tests/iptables/bucket_result.yaml @@ -0,0 +1,329 @@ +- Type: 1 + Alert: + MapKey: 10a3ef02f2011534975441766719a68c88af1738 + Sources: + 42.42.42.93: + asname: "" + asnumber: "" + cn: "" + ip: 42.42.42.93 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 42.42.42.93 + Alert: + capacity: 15 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + eventscount: 16 + id: 0 + labels: [] + leakspeed: 5s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/iptables-scan-multi_ports + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 42.42.42.93 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 42.42.42.93 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 15 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + eventscount: 16 + id: 0 + labels: [] + leakspeed: 5s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/iptables-scan-multi_ports + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 42.42.42.93 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 42.42.42.93 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" diff --git a/collections/crowdsecurity/.tests/iptables/config.yaml b/collections/crowdsecurity/.tests/iptables/config.yaml new file mode 100644 index 0000000..c31610a --- /dev/null +++ b/collections/crowdsecurity/.tests/iptables/config.yaml @@ -0,0 +1,14 @@ +#configuration +acquisition_file: acquis.yaml +parser_results: parser_results.yaml +bucket_results: bucket_result.yaml +postoverflow_input: po_input.yaml +marshaled_time_year: 2020 +index: "./config/hub/.index.json" +configurations: + parsers: + - crowdsecurity/iptables-logs + - crowdsecurity/syslog-logs + - crowdsecurity/dateparse-enrich + scenarios: + - crowdsecurity/iptables-scan-multi_ports diff --git a/collections/crowdsecurity/.tests/iptables/iptables.log b/collections/crowdsecurity/.tests/iptables/iptables.log new file mode 100644 index 0000000..8d9933c --- /dev/null +++ b/collections/crowdsecurity/.tests/iptables/iptables.log @@ -0,0 +1,563 @@ +Dec 17 14:31:31 sd-126005 kernel: [66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 +Dec 17 14:31:31 sd-126005 kernel: [66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:32 sd-126005 kernel: [66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:32 sd-126005 kernel: [66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:32 sd-126005 kernel: [66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:32 sd-126005 kernel: [66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:32 sd-126005 kernel: [66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:32 sd-126005 kernel: [66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:32 sd-126005 kernel: [66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:32 sd-126005 kernel: [66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:32 sd-126005 kernel: [66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:32 sd-126005 kernel: [66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:32 sd-126005 kernel: [66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:32 sd-126005 kernel: [66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:32 sd-126005 kernel: [66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:32 sd-126005 kernel: [66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:32 sd-126005 kernel: [66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:32 sd-126005 kernel: [66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:32 sd-126005 kernel: [66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:32 sd-126005 kernel: [66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:33 sd-126005 kernel: [66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:34 sd-126005 kernel: [66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:34 sd-126005 kernel: [66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:34 sd-126005 kernel: [66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:34 sd-126005 kernel: [66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:34 sd-126005 kernel: [66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:34 sd-126005 kernel: [66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:34 sd-126005 kernel: [66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:34 sd-126005 kernel: [66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:34 sd-126005 kernel: [66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:34 sd-126005 kernel: [66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:34 sd-126005 kernel: [66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:34 sd-126005 kernel: [66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:34 sd-126005 kernel: [66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:34 sd-126005 kernel: [66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:35 sd-126005 kernel: [66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 +Dec 17 14:31:36 sd-126005 kernel: [66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 diff --git a/collections/crowdsecurity/.tests/iptables/parser_results.yaml b/collections/crowdsecurity/.tests/iptables/parser_results.yaml new file mode 100644 index 0000000..deaee24 --- /dev/null +++ b/collections/crowdsecurity/.tests/iptables/parser_results.yaml @@ -0,0 +1,70377 @@ +provisionalresults: +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:31 + timestamp8601: "" + StrTime: Dec 17 14:31:31 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "80" + facility: "" + int_eth: enp1s0 + length: "40" + logsource: syslog + message: '[66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "52809" + timestamp: Dec 17 14:31:31 + timestamp8601: "" + StrTime: Dec 17 14:31:31 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "80" + facility: "" + int_eth: enp1s0 + length: "40" + logsource: syslog + message: '[66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "52809" + timestamp: Dec 17 14:31:31 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:31Z" + StrTime: Dec 17 14:31:31 + MarshaledTime: "2020-12-17T14:31:31Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:31 + timestamp8601: "" + StrTime: Dec 17 14:31:31 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "443" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "52809" + timestamp: Dec 17 14:31:31 + timestamp8601: "" + StrTime: Dec 17 14:31:31 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "443" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "52809" + timestamp: Dec 17 14:31:31 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:31Z" + StrTime: Dec 17 14:31:31 + MarshaledTime: "2020-12-17T14:31:31Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "53" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "53" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "53" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "53" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "113" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "113" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "113" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "113" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "995" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "995" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "995" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "995" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "199" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "199" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "199" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "199" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3306" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3306" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3306" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3306" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "21" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "21" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "21" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "21" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3389" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3389" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3389" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3389" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "143" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "143" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "143" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "143" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + StrTime: Dec 17 14:31:32 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3389" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3389" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3389" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3389" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "53" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "53" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "53" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "53" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "143" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "143" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "143" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "143" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "21" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "21" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "21" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "21" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "199" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "199" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "199" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "199" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3306" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3306" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3306" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3306" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "995" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "995" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "995" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "995" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "113" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "113" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "113" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "113" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "80" + facility: "" + int_eth: enp1s0 + length: "40" + logsource: syslog + message: '[66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53076" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "80" + facility: "" + int_eth: enp1s0 + length: "40" + logsource: syslog + message: '[66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53076" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "80" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "80" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1720" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1720" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "587" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "587" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "587" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "587" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1720" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1720" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "111" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "111" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "111" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "111" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "443" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "443" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "110" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "110" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "110" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "110" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1723" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1723" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1723" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1723" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "110" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "110" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "110" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "110" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "111" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "111" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "111" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "111" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1723" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1723" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1723" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1723" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1720" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1720" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1720" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1720" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "587" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "587" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "587" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "587" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5900" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5900" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5900" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5900" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "445" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "445" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "445" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "445" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "139" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "139" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "139" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "139" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "993" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "993" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "993" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "993" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "554" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "554" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "554" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "554" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "22" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "22" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8888" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8888" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8888" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8888" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "445" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "445" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "445" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "445" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5900" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5900" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5900" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5900" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "256" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "256" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "256" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "256" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1087" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1087" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1087" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1087" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "139" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "139" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "139" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "139" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8888" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8888" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "22" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "22" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8888" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8888" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "993" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "993" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "993" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "993" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "554" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "554" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "554" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "554" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1087" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1087" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1087" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1087" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1533" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1533" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1533" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1533" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5051" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5051" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5051" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5051" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "256" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "256" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "256" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "256" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1055" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1055" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1055" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1055" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2557" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2557" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2557" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2557" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "512" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "512" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "512" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "512" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1174" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1174" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1174" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1174" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8192" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8192" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8192" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8192" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "407" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "407" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "407" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "407" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24800" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24800" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24800" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24800" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2557" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2557" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2557" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2557" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1055" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1055" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1055" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1055" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1533" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1533" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1533" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1533" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5051" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5051" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5051" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5051" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "10629" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "10629" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "10629" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "10629" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "512" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "512" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "512" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "512" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2393" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2393" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2393" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2393" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8192" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8192" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8192" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8192" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24800" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24800" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24800" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24800" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1174" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1174" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1174" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1174" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "407" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "407" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "407" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "407" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2393" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2393" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2393" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2393" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "10629" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "10629" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "10629" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "10629" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3030" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3030" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3030" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3030" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2106" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2106" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2106" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2106" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "264" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "264" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "264" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + StrTime: Dec 17 14:31:33 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "264" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "264" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "264" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "264" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "264" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2106" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2106" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2106" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2106" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3030" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3030" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3030" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3030" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "10629" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "10629" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "10629" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "10629" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2393" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2393" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2393" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2393" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1174" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1174" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1174" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + StrTime: Dec 17 14:31:34 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1174" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "80" + facility: "" + int_eth: enp1s0 + length: "40" + logsource: syslog + message: '[66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53077" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "80" + facility: "" + int_eth: enp1s0 + length: "40" + logsource: syslog + message: '[66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53077" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2106" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2106" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2106" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2106" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "264" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "264" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24800" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24800" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "264" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "264" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24800" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24800" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3030" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3030" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3030" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3030" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "407" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "407" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "407" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "407" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8192" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8192" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8192" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8192" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "512" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "512" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "512" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "512" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5051" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5051" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5051" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5051" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2557" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2557" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2557" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2557" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1055" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1055" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1055" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1055" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1533" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1533" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1533" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1533" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "256" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "256" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "256" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "256" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1087" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1087" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1087" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1087" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "993" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "993" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "993" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "993" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "554" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "554" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "554" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "554" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "139" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "139" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "139" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "139" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8888" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8888" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8888" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8888" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5900" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5900" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5900" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5900" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "445" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "445" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "445" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "445" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "587" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "587" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "587" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "587" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1720" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1720" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1720" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1720" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "111" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "111" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "111" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "111" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "110" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "110" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "110" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "110" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1723" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1723" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1723" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1723" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "53" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "53" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "53" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "53" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "113" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "113" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "113" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "113" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3306" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3306" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3306" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3306" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "995" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "995" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "995" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "995" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "199" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "199" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "199" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "199" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "21" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "21" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "21" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "21" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "143" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "143" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "143" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "143" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3389" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3389" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3389" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3389" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5440" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5440" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1062" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1062" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1062" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1062" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5440" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5440" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1069" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1069" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1069" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1069" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "44176" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "44176" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "44176" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "44176" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6646" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6646" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6646" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6646" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "55600" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "55600" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "55600" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "55600" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3689" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3689" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3689" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3689" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23502" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23502" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23502" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23502" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "12000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "12000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "12000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "12000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5915" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5915" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5915" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5915" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6969" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6969" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6969" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6969" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4129" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4129" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4129" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4129" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1069" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1069" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1069" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1069" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1062" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1062" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1062" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1062" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5440" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5440" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5440" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5440" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3689" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3689" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3689" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3689" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "55600" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "55600" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "55600" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "55600" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6646" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6646" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6646" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6646" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "44176" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "44176" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "44176" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "44176" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23502" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23502" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23502" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23502" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5915" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5915" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5915" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5915" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4129" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4129" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4129" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4129" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "12000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "12000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "12000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "12000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6969" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6969" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6969" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6969" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1062" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1062" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1062" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1062" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1069" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1069" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1069" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1069" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5440" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5440" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5440" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5440" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3689" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3689" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "55600" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "55600" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "55600" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "55600" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3689" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3689" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "44176" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "44176" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "44176" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "44176" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23502" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23502" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23502" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23502" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6646" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6646" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6646" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6646" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "12000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "12000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "12000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "12000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4129" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4129" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4129" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4129" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6969" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6969" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6969" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6969" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5915" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5915" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5915" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5915" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "668" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "668" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "668" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "668" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9968" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9968" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3333" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3333" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3333" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3333" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9968" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9968" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1154" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1154" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1154" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1154" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1075" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1075" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1075" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1075" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9418" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9418" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9418" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9418" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1034" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1034" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1034" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1034" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3971" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3971" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3971" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3971" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5060" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5060" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5060" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5060" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4006" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4006" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4006" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4006" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "668" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "668" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "668" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "668" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "30" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "30" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "30" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "30" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1259" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1259" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1259" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1259" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "18040" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "18040" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "18040" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "18040" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2119" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2119" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2119" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2119" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1154" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1154" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3333" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3333" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3333" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3333" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1154" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1154" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9968" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9968" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9968" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9968" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9418" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9418" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9418" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9418" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1075" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1075" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1075" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1075" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4006" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4006" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4006" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4006" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5060" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5060" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5060" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5060" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3971" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3971" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3971" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3971" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1034" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1034" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1034" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1034" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2119" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2119" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2119" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2119" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "30" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "30" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "30" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "30" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "18040" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "18040" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "18040" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "18040" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1259" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1259" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1259" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1259" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "668" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "668" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "668" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "668" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9968" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9968" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9968" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9968" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1154" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1154" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1154" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1154" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3333" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3333" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3333" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3333" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9418" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9418" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9418" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9418" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1075" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1075" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1075" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1075" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1034" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1034" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1034" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1034" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4006" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4006" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4006" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4006" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3971" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3971" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3971" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3971" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5060" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5060" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5060" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5060" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "18040" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "18040" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "18040" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "18040" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "30" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "30" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "30" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "30" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2119" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2119" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2119" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2119" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1259" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1259" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1259" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1259" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "82" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "82" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "82" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "82" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1022" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1022" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1022" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1022" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "903" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "903" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "903" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "903" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1277" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1277" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1277" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1277" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3260" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3260" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3260" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3260" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4125" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4125" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4125" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4125" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9103" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9103" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9103" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9103" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7741" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7741" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7741" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + StrTime: Dec 17 14:31:35 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7741" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "82" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "82" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "82" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "82" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24444" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24444" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24444" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24444" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2161" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2161" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2161" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2161" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3784" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3784" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3784" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3784" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "31038" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "31038" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "31038" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "31038" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1022" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1022" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1022" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1022" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1277" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1277" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1277" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1277" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "903" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "903" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "903" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "903" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9103" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9103" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9103" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9103" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4125" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4125" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4125" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4125" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7741" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7741" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7741" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7741" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3260" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3260" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3260" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3260" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3784" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3784" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3784" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3784" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2161" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2161" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2161" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2161" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "31038" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "31038" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "31038" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "31038" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24444" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24444" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24444" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24444" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "82" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "82" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "903" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "903" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "82" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "82" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "903" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "903" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1277" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1277" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1277" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1277" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1022" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1022" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1022" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1022" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3260" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3260" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3260" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3260" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7741" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7741" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7741" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7741" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4125" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4125" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4125" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4125" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9103" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9103" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9103" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9103" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24444" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24444" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24444" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24444" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "31038" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "31038" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2161" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2161" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "31038" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "31038" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2161" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2161" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3784" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3784" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3784" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3784" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "90" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "90" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "90" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "90" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5102" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5102" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5102" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5102" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "705" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "705" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "705" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "705" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3128" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3128" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3128" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3128" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4998" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4998" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4998" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4998" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4567" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4567" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3551" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3551" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3551" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3551" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4567" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4567" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5414" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5414" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5414" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5414" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "90" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "90" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "90" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "90" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1166" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1166" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1166" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1166" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5802" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5802" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5802" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5802" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "777" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "777" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "777" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "777" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1721" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1721" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1721" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1721" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "705" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "705" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "705" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "705" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5102" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5102" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5102" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5102" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "80" + facility: "" + int_eth: enp1s0 + length: "40" + logsource: syslog + message: '[66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53078" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "80" + facility: "" + int_eth: enp1s0 + length: "40" + logsource: syslog + message: '[66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53078" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5414" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5414" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5414" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5414" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4998" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4998" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4998" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4998" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4567" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4567" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4567" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4567" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3551" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3551" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3551" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3551" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "777" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "777" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1721" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1721" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "777" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "777" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1721" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1721" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1166" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1166" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1166" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1166" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5802" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5802" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5802" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5802" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "90" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "90" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "90" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "90" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5102" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5102" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5102" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5102" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "705" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "705" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "705" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "705" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- s00-raw: + crowdsecurity/syslog-logs: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: '[66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + StrTime: Dec 17 14:31:36 + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 + s02-enrich: + crowdsecurity/dateparse-enrich: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +finalresults: +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "80" + facility: "" + int_eth: enp1s0 + length: "40" + logsource: syslog + message: '[66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "52809" + timestamp: Dec 17 14:31:31 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:31Z" + StrTime: Dec 17 14:31:31 + MarshaledTime: "2020-12-17T14:31:31Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "443" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "52809" + timestamp: Dec 17 14:31:31 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:31Z" + StrTime: Dec 17 14:31:31 + MarshaledTime: "2020-12-17T14:31:31Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "53" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "53" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "113" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "113" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "995" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "995" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "199" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "199" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3306" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3306" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "21" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "21" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3389" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3389" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "143" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "143" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:32 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:32Z" + StrTime: Dec 17 14:31:32 + MarshaledTime: "2020-12-17T14:31:32Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3389" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3389" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "53" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "53" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "143" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "143" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "21" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "21" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "199" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "199" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3306" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3306" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "995" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "995" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "113" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "113" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "80" + facility: "" + int_eth: enp1s0 + length: "40" + logsource: syslog + message: '[66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53076" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "80" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1720" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "587" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "587" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1720" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "111" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "111" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "443" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "110" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "110" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1723" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1723" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "110" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "110" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "111" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "111" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1723" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1723" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1720" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1720" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "587" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "587" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5900" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5900" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "445" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "445" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "139" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "139" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "993" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "993" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "554" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "554" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "22" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8888" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8888" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "445" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "445" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5900" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5900" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "256" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "256" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1087" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1087" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "139" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "139" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8888" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "22" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8888" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "993" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "993" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "554" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "554" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1087" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1087" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1533" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1533" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5051" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5051" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "256" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "256" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1055" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1055" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2557" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2557" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "512" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "512" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1174" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1174" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8192" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8192" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "407" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "407" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24800" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24800" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2557" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2557" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1055" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1055" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1533" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1533" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5051" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5051" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "10629" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "10629" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "512" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "512" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2393" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2393" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8192" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8192" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24800" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24800" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1174" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1174" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "407" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "407" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2393" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2393" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "10629" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "10629" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3030" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3030" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2106" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2106" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "264" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "264" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:33 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:33Z" + StrTime: Dec 17 14:31:33 + MarshaledTime: "2020-12-17T14:31:33Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "264" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "264" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2106" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2106" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3030" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3030" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "10629" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "10629" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2393" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2393" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1174" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1174" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:34 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:34Z" + StrTime: Dec 17 14:31:34 + MarshaledTime: "2020-12-17T14:31:34Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "80" + facility: "" + int_eth: enp1s0 + length: "40" + logsource: syslog + message: '[66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53077" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2106" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2106" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "264" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24800" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "264" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24800" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3030" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3030" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "407" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "407" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8192" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8192" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "512" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "512" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5051" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5051" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2557" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2557" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1055" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1055" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1533" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1533" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "256" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "256" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1087" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1087" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "993" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "993" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "554" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "554" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "139" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "139" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8888" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8888" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1025" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5900" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5900" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "445" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "445" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "587" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "587" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1720" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1720" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "111" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "111" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "110" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "110" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1723" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1723" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "53" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "53" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "113" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "113" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3306" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3306" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "995" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "995" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "199" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "199" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "21" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "21" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "143" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "143" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3389" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3389" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5440" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1062" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1062" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5440" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1069" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1069" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "44176" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "44176" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6646" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6646" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "55600" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "55600" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3689" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3689" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23502" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23502" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "12000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "12000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5915" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5915" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6969" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6969" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4129" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4129" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1069" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1069" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1062" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1062" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5440" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5440" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3689" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3689" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "55600" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "55600" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6646" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6646" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "44176" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "44176" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23502" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23502" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5915" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5915" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4129" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4129" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "12000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "12000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6969" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6969" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16080" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1062" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1062" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1069" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1069" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5440" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5440" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3689" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "55600" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "55600" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3689" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "44176" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "44176" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23502" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "23502" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6646" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6646" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "12000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "12000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4129" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4129" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6969" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "6969" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5915" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5915" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "668" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "668" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9968" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3333" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3333" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9968" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1154" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1154" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1075" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1075" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9418" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9418" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1034" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1034" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3971" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3971" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5060" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5060" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4006" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4006" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "668" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "668" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "30" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "30" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1259" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1259" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "18040" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "18040" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2119" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2119" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1154" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3333" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3333" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1154" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9968" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9968" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9418" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9418" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1075" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1075" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4006" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4006" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5060" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5060" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3971" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3971" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1034" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1034" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2119" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2119" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "30" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "30" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "18040" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "18040" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1259" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1259" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "668" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "668" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9968" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9968" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1154" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1154" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3333" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3333" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9418" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9418" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1075" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1075" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1034" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1034" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4006" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4006" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3971" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3971" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5060" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5060" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "18040" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "18040" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "30" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "30" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2119" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2119" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1259" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1259" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "82" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "82" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1022" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1022" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "903" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "903" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1277" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1277" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3260" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3260" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4125" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4125" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9103" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9103" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7741" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7741" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:35 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:35Z" + StrTime: Dec 17 14:31:35 + MarshaledTime: "2020-12-17T14:31:35Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "82" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "82" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24444" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24444" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2161" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2161" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3784" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3784" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "31038" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "31038" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1022" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1022" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1277" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1277" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "903" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "903" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9103" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9103" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4125" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4125" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7741" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7741" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3260" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3260" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3784" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3784" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2161" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2161" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "31038" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "31038" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24444" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24444" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "82" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "903" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "82" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "903" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1277" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1277" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1022" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1022" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2009" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2135" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3260" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3260" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7741" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "7741" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4125" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4125" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9103" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "9103" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24444" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "24444" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "31038" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2161" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "31038" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "2161" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3784" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3784" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "90" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "90" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5102" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5102" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "705" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "705" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3128" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3128" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4998" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4998" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4567" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3551" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3551" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4567" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5414" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5414" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "90" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "90" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1166" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1166" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5802" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5802" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "777" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "777" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1721" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1721" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53065" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "705" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "705" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5102" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5102" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "80" + facility: "" + int_eth: enp1s0 + length: "40" + logsource: syslog + message: '[66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53078" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5414" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5414" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4998" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4998" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4567" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4567" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3551" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "3551" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "16000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "777" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1721" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "777" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1721" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1166" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "1166" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5802" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5802" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53066" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "90" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "90" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5102" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "5102" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "705" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "705" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + Src: ./collections/crowdsecurity/.tests/iptables/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "4000" + facility: "" + int_eth: enp1s0 + length: "44" + logsource: syslog + message: '[66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' + pid: "" + priority: "" + program: kernel + proto: TCP + src_ip: 42.42.42.93 + src_port: "53067" + timestamp: Dec 17 14:31:36 + timestamp8601: "" + Enriched: + MarshaledTime: "2020-12-17T14:31:36Z" + StrTime: Dec 17 14:31:36 + MarshaledTime: "2020-12-17T14:31:36Z" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 42.42.42.93 diff --git a/collections/crowdsecurity/.tests/iptables/po_input.yaml b/collections/crowdsecurity/.tests/iptables/po_input.yaml new file mode 100644 index 0000000..6348a25 --- /dev/null +++ b/collections/crowdsecurity/.tests/iptables/po_input.yaml @@ -0,0 +1,329 @@ +- Type: 1 + Alert: + MapKey: 10a3ef02f2011534975441766719a68c88af1738 + Sources: + 42.42.42.93: + asname: "" + asnumber: "" + cn: "" + ip: 42.42.42.93 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 42.42.42.93 + Alert: + capacity: 15 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + eventscount: 16 + id: 0 + labels: [] + leakspeed: 5s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/iptables-scan-multi_ports + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 42.42.42.93 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 42.42.42.93 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 15 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + - meta: + - key: log_type + value: iptables_drop + - key: service + value: tcp + - key: source_ip + value: 42.42.42.93 + timestamp: "2020-12-17T14:31:33Z" + eventscount: 16 + id: 0 + labels: [] + leakspeed: 5s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/iptables-scan-multi_ports + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 42.42.42.93 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 42.42.42.93 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" diff --git a/collections/crowdsecurity/.tests/mysql/acquis.yaml b/collections/crowdsecurity/.tests/mysql/acquis.yaml new file mode 100644 index 0000000..392ac69 --- /dev/null +++ b/collections/crowdsecurity/.tests/mysql/acquis.yaml @@ -0,0 +1,5 @@ +mode: cat +filenames: + - ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log +labels: + type: mysql diff --git a/collections/crowdsecurity/.tests/mysql/mysql.log b/collections/crowdsecurity/.tests/mysql/mysql.log new file mode 100644 index 0000000..1a7caea --- /dev/null +++ b/collections/crowdsecurity/.tests/mysql/mysql.log @@ -0,0 +1,2 @@ +Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user 'root'@'27.155.87.54' (using password: YES) +Apr 16 05:13:41 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:41.144260Z 345 [Note] Access denied for user 'root'@'27.155.87.54' (using password: NO) \ No newline at end of file diff --git a/collections/crowdsecurity/.tests/nginx/acquis.yaml b/collections/crowdsecurity/.tests/nginx/acquis.yaml new file mode 100644 index 0000000..672790f --- /dev/null +++ b/collections/crowdsecurity/.tests/nginx/acquis.yaml @@ -0,0 +1,5 @@ +mode: cat +filenames: + - ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log +labels: + type: nginx diff --git a/collections/crowdsecurity/.tests/nginx/nginx.log b/collections/crowdsecurity/.tests/nginx/nginx.log new file mode 100644 index 0000000..97bb2d8 --- /dev/null +++ b/collections/crowdsecurity/.tests/nginx/nginx.log @@ -0,0 +1,4 @@ +5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" +2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-" +52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" +www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" \ No newline at end of file diff --git a/collections/crowdsecurity/.tests/postfix/acquis.yaml b/collections/crowdsecurity/.tests/postfix/acquis.yaml new file mode 100644 index 0000000..7651330 --- /dev/null +++ b/collections/crowdsecurity/.tests/postfix/acquis.yaml @@ -0,0 +1,5 @@ +mode: cat +filenames: + - ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log +labels: + type: syslog diff --git a/collections/crowdsecurity/.tests/postfix/postfix.log b/collections/crowdsecurity/.tests/postfix/postfix.log new file mode 100644 index 0000000..35b939f --- /dev/null +++ b/collections/crowdsecurity/.tests/postfix/postfix.log @@ -0,0 +1,6 @@ +Dec 7 23:23:36 mail postfix/smtpd[21281]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure +Dec 7 23:23:37 mail postfix/smtpd[21281]: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 +Dec 7 23:23:38 mail postfix/smtpd[21367]: connect from unknown[45.142.120.90] +Dec 7 23:23:40 mail postfix/smtpd[21207]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure +Dec 7 23:23:40 mail postfix/smtpd[21207]: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 +Dec 7 23:23:41 mail postfix/smtpd[21260]: connect from unknown[45.142.120.90] \ No newline at end of file diff --git a/collections/crowdsecurity/.tests/tcpdump/acquis.yaml b/collections/crowdsecurity/.tests/tcpdump/acquis.yaml new file mode 100644 index 0000000..1b70179 --- /dev/null +++ b/collections/crowdsecurity/.tests/tcpdump/acquis.yaml @@ -0,0 +1,5 @@ +mode: cat +filenames: + - ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log +labels: + type: tcpdump diff --git a/collections/crowdsecurity/.tests/tcpdump/tcpdump.log b/collections/crowdsecurity/.tests/tcpdump/tcpdump.log new file mode 100644 index 0000000..fc8fc16 --- /dev/null +++ b/collections/crowdsecurity/.tests/tcpdump/tcpdump.log @@ -0,0 +1,4 @@ +11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0 +11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0 +11:31:20.553633 IP 4.2.3.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0 +11:31:20.553713 IP 172.1.2.3.22 > 4.2.3.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0 \ No newline at end of file diff --git a/collections/crowdsecurity/.tests/vsftpd/acquis.yaml b/collections/crowdsecurity/.tests/vsftpd/acquis.yaml new file mode 100644 index 0000000..f47d737 --- /dev/null +++ b/collections/crowdsecurity/.tests/vsftpd/acquis.yaml @@ -0,0 +1,5 @@ +mode: cat +filenames: + - ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log +labels: + type: vsftpd diff --git a/collections/crowdsecurity/.tests/vsftpd/vsftpd.log b/collections/crowdsecurity/.tests/vsftpd/vsftpd.log new file mode 100644 index 0000000..5d2bc4b --- /dev/null +++ b/collections/crowdsecurity/.tests/vsftpd/vsftpd.log @@ -0,0 +1,3 @@ +Mon Jun 8 12:08:44 2020 [pid 27245] CONNECT: Client "::ffff:93.24.101.89" +Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89" +Mon Jun 8 12:12:43 2020 [pid 27307] [ubuntu] OK LOGIN: Client "::ffff:93.24.101.89" \ No newline at end of file diff --git a/collections/crowdsecurity/apache2.md b/collections/crowdsecurity/apache2.md new file mode 100644 index 0000000..9ff8901 --- /dev/null +++ b/collections/crowdsecurity/apache2.md @@ -0,0 +1,4 @@ +A collection for apache2 : + - apache2 parser + - base http scenarios for crawl, scan etc. + diff --git a/collections/crowdsecurity/apache2.yaml b/collections/crowdsecurity/apache2.yaml new file mode 100644 index 0000000..0bd826d --- /dev/null +++ b/collections/crowdsecurity/apache2.yaml @@ -0,0 +1,13 @@ +parsers: +#generic post-parsing of http stuff + - crowdsecurity/apache2-logs +collections: + - crowdsecurity/base-http-scenarios +description: "apache2 support : parser and generic http scenarios " +author: crowdsecurity +tags: + - linux + - apache2 + - crawl + - scan + diff --git a/collections/crowdsecurity/base-http-scenarios.md b/collections/crowdsecurity/base-http-scenarios.md new file mode 100644 index 0000000..d0e0ec6 --- /dev/null +++ b/collections/crowdsecurity/base-http-scenarios.md @@ -0,0 +1,14 @@ +**contains no parser, meant to be embedded** + +A collection of defensive (implementation independent) scenarios for http services : + - aggressive crawl detection + - scanning/probing detection + - bad user-agent detection + - path traversal detection + - sensitive data access attempts detection + - SQL injection detection + +:warning: This collection is _not_ a WAF and this scenario does _not_ aims at replacing a WAF. + + + diff --git a/collections/crowdsecurity/base-http-scenarios.yaml b/collections/crowdsecurity/base-http-scenarios.yaml new file mode 100644 index 0000000..70bc56a --- /dev/null +++ b/collections/crowdsecurity/base-http-scenarios.yaml @@ -0,0 +1,21 @@ +parsers: + - crowdsecurity/http-logs +scenarios: + - crowdsecurity/http-crawl-non_statics + - crowdsecurity/http-probing + - crowdsecurity/http-bad-user-agent + - crowdsecurity/http-path-traversal-probing + - crowdsecurity/http-sensitive-files + - crowdsecurity/http-sqli-probing + - crowdsecurity/http-xss-probing + - crowdsecurity/http-backdoors-attempts + - ltsich/http-w00tw00t + +description: "http common : scanners detection" +author: crowdsecurity +tags: + - linux + - http + - crawl + - scan + diff --git a/collections/crowdsecurity/dovecot.md b/collections/crowdsecurity/dovecot.md new file mode 100644 index 0000000..f3592a4 --- /dev/null +++ b/collections/crowdsecurity/dovecot.md @@ -0,0 +1,18 @@ +A collection for dovecot + * dovecot log parsers + * dovecot scenario bruteforce spam attempt + +This collection mostly aims at getting similar spam protection as +the normal fail2ban dovecot configuration. + +The relevant `acquis.yaml` should be: + +```yaml +filenames: + - /var/log/mail.log +labels: + type: syslog +``` + + +> Contribution by https://github.com/LtSich diff --git a/collections/crowdsecurity/dovecot.yaml b/collections/crowdsecurity/dovecot.yaml new file mode 100644 index 0000000..e38a64d --- /dev/null +++ b/collections/crowdsecurity/dovecot.yaml @@ -0,0 +1,10 @@ +parsers: + - crowdsecurity/dovecot-logs +scenarios: + - crowdsecurity/dovecot-spam +description: "dovecot support : parser and spammer detection" +author: crowdsecurity +tags: + - linux + - spam + - bruteforce diff --git a/collections/crowdsecurity/iptables.md b/collections/crowdsecurity/iptables.md new file mode 100644 index 0000000..69b4e10 --- /dev/null +++ b/collections/crowdsecurity/iptables.md @@ -0,0 +1,4 @@ +A collection for portscan detection via iptables : + - iptables parser (like in `-j LOG`) + - multi port scan detection + diff --git a/collections/crowdsecurity/iptables.yaml b/collections/crowdsecurity/iptables.yaml new file mode 100644 index 0000000..c2dd114 --- /dev/null +++ b/collections/crowdsecurity/iptables.yaml @@ -0,0 +1,11 @@ +parsers: + - crowdsecurity/iptables-logs +scenarios: + - crowdsecurity/iptables-scan-multi_ports +description: "iptables support : logs and port-scans detection scenarios" +author: crowdsecurity +tags: + - linux + - portscan + - iptables + diff --git a/collections/crowdsecurity/linux.md b/collections/crowdsecurity/linux.md new file mode 100644 index 0000000..5cb85a3 --- /dev/null +++ b/collections/crowdsecurity/linux.md @@ -0,0 +1,3 @@ +**core package for linux** + +contains support for syslog, do not remove. diff --git a/collections/crowdsecurity/linux.yaml b/collections/crowdsecurity/linux.yaml new file mode 100644 index 0000000..824a6ee --- /dev/null +++ b/collections/crowdsecurity/linux.yaml @@ -0,0 +1,11 @@ +parsers: + - crowdsecurity/syslog-logs + - crowdsecurity/geoip-enrich + - crowdsecurity/dateparse-enrich +collections: + - crowdsecurity/sshd +description: "core linux support : syslog+geoip+ssh" +author: crowdsecurity +tags: + - linux + diff --git a/collections/crowdsecurity/modsecurity.md b/collections/crowdsecurity/modsecurity.md new file mode 100644 index 0000000..a6968b7 --- /dev/null +++ b/collections/crowdsecurity/modsecurity.md @@ -0,0 +1,3 @@ +A collection for modsecurity (tested only with Apache): + - modsecurity parser: `crowdsecurity/modsecurity` + - modsecurity scenario: `crowdsecurity/modsecurity \ No newline at end of file diff --git a/collections/crowdsecurity/modsecurity.yaml b/collections/crowdsecurity/modsecurity.yaml new file mode 100644 index 0000000..0f3ec23 --- /dev/null +++ b/collections/crowdsecurity/modsecurity.yaml @@ -0,0 +1,10 @@ +parsers: + - crowdsecurity/modsecurity +scenarios: + - crowdsecurity/modsecurity +description: "modsecurity support : modsecurity parser and scenario" +author: crowdsecurity +tags: + - linux + - web + - waf \ No newline at end of file diff --git a/collections/crowdsecurity/mysql.md b/collections/crowdsecurity/mysql.md new file mode 100644 index 0000000..5ba6bdb --- /dev/null +++ b/collections/crowdsecurity/mysql.md @@ -0,0 +1,4 @@ +A collection for mysql services : + - mysql logs parser + - bruteforce detection + \ No newline at end of file diff --git a/collections/crowdsecurity/mysql.yaml b/collections/crowdsecurity/mysql.yaml new file mode 100644 index 0000000..75d9f67 --- /dev/null +++ b/collections/crowdsecurity/mysql.yaml @@ -0,0 +1,10 @@ +parsers: + - crowdsecurity/mysql-logs +scenarios: + - crowdsecurity/mysql-bf +description: "mysql support : logs and brute-force scenarios" +author: crowdsecurity +tags: + - linux + - mysql + - bruteforce diff --git a/collections/crowdsecurity/naxsi.md b/collections/crowdsecurity/naxsi.md new file mode 100644 index 0000000..3460d5b --- /dev/null +++ b/collections/crowdsecurity/naxsi.md @@ -0,0 +1,4 @@ +A collection to detect virtual patch violations : + - naxsi logs parser + - vpatch high id (>9999) trigger rule + \ No newline at end of file diff --git a/collections/crowdsecurity/naxsi.yaml b/collections/crowdsecurity/naxsi.yaml new file mode 100644 index 0000000..57ddda8 --- /dev/null +++ b/collections/crowdsecurity/naxsi.yaml @@ -0,0 +1,14 @@ +parsers: +#generic post-parsing of http stuff + - crowdsecurity/nginx-logs + - crowdsecurity/naxsi-logs +scenarios: + - crowdsecurity/naxsi-exploit-vpatch +description: "naxsi support : parser and vpatch scenario" +author: crowdsecurity +tags: + - linux + - nginx + - naxsi + - exploit + diff --git a/collections/crowdsecurity/nginx.md b/collections/crowdsecurity/nginx.md new file mode 100644 index 0000000..d3b3a04 --- /dev/null +++ b/collections/crowdsecurity/nginx.md @@ -0,0 +1,4 @@ +A collection to defend nginx against common attacks : + - nginx parser + - base http scenarios (crawl, 404 scan, bf) + diff --git a/collections/crowdsecurity/nginx.yaml b/collections/crowdsecurity/nginx.yaml new file mode 100644 index 0000000..5e599f4 --- /dev/null +++ b/collections/crowdsecurity/nginx.yaml @@ -0,0 +1,13 @@ +parsers: +#generic post-parsing of http stuff + - crowdsecurity/nginx-logs +collections: + - crowdsecurity/base-http-scenarios +description: "nginx support : parser and generic http scenarios" +author: crowdsecurity +tags: + - linux + - nginx + - crawl + - scan + diff --git a/collections/crowdsecurity/postfix.md b/collections/crowdsecurity/postfix.md new file mode 100644 index 0000000..ca61e3b --- /dev/null +++ b/collections/crowdsecurity/postfix.md @@ -0,0 +1,18 @@ +A collection for postfix + * postfix log parsers + * postscreen log parser + * postfix scenario bruteforce spam attempt + * postscreen rb attempt blacklist + +This collection mostly aims at getting a similar spam protection as +the normal fail2ban postfix configuration although postcreen log +management isn't included by default by fail2ban. + +The relevant `acquis.yaml` should be: + +```yaml +filenames: + - /var/log/mail.log +labels: + type: syslog +``` diff --git a/collections/crowdsecurity/postfix.yaml b/collections/crowdsecurity/postfix.yaml new file mode 100644 index 0000000..8b12217 --- /dev/null +++ b/collections/crowdsecurity/postfix.yaml @@ -0,0 +1,11 @@ +parsers: + - crowdsecurity/postfix-logs + - crowdsecurity/postscreen-logs +scenarios: + - crowdsecurity/postfix-spam +description: "postfix support : parser and spammer detection" +author: crowdsecurity +tags: + - linux + - spam + - bruteforce diff --git a/collections/crowdsecurity/sshd.md b/collections/crowdsecurity/sshd.md new file mode 100644 index 0000000..79b3116 --- /dev/null +++ b/collections/crowdsecurity/sshd.md @@ -0,0 +1,5 @@ +A collection to defend sshd against common attacks : + - ssh parser + - ssh bruteforce & enumeration detection + + diff --git a/collections/crowdsecurity/sshd.yaml b/collections/crowdsecurity/sshd.yaml new file mode 100644 index 0000000..20a2e32 --- /dev/null +++ b/collections/crowdsecurity/sshd.yaml @@ -0,0 +1,11 @@ +parsers: + - crowdsecurity/sshd-logs +scenarios: + - crowdsecurity/ssh-bf +description: "sshd support : parser and brute-force detection" +author: crowdsecurity +tags: + - linux + - ssh + - bruteforce + diff --git a/collections/crowdsecurity/vsftpd.md b/collections/crowdsecurity/vsftpd.md new file mode 100644 index 0000000..1b1764f --- /dev/null +++ b/collections/crowdsecurity/vsftpd.md @@ -0,0 +1,3 @@ +A collection to defend VSFTPD against common attacks : +- VSFTPD parser: `crowdsecurity/vsftpd-logs` +- bruteforce scenario : `crowdsecurity/vsftpd-bf` \ No newline at end of file diff --git a/collections/crowdsecurity/vsftpd.yaml b/collections/crowdsecurity/vsftpd.yaml new file mode 100644 index 0000000..8f05007 --- /dev/null +++ b/collections/crowdsecurity/vsftpd.yaml @@ -0,0 +1,10 @@ +parsers: + - crowdsecurity/vsftpd-logs +scenarios: + - crowdsecurity/vsftpd-bf +description: "VSFTPD support : logs and brute-force scenarios" +author: crowdsecurity +tags: + - linux + - ftp + - bruteforce diff --git a/collections/crowdsecurity/whitelist-good-actors.md b/collections/crowdsecurity/whitelist-good-actors.md new file mode 100644 index 0000000..7b13e4c --- /dev/null +++ b/collections/crowdsecurity/whitelist-good-actors.md @@ -0,0 +1,4 @@ +A collection to whitelist all good actors : + - rdns to use it in whitelists that need rdns + - rdns of all good search engine crawlers (googlebot, bing etc...) + - trusted partners like cloudflare \ No newline at end of file diff --git a/collections/crowdsecurity/whitelist-good-actors.yaml b/collections/crowdsecurity/whitelist-good-actors.yaml new file mode 100644 index 0000000..69cf2fc --- /dev/null +++ b/collections/crowdsecurity/whitelist-good-actors.yaml @@ -0,0 +1,10 @@ +postoverflows: + - crowdsecurity/seo-bots-whitelist + - crowdsecurity/cdn-whitelist + - crowdsecurity/rdns +description: "Good actors whitelists" +author: crowdsecurity +tags: + - whitelist + - bots + - partners diff --git a/collections/crowdsecurity/wordpress.md b/collections/crowdsecurity/wordpress.md new file mode 100644 index 0000000..29e1308 --- /dev/null +++ b/collections/crowdsecurity/wordpress.md @@ -0,0 +1,2 @@ +A collection to defend wordpress against bruteforce : + - wp-login.php bruteforce detection diff --git a/collections/crowdsecurity/wordpress.yaml b/collections/crowdsecurity/wordpress.yaml new file mode 100644 index 0000000..5936f8f --- /dev/null +++ b/collections/crowdsecurity/wordpress.yaml @@ -0,0 +1,9 @@ +scenarios: + - crowdsecurity/http-bf-wordpress_bf +description: "wordpress : bruteforce detection" +author: crowdsecurity +tags: + - linux + - wordpress + - bruteforce + diff --git a/generate.go b/generate.go new file mode 100644 index 0000000..54e33f5 --- /dev/null +++ b/generate.go @@ -0,0 +1,194 @@ +package main + +import ( + "encoding/base64" + "fmt" + "io/ioutil" + "log" + "os" + "path" + "path/filepath" + "strconv" + "strings" + + "gopkg.in/yaml.v2" +) + +func inSlice(s string, slice []string) bool { + for _, str := range slice { + if str == s { + return true + } + } + return false +} + +func (ti *typeInfo) generate(filepath string, configType string) (string, error) { + pathSplit := strings.Split(filepath, "/") + //generate doc path ? + pdocpath := strings.Replace(filepath, ".yaml", ".md", 1) + + if pathSplit[0] != configType { + return "", fmt.Errorf("invalid filepath (doesn't start with scenarios) : %s", filepath) + } + + // Remove the first item (we don't need it) + pathSplit = pathSplit[1:] + + // set user, stage and config name + var user string + var configName string + if configType == "parsers" || configType == "postoverflows" { + if len(pathSplit) != 3 { + return "", fmt.Errorf("invalid filepath '%s', should be : './%s///'", configType, filepath) + } + ti.Stage = pathSplit[0] + user = pathSplit[1] + configName = pathSplit[2] + configName = strings.Split(configName, ".")[0] + } else if configType == "scenarios" { + if len(pathSplit) != 2 { + return "", fmt.Errorf("invalid filepath '%s', should be : './scenarios//'", filepath) + } + user = pathSplit[0] + configName = pathSplit[1] + configName = strings.Split(configName, ".")[0] + } else if configType == "collections" { + if len(pathSplit) != 2 { + return "", fmt.Errorf("invalid filepath '%s', should be : './collections//'", filepath) + } + user = pathSplit[0] + configName = pathSplit[1] + configName = strings.Split(configName, ".")[0] + } + + // set the filepath + ti.Path = filepath + // set the author from the user + ti.Author = user + + // set file information : autor, references, description + + /* Get description, author and references from the file */ + var fInfo fileInfo + yamlFile, err := ioutil.ReadFile(filepath) + if err != nil { + return "", err + } + err = yaml.Unmarshal(yamlFile, &fInfo) + if err != nil { + return "", err + } + if fInfo.Author != "" { + ti.Author = fInfo.Author + } + if len(fInfo.References) > 0 { + ti.References = fInfo.References + } + + if fInfo.Description != "" { + ti.Description = fInfo.Description + } + + if fInfo.Labels != nil { + ti.Labels = fInfo.Labels + + // var tags_to_keep = []string{"service", "type"} + // for _, v := range tags_to_keep { + // if x, ok := fInfo.Labels[v]; ok { + // ti.Tags = append(ti.Tags, x) + // } + // } + } + + if configType == "collections" { + if len(fInfo.Parsers) > 0 { + ti.Parsers = fInfo.Parsers + } + if len(fInfo.PostOverflows) > 0 { + ti.PostOverflows = fInfo.PostOverflows + } + if len(fInfo.Scenarios) > 0 { + ti.Scenarios = fInfo.Scenarios + } + if len(fInfo.Collections) > 0 { + ti.Collections = fInfo.Collections + } + } + + // versions informations (digest and deprecated for each version) + if len(ti.Versions) == 0 { + ti.Versions = make(map[string]versionInfo) + h, err := getSHA256(filepath) + if err != nil { + return "", fmt.Errorf("unable to get sha256 of '%s' : %v", filepath, err) + } + var vInfo versionInfo + vInfo.Digest = h + vInfo.Deprecated = false + ti.Versions["0.1"] = vInfo + ti.Version = "0.1" + } else { + lastVersion := ti.Version + lastDigest := ti.Versions[lastVersion].Digest + currentDigest, err := getSHA256(filepath) + if err != nil { + return "", fmt.Errorf("unable to get sha256 of '%s' : %v", filepath, err) + } + if currentDigest != lastDigest { + floatVersion, err := strconv.ParseFloat(ti.Version, 32) + if err != nil { + return "", fmt.Errorf("unable to convert version '%s' to float : %s", ti.Version, err.Error()) + } + newVersion := fmt.Sprintf("%0.1f", floatVersion+0.1) + ti.Version = newVersion + log.Printf("%s new version : %s (sha:%s)", ti.Path, newVersion, currentDigest) + var vInfo versionInfo + vInfo.Digest = currentDigest + vInfo.Deprecated = false + ti.Versions[newVersion] = vInfo + } + } + + hubName := fmt.Sprintf("%s/%s", user, configName) + /*if we're all good, check if markdown documentation exists and join it*/ + //pdocpath + mdFile, err := ioutil.ReadFile(pdocpath) + if err == nil { + ti.LongDescription = base64.StdEncoding.EncodeToString([]byte(string(mdFile))) + } + ti.FileContent = base64.StdEncoding.EncodeToString([]byte(string(yamlFile))) + return hubName, nil +} + +func generateIndex(configType string) (map[string]typeInfo, error) { + var files []string + tInfo := make(map[string]typeInfo) + folder := path.Join("./", configType) + + err := filepath.Walk(folder, func(path string, info os.FileInfo, err error) error { + if strings.HasSuffix(path, ".yaml") { + files = append(files, path) + } + return nil + }) + + if err != nil { + panic(err) + } + + for _, filepath := range files { + if strings.HasPrefix(filepath, folder) { + var info typeInfo + var hubName string + var err error + hubName, err = info.generate(filepath, configType) + if err != nil { + fmt.Printf("skipping '%s' because : %s\n", filepath, err.Error()) + } else { + tInfo[hubName] = info + } + } + } + return tInfo, nil +} diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..917ebb6 --- /dev/null +++ b/go.mod @@ -0,0 +1,13 @@ +module main + +go 1.13 + +require ( + github.com/crowdsecurity/crowdsec v1.0.2 + github.com/davecgh/go-spew v1.1.1 + github.com/google/go-github v17.0.0+incompatible + github.com/prometheus/common v0.15.0 + golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d + google.golang.org/appengine v1.6.6 + gopkg.in/yaml.v2 v2.3.0 +) diff --git a/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/acquis.yaml b/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/acquis.yaml new file mode 100644 index 0000000..810e231 --- /dev/null +++ b/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/acquis.yaml @@ -0,0 +1,3 @@ +mode: cat +filenames: + - ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log diff --git a/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/config.yaml b/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/config.yaml new file mode 100644 index 0000000..ff3c2ac --- /dev/null +++ b/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/config.yaml @@ -0,0 +1,7 @@ +parser_results: parser_results.yaml +acquisition_file: acquis.yaml +#configuration +index: "./config/hub/.index.json" +configurations: + parsers: + - crowdsecurity/syslog-logs diff --git a/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/parser_results.yaml b/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/parser_results.yaml new file mode 100644 index 0000000..f378293 --- /dev/null +++ b/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/parser_results.yaml @@ -0,0 +1,217 @@ +provisionalresults: +- s00-raw: + crowdsecurity/non-syslog: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09' + s01-parse: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09' + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09' +- s00-raw: + crowdsecurity/non-syslog: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.' + s01-parse: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.' + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.' +- s00-raw: + crowdsecurity/non-syslog: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 9 15:40:20 ghoua NetworkManager[1028]: [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:40:20 ghoua NetworkManager[1028]: [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE' + s01-parse: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 9 15:40:20 ghoua NetworkManager[1028]: [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:40:20 ghoua NetworkManager[1028]: [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE' + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 9 15:40:20 ghoua NetworkManager[1028]: [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:40:20 ghoua NetworkManager[1028]: [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE' +- s00-raw: + crowdsecurity/non-syslog: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...' + s01-parse: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...' + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...' +- s00-raw: + crowdsecurity/non-syslog: + ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.' + s01-parse: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.' + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.' +finalresults: +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09' + Process: true +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.' + Process: true +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 9 15:40:20 ghoua NetworkManager[1028]: [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:40:20 ghoua NetworkManager[1028]: [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE' + Process: true +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...' + Process: true +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.' + Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log + time: 0001-01-01T00:00:00Z + process: true + Parsed: + message: 'Dec 9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.' + Process: true diff --git a/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log b/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log new file mode 100644 index 0000000..397f042 --- /dev/null +++ b/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log @@ -0,0 +1,5 @@ +Dec 9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09 +Dec 9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded. +Dec 9 15:40:20 ghoua NetworkManager[1028]: [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE +Dec 9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service... +Dec 9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded. \ No newline at end of file diff --git a/parsers/s00-raw/crowdsecurity/syslog-logs.md b/parsers/s00-raw/crowdsecurity/syslog-logs.md new file mode 100644 index 0000000..7ce8c8e --- /dev/null +++ b/parsers/s00-raw/crowdsecurity/syslog-logs.md @@ -0,0 +1,5 @@ +# Syslog parser + +This is a generic linux syslog parser with time-support. +This one often works along `crowdsecurity/skip-pretag` + diff --git a/parsers/s00-raw/crowdsecurity/syslog-logs.yaml b/parsers/s00-raw/crowdsecurity/syslog-logs.yaml new file mode 100644 index 0000000..7b05c9b --- /dev/null +++ b/parsers/s00-raw/crowdsecurity/syslog-logs.yaml @@ -0,0 +1,30 @@ +#If it's syslog, we are going to extract progname from it +filter: "evt.Line.Labels.type == 'syslog'" +onsuccess: next_stage +name: crowdsecurity/syslog-logs +grok: + #this is a named regular expression. grok patterns can be kept into separate files for readability + name: "SYSLOGLINE" + #This is the field of the `Event` to which the regexp should be applied + apply_on: Line.Raw +#if the node was successfull, statics will be applied. +statics: + - parsed: "logsource" + value: "syslog" +# syslog date can be in two different fields (one of hte assignment will fail) + - target: evt.StrTime + expression: evt.Parsed.timestamp + - target: evt.StrTime + expression: evt.Parsed.timestamp8601 +--- +#if it's not syslog, the type is the progname +filter: "evt.Line.Labels.type != 'syslog'" +onsuccess: next_stage +name: crowdsecurity/non-syslog +#debug: true +statics: + - parsed: message + expression: evt.Line.Raw + - parsed: program + expression: evt.Line.Labels.type +--- diff --git a/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/config.yaml new file mode 100644 index 0000000..c397976 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/config.yaml @@ -0,0 +1,7 @@ +parser_input: parser_input.yaml +parser_results: parser_results.yaml +#configuration +index: "./config/hub/.index.json" +configurations: + parsers: + - crowdsecurity/apache2-logs diff --git a/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/parser_input.yaml new file mode 100644 index 0000000..a9077e6 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/parser_input.yaml @@ -0,0 +1,70 @@ +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 2020-12-11T12:43:47.855054626+01:00 + Labels: + type: apache2 + process: true + Parsed: + message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-" + program: apache2 + Time: 2020-12-11T12:43:47.855149953+01:00 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 2020-12-11T12:43:47.855221252+01:00 + Labels: + type: apache2 + process: true + Parsed: + message: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" + program: apache2 + Time: 2020-12-11T12:43:47.855589313+01:00 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 2020-12-11T12:43:47.85565447+01:00 + Labels: + type: apache2 + process: true + Parsed: + message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + program: apache2 + Time: 2020-12-11T12:43:47.855803402+01:00 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 2020-12-11T12:43:47.855911794+01:00 + Labels: + type: apache2 + process: true + Parsed: + message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + program: apache2 + Time: 2020-12-11T12:43:47.855995358+01:00 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 2020-12-11T12:43:47.855054626+01:00 + Labels: + type: apache2 + process: true + Parsed: + message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-" + program: apache2 + Time: 2020-12-11T12:43:47.855149953+01:00 + Process: true \ No newline at end of file diff --git a/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/parser_results.yaml new file mode 100644 index 0000000..6715113 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/parser_results.yaml @@ -0,0 +1,512 @@ +provisionalresults: +- s00-raw: {} + s01-parse: + crowdsecurity/apache2-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + auth: '-' + bytes: "803" + clientip: 93.43.209.58 + http_user_agent: '"-"' + httpversion: "1.0" + ident: '-' + message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: / + response: "500" + target_fqdn: "" + timestamp: 08/Jun/2020:06:49:01 +0000 + verb: GET + StrTime: 08/Jun/2020:06:49:01 +0000 + Meta: + http_path: / + http_status: "500" + log_type: http_access-log + service: http + source_ip: 93.43.209.58 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + auth: '-' + bytes: "803" + clientip: 93.43.209.58 + http_user_agent: '"-"' + httpversion: "1.0" + ident: '-' + message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: / + response: "500" + target_fqdn: "" + timestamp: 08/Jun/2020:06:49:01 +0000 + verb: GET + StrTime: 08/Jun/2020:06:49:01 +0000 + Meta: + http_path: / + http_status: "500" + log_type: http_access-log + service: http + source_ip: 93.43.209.58 +- s00-raw: {} + s01-parse: + crowdsecurity/apache2-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + auth: '-' + bytes: "799" + clientip: 164.68.112.178 + http_user_agent: '"masscan/1.0 (https://github.com/robertdavidgraham/masscan)"' + httpversion: "1.0" + ident: '-' + message: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: / + response: "500" + target_fqdn: "" + timestamp: 08/Jun/2020:07:01:28 +0000 + verb: GET + StrTime: 08/Jun/2020:07:01:28 +0000 + Meta: + http_path: / + http_status: "500" + log_type: http_access-log + service: http + source_ip: 164.68.112.178 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + auth: '-' + bytes: "799" + clientip: 164.68.112.178 + http_user_agent: '"masscan/1.0 (https://github.com/robertdavidgraham/masscan)"' + httpversion: "1.0" + ident: '-' + message: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: / + response: "500" + target_fqdn: "" + timestamp: 08/Jun/2020:07:01:28 +0000 + verb: GET + StrTime: 08/Jun/2020:07:01:28 +0000 + Meta: + http_path: / + http_status: "500" + log_type: http_access-log + service: http + source_ip: 164.68.112.178 +- s00-raw: {} + s01-parse: + crowdsecurity/apache2-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + auth: '-' + bytes: "803" + clientip: 195.54.160.135 + http_user_agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' + httpversion: "1.1" + ident: '-' + message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: /solr/admin/info/system?wt=json + response: "500" + target_fqdn: "" + timestamp: 08/Jun/2020:08:04:43 +0000 + verb: GET + StrTime: 08/Jun/2020:08:04:43 +0000 + Meta: + http_path: /solr/admin/info/system?wt=json + http_status: "500" + log_type: http_access-log + service: http + source_ip: 195.54.160.135 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + auth: '-' + bytes: "803" + clientip: 195.54.160.135 + http_user_agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' + httpversion: "1.1" + ident: '-' + message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: /solr/admin/info/system?wt=json + response: "500" + target_fqdn: "" + timestamp: 08/Jun/2020:08:04:43 +0000 + verb: GET + StrTime: 08/Jun/2020:08:04:43 +0000 + Meta: + http_path: /solr/admin/info/system?wt=json + http_status: "500" + log_type: http_access-log + service: http + source_ip: 195.54.160.135 +- s00-raw: {} + s01-parse: + crowdsecurity/apache2-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + auth: '-' + bytes: "803" + clientip: 1.2.3.4 + http_user_agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' + httpversion: "1.1" + ident: '-' + message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: /solr/admin/info/system?wt=json + response: "500" + target_fqdn: www.crowdsec.net + timestamp: 08/Jun/2020:08:04:43 +0000 + verb: GET + StrTime: 08/Jun/2020:08:04:43 +0000 + Meta: + http_path: /solr/admin/info/system?wt=json + http_status: "500" + log_type: http_access-log + service: http + source_ip: 1.2.3.4 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + auth: '-' + bytes: "803" + clientip: 1.2.3.4 + http_user_agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' + httpversion: "1.1" + ident: '-' + message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: /solr/admin/info/system?wt=json + response: "500" + target_fqdn: www.crowdsec.net + timestamp: 08/Jun/2020:08:04:43 +0000 + verb: GET + StrTime: 08/Jun/2020:08:04:43 +0000 + Meta: + http_path: /solr/admin/info/system?wt=json + http_status: "500" + log_type: http_access-log + service: http + source_ip: 1.2.3.4 +- s00-raw: {} + s01-parse: + crowdsecurity/apache2-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + http_user_agent: '"-"' + auth: '-' + bytes: "803" + clientip: 93.43.209.58 + httpversion: "1.0" + ident: '-' + message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: /login + response: "500" + target_fqdn: "" + timestamp: 08/Jun/2020:06:49:01 +0000 + verb: POST + StrTime: 08/Jun/2020:06:49:01 +0000 + Meta: + http_path: /login + http_status: "500" + log_type: http_access-log + service: http + source_ip: 93.43.209.58 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + http_user_agent: '"-"' + auth: '-' + bytes: "803" + clientip: 93.43.209.58 + httpversion: "1.0" + ident: '-' + message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: /login + response: "500" + target_fqdn: "" + timestamp: 08/Jun/2020:06:49:01 +0000 + verb: POST + StrTime: 08/Jun/2020:06:49:01 +0000 + Meta: + http_path: /login + http_status: "500" + log_type: http_access-log + service: http + source_ip: 93.43.209.58 +finalresults: +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + auth: '-' + bytes: "803" + clientip: 93.43.209.58 + http_user_agent: '"-"' + httpversion: "1.0" + ident: '-' + message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: / + response: "500" + target_fqdn: "" + timestamp: 08/Jun/2020:06:49:01 +0000 + verb: GET + StrTime: 08/Jun/2020:06:49:01 +0000 + Process: true + Meta: + http_path: / + http_status: "500" + log_type: http_access-log + service: http + source_ip: 93.43.209.58 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + auth: '-' + bytes: "799" + clientip: 164.68.112.178 + http_user_agent: '"masscan/1.0 (https://github.com/robertdavidgraham/masscan)"' + httpversion: "1.0" + ident: '-' + message: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: / + response: "500" + target_fqdn: "" + timestamp: 08/Jun/2020:07:01:28 +0000 + verb: GET + StrTime: 08/Jun/2020:07:01:28 +0000 + Process: true + Meta: + http_path: / + http_status: "500" + log_type: http_access-log + service: http + source_ip: 164.68.112.178 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + auth: '-' + bytes: "803" + clientip: 195.54.160.135 + http_user_agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' + httpversion: "1.1" + ident: '-' + message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: /solr/admin/info/system?wt=json + response: "500" + target_fqdn: "" + timestamp: 08/Jun/2020:08:04:43 +0000 + verb: GET + StrTime: 08/Jun/2020:08:04:43 +0000 + Process: true + Meta: + http_path: /solr/admin/info/system?wt=json + http_status: "500" + log_type: http_access-log + service: http + source_ip: 195.54.160.135 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + auth: '-' + bytes: "803" + clientip: 1.2.3.4 + http_user_agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' + httpversion: "1.1" + ident: '-' + message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: /solr/admin/info/system?wt=json + response: "500" + target_fqdn: www.crowdsec.net + timestamp: 08/Jun/2020:08:04:43 +0000 + verb: GET + StrTime: 08/Jun/2020:08:04:43 +0000 + Process: true + Meta: + http_path: /solr/admin/info/system?wt=json + http_status: "500" + log_type: http_access-log + service: http + source_ip: 1.2.3.4 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + http_user_agent: '"-"' + auth: '-' + bytes: "803" + clientip: 93.43.209.58 + httpversion: "1.0" + ident: '-' + message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: /login + response: "500" + target_fqdn: "" + timestamp: 08/Jun/2020:06:49:01 +0000 + verb: POST + StrTime: 08/Jun/2020:06:49:01 +0000 + Process: true + Meta: + http_path: /login + http_status: "500" + log_type: http_access-log + service: http + source_ip: 93.43.209.58 diff --git a/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/config.yaml new file mode 100644 index 0000000..dbbb09a --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/config.yaml @@ -0,0 +1,7 @@ +parser_input: parser_input.yaml +parser_results: parser_results.yaml +#configuration +index: "./config/hub/.index.json" +configurations: + parsers: + - crowdsecurity/cowrie-logs diff --git a/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/parser_input.yaml new file mode 100644 index 0000000..c2b9e9a --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/parser_input.yaml @@ -0,0 +1,28 @@ +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]' + Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log + time: 2020-12-11T12:09:00.981240029+01:00 + Labels: + type: cowrie + process: true + Parsed: + message: 'Dec 8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]' + program: cowrie + Time: 2020-12-11T12:09:00.981329468+01:00 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]' + Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log + time: 2020-12-11T12:09:00.981374452+01:00 + Labels: + type: cowrie + process: true + Parsed: + message: 'Dec 8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]' + program: cowrie + Time: 2020-12-11T12:09:00.98211676+01:00 + Process: true \ No newline at end of file diff --git a/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/parser_results.yaml new file mode 100644 index 0000000..968de77 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/parser_results.yaml @@ -0,0 +1,146 @@ +provisionalresults: +- s00-raw: {} + s01-parse: + cowrie-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]' + Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log + time: 0001-01-01T00:00:00Z + Labels: + type: cowrie + process: true + Parsed: + dest_ip: 1.2.3.4 + dest_port: "2222" + message: 'Dec 8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]' + program: cowrie + source_ip: 4.2.3.1 + telnet_session: 3e5a9212b91f + Meta: + dest_ip: 1.2.3.4 + dest_port: "2222" + log_type: telnet_new_session + service: telnet + source_ip: 4.2.3.1 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]' + Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log + time: 0001-01-01T00:00:00Z + Labels: + type: cowrie + process: true + Parsed: + dest_ip: 1.2.3.4 + dest_port: "2222" + message: 'Dec 8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]' + program: cowrie + source_ip: 4.2.3.1 + telnet_session: 3e5a9212b91f + Meta: + dest_ip: 1.2.3.4 + dest_port: "2222" + log_type: telnet_new_session + service: telnet + source_ip: 4.2.3.1 +- s00-raw: {} + s01-parse: + cowrie-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]' + Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log + time: 0001-01-01T00:00:00Z + Labels: + type: cowrie + process: true + Parsed: + dest_ip: 1.2.3.4 + dest_port: "2222" + message: 'Dec 8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]' + program: cowrie + source_ip: 1.1.1.1 + telnet_session: 3e5a9212s1f + Meta: + dest_ip: 1.2.3.4 + dest_port: "2222" + log_type: telnet_new_session + service: telnet + source_ip: 1.1.1.1 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]' + Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log + time: 0001-01-01T00:00:00Z + Labels: + type: cowrie + process: true + Parsed: + dest_ip: 1.2.3.4 + dest_port: "2222" + message: 'Dec 8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]' + program: cowrie + source_ip: 1.1.1.1 + telnet_session: 3e5a9212s1f + Meta: + dest_ip: 1.2.3.4 + dest_port: "2222" + log_type: telnet_new_session + service: telnet + source_ip: 1.1.1.1 +finalresults: +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]' + Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log + time: 0001-01-01T00:00:00Z + Labels: + type: cowrie + process: true + Parsed: + dest_ip: 1.2.3.4 + dest_port: "2222" + message: 'Dec 8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]' + program: cowrie + source_ip: 4.2.3.1 + telnet_session: 3e5a9212b91f + Process: true + Meta: + dest_ip: 1.2.3.4 + dest_port: "2222" + log_type: telnet_new_session + service: telnet + source_ip: 4.2.3.1 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]' + Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log + time: 0001-01-01T00:00:00Z + Labels: + type: cowrie + process: true + Parsed: + dest_ip: 1.2.3.4 + dest_port: "2222" + message: 'Dec 8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]' + program: cowrie + source_ip: 1.1.1.1 + telnet_session: 3e5a9212s1f + Process: true + Meta: + dest_ip: 1.2.3.4 + dest_port: "2222" + log_type: telnet_new_session + service: telnet + source_ip: 1.1.1.1 diff --git a/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/config.yaml new file mode 100644 index 0000000..74d1ec6 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/config.yaml @@ -0,0 +1,10 @@ +parser_input: parser_input.yaml +parser_results: parser_results.yaml + +#configuration +index: "./config/hub/.index.json" +configurations: + parsers: + - crowdsecurity/dovecot-logs + + diff --git a/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/parser_input.yaml new file mode 100644 index 0000000..f58153d --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/parser_input.yaml @@ -0,0 +1,23 @@ +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Jan 28 10:16:13 dovecot-box dovecot[7508]: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>' + Src: ./parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/mail.info + time: 2020-12-11T13:05:46.765615945+01:00 + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: "imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>" + pid: "8421" + priority: "" + program: dovecot + timestamp: Nov 10 15:01:29 + timestamp8601: "" + Time: 2020-12-11T13:05:46.765680868+01:00 + StrTime: Nov 10 15:01:29 + Process: true + + diff --git a/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/parser_results.yaml new file mode 100644 index 0000000..740be05 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/parser_results.yaml @@ -0,0 +1,89 @@ +provisionalresults: +- s00-raw: {} + s01-parse: + crowdsecurity/dovecot-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Jan 28 10:16:13 dovecot-box dovecot[7508]: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>' + Src: ./parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/mail.info + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + dovecot_local_ip: 7.7.7.7 + dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs) + dovecot_remote_ip: 4.4.4.4 + dovecot_user: toto@toto.com + facility: "" + logsource: syslog + message: 'imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>' + pid: "8421" + priority: "" + program: dovecot + protocol: imap + timestamp: Nov 10 15:01:29 + timestamp8601: "" + StrTime: Nov 10 15:01:29 + Meta: + log_type: dovecot_logs + source_ip: 4.4.4.4 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Jan 28 10:16:13 dovecot-box dovecot[7508]: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>' + Src: ./parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/mail.info + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + dovecot_local_ip: 7.7.7.7 + dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs) + dovecot_remote_ip: 4.4.4.4 + dovecot_user: toto@toto.com + facility: "" + logsource: syslog + message: 'imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>' + pid: "8421" + priority: "" + program: dovecot + protocol: imap + timestamp: Nov 10 15:01:29 + timestamp8601: "" + StrTime: Nov 10 15:01:29 + Meta: + log_type: dovecot_logs + source_ip: 4.4.4.4 +finalresults: +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Jan 28 10:16:13 dovecot-box dovecot[7508]: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>' + Src: ./parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/mail.info + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + dovecot_local_ip: 7.7.7.7 + dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs) + dovecot_remote_ip: 4.4.4.4 + dovecot_user: toto@toto.com + facility: "" + logsource: syslog + message: 'imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>' + pid: "8421" + priority: "" + program: dovecot + protocol: imap + timestamp: Nov 10 15:01:29 + timestamp8601: "" + StrTime: Nov 10 15:01:29 + Process: true + Meta: + log_type: dovecot_logs + source_ip: 4.4.4.4 diff --git a/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/config.yaml new file mode 100644 index 0000000..a0e3ace --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/config.yaml @@ -0,0 +1,8 @@ +parser_input: parser_input.yaml +parser_results: parser_results.yaml + +#configuration +index: .index.json # relative to root +configurations: + parsers: + - crowdsecurity/iptables-logs diff --git a/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/parser_input.yaml new file mode 100644 index 0000000..3d2338e --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/parser_input.yaml @@ -0,0 +1,14 @@ +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Jun 8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/iptables-logs/iptables.log + time: 2020-12-11T12:51:53.618550089+01:00 + Labels: + type: kernel + process: true + Parsed: + message: 'Jun 8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0' + program: kernel + Time: 2020-12-11T12:51:53.618598112+01:00 + Process: true diff --git a/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/parser_results.yaml new file mode 100644 index 0000000..d3beb77 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/parser_results.yaml @@ -0,0 +1,80 @@ +provisionalresults: +- s00-raw: {} + s01-parse: + crowdsecurity/iptables-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Jun 8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/iptables-logs/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: kernel + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8123" + int_eth: enp1s0 + length: "40" + message: 'Jun 8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0' + program: kernel + proto: TCP + src_ip: 195.54.160.107 + src_port: "8080" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 195.54.160.107 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Jun 8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/iptables-logs/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: kernel + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8123" + int_eth: enp1s0 + length: "40" + message: 'Jun 8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0' + program: kernel + proto: TCP + src_ip: 195.54.160.107 + src_port: "8080" + Meta: + log_type: iptables_drop + service: tcp + source_ip: 195.54.160.107 +finalresults: +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Jun 8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/iptables-logs/iptables.log + time: 0001-01-01T00:00:00Z + Labels: + type: kernel + process: true + Parsed: + action: "" + dst_ip: 51.15.166.67 + dst_port: "8123" + int_eth: enp1s0 + length: "40" + message: 'Jun 8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0' + program: kernel + proto: TCP + src_ip: 195.54.160.107 + src_port: "8080" + Process: true + Meta: + log_type: iptables_drop + service: tcp + source_ip: 195.54.160.107 diff --git a/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/config.yaml new file mode 100644 index 0000000..e702932 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/config.yaml @@ -0,0 +1,8 @@ +parser_input: parser_input.yaml +parser_results: parser_results.yaml + +#configuration +index: "./config/hub/.index.json" +configurations: + parsers: + - crowdsecurity/mysql-logs diff --git a/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/parser_input.yaml new file mode 100644 index 0000000..e607065 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/parser_input.yaml @@ -0,0 +1,28 @@ +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)' + Src: ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log + time: 2020-12-11T12:55:59.702942091+01:00 + Labels: + type: mysql + process: true + Parsed: + message: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)' + program: mysql + Time: 2020-12-11T12:55:59.702983219+01:00 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Apr 16 05:13:41 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:41.144260Z 345 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: NO)' + Src: ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log + time: 2020-12-11T12:55:59.703044246+01:00 + Labels: + type: mysql + process: true + Parsed: + message: 'Apr 16 05:13:41 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:41.144260Z 345 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: NO)' + program: mysql + Time: 2020-12-11T12:55:59.703760102+01:00 + Process: true diff --git a/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/parser_results.yaml new file mode 100644 index 0000000..02269b2 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/parser_results.yaml @@ -0,0 +1,79 @@ +provisionalresults: +- s00-raw: {} + s01-parse: + crowdsecurity/mysql-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)' + Src: ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log + time: 0001-01-01T00:00:00Z + Labels: + type: mysql + process: true + Parsed: + message: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)' + program: mysql + source_ip: 27.155.87.54 + time: "2020-04-16T05:13:40.861934Z" + user: root + Meta: + log_type: mysql_failed_auth + source_ip: 27.155.87.54 + user: root + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)' + Src: ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log + time: 0001-01-01T00:00:00Z + Labels: + type: mysql + process: true + Parsed: + message: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)' + program: mysql + source_ip: 27.155.87.54 + time: "2020-04-16T05:13:40.861934Z" + user: root + Meta: + log_type: mysql_failed_auth + source_ip: 27.155.87.54 + user: root +- s00-raw: {} + s01-parse: {} +finalresults: +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)' + Src: ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log + time: 0001-01-01T00:00:00Z + Labels: + type: mysql + process: true + Parsed: + message: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)' + program: mysql + source_ip: 27.155.87.54 + time: "2020-04-16T05:13:40.861934Z" + user: root + Process: true + Meta: + log_type: mysql_failed_auth + source_ip: 27.155.87.54 + user: root +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Apr 16 05:13:41 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:41.144260Z 345 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: NO)' + Src: ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log + time: 0001-01-01T00:00:00Z + Labels: + type: mysql + process: true + Parsed: + message: 'Apr 16 05:13:41 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:41.144260Z 345 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: NO)' + program: mysql diff --git a/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/config.yaml new file mode 100644 index 0000000..8e811e1 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/config.yaml @@ -0,0 +1,8 @@ +parser_input: parser_input.yaml +parser_results: parser_results.yaml + +#configuration +index: "./config/hub/.index.json" +configurations: + parsers: + - crowdsecurity/nginx-logs diff --git a/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/parser_input.yaml new file mode 100644 index 0000000..cc6ae08 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/parser_input.yaml @@ -0,0 +1,70 @@ +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 2020-12-11T13:02:38.187710403+01:00 + Labels: + type: nginx + process: true + Parsed: + message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" + program: nginx + Time: 2020-12-11T13:02:38.187733387+01:00 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 2020-12-11T13:02:38.187790876+01:00 + Labels: + type: nginx + process: true + Parsed: + message: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-" + program: nginx + Time: 2020-12-11T13:02:38.1879352+01:00 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 2020-12-11T13:02:38.188000715+01:00 + Labels: + type: nginx + process: true + Parsed: + message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + program: nginx + Time: 2020-12-11T13:02:38.188078433+01:00 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 2020-12-11T13:02:38.188137815+01:00 + Labels: + type: nginx + process: true + Parsed: + message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + program: nginx + Time: 2020-12-11T13:02:38.188226774+01:00 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 2020-12-11T13:02:38.188137815+01:00 + Labels: + type: nginx + process: true + Parsed: + message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + program: nginx + Time: 2020-12-11T13:02:38.188226774+01:00 + Process: true diff --git a/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/parser_results.yaml new file mode 100644 index 0000000..a1667a4 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/parser_results.yaml @@ -0,0 +1,482 @@ +provisionalresults: +- s00-raw: {} + s01-parse: + crowdsecurity/nginx-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 0001-01-01T00:00:00Z + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "522" + http_referer: '-' + http_user_agent: Go-http-client/1.1 + http_version: "1.1" + message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" + program: nginx + remote_addr: 5.5.8.5 + remote_user: '-' + request: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo + status: "404" + target_fqdn: "" + time_local: 04/Jan/2020:07:25:02 +0000 + verb: GET + StrTime: 04/Jan/2020:07:25:02 +0000 + Meta: + http_path: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo + http_status: "404" + log_type: http_access-log + service: http + source_ip: 5.5.8.5 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 0001-01-01T00:00:00Z + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "522" + http_referer: '-' + http_user_agent: Go-http-client/1.1 + http_version: "1.1" + message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" + program: nginx + remote_addr: 5.5.8.5 + remote_user: '-' + request: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo + status: "404" + target_fqdn: "" + time_local: 04/Jan/2020:07:25:02 +0000 + verb: GET + StrTime: 04/Jan/2020:07:25:02 +0000 + Meta: + http_path: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo + http_status: "404" + log_type: http_access-log + service: http + source_ip: 5.5.8.5 +- s00-raw: {} + s01-parse: + crowdsecurity/nginx-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 0001-01-01T00:00:00Z + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "0" + http_referer: '-' + http_user_agent: '-' + http_version: "1.1" + message: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-" + program: nginx + remote_addr: 2.30.19.10 + remote_user: '-' + request: / + status: "400" + target_fqdn: "" + time_local: 04/Jan/2020:08:29:17 +0000 + verb: GET + StrTime: 04/Jan/2020:08:29:17 +0000 + Meta: + http_path: / + http_status: "400" + log_type: http_access-log + service: http + source_ip: 2.30.19.10 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 0001-01-01T00:00:00Z + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "0" + http_referer: '-' + http_user_agent: '-' + http_version: "1.1" + message: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-" + program: nginx + remote_addr: 2.30.19.10 + remote_user: '-' + request: / + status: "400" + target_fqdn: "" + time_local: 04/Jan/2020:08:29:17 +0000 + verb: GET + StrTime: 04/Jan/2020:08:29:17 +0000 + Meta: + http_path: / + http_status: "400" + log_type: http_access-log + service: http + source_ip: 2.30.19.10 +- s00-raw: {} + s01-parse: + crowdsecurity/nginx-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 0001-01-01T00:00:00Z + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "550" + http_referer: '-' + http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) + http_version: "1.1" + message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + program: nginx + remote_addr: 52.59.61.4 + remote_user: '-' + request: /index.php/nous-contacter/ + status: "500" + target_fqdn: "" + time_local: 04/Jan/2020:08:41:43 +0000 + verb: GET + StrTime: 04/Jan/2020:08:41:43 +0000 + Meta: + http_path: /index.php/nous-contacter/ + http_status: "500" + log_type: http_access-log + service: http + source_ip: 52.59.61.4 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 0001-01-01T00:00:00Z + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "550" + http_referer: '-' + http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) + http_version: "1.1" + message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + program: nginx + remote_addr: 52.59.61.4 + remote_user: '-' + request: /index.php/nous-contacter/ + status: "500" + target_fqdn: "" + time_local: 04/Jan/2020:08:41:43 +0000 + verb: GET + StrTime: 04/Jan/2020:08:41:43 +0000 + Meta: + http_path: /index.php/nous-contacter/ + http_status: "500" + log_type: http_access-log + service: http + source_ip: 52.59.61.4 +- s00-raw: {} + s01-parse: + crowdsecurity/nginx-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 0001-01-01T00:00:00Z + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "550" + http_referer: '-' + http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) + http_version: "1.1" + message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + program: nginx + remote_addr: 52.59.61.4 + remote_user: '-' + request: /index.php/nous-contacter/ + status: "500" + target_fqdn: www.mydomain.com + time_local: 04/Jan/2020:08:41:43 +0000 + verb: GET + StrTime: 04/Jan/2020:08:41:43 +0000 + Meta: + http_path: /index.php/nous-contacter/ + http_status: "500" + log_type: http_access-log + service: http + source_ip: 52.59.61.4 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 0001-01-01T00:00:00Z + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "550" + http_referer: '-' + http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) + http_version: "1.1" + message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + program: nginx + remote_addr: 52.59.61.4 + remote_user: '-' + request: /index.php/nous-contacter/ + status: "500" + target_fqdn: www.mydomain.com + time_local: 04/Jan/2020:08:41:43 +0000 + verb: GET + StrTime: 04/Jan/2020:08:41:43 +0000 + Meta: + http_path: /index.php/nous-contacter/ + http_status: "500" + log_type: http_access-log + service: http + source_ip: 52.59.61.4 +- s00-raw: {} + s01-parse: + crowdsecurity/nginx-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 0001-01-01T00:00:00Z + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "550" + http_referer: '-' + http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) + http_version: "1.1" + message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + program: nginx + remote_addr: 52.59.61.4 + remote_user: '-' + request: /login.php + status: "500" + target_fqdn: www.mydomain.com + time_local: 04/Jan/2020:08:41:43 +0000 + verb: POST + StrTime: 04/Jan/2020:08:41:43 +0000 + Meta: + http_path: /login.php + http_status: "500" + log_type: http_access-log + service: http + source_ip: 52.59.61.4 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 0001-01-01T00:00:00Z + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "550" + http_referer: '-' + http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) + http_version: "1.1" + message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + program: nginx + remote_addr: 52.59.61.4 + remote_user: '-' + request: /login.php + status: "500" + target_fqdn: www.mydomain.com + time_local: 04/Jan/2020:08:41:43 +0000 + verb: POST + StrTime: 04/Jan/2020:08:41:43 +0000 + Meta: + http_path: /login.php + http_status: "500" + log_type: http_access-log + service: http + source_ip: 52.59.61.4 +finalresults: +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 0001-01-01T00:00:00Z + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "522" + http_referer: '-' + http_user_agent: Go-http-client/1.1 + http_version: "1.1" + message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" + program: nginx + remote_addr: 5.5.8.5 + remote_user: '-' + request: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo + status: "404" + target_fqdn: "" + time_local: 04/Jan/2020:07:25:02 +0000 + verb: GET + StrTime: 04/Jan/2020:07:25:02 +0000 + Process: true + Meta: + http_path: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo + http_status: "404" + log_type: http_access-log + service: http + source_ip: 5.5.8.5 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 0001-01-01T00:00:00Z + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "0" + http_referer: '-' + http_user_agent: '-' + http_version: "1.1" + message: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-" + program: nginx + remote_addr: 2.30.19.10 + remote_user: '-' + request: / + status: "400" + target_fqdn: "" + time_local: 04/Jan/2020:08:29:17 +0000 + verb: GET + StrTime: 04/Jan/2020:08:29:17 +0000 + Process: true + Meta: + http_path: / + http_status: "400" + log_type: http_access-log + service: http + source_ip: 2.30.19.10 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 0001-01-01T00:00:00Z + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "550" + http_referer: '-' + http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) + http_version: "1.1" + message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + program: nginx + remote_addr: 52.59.61.4 + remote_user: '-' + request: /index.php/nous-contacter/ + status: "500" + target_fqdn: "" + time_local: 04/Jan/2020:08:41:43 +0000 + verb: GET + StrTime: 04/Jan/2020:08:41:43 +0000 + Process: true + Meta: + http_path: /index.php/nous-contacter/ + http_status: "500" + log_type: http_access-log + service: http + source_ip: 52.59.61.4 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 0001-01-01T00:00:00Z + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "550" + http_referer: '-' + http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) + http_version: "1.1" + message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + program: nginx + remote_addr: 52.59.61.4 + remote_user: '-' + request: /index.php/nous-contacter/ + status: "500" + target_fqdn: www.mydomain.com + time_local: 04/Jan/2020:08:41:43 +0000 + verb: GET + StrTime: 04/Jan/2020:08:41:43 +0000 + Process: true + Meta: + http_path: /index.php/nous-contacter/ + http_status: "500" + log_type: http_access-log + service: http + source_ip: 52.59.61.4 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 0001-01-01T00:00:00Z + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "550" + http_referer: '-' + http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) + http_version: "1.1" + message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + program: nginx + remote_addr: 52.59.61.4 + remote_user: '-' + request: /login.php + status: "500" + target_fqdn: www.mydomain.com + time_local: 04/Jan/2020:08:41:43 +0000 + verb: POST + StrTime: 04/Jan/2020:08:41:43 +0000 + Process: true + Meta: + http_path: /login.php + http_status: "500" + log_type: http_access-log + service: http + source_ip: 52.59.61.4 diff --git a/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/config.yaml new file mode 100644 index 0000000..6ab2a47 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/config.yaml @@ -0,0 +1,8 @@ +parser_input: parser_input.yaml +parser_results: parser_results.yaml + +#configuration +index: "./config/hub/.index.json" +configurations: + parsers: + - crowdsecurity/postfix-logs diff --git a/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/parser_input.yaml new file mode 100644 index 0000000..a0315d8 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/parser_input.yaml @@ -0,0 +1,126 @@ +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 7 23:23:36 mail postfix/smtpd[21281]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log + time: 2020-12-11T15:42:01.202977635+01:00 + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' + pid: "21281" + priority: "" + program: postfix/smtpd + timestamp: Dec 7 23:23:36 + timestamp8601: "" + Time: 2020-12-11T15:42:01.203091954+01:00 + StrTime: Dec 7 23:23:36 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 7 23:23:37 mail postfix/smtpd[21281]: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log + time: 2020-12-11T15:42:01.20315228+01:00 + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 + pid: "21281" + priority: "" + program: postfix/smtpd + timestamp: Dec 7 23:23:37 + timestamp8601: "" + Time: 2020-12-11T15:42:01.204131843+01:00 + StrTime: Dec 7 23:23:37 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 7 23:23:38 mail postfix/smtpd[21367]: connect from unknown[45.142.120.90]' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log + time: 2020-12-11T15:42:01.204190996+01:00 + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: connect from unknown[45.142.120.90] + pid: "21367" + priority: "" + program: postfix/smtpd + timestamp: Dec 7 23:23:38 + timestamp8601: "" + Time: 2020-12-11T15:42:01.204646207+01:00 + StrTime: Dec 7 23:23:38 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 7 23:23:40 mail postfix/smtpd[21207]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log + time: 2020-12-11T15:42:01.204713425+01:00 + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' + pid: "21207" + priority: "" + program: postfix/smtpd + timestamp: Dec 7 23:23:40 + timestamp8601: "" + Time: 2020-12-11T15:42:01.205068464+01:00 + StrTime: Dec 7 23:23:40 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 7 23:23:40 mail postfix/smtpd[21207]: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log + time: 2020-12-11T15:42:01.205128018+01:00 + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 + pid: "21207" + priority: "" + program: postfix/smtpd + timestamp: Dec 7 23:23:40 + timestamp8601: "" + Time: 2020-12-11T15:42:01.205401321+01:00 + StrTime: Dec 7 23:23:40 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 7 23:23:41 mail postfix/smtpd[21260]: connect from unknown[45.142.120.90]' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log + time: 2020-12-11T15:42:01.205470513+01:00 + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: connect from unknown[45.142.120.90] + pid: "21260" + priority: "" + program: postfix/smtpd + timestamp: Dec 7 23:23:41 + timestamp8601: "" + Time: 2020-12-11T15:42:01.205699752+01:00 + StrTime: Dec 7 23:23:41 + Process: true diff --git a/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/parser_results.yaml new file mode 100644 index 0000000..4cf731b --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/parser_results.yaml @@ -0,0 +1,266 @@ +provisionalresults: +- s00-raw: {} + s01-parse: + crowdsecurity/postfix-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 7 23:23:36 mail postfix/smtpd[21281]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' + message_failure: ' authentication failure' + pid: "21281" + priority: "" + program: postfix/smtpd + remote_addr: 45.142.120.90 + remote_host: unknown + timestamp: Dec 7 23:23:36 + timestamp8601: "" + StrTime: Dec 7 23:23:36 + Meta: + log_type: postfix + log_type_enh: spam-attempt + service: postfix + source_hostname: unknown + source_ip: 45.142.120.90 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 7 23:23:36 mail postfix/smtpd[21281]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' + message_failure: ' authentication failure' + pid: "21281" + priority: "" + program: postfix/smtpd + remote_addr: 45.142.120.90 + remote_host: unknown + timestamp: Dec 7 23:23:36 + timestamp8601: "" + StrTime: Dec 7 23:23:36 + Meta: + log_type: postfix + log_type_enh: spam-attempt + service: postfix + source_hostname: unknown + source_ip: 45.142.120.90 +- s00-raw: {} + s01-parse: {} +- s00-raw: {} + s01-parse: {} +- s00-raw: {} + s01-parse: + crowdsecurity/postfix-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 7 23:23:40 mail postfix/smtpd[21207]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' + message_failure: ' authentication failure' + pid: "21207" + priority: "" + program: postfix/smtpd + remote_addr: 45.142.120.90 + remote_host: unknown + timestamp: Dec 7 23:23:40 + timestamp8601: "" + StrTime: Dec 7 23:23:40 + Meta: + log_type: postfix + log_type_enh: spam-attempt + service: postfix + source_hostname: unknown + source_ip: 45.142.120.90 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 7 23:23:40 mail postfix/smtpd[21207]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' + message_failure: ' authentication failure' + pid: "21207" + priority: "" + program: postfix/smtpd + remote_addr: 45.142.120.90 + remote_host: unknown + timestamp: Dec 7 23:23:40 + timestamp8601: "" + StrTime: Dec 7 23:23:40 + Meta: + log_type: postfix + log_type_enh: spam-attempt + service: postfix + source_hostname: unknown + source_ip: 45.142.120.90 +- s00-raw: {} + s01-parse: {} +- s00-raw: {} + s01-parse: {} +finalresults: +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 7 23:23:36 mail postfix/smtpd[21281]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' + message_failure: ' authentication failure' + pid: "21281" + priority: "" + program: postfix/smtpd + remote_addr: 45.142.120.90 + remote_host: unknown + timestamp: Dec 7 23:23:36 + timestamp8601: "" + StrTime: Dec 7 23:23:36 + Process: true + Meta: + log_type: postfix + log_type_enh: spam-attempt + service: postfix + source_hostname: unknown + source_ip: 45.142.120.90 +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 7 23:23:37 mail postfix/smtpd[21281]: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 + pid: "21281" + priority: "" + program: postfix/smtpd + timestamp: Dec 7 23:23:37 + timestamp8601: "" + StrTime: Dec 7 23:23:37 +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 7 23:23:38 mail postfix/smtpd[21367]: connect from unknown[45.142.120.90]' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: connect from unknown[45.142.120.90] + pid: "21367" + priority: "" + program: postfix/smtpd + timestamp: Dec 7 23:23:38 + timestamp8601: "" + StrTime: Dec 7 23:23:38 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Dec 7 23:23:40 mail postfix/smtpd[21207]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' + message_failure: ' authentication failure' + pid: "21207" + priority: "" + program: postfix/smtpd + remote_addr: 45.142.120.90 + remote_host: unknown + timestamp: Dec 7 23:23:40 + timestamp8601: "" + StrTime: Dec 7 23:23:40 + Process: true + Meta: + log_type: postfix + log_type_enh: spam-attempt + service: postfix + source_hostname: unknown + source_ip: 45.142.120.90 +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 7 23:23:40 mail postfix/smtpd[21207]: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 + pid: "21207" + priority: "" + program: postfix/smtpd + timestamp: Dec 7 23:23:40 + timestamp8601: "" + StrTime: Dec 7 23:23:40 +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Dec 7 23:23:41 mail postfix/smtpd[21260]: connect from unknown[45.142.120.90]' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: connect from unknown[45.142.120.90] + pid: "21260" + priority: "" + program: postfix/smtpd + timestamp: Dec 7 23:23:41 + timestamp8601: "" + StrTime: Dec 7 23:23:41 diff --git a/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/config.yaml new file mode 100644 index 0000000..b80efea --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/config.yaml @@ -0,0 +1,8 @@ +parser_input: parser_input.yaml +parser_results: parser_results.yaml + +#configuration +index: "./config/hub/.index.json" +configurations: + parsers: + - crowdsecurity/postscreen-logs diff --git a/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/parser_input.yaml new file mode 100644 index 0000000..5bfebb9 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/parser_input.yaml @@ -0,0 +1,21 @@ +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Oct 25 04:24:59 test postfix/postscreen[22244]: PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/postscreen.log + time: 2020-12-11T15:42:01.202977635+01:00 + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: 'PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n' + pid: "22244" + priority: "" + program: postfix/postscreen + timestamp: Dec 7 23:23:36 + timestamp8601: "" + Time: 2020-12-11T15:42:01.203091954+01:00 + StrTime: Dec 7 23:23:36 + Process: true diff --git a/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/parser_results.yaml new file mode 100644 index 0000000..a073f3b --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/parser_results.yaml @@ -0,0 +1,95 @@ +provisionalresults: +- s00-raw: {} + s01-parse: + crowdsecurity/postscreen-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Oct 25 04:24:59 test postfix/postscreen[22244]: PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/postscreen.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + count: "16" + facility: "" + logsource: syslog + message: 'PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n' + message_attempt: EHLO 127.0.0.1\r\n + pid: "22244" + port: "41323" + pregreet: PREGREET + priority: "" + program: postfix/postscreen + remote_addr: 177.154.236.182 + time_attempt: "2.6" + timestamp: Dec 7 23:23:36 + timestamp8601: "" + StrTime: Dec 7 23:23:36 + Meta: + pregreet: PREGREET + service: postscreen + source_ip: 177.154.236.182 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Oct 25 04:24:59 test postfix/postscreen[22244]: PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/postscreen.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + count: "16" + facility: "" + logsource: syslog + message: 'PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n' + message_attempt: EHLO 127.0.0.1\r\n + pid: "22244" + port: "41323" + pregreet: PREGREET + priority: "" + program: postfix/postscreen + remote_addr: 177.154.236.182 + time_attempt: "2.6" + timestamp: Dec 7 23:23:36 + timestamp8601: "" + StrTime: Dec 7 23:23:36 + Meta: + pregreet: PREGREET + service: postscreen + source_ip: 177.154.236.182 +finalresults: +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Oct 25 04:24:59 test postfix/postscreen[22244]: PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n' + Src: ./parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/postscreen.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + count: "16" + facility: "" + logsource: syslog + message: 'PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n' + message_attempt: EHLO 127.0.0.1\r\n + pid: "22244" + port: "41323" + pregreet: PREGREET + priority: "" + program: postfix/postscreen + remote_addr: 177.154.236.182 + time_attempt: "2.6" + timestamp: Dec 7 23:23:36 + timestamp8601: "" + StrTime: Dec 7 23:23:36 + Process: true + Meta: + pregreet: PREGREET + service: postscreen + source_ip: 177.154.236.182 diff --git a/parsers/s01-parse/crowdsecurity/.tests/smb-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/smb-logs/config.yaml new file mode 100644 index 0000000..1c11587 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/smb-logs/config.yaml @@ -0,0 +1,8 @@ +parser_input: parser_input.yaml +parser_results: parser_results.yaml + +#configuration +index: "./config/hub/.index.json" +configurations: + parsers: + - crowdsecurity/smb-logs diff --git a/parsers/s01-parse/crowdsecurity/.tests/smb-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/smb-logs/parser_input.yaml new file mode 100644 index 0000000..3d55572 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/smb-logs/parser_input.yaml @@ -0,0 +1,29 @@ +- ExpectMode: 1 + Stage: s01-parse + Parsed: + facility: "" + logsource: syslog + message: "Auth: [SMB2,(null)] user []\\[hp] at [Fri, 18 Dec 2020 02:49:33.333790 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [] remote host [ipv4:14.181.129.111:62493] mapped to []\\[hp]. local host [ipv4:172.18.0.3:445] #015" + pid: "8421" + priority: "" + program: smb + timestamp: Nov 10 15:01:29 + timestamp8601: "" + Time: 2020-12-11T13:05:46.765680868+01:00 + StrTime: Nov 10 15:01:29 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Parsed: + facility: "" + logsource: syslog + message: "Auth: [SMB2,(null)] user [domainname]\\[rcbiwx] at [Sat, 14 Nov 2020 06:52:41.882477 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [LOCALPCNAME] remote host [ipv4:180.252.252.57:55492] mapped to [domainname]\\[rcbiwx]. local host [ipv4:172.18.0.3:445] #015" + pid: "8421" + priority: "" + program: smb + timestamp: Nov 10 15:01:29 + timestamp8601: "" + Time: 2020-12-11T13:05:46.765680868+01:00 + StrTime: Nov 10 15:01:29 + Process: true + diff --git a/parsers/s01-parse/crowdsecurity/.tests/smb-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/smb-logs/parser_results.yaml new file mode 100644 index 0000000..5cde0bc --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/smb-logs/parser_results.yaml @@ -0,0 +1,128 @@ +provisionalresults: +- s00-raw: {} + s01-parse: + crowdsecurity/smb-logs: + ExpectMode: 1 + Stage: s02-enrich + Parsed: + facility: "" + ip_source: 14.181.129.111 + logsource: syslog + message: 'Auth: [SMB2,(null)] user []\[hp] at [Fri, 18 Dec 2020 02:49:33.333790 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [] remote host [ipv4:14.181.129.111:62493] mapped to []\[hp]. local host [ipv4:172.18.0.3:445] #015' + pid: "8421" + priority: "" + program: smb + smb_domain: "" + timestamp: Nov 10 15:01:29 + timestamp8601: "" + user: hp + StrTime: Nov 10 15:01:29 + Meta: + log_type: smb_failed_auth + source_ip: 14.181.129.111 + user: hp + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Parsed: + facility: "" + ip_source: 14.181.129.111 + logsource: syslog + message: 'Auth: [SMB2,(null)] user []\[hp] at [Fri, 18 Dec 2020 02:49:33.333790 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [] remote host [ipv4:14.181.129.111:62493] mapped to []\[hp]. local host [ipv4:172.18.0.3:445] #015' + pid: "8421" + priority: "" + program: smb + smb_domain: "" + timestamp: Nov 10 15:01:29 + timestamp8601: "" + user: hp + StrTime: Nov 10 15:01:29 + Meta: + log_type: smb_failed_auth + source_ip: 14.181.129.111 + user: hp +- s00-raw: {} + s01-parse: + crowdsecurity/smb-logs: + ExpectMode: 1 + Stage: s02-enrich + Parsed: + facility: "" + ip_source: 180.252.252.57 + logsource: syslog + message: 'Auth: [SMB2,(null)] user [domainname]\[rcbiwx] at [Sat, 14 Nov 2020 06:52:41.882477 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [LOCALPCNAME] remote host [ipv4:180.252.252.57:55492] mapped to [domainname]\[rcbiwx]. local host [ipv4:172.18.0.3:445] #015' + pid: "8421" + priority: "" + program: smb + smb_domain: domainname + timestamp: Nov 10 15:01:29 + timestamp8601: "" + user: rcbiwx + StrTime: Nov 10 15:01:29 + Meta: + log_type: smb_failed_auth + source_ip: 180.252.252.57 + user: rcbiwx + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Parsed: + facility: "" + ip_source: 180.252.252.57 + logsource: syslog + message: 'Auth: [SMB2,(null)] user [domainname]\[rcbiwx] at [Sat, 14 Nov 2020 06:52:41.882477 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [LOCALPCNAME] remote host [ipv4:180.252.252.57:55492] mapped to [domainname]\[rcbiwx]. local host [ipv4:172.18.0.3:445] #015' + pid: "8421" + priority: "" + program: smb + smb_domain: domainname + timestamp: Nov 10 15:01:29 + timestamp8601: "" + user: rcbiwx + StrTime: Nov 10 15:01:29 + Meta: + log_type: smb_failed_auth + source_ip: 180.252.252.57 + user: rcbiwx +finalresults: +- ExpectMode: 1 + Stage: s02-enrich + Parsed: + facility: "" + ip_source: 14.181.129.111 + logsource: syslog + message: 'Auth: [SMB2,(null)] user []\[hp] at [Fri, 18 Dec 2020 02:49:33.333790 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [] remote host [ipv4:14.181.129.111:62493] mapped to []\[hp]. local host [ipv4:172.18.0.3:445] #015' + pid: "8421" + priority: "" + program: smb + smb_domain: "" + timestamp: Nov 10 15:01:29 + timestamp8601: "" + user: hp + StrTime: Nov 10 15:01:29 + Process: true + Meta: + log_type: smb_failed_auth + source_ip: 14.181.129.111 + user: hp +- ExpectMode: 1 + Stage: s02-enrich + Parsed: + facility: "" + ip_source: 180.252.252.57 + logsource: syslog + message: 'Auth: [SMB2,(null)] user [domainname]\[rcbiwx] at [Sat, 14 Nov 2020 06:52:41.882477 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [LOCALPCNAME] remote host [ipv4:180.252.252.57:55492] mapped to [domainname]\[rcbiwx]. local host [ipv4:172.18.0.3:445] #015' + pid: "8421" + priority: "" + program: smb + smb_domain: domainname + timestamp: Nov 10 15:01:29 + timestamp8601: "" + user: rcbiwx + StrTime: Nov 10 15:01:29 + Process: true + Meta: + log_type: smb_failed_auth + source_ip: 180.252.252.57 + user: rcbiwx diff --git a/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/config.yaml new file mode 100644 index 0000000..1c435ba --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/config.yaml @@ -0,0 +1,8 @@ +parser_input: parser_input.yaml +parser_results: parser_results.yaml + +#configuration +index: "./config/hub/.index.json" +configurations: + parsers: + - crowdsecurity/sshd-logs diff --git a/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/parser_input.yaml new file mode 100644 index 0000000..9a5ecc1 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/parser_input.yaml @@ -0,0 +1,21 @@ +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Nov 10 15:01:29 host sshd[8421]: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2' + Src: ./parsers/s01-parse/crowdsecurity/.tests/sshd-logs/auth.log + time: 2020-12-11T13:05:46.765615945+01:00 + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2 + pid: "8421" + priority: "" + program: sshd + timestamp: Nov 10 15:01:29 + timestamp8601: "" + Time: 2020-12-11T13:05:46.765680868+01:00 + StrTime: Nov 10 15:01:29 + Process: true diff --git a/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/parser_results.yaml new file mode 100644 index 0000000..fdd4a1c --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/parser_results.yaml @@ -0,0 +1,92 @@ +provisionalresults: +- s00-raw: {} + s01-parse: + crowdsecurity/sshd-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Nov 10 15:01:29 host sshd[8421]: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2' + Src: ./parsers/s01-parse/crowdsecurity/.tests/sshd-logs/auth.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2 + pid: "8421" + priority: "" + program: sshd + sshd_client_ip: 1.1.1.1 + sshd_invalid_user: test_ftp + sshd_port: "38140" + sshd_protocol: ssh2 + timestamp: Nov 10 15:01:29 + timestamp8601: "" + StrTime: Nov 10 15:01:29 + Meta: + log_type: ssh_failed-auth + service: ssh + source_ip: 1.1.1.1 + target_user: test_ftp + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Nov 10 15:01:29 host sshd[8421]: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2' + Src: ./parsers/s01-parse/crowdsecurity/.tests/sshd-logs/auth.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2 + pid: "8421" + priority: "" + program: sshd + sshd_client_ip: 1.1.1.1 + sshd_invalid_user: test_ftp + sshd_port: "38140" + sshd_protocol: ssh2 + timestamp: Nov 10 15:01:29 + timestamp8601: "" + StrTime: Nov 10 15:01:29 + Meta: + log_type: ssh_failed-auth + service: ssh + source_ip: 1.1.1.1 + target_user: test_ftp +finalresults: +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Nov 10 15:01:29 host sshd[8421]: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2' + Src: ./parsers/s01-parse/crowdsecurity/.tests/sshd-logs/auth.log + time: 0001-01-01T00:00:00Z + Labels: + type: syslog + process: true + Parsed: + facility: "" + logsource: syslog + message: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2 + pid: "8421" + priority: "" + program: sshd + sshd_client_ip: 1.1.1.1 + sshd_invalid_user: test_ftp + sshd_port: "38140" + sshd_protocol: ssh2 + timestamp: Nov 10 15:01:29 + timestamp8601: "" + StrTime: Nov 10 15:01:29 + Process: true + Meta: + log_type: ssh_failed-auth + service: ssh + source_ip: 1.1.1.1 + target_user: test_ftp diff --git a/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/config.yaml new file mode 100644 index 0000000..2438efb --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/config.yaml @@ -0,0 +1,8 @@ +parser_input: parser_input.yaml +parser_results: parser_results.yaml + +#configuration +index: "./config/hub/.index.json" +configurations: + parsers: + - crowdsecurity/tcpdump-logs diff --git a/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/parser_input.yaml new file mode 100644 index 0000000..04e6db4 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/parser_input.yaml @@ -0,0 +1,56 @@ +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log + time: 2020-12-14T12:36:58.747752499+01:00 + Labels: + type: tcpdump + process: true + Parsed: + message: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0' + program: tcpdump + Time: 2020-12-14T12:36:58.747773278+01:00 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log + time: 2020-12-14T12:36:58.747765613+01:00 + Labels: + type: tcpdump + process: true + Parsed: + message: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0' + program: tcpdump + Time: 2020-12-14T12:36:58.748136463+01:00 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log + time: 2020-12-14T12:36:58.748206125+01:00 + Labels: + type: tcpdump + process: true + Parsed: + message: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0' + program: tcpdump + Time: 2020-12-14T12:36:58.748274143+01:00 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log + time: 2020-12-14T12:36:58.748363662+01:00 + Labels: + type: tcpdump + process: true + Parsed: + message: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0' + program: tcpdump + Time: 2020-12-14T12:36:58.748402655+01:00 + Process: true diff --git a/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/parser_results.yaml new file mode 100644 index 0000000..e118804 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/parser_results.yaml @@ -0,0 +1,326 @@ +provisionalresults: +- s00-raw: {} + s01-parse: + crowdsecurity/tcpdump-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log + time: 0001-01-01T00:00:00Z + Labels: + type: tcpdump + process: true + Parsed: + dest_ip: 172.1.2.3 + dest_port: "22" + message: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0' + new_connection: "true" + program: tcpdump + source_ip: 1.2.3.4 + source_port: "43436" + tcpflags: S + timestamp: "11:29:42.550475" + Meta: + dest_ip: 172.1.2.3 + dest_port: "22" + log_type: tcp_syn + service: tcp + source_ip: 1.2.3.4 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log + time: 0001-01-01T00:00:00Z + Labels: + type: tcpdump + process: true + Parsed: + dest_ip: 172.1.2.3 + dest_port: "22" + message: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0' + new_connection: "true" + program: tcpdump + source_ip: 1.2.3.4 + source_port: "43436" + tcpflags: S + timestamp: "11:29:42.550475" + Meta: + dest_ip: 172.1.2.3 + dest_port: "22" + log_type: tcp_syn + service: tcp + source_ip: 1.2.3.4 +- s00-raw: {} + s01-parse: + crowdsecurity/tcpdump-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log + time: 0001-01-01T00:00:00Z + Labels: + type: tcpdump + process: true + Parsed: + dest_ip: 1.2.3.4 + dest_port: "43436" + message: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0' + new_connection: "true" + program: tcpdump + source_ip: 172.1.2.3 + source_port: "22" + tcpflags: S. + timestamp: "11:29:42.550554" + Meta: + dest_ip: 1.2.3.4 + dest_port: "43436" + log_type: tcp_syn + service: tcp + source_ip: 172.1.2.3 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log + time: 0001-01-01T00:00:00Z + Labels: + type: tcpdump + process: true + Parsed: + dest_ip: 1.2.3.4 + dest_port: "43436" + message: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0' + new_connection: "true" + program: tcpdump + source_ip: 172.1.2.3 + source_port: "22" + tcpflags: S. + timestamp: "11:29:42.550554" + Meta: + dest_ip: 1.2.3.4 + dest_port: "43436" + log_type: tcp_syn + service: tcp + source_ip: 172.1.2.3 +- s00-raw: {} + s01-parse: + crowdsecurity/tcpdump-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log + time: 0001-01-01T00:00:00Z + Labels: + type: tcpdump + process: true + Parsed: + dest_ip: 172.1.2.3 + dest_port: "22" + message: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0' + new_connection: "true" + program: tcpdump + source_ip: 4.3.2.1 + source_port: "21803" + tcpflags: S + timestamp: "11:31:20.553633" + Meta: + dest_ip: 172.1.2.3 + dest_port: "22" + log_type: tcp_syn + service: tcp + source_ip: 4.3.2.1 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log + time: 0001-01-01T00:00:00Z + Labels: + type: tcpdump + process: true + Parsed: + dest_ip: 172.1.2.3 + dest_port: "22" + message: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0' + new_connection: "true" + program: tcpdump + source_ip: 4.3.2.1 + source_port: "21803" + tcpflags: S + timestamp: "11:31:20.553633" + Meta: + dest_ip: 172.1.2.3 + dest_port: "22" + log_type: tcp_syn + service: tcp + source_ip: 4.3.2.1 +- s00-raw: {} + s01-parse: + crowdsecurity/tcpdump-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log + time: 0001-01-01T00:00:00Z + Labels: + type: tcpdump + process: true + Parsed: + dest_ip: 4.3.2.1 + dest_port: "21803" + message: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0' + new_connection: "true" + program: tcpdump + source_ip: 172.1.2.3 + source_port: "22" + tcpflags: S. + timestamp: "11:31:20.553713" + Meta: + dest_ip: 4.3.2.1 + dest_port: "21803" + log_type: tcp_syn + service: tcp + source_ip: 172.1.2.3 + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log + time: 0001-01-01T00:00:00Z + Labels: + type: tcpdump + process: true + Parsed: + dest_ip: 4.3.2.1 + dest_port: "21803" + message: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0' + new_connection: "true" + program: tcpdump + source_ip: 172.1.2.3 + source_port: "22" + tcpflags: S. + timestamp: "11:31:20.553713" + Meta: + dest_ip: 4.3.2.1 + dest_port: "21803" + log_type: tcp_syn + service: tcp + source_ip: 172.1.2.3 +finalresults: +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log + time: 0001-01-01T00:00:00Z + Labels: + type: tcpdump + process: true + Parsed: + dest_ip: 172.1.2.3 + dest_port: "22" + message: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0' + new_connection: "true" + program: tcpdump + source_ip: 1.2.3.4 + source_port: "43436" + tcpflags: S + timestamp: "11:29:42.550475" + Process: true + Meta: + dest_ip: 172.1.2.3 + dest_port: "22" + log_type: tcp_syn + service: tcp + source_ip: 1.2.3.4 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log + time: 0001-01-01T00:00:00Z + Labels: + type: tcpdump + process: true + Parsed: + dest_ip: 1.2.3.4 + dest_port: "43436" + message: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0' + new_connection: "true" + program: tcpdump + source_ip: 172.1.2.3 + source_port: "22" + tcpflags: S. + timestamp: "11:29:42.550554" + Process: true + Meta: + dest_ip: 1.2.3.4 + dest_port: "43436" + log_type: tcp_syn + service: tcp + source_ip: 172.1.2.3 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log + time: 0001-01-01T00:00:00Z + Labels: + type: tcpdump + process: true + Parsed: + dest_ip: 172.1.2.3 + dest_port: "22" + message: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0' + new_connection: "true" + program: tcpdump + source_ip: 4.3.2.1 + source_port: "21803" + tcpflags: S + timestamp: "11:31:20.553633" + Process: true + Meta: + dest_ip: 172.1.2.3 + dest_port: "22" + log_type: tcp_syn + service: tcp + source_ip: 4.3.2.1 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0' + Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log + time: 0001-01-01T00:00:00Z + Labels: + type: tcpdump + process: true + Parsed: + dest_ip: 4.3.2.1 + dest_port: "21803" + message: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0' + new_connection: "true" + program: tcpdump + source_ip: 172.1.2.3 + source_port: "22" + tcpflags: S. + timestamp: "11:31:20.553713" + Process: true + Meta: + dest_ip: 4.3.2.1 + dest_port: "21803" + log_type: tcp_syn + service: tcp + source_ip: 172.1.2.3 diff --git a/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/config.yaml b/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/config.yaml new file mode 100644 index 0000000..2e6cf67 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/config.yaml @@ -0,0 +1,9 @@ +parser_input: parser_input.yaml +parser_results: parser_results.yaml + + +#configuration +index: "./config/hub/.index.json" +configurations: + parsers: + - crowdsecurity/vsftpd-logs diff --git a/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/parser_input.yaml b/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/parser_input.yaml new file mode 100644 index 0000000..458f837 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/parser_input.yaml @@ -0,0 +1,42 @@ +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Mon Jun 8 12:08:44 2020 [pid 27245] CONNECT: Client "::ffff:93.24.101.89"' + Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log + time: 2020-12-11T13:08:30.633357386+01:00 + Labels: + type: vsftpd + process: true + Parsed: + message: 'Mon Jun 8 12:08:44 2020 [pid 27245] CONNECT: Client "::ffff:93.24.101.89"' + program: vsftpd + Time: 2020-12-11T13:08:30.633416929+01:00 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"' + Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log + time: 2020-12-11T13:08:30.633484186+01:00 + Labels: + type: vsftpd + process: true + Parsed: + message: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"' + program: vsftpd + Time: 2020-12-11T13:08:30.633866712+01:00 + Process: true +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Mon Jun 8 12:12:43 2020 [pid 27307] [ubuntu] OK LOGIN: Client "::ffff:93.24.101.89"' + Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log + time: 2020-12-11T13:08:30.633938989+01:00 + Labels: + type: vsftpd + process: true + Parsed: + message: 'Mon Jun 8 12:12:43 2020 [pid 27307] [ubuntu] OK LOGIN: Client "::ffff:93.24.101.89"' + program: vsftpd + Time: 2020-12-11T13:08:30.634181739+01:00 + Process: true diff --git a/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/parser_results.yaml b/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/parser_results.yaml new file mode 100644 index 0000000..98891a6 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/parser_results.yaml @@ -0,0 +1,99 @@ +provisionalresults: +- s00-raw: {} + s01-parse: {} +- s00-raw: {} + s01-parse: + vsftpd-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"' + Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log + time: 0001-01-01T00:00:00Z + Labels: + type: vsftpd + process: true + Parsed: + message: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"' + program: vsftpd + source_ip: 93.24.101.89 + timestamp: Mon Jun 8 12:08:53 2020 + user: user + StrTime: Mon Jun 8 12:08:53 2020 + Meta: + log_type: ftp_failed_auth + program: vsftpd + source_ip: 93.24.101.89 + user: user + s02-enrich: + "": + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"' + Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log + time: 0001-01-01T00:00:00Z + Labels: + type: vsftpd + process: true + Parsed: + message: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"' + program: vsftpd + source_ip: 93.24.101.89 + timestamp: Mon Jun 8 12:08:53 2020 + user: user + StrTime: Mon Jun 8 12:08:53 2020 + Meta: + log_type: ftp_failed_auth + program: vsftpd + source_ip: 93.24.101.89 + user: user +- s00-raw: {} + s01-parse: {} +finalresults: +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Mon Jun 8 12:08:44 2020 [pid 27245] CONNECT: Client "::ffff:93.24.101.89"' + Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log + time: 0001-01-01T00:00:00Z + Labels: + type: vsftpd + process: true + Parsed: + message: 'Mon Jun 8 12:08:44 2020 [pid 27245] CONNECT: Client "::ffff:93.24.101.89"' + program: vsftpd +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"' + Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log + time: 0001-01-01T00:00:00Z + Labels: + type: vsftpd + process: true + Parsed: + message: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"' + program: vsftpd + source_ip: 93.24.101.89 + timestamp: Mon Jun 8 12:08:53 2020 + user: user + StrTime: Mon Jun 8 12:08:53 2020 + Process: true + Meta: + log_type: ftp_failed_auth + program: vsftpd + source_ip: 93.24.101.89 + user: user +- ExpectMode: 1 + Stage: s01-parse + Line: + Raw: 'Mon Jun 8 12:12:43 2020 [pid 27307] [ubuntu] OK LOGIN: Client "::ffff:93.24.101.89"' + Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log + time: 0001-01-01T00:00:00Z + Labels: + type: vsftpd + process: true + Parsed: + message: 'Mon Jun 8 12:12:43 2020 [pid 27307] [ubuntu] OK LOGIN: Client "::ffff:93.24.101.89"' + program: vsftpd diff --git a/parsers/s01-parse/crowdsecurity/apache2-logs.md b/parsers/s01-parse/crowdsecurity/apache2-logs.md new file mode 100644 index 0000000..bbd8ae7 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/apache2-logs.md @@ -0,0 +1,3 @@ +This apache2 parser support access and error logs in the HTTPD COMBINED LOG standard format. + +*note : * If you are aggregating logs from several domains, prefix your logline with the target FQDN. HTTP based scenarios should take this into account so that buckets are _per_ source IP per target FQDN, limiting false positives due to logs multiplexing. diff --git a/parsers/s01-parse/crowdsecurity/apache2-logs.yaml b/parsers/s01-parse/crowdsecurity/apache2-logs.yaml new file mode 100644 index 0000000..1a32eb2 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/apache2-logs.yaml @@ -0,0 +1,74 @@ +#Apache access/errors logs +#debug: true +filter: "evt.Parsed.program startsWith 'apache2'" +onsuccess: next_stage +name: crowdsecurity/apache2-logs +description: "Parse Apache2 access and error logs" +#log line can be prefixed by a target_fqdn +nodes: + - grok: + pattern: '(%{IPORHOST:target_fqdn} )?%{COMMONAPACHELOG} %{QS:referrer} %{QS:http_user_agent}' + apply_on: message + # these ones apply for both grok patterns + statics: + - meta: log_type + value: http_access-log + - target: evt.StrTime + expression: evt.Parsed.timestamp + - meta: service + value: http + - meta: source_ip + expression: evt.Parsed.clientip + - meta: http_status + expression: evt.Parsed.response + - meta: http_path + expression: evt.Parsed.request + onsuccess: next_stage + - grok: + pattern: '%{HTTPD_ERRORLOG}' + apply_on: message + onsuccess: next_stage + pattern_syntax: + NOT_DOUBLE_POINT: '[^:]+' + NOT_DOUBLE_QUOTE: '[^"]+' + nodes: + - filter: "evt.Parsed.module == 'auth_basic'" + onsuccess: next_stage + pattern_syntax: + EXTRACT_USER_AND_PATH: 'user %{NOT_DOUBLE_POINT:username}: authentication failure for "%{NOT_DOUBLE_QUOTE:target_uri}": Password Mismatch' + grok: + pattern: '%{EXTRACT_USER_AND_PATH}' + apply_on: message + # these ones apply for both grok patterns + statics: + - meta: username + expression: evt.Parsed.username + - meta: http_path + expression: evt.Parsed.target_uri + - meta: sub_type + value: "auth_fail" + - filter: "evt.Parsed.module == 'authz_core' && evt.Parsed.message contains 'client denied'" + onsuccess: next_stage + pattern_syntax: + EXTRACT_PATH: 'client denied by server configuration: %{GREEDYDATA:target_uri}' + grok: + pattern: '%{EXTRACT_PATH}' + apply_on: message + statics: + - meta: http_path + expression: evt.Parsed.target_uri + - meta: sub_type + value: "permission_denied" + statics: + - meta: log_type + value: http_error-log + - target: evt.StrTime + expression: evt.Parsed.timestamp + - meta: service + value: http + - meta: source_ip + expression: evt.Parsed.client + - meta: http_status + expression: evt.Parsed.response + + \ No newline at end of file diff --git a/parsers/s01-parse/crowdsecurity/cowrie-logs.yaml b/parsers/s01-parse/crowdsecurity/cowrie-logs.yaml new file mode 100644 index 0000000..bc4a7ba --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/cowrie-logs.yaml @@ -0,0 +1,20 @@ +onsuccess: next_stage +name: cowrie-logs +description: "Parse cowrie honeypots logs" +filter: "evt.Parsed.program == 'cowrie'" +grok: + name: "COWRIE_NEW_CO" + apply_on: message +statics: + - meta: service + value: telnet + - meta: log_type + value: telnet_new_session + - meta: source_ip + expression: "evt.Parsed.source_ip" + - meta: dest_ip + expression: "evt.Parsed.dest_ip" + - meta: dest_port + expression: "evt.Parsed.dest_port" + - parsed: "telnet_session" + expression: "evt.Parsed.telnet_session" \ No newline at end of file diff --git a/parsers/s01-parse/crowdsecurity/dovecot-logs.yaml b/parsers/s01-parse/crowdsecurity/dovecot-logs.yaml new file mode 100644 index 0000000..333d73e --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/dovecot-logs.yaml @@ -0,0 +1,14 @@ +#contribution by @ltsich +onsuccess: next_stage +debug: false +filter: "evt.Parsed.program == 'dovecot'" +name: crowdsecurity/dovecot-logs +description: "Parse dovecot logs" +grok: + pattern: "%{WORD:protocol}-login: %{DATA:dovecot_login_result}: user=<%{DATA:dovecot_user}>.*, rip=%{IP:dovecot_remote_ip}, lip=%{IP:dovecot_local_ip}" + apply_on: message +statics: + - meta: log_type + value: dovecot_logs + - meta: source_ip + expression: "evt.Parsed.dovecot_remote_ip" diff --git a/parsers/s01-parse/crowdsecurity/iptables-logs.md b/parsers/s01-parse/crowdsecurity/iptables-logs.md new file mode 100644 index 0000000..4683bdc --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/iptables-logs.md @@ -0,0 +1,6 @@ +A parser for iptables `-j LOG` logs. + +All logged packets are considered as DROPs. + +To make this parser relevant, you should have a `iptables -A INPUT -m state --state NEW -j LOG` or similar into your configuration. This one will log all new connections, successful or not. + diff --git a/parsers/s01-parse/crowdsecurity/iptables-logs.yaml b/parsers/s01-parse/crowdsecurity/iptables-logs.yaml new file mode 100644 index 0000000..4cc74f2 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/iptables-logs.yaml @@ -0,0 +1,16 @@ +onsuccess: next_stage +#debug: true +filter: "evt.Parsed.program == 'kernel'" +name: crowdsecurity/iptables-logs +description: "Parse iptables drop logs" +grok: + pattern: \[%{DATA}\]+.*(%{WORD:action})? IN=%{WORD:int_eth} OUT= MAC=%{IP}:%{MAC} SRC=%{IP:src_ip} DST=%{IP:dst_ip} LEN=%{INT:length}.*PROTO=%{WORD:proto} SPT=%{INT:src_port} DPT=%{INT:dst_port}.* + apply_on: message +statics: + - meta: service + value: tcp + - meta: log_type + value: iptables_drop + - meta: source_ip + expression: "evt.Parsed.src_ip" + \ No newline at end of file diff --git a/parsers/s01-parse/crowdsecurity/modsecurity.md b/parsers/s01-parse/crowdsecurity/modsecurity.md new file mode 100644 index 0000000..6fa2944 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/modsecurity.md @@ -0,0 +1,3 @@ +This modsecurity parser support modsecurity logs from apache2 error log. + +(Not tested with Nginx yet). \ No newline at end of file diff --git a/parsers/s01-parse/crowdsecurity/modsecurity.yaml b/parsers/s01-parse/crowdsecurity/modsecurity.yaml new file mode 100644 index 0000000..01f0f2e --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/modsecurity.yaml @@ -0,0 +1,13 @@ +onsuccess: next_stage +filter: evt.Parsed.program == 'modsecurity' +name: crowdsecurity/modsecurity +#debug: true +description: A parser for modsecurity WAF +grok: + name: MODSECAPACHEERROR + apply_on: message +statics: + - meta: log_type + value: modsecurity + - meta: source_ip + expression: evt.Parsed.sourcehost diff --git a/parsers/s01-parse/crowdsecurity/mysql-logs.md b/parsers/s01-parse/crowdsecurity/mysql-logs.md new file mode 100644 index 0000000..6304844 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/mysql-logs.md @@ -0,0 +1 @@ +Mysql authentication fail parser. diff --git a/parsers/s01-parse/crowdsecurity/mysql-logs.yaml b/parsers/s01-parse/crowdsecurity/mysql-logs.yaml new file mode 100644 index 0000000..69a755f --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/mysql-logs.yaml @@ -0,0 +1,14 @@ +onsuccess: next_stage +name: crowdsecurity/mysql-logs +description: "Parse MySQL logs" +filter: "evt.Parsed.program == 'mysql'" +grok: + name: "MYSQL_AUTH_FAIL" + apply_on: message +statics: + - meta: log_type + value: mysql_failed_auth + - meta: source_ip + expression: "evt.Parsed.source_ip" + - meta: user + expression: "evt.Parsed.user" \ No newline at end of file diff --git a/parsers/s01-parse/crowdsecurity/nginx-logs.md b/parsers/s01-parse/crowdsecurity/nginx-logs.md new file mode 100644 index 0000000..da43bbb --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/nginx-logs.md @@ -0,0 +1,5 @@ +A generic parser for nginx, support both access and error logs. + + +*note : * If you are aggregating logs from several domains, prefix your logline with the target FQDN. HTTP based scenarios should take this into account so that buckets are _per_ source IP per target FQDN, limiting false positives due to logs multiplexing. + diff --git a/parsers/s01-parse/crowdsecurity/nginx-logs.yaml b/parsers/s01-parse/crowdsecurity/nginx-logs.yaml new file mode 100644 index 0000000..5eea4c6 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/nginx-logs.yaml @@ -0,0 +1,33 @@ +filter: "evt.Parsed.program startsWith 'nginx'" +onsuccess: next_stage +#debug: true +name: crowdsecurity/nginx-logs +description: "Parse nginx access and error logs" +nodes: + - grok: + pattern: '(%{IPORHOST:target_fqdn} )?%{IPORHOST:remote_addr} - %{NGUSER:remote_user} \[%{HTTPDATE:time_local}\] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:http_version}" %{NUMBER:status} %{NUMBER:body_bytes_sent} "%{NOTDQUOTE:http_referer}" "%{NOTDQUOTE:http_user_agent}"' + apply_on: message + statics: + - meta: log_type + value: http_access-log + - target: evt.StrTime + expression: evt.Parsed.time_local + - grok: + # and this one the error log + pattern: '(%{IPORHOST:target_fqdn} )?%{NGINXERRTIME:time} \[%{LOGLEVEL:loglevel}\] %{NONNEGINT:pid}#%{NONNEGINT:tid}: (\*%{NONNEGINT:cid} )?%{GREEDYDATA:message}' + apply_on: message + statics: + - meta: log_type + value: http_error-log + - target: evt.StrTime + expression: evt.Parsed.time +# these ones apply for both grok patterns +statics: + - meta: service + value: http + - meta: source_ip + expression: "evt.Parsed.remote_addr" + - meta: http_status + expression: "evt.Parsed.status" + - meta: http_path + expression: "evt.Parsed.request" \ No newline at end of file diff --git a/parsers/s01-parse/crowdsecurity/postfix-logs.yaml b/parsers/s01-parse/crowdsecurity/postfix-logs.yaml new file mode 100644 index 0000000..0580a3d --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/postfix-logs.yaml @@ -0,0 +1,61 @@ +# Copyright (c) 2014, 2015, Rudy Gevaert +# Copyright (c) 2020 Crowdsec + +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: + +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +# Some of the groks used here are from https://github.com/rgevaert/grok-patterns/blob/master/grok.d/postfix_patterns +onsuccess: next_stage +filter: "evt.Parsed.program == 'postfix/smtpd'" +name: crowdsecurity/postfix-logs +pattern_syntax: + POSTFIX_HOSTNAME: '(%{HOSTNAME}|unknown)' + POSTFIX_COMMAND: '(AUTH|STARTTLS|CONNECT|EHLO|HELO|RCPT)' + POSTFIX_ACTION: 'discard|dunno|filter|hold|ignore|info|prepend|redirect|replace|reject|warn' + RELAY: '(?:%{HOSTNAME:remote_host}(?:\[%{IP:remote_addr}\](?::[0-9]+(.[0-9]+)?)?)?)' +description: "Parse postfix logs" +nodes: + - grok: + apply_on: message + pattern: 'lost connection after %{DATA:smtp_response} from %{RELAY}' + statics: + - meta: log_type_enh + value: spam-attempt + - grok: + apply_on: message + pattern: 'warning: %{POSTFIX_HOSTNAME:remote_host}\[%{IP:remote_addr}\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed:%{GREEDYDATA:message_failure}' + statics: + - meta: log_type_enh + value: spam-attempt + - grok: + apply_on: message + pattern: 'NOQUEUE: %{POSTFIX_ACTION:action}: %{DATA:command} from %{RELAY}: %{GREEDYDATA:reason}' + statics: + - meta: action + expression: "evt.Parsed.action" +statics: + - meta: service + value: postfix + - meta: source_ip + expression: "evt.Parsed.remote_addr" + - meta: source_hostname + expression: "evt.Parsed.remote_host" + - meta: log_type + value: postfix + diff --git a/parsers/s01-parse/crowdsecurity/postscreen-logs.yaml b/parsers/s01-parse/crowdsecurity/postscreen-logs.yaml new file mode 100644 index 0000000..83e0404 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/postscreen-logs.yaml @@ -0,0 +1,20 @@ +onsuccess: next_stage +filter: "evt.Parsed.program == 'postfix/postscreen'" +name: crowdsecurity/postscreen-logs +pattern_syntax: + POSTSCREEN_PREGREET: 'PREGREET' + POSTSCREEN_PREGREET_TIME_ATTEMPT: '\d+.\d+' +description: "Parse postscreen logs" +nodes: + - grok: + apply_on: message + pattern: '%{POSTSCREEN_PREGREET:pregreet} %{INT:count} after %{POSTSCREEN_PREGREET_TIME_ATTEMPT:time_attempt} from \[%{IP:remote_addr}\]:%{INT:port}: %{GREEDYDATA:message_attempt}' +statics: + - meta: service + value: postscreen + - meta: source_ip + expression: "evt.Parsed.remote_addr" + - meta: pregreet + expression: "evt.Parsed.pregreet" + + diff --git a/parsers/s01-parse/crowdsecurity/smb-logs.yaml b/parsers/s01-parse/crowdsecurity/smb-logs.yaml new file mode 100644 index 0000000..98b4a8e --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/smb-logs.yaml @@ -0,0 +1,14 @@ +onsuccess: next_stage +name: crowdsecurity/smb-logs +filter: evt.Parsed.program == 'smb' +description: "Parse SMB logs" +grok: + name: "SMB_AUTH_FAIL" + apply_on: message +statics: + - meta: log_type + value: smb_failed_auth + - meta: source_ip + expression: "evt.Parsed.ip_source" + - meta: user + expression: "evt.Parsed.user" \ No newline at end of file diff --git a/parsers/s01-parse/crowdsecurity/sshd-logs.md b/parsers/s01-parse/crowdsecurity/sshd-logs.md new file mode 100644 index 0000000..26ebfcf --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/sshd-logs.md @@ -0,0 +1,2 @@ +Your one fits-all ssh parser with support for the most common kind of failed authentications and errors. + diff --git a/parsers/s01-parse/crowdsecurity/sshd-logs.yaml b/parsers/s01-parse/crowdsecurity/sshd-logs.yaml new file mode 100644 index 0000000..0064a9d --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/sshd-logs.yaml @@ -0,0 +1,36 @@ +onsuccess: next_stage +filter: "evt.Parsed.program == 'sshd'" +name: crowdsecurity/sshd-logs +description: "Parse openSSH logs" +nodes: + - grok: + name: "SSHD_FAIL" + apply_on: message + statics: + - meta: target_user + expression: "evt.Parsed.sshd_invalid_user" + - grok: + name: "SSHD_DISC_PREAUTH" + apply_on: message + - grok: + name: "SSHD_BAD_VERSION" + apply_on: message + - grok: + name: "SSHD_INVAL_USER" + apply_on: message + statics: + - meta: target_user + expression: "evt.Parsed.sshd_invalid_user" + - grok: + name: "SSHD_USER_FAIL" + apply_on: message + statics: + - meta: target_user + expression: "evt.Parsed.sshd_invalid_user" +statics: + - meta: service + value: ssh + - meta: log_type + value: ssh_failed-auth + - meta: source_ip + expression: "evt.Parsed.sshd_client_ip" \ No newline at end of file diff --git a/parsers/s01-parse/crowdsecurity/tcpdump-logs.md b/parsers/s01-parse/crowdsecurity/tcpdump-logs.md new file mode 100644 index 0000000..56dd6d1 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/tcpdump-logs.md @@ -0,0 +1,25 @@ +A parser for tcpdump logs. + +To make this parser relevant, you should have add tcpdump command that log tcp scan : + +An example: +```bash +cat < /etc/systemd/system/tcpdump.service +[Unit] +Description=TCPDUMP + +[Service] +Type=simple +User=root +ExecStart=/bin/sh -c 'tcpdump -l -n -i eth0 "tcp[tcpflags] & (tcp-syn) != 0" >> /var/log/tcpdump.out' +Restart=on-failure + +[Install] +WantedBy=multi-user.target +EOF + +systemctl daemon-reload +systemctl enable tcpdump.service +service tcpdump start +``` + diff --git a/parsers/s01-parse/crowdsecurity/tcpdump-logs.yaml b/parsers/s01-parse/crowdsecurity/tcpdump-logs.yaml new file mode 100644 index 0000000..bbd6528 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/tcpdump-logs.yaml @@ -0,0 +1,21 @@ +onsuccess: next_stage +filter: "evt.Parsed.program == 'tcpdump'" +name: crowdsecurity/tcpdump-logs +#debug: true +description: "Parse tcpdump raw logs" +grok: + name: "TCPDUMP_OUTPUT" + apply_on: message +statics: + - meta: service + value: tcp + - meta: log_type + value: tcp_syn + - meta: source_ip + expression: "evt.Parsed.source_ip" + - meta: dest_ip + expression: "evt.Parsed.dest_ip" + - meta: dest_port + expression: "evt.Parsed.dest_port" + - parsed: "new_connection" + expression: "evt.Parsed.tcpflags contains 'S' ? 'true' : 'false'" \ No newline at end of file diff --git a/parsers/s01-parse/crowdsecurity/vsftpd-logs.md b/parsers/s01-parse/crowdsecurity/vsftpd-logs.md new file mode 100644 index 0000000..ed28593 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/vsftpd-logs.md @@ -0,0 +1 @@ +FTP ([vsftpd](https://en.wikipedia.org/wiki/Vsftpd)) authentication fail parser. \ No newline at end of file diff --git a/parsers/s01-parse/crowdsecurity/vsftpd-logs.yaml b/parsers/s01-parse/crowdsecurity/vsftpd-logs.yaml new file mode 100644 index 0000000..0f43188 --- /dev/null +++ b/parsers/s01-parse/crowdsecurity/vsftpd-logs.yaml @@ -0,0 +1,21 @@ +onsuccess: next_stage +name: vsftpd-logs +description: "Parse VSFTPD logs" +filter: "evt.Parsed.program == 'vsftpd'" +#debug: true +pattern_syntax: + FTP_AUTH_FAIL: '%{HTTPDERROR_DATE:timestamp} \[pid %{NUMBER}\] \[%{GREEDYDATA:user}\] FAIL LOGIN: Client "(::ffff:)?%{IP:source_ip}"' +grok: + pattern: "%{FTP_AUTH_FAIL}" + apply_on: message +statics: + - meta: program + value: vsftpd + - meta: log_type + value: ftp_failed_auth + - meta: source_ip + expression: "evt.Parsed.source_ip" + - meta: user + expression: "evt.Parsed.user" + - target: evt.StrTime + expression: evt.Parsed.timestamp \ No newline at end of file diff --git a/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/config.yaml b/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/config.yaml new file mode 100644 index 0000000..9e6999e --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/config.yaml @@ -0,0 +1,12 @@ +parser_input: parser_input.yaml +parser_results: parser_results.yaml + +marshaled_time_year: 2020 + +#configuration +index: "./config/hub/.index.json" +configurations: + parsers: + - crowdsecurity/dateparse-enrich + + diff --git a/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/parser_input.yaml b/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/parser_input.yaml new file mode 100644 index 0000000..329dcd3 --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/parser_input.yaml @@ -0,0 +1,5 @@ +#these are the events we input into parser +- StrTime: "08/Jun/2020:06:49:01 +0000" +- StrTime: "Jun 7 11:17:17" +- StrTime: "Mon Jun 8 12:08:53 2020" +- StrTime: "2020-04-16T05:13:40.861934Z" \ No newline at end of file diff --git a/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/parser_results.yaml b/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/parser_results.yaml new file mode 100644 index 0000000..82f73c1 --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/parser_results.yaml @@ -0,0 +1,86 @@ +provisionalresults: +- s00-raw: + "": + Stage: s01-parse + StrTime: 08/Jun/2020:06:49:01 +0000 + s01-parse: + "": + Stage: s02-enrich + StrTime: 08/Jun/2020:06:49:01 +0000 + s02-enrich: + crowdsecurity/dateparse-enrich: + Stage: s02-enrich + Enriched: + MarshaledTime: "2020-06-08T06:49:01Z" + StrTime: 08/Jun/2020:06:49:01 +0000 + MarshaledTime: "2020-06-08T06:49:01Z" +- s00-raw: + "": + Stage: s01-parse + StrTime: Jun 7 11:17:17 + s01-parse: + "": + Stage: s02-enrich + StrTime: Jun 7 11:17:17 + s02-enrich: + crowdsecurity/dateparse-enrich: + Stage: s02-enrich + Enriched: + MarshaledTime: "2020-06-07T11:17:17Z" + StrTime: Jun 7 11:17:17 + MarshaledTime: "2020-06-07T11:17:17Z" +- s00-raw: + "": + Stage: s01-parse + StrTime: Mon Jun 8 12:08:53 2020 + s01-parse: + "": + Stage: s02-enrich + StrTime: Mon Jun 8 12:08:53 2020 + s02-enrich: + crowdsecurity/dateparse-enrich: + Stage: s02-enrich + Enriched: + MarshaledTime: "2020-06-08T12:08:53Z" + StrTime: Mon Jun 8 12:08:53 2020 + MarshaledTime: "2020-06-08T12:08:53Z" +- s00-raw: + "": + Stage: s01-parse + StrTime: "2020-04-16T05:13:40.861934Z" + s01-parse: + "": + Stage: s02-enrich + StrTime: "2020-04-16T05:13:40.861934Z" + s02-enrich: + crowdsecurity/dateparse-enrich: + Stage: s02-enrich + Enriched: + MarshaledTime: "2020-04-16T05:13:40.861934Z" + StrTime: "2020-04-16T05:13:40.861934Z" + MarshaledTime: "2020-04-16T05:13:40.861934Z" +finalresults: +- Stage: s02-enrich + Enriched: + MarshaledTime: "2020-06-08T06:49:01Z" + StrTime: 08/Jun/2020:06:49:01 +0000 + MarshaledTime: "2020-06-08T06:49:01Z" + Process: true +- Stage: s02-enrich + Enriched: + MarshaledTime: "2020-06-07T11:17:17Z" + StrTime: Jun 7 11:17:17 + MarshaledTime: "2020-06-07T11:17:17Z" + Process: true +- Stage: s02-enrich + Enriched: + MarshaledTime: "2020-06-08T12:08:53Z" + StrTime: Mon Jun 8 12:08:53 2020 + MarshaledTime: "2020-06-08T12:08:53Z" + Process: true +- Stage: s02-enrich + Enriched: + MarshaledTime: "2020-04-16T05:13:40.861934Z" + StrTime: "2020-04-16T05:13:40.861934Z" + MarshaledTime: "2020-04-16T05:13:40.861934Z" + Process: true diff --git a/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/config.yaml b/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/config.yaml new file mode 100644 index 0000000..f01a82a --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/config.yaml @@ -0,0 +1,8 @@ +parser_input: parser_input.yaml +parser_results: parser_results.yaml + +#configuration +index: "./config/hub/.index.json" +configurations: + parsers: + - crowdsecurity/geoip-enrich diff --git a/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/parser_input.yaml b/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/parser_input.yaml new file mode 100644 index 0000000..c1aa9d5 --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/parser_input.yaml @@ -0,0 +1,5 @@ +#these are the events we input into parser +- Meta: + source_ip: 8.8.8.8 +- Meta: + source_ip: 192.168.0.1 diff --git a/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/parser_results.yaml b/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/parser_results.yaml new file mode 100644 index 0000000..0b5fcb6 --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/parser_results.yaml @@ -0,0 +1,84 @@ +provisionalresults: +- s00-raw: + "": + Stage: s01-parse + Meta: + source_ip: 8.8.8.8 + s01-parse: + "": + Stage: s02-enrich + Meta: + source_ip: 8.8.8.8 + s02-enrich: + crowdsecurity/geoip-enrich: + Stage: s02-enrich + Enriched: + ASNNumber: "15169" + ASNOrg: Google LLC + IsInEU: "false" + IsoCode: US + Latitude: "37.751000" + Longitude: "-97.822000" + SourceRange: 8.8.8.0/24 + Meta: + ASNNumber: "15169" + ASNOrg: Google LLC + IsInEU: "false" + IsoCode: US + SourceRange: 8.8.8.0/24 + source_ip: 8.8.8.8 +- s00-raw: + "": + Stage: s01-parse + Meta: + source_ip: 192.168.0.1 + s01-parse: + "": + Stage: s02-enrich + Meta: + source_ip: 192.168.0.1 + s02-enrich: + crowdsecurity/geoip-enrich: + Stage: s02-enrich + Enriched: + ASNNumber: "0" + ASNOrg: "" + IsInEU: "false" + IsoCode: "" + Latitude: "0.000000" + Longitude: "0.000000" + Meta: + ASNNumber: "0" + IsInEU: "false" + source_ip: 192.168.0.1 +finalresults: +- Stage: s02-enrich + Enriched: + ASNNumber: "15169" + ASNOrg: Google LLC + IsInEU: "false" + IsoCode: US + Latitude: "37.751000" + Longitude: "-97.822000" + SourceRange: 8.8.8.0/24 + Process: true + Meta: + ASNNumber: "15169" + ASNOrg: Google LLC + IsInEU: "false" + IsoCode: US + SourceRange: 8.8.8.0/24 + source_ip: 8.8.8.8 +- Stage: s02-enrich + Enriched: + ASNNumber: "0" + ASNOrg: "" + IsInEU: "false" + IsoCode: "" + Latitude: "0.000000" + Longitude: "0.000000" + Process: true + Meta: + ASNNumber: "0" + IsInEU: "false" + source_ip: 192.168.0.1 diff --git a/parsers/s02-enrich/crowdsecurity/.tests/http-logs/config.yaml b/parsers/s02-enrich/crowdsecurity/.tests/http-logs/config.yaml new file mode 100644 index 0000000..d46a5f9 --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/.tests/http-logs/config.yaml @@ -0,0 +1,8 @@ +parser_input: parser_input.yaml +parser_results: parser_results.yaml + +#configuration +index: "./config/hub/.index.json" +configurations: + parsers: + - crowdsecurity/http-logs diff --git a/parsers/s02-enrich/crowdsecurity/.tests/http-logs/parser_input.yaml b/parsers/s02-enrich/crowdsecurity/.tests/http-logs/parser_input.yaml new file mode 100644 index 0000000..9abca52 --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/.tests/http-logs/parser_input.yaml @@ -0,0 +1,166 @@ +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 2020-12-01T23:19:00.262113291+01:00 + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "522" + http_referer: '-' + http_user_agent: Go-http-client/1.1 + http_version: "1.1" + message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" + method: GET + program: nginx + remote_addr: 5.5.8.5 + remote_user: '-' + request: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo + status: "404" + target_fqdn: "" + time_local: 04/Jan/2020:07:25:02 +0000 + Time: 2020-12-01T23:19:00.262129175+01:00 + StrTime: 04/Jan/2020:07:25:02 +0000 + Process: true + Meta: + http_path: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo + http_status: "404" + log_type: http_access-log + service: http + source_ip: 5.5.8.5 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 2020-12-01T23:19:00.263881872+01:00 + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "550" + http_referer: '-' + http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) + http_version: "1.1" + message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + method: GET + program: nginx + remote_addr: 52.59.61.4 + remote_user: '-' + request: /index.php/nous-contacter/ + status: "500" + target_fqdn: "" + time_local: 04/Jan/2020:08:41:43 +0000 + Time: 2020-12-01T23:19:00.264385615+01:00 + StrTime: 04/Jan/2020:08:41:43 +0000 + Process: true + Meta: + http_path: /index.php/nous-contacter/ + http_status: "500" + log_type: http_access-log + service: http + source_ip: 52.59.61.4 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 2020-12-01T23:18:58.885136572+01:00 + Labels: + type: apache2 + process: true + Parsed: + agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' + auth: '-' + bytes: "803" + clientip: 195.54.160.135 + httpversion: "1.1" + ident: '-' + message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: /solr/admin/info/system?wt=json + response: "500" + target_fqdn: "" + timestamp: 08/Jun/2020:08:04:43 +0000 + verb: GET + Time: 2020-12-01T23:18:58.885943039+01:00 + StrTime: 08/Jun/2020:08:04:43 +0000 + Process: true + Meta: + http_path: /solr/admin/info/system?wt=json + http_status: "500" + log_type: http_access-log + service: http + source_ip: 195.54.160.135 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 2020-12-01T23:18:58.886407549+01:00 + Labels: + type: apache2 + process: true + Parsed: + agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' + auth: '-' + bytes: "803" + clientip: 1.2.3.4 + httpversion: "1.1" + ident: '-' + message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: /solr/admin/info/system?wt=json + response: "500" + target_fqdn: www.crowdsec.net + timestamp: 08/Jun/2020:08:04:43 +0000 + verb: GET + Time: 2020-12-01T23:18:58.8875633+01:00 + StrTime: 08/Jun/2020:08:04:43 +0000 + Process: true + Meta: + http_path: /solr/admin/info/system?wt=json + http_status: "500" + log_type: http_access-log + service: http + source_ip: 1.2.3.4 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 2020-12-01T23:18:58.886407549+01:00 + Labels: + type: apache2 + process: true + Parsed: + agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' + auth: '-' + bytes: "803" + clientip: 1.2.3.5 + httpversion: "1.1" + ident: '-' + message: www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: /test/uppercase/extensions.JPG + response: "500" + target_fqdn: www.crowdsec11.net + timestamp: 08/Jun/2020:08:04:43 +0000 + verb: GET + Time: 2020-12-01T23:18:58.8875633+01:00 + StrTime: 08/Jun/2020:08:04:43 +0000 + Process: true + Meta: + http_path: /test/uppercase/extensions.JPG + http_status: "500" + log_type: http_access-log + service: http + source_ip: 1.2.3.5 diff --git a/parsers/s02-enrich/crowdsecurity/.tests/http-logs/parser_results.yaml b/parsers/s02-enrich/crowdsecurity/.tests/http-logs/parser_results.yaml new file mode 100644 index 0000000..4f018d0 --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/.tests/http-logs/parser_results.yaml @@ -0,0 +1,413 @@ +provisionalresults: +- s00-raw: {} + s01-parse: {} + s02-enrich: + crowdsecurity/http-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 0001-01-01T00:00:00Z + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "522" + file_dir: /.well-known/acme-challenge/ + file_ext: "" + file_frag: FMuukC2JOJ5HKmLBujjE_BkDo + file_name: FMuukC2JOJ5HKmLBujjE_BkDo + http_referer: '-' + http_user_agent: Go-http-client/1.1 + http_version: "1.1" + impact_completion: "false" + message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" + method: GET + program: nginx + remote_addr: 5.5.8.5 + remote_user: '-' + request: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo + static_ressource: "false" + status: "404" + target_fqdn: "" + time_local: 04/Jan/2020:07:25:02 +0000 + StrTime: 04/Jan/2020:07:25:02 +0000 + Meta: + http_args_len: "0" + http_path: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo + http_status: "404" + log_type: http_access-log + service: http + source_ip: 5.5.8.5 +- s00-raw: {} + s01-parse: {} + s02-enrich: + crowdsecurity/http-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 0001-01-01T00:00:00Z + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "550" + file_dir: /index.php/ + file_ext: "" + file_frag: nous-contacter/ + file_name: nous-contacter/ + http_referer: '-' + http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) + http_version: "1.1" + impact_completion: "true" + message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + method: GET + program: nginx + remote_addr: 52.59.61.4 + remote_user: '-' + request: /index.php/nous-contacter/ + static_ressource: "false" + status: "500" + target_fqdn: "" + time_local: 04/Jan/2020:08:41:43 +0000 + StrTime: 04/Jan/2020:08:41:43 +0000 + Meta: + http_args_len: "0" + http_path: /index.php/nous-contacter/ + http_status: "500" + log_type: http_access-log + service: http + source_ip: 52.59.61.4 +- s00-raw: {} + s01-parse: {} + s02-enrich: + crowdsecurity/http-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' + auth: '-' + bytes: "803" + clientip: 195.54.160.135 + file_dir: /solr/admin/info/ + file_ext: "" + file_frag: system + file_name: system + http_args: wt=json + httpversion: "1.1" + ident: '-' + impact_completion: "true" + message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: /solr/admin/info/system + response: "500" + static_ressource: "false" + target_fqdn: "" + timestamp: 08/Jun/2020:08:04:43 +0000 + verb: GET + StrTime: 08/Jun/2020:08:04:43 +0000 + Meta: + http_args_len: "7" + http_path: /solr/admin/info/system?wt=json + http_status: "500" + log_type: http_access-log + service: http + source_ip: 195.54.160.135 +- s00-raw: {} + s01-parse: {} + s02-enrich: + crowdsecurity/http-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' + auth: '-' + bytes: "803" + clientip: 1.2.3.4 + file_dir: /solr/admin/info/ + file_ext: "" + file_frag: system + file_name: system + http_args: wt=json + httpversion: "1.1" + ident: '-' + impact_completion: "true" + message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: /solr/admin/info/system + response: "500" + static_ressource: "false" + target_fqdn: www.crowdsec.net + timestamp: 08/Jun/2020:08:04:43 +0000 + verb: GET + StrTime: 08/Jun/2020:08:04:43 +0000 + Meta: + http_args_len: "7" + http_path: /solr/admin/info/system?wt=json + http_status: "500" + log_type: http_access-log + service: http + source_ip: 1.2.3.4 +- s00-raw: {} + s01-parse: {} + s02-enrich: + crowdsecurity/http-logs: + ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' + auth: '-' + bytes: "803" + clientip: 1.2.3.5 + file_dir: /test/uppercase/ + file_ext: .JPG + file_frag: extensions + file_name: extensions.JPG + httpversion: "1.1" + ident: '-' + impact_completion: "true" + message: www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: /test/uppercase/extensions.JPG + response: "500" + static_ressource: "true" + target_fqdn: www.crowdsec11.net + timestamp: 08/Jun/2020:08:04:43 +0000 + verb: GET + StrTime: 08/Jun/2020:08:04:43 +0000 + Meta: + http_args_len: "0" + http_path: /test/uppercase/extensions.JPG + http_status: "500" + log_type: http_access-log + service: http + source_ip: 1.2.3.5 +finalresults: +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 0001-01-01T00:00:00Z + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "522" + file_dir: /.well-known/acme-challenge/ + file_ext: "" + file_frag: FMuukC2JOJ5HKmLBujjE_BkDo + file_name: FMuukC2JOJ5HKmLBujjE_BkDo + http_referer: '-' + http_user_agent: Go-http-client/1.1 + http_version: "1.1" + impact_completion: "false" + message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" + method: GET + program: nginx + remote_addr: 5.5.8.5 + remote_user: '-' + request: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo + static_ressource: "false" + status: "404" + target_fqdn: "" + time_local: 04/Jan/2020:07:25:02 +0000 + StrTime: 04/Jan/2020:07:25:02 +0000 + Process: true + Meta: + http_args_len: "0" + http_path: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo + http_status: "404" + log_type: http_access-log + service: http + source_ip: 5.5.8.5 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log + time: 0001-01-01T00:00:00Z + Labels: + type: nginx + process: true + Parsed: + body_bytes_sent: "550" + file_dir: /index.php/ + file_ext: "" + file_frag: nous-contacter/ + file_name: nous-contacter/ + http_referer: '-' + http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) + http_version: "1.1" + impact_completion: "true" + message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + method: GET + program: nginx + remote_addr: 52.59.61.4 + remote_user: '-' + request: /index.php/nous-contacter/ + static_ressource: "false" + status: "500" + target_fqdn: "" + time_local: 04/Jan/2020:08:41:43 +0000 + StrTime: 04/Jan/2020:08:41:43 +0000 + Process: true + Meta: + http_args_len: "0" + http_path: /index.php/nous-contacter/ + http_status: "500" + log_type: http_access-log + service: http + source_ip: 52.59.61.4 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' + auth: '-' + bytes: "803" + clientip: 195.54.160.135 + file_dir: /solr/admin/info/ + file_ext: "" + file_frag: system + file_name: system + http_args: wt=json + httpversion: "1.1" + ident: '-' + impact_completion: "true" + message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: /solr/admin/info/system + response: "500" + static_ressource: "false" + target_fqdn: "" + timestamp: 08/Jun/2020:08:04:43 +0000 + verb: GET + StrTime: 08/Jun/2020:08:04:43 +0000 + Process: true + Meta: + http_args_len: "7" + http_path: /solr/admin/info/system?wt=json + http_status: "500" + log_type: http_access-log + service: http + source_ip: 195.54.160.135 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' + auth: '-' + bytes: "803" + clientip: 1.2.3.4 + file_dir: /solr/admin/info/ + file_ext: "" + file_frag: system + file_name: system + http_args: wt=json + httpversion: "1.1" + ident: '-' + impact_completion: "true" + message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: /solr/admin/info/system + response: "500" + static_ressource: "false" + target_fqdn: www.crowdsec.net + timestamp: 08/Jun/2020:08:04:43 +0000 + verb: GET + StrTime: 08/Jun/2020:08:04:43 +0000 + Process: true + Meta: + http_args_len: "7" + http_path: /solr/admin/info/system?wt=json + http_status: "500" + log_type: http_access-log + service: http + source_ip: 1.2.3.4 +- ExpectMode: 1 + Stage: s02-enrich + Line: + Raw: www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log + time: 0001-01-01T00:00:00Z + Labels: + type: apache2 + process: true + Parsed: + agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' + auth: '-' + bytes: "803" + clientip: 1.2.3.5 + file_dir: /test/uppercase/ + file_ext: .JPG + file_frag: extensions + file_name: extensions.JPG + httpversion: "1.1" + ident: '-' + impact_completion: "true" + message: www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" + program: apache2 + rawrequest: "" + referrer: '"-"' + request: /test/uppercase/extensions.JPG + response: "500" + static_ressource: "true" + target_fqdn: www.crowdsec11.net + timestamp: 08/Jun/2020:08:04:43 +0000 + verb: GET + StrTime: 08/Jun/2020:08:04:43 +0000 + Process: true + Meta: + http_args_len: "0" + http_path: /test/uppercase/extensions.JPG + http_status: "500" + log_type: http_access-log + service: http + source_ip: 1.2.3.5 diff --git a/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/config.yaml b/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/config.yaml new file mode 100644 index 0000000..66ea60b --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/config.yaml @@ -0,0 +1,8 @@ +parser_input: parser_input.yaml +parser_results: parser_results.yaml + +#configuration +index: "./config/hub/.index.json" +configurations: + parsers: + - crowdsecurity/naxsi-logs diff --git a/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/parser_input.yaml b/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/parser_input.yaml new file mode 100644 index 0000000..12bc3c2 --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/parser_input.yaml @@ -0,0 +1,10 @@ +- ExpectMode: 1 + Stage: s02-enrich + Parsed: + program: nginx + message: "NAXSI_EXLOG: ip=127.0.0.1&server=127.0.0.1&uri=/&id=1302&zone=ARGS&var_name=a&content=a<>bcd" + Time: 2020-12-01T23:19:00.262129175+01:00 + StrTime: 04/Jan/2020:07:25:02 +0000 + Process: true + Meta: + log_type: http_error-log diff --git a/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/parser_results.yaml b/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/parser_results.yaml new file mode 100644 index 0000000..782bf59 --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/parser_results.yaml @@ -0,0 +1,39 @@ +provisionalresults: +- s00-raw: {} + s01-parse: {} + s02-enrich: + crowdsecurity/naxsi-logs: + ExpectMode: 1 + Stage: s02-enrich + Parsed: + http_path: / + message: 'NAXSI_EXLOG: ip=127.0.0.1&server=127.0.0.1&uri=/&id=1302&zone=ARGS&var_name=a&content=a<>bcd' + naxsi_dst_ip: 127.0.0.1 + naxsi_id: "1302" + naxsi_src_ip: 127.0.0.1 + naxsi_var_name: a + naxsi_zone: ARGS + program: nginx + StrTime: 04/Jan/2020:07:25:02 +0000 + Meta: + http_path: / + log_type: waf_naxsi-log + source_ip: 127.0.0.1 +finalresults: +- ExpectMode: 1 + Stage: s02-enrich + Parsed: + http_path: / + message: 'NAXSI_EXLOG: ip=127.0.0.1&server=127.0.0.1&uri=/&id=1302&zone=ARGS&var_name=a&content=a<>bcd' + naxsi_dst_ip: 127.0.0.1 + naxsi_id: "1302" + naxsi_src_ip: 127.0.0.1 + naxsi_var_name: a + naxsi_zone: ARGS + program: nginx + StrTime: 04/Jan/2020:07:25:02 +0000 + Process: true + Meta: + http_path: / + log_type: waf_naxsi-log + source_ip: 127.0.0.1 diff --git a/parsers/s02-enrich/crowdsecurity/.tests/whitelists/config.yaml b/parsers/s02-enrich/crowdsecurity/.tests/whitelists/config.yaml new file mode 100644 index 0000000..fb43733 --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/.tests/whitelists/config.yaml @@ -0,0 +1,7 @@ +parser_input: parser_input.yaml +parser_results: parser_results.yaml +#configuration +index: "./config/hub/.index.json" +configurations: + parsers: + - crowdsecurity/whitelists diff --git a/parsers/s02-enrich/crowdsecurity/.tests/whitelists/parser_input.yaml b/parsers/s02-enrich/crowdsecurity/.tests/whitelists/parser_input.yaml new file mode 100644 index 0000000..09c7c28 --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/.tests/whitelists/parser_input.yaml @@ -0,0 +1,10 @@ +- ExpectMode: 1 + Stage: s02-enrich + Time: 2020-12-11T13:05:46.765680868+01:00 + StrTime: Nov 10 15:01:29 + Process: true + Meta: + log_type: ssh_failed-auth + service: ssh + source_ip: 127.0.0.1 + target_user: test_ftp diff --git a/parsers/s02-enrich/crowdsecurity/.tests/whitelists/parser_results.yaml b/parsers/s02-enrich/crowdsecurity/.tests/whitelists/parser_results.yaml new file mode 100644 index 0000000..dc0a5ab --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/.tests/whitelists/parser_results.yaml @@ -0,0 +1,27 @@ +provisionalresults: +- s00-raw: {} + s01-parse: {} + s02-enrich: + crowdsecurity/whitelists: + ExpectMode: 1 + Whitelisted: true + whitelist_reason: private ipv4 ranges + Stage: s02-enrich + StrTime: Nov 10 15:01:29 + Meta: + log_type: ssh_failed-auth + service: ssh + source_ip: 127.0.0.1 + target_user: test_ftp +finalresults: +- ExpectMode: 1 + Whitelisted: true + whitelist_reason: private ipv4 ranges + Stage: s02-enrich + StrTime: Nov 10 15:01:29 + Process: true + Meta: + log_type: ssh_failed-auth + service: ssh + source_ip: 127.0.0.1 + target_user: test_ftp diff --git a/parsers/s02-enrich/crowdsecurity/dateparse-enrich.md b/parsers/s02-enrich/crowdsecurity/dateparse-enrich.md new file mode 100644 index 0000000..7e04a88 --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/dateparse-enrich.md @@ -0,0 +1,17 @@ +Parses timestamp strings in logs to be used in [forensic mode](https://doc.crowdsec.net/Crowdsec/v1/user_guide/forensic_mode/). The following formats are currently supported : + + - RFC3339 + - `02/Jan/2006:15:04:05 -0700` + - `Mon Jan 2 15:04:05 2006` + - `02-Jan-2006 15:04:05 europe/paris` + - `01/02/2006 15:04:05` + - `2006-01-02 15:04:05.999999999 -0700 MST` + - `Jan 2 15:04:05` + - `Mon Jan 02 15:04:05.000000 2006` + - `2006-01-02T15:04:05Z07:00` + - `2006/01/02` + - `2006/01/02 15:04` + - `2006-01-02` + - `2006-01-02 15:04` + +The `StrTime` item of the event is parsed by default. See [crowdsecurity/syslog-logs](https://hub.crowdsec.net/author/crowdsecurity/configurations/syslog-logs) as an example of a parser setting this field for `crowdsecurity/dateparse-enrich`. diff --git a/parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml b/parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml new file mode 100644 index 0000000..d803f27 --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml @@ -0,0 +1,9 @@ +filter: "evt.StrTime != ''" +name: crowdsecurity/dateparse-enrich +#debug: true +#it's a hack lol +statics: + - method: ParseDate + expression: evt.StrTime + - target: MarshaledTime + expression: evt.Enriched.MarshaledTime \ No newline at end of file diff --git a/parsers/s02-enrich/crowdsecurity/geoip-enrich.md b/parsers/s02-enrich/crowdsecurity/geoip-enrich.md new file mode 100644 index 0000000..72167c7 --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/geoip-enrich.md @@ -0,0 +1,15 @@ +The GeoIP module relies on geolite database to provide enrichment on source ip. + +The following informations will be added to the event : + - `Meta.IsoCode` : two-letters country code + - `Meta.IsInEU` : a boolean indicating if IP is in EU + - `Meta.GeoCoords` : latitude & longitude of IP + - `Meta.ASNNumber` : Autonomous System Number + - `Meta.ASNOrg` : Autonomous System Name + - `Meta.SourceRange` : The public range to which the IP belongs + + +This configuration includes GeoLite2 data created by MaxMind available from [https://www.maxmind.com](https://www.maxmind.com), it includes two data files: +* [GeoLite2-City.mmdb](https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-City.mmdb) +* [GeoLite2-ASN.mmdb](https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-ASN.mmdb) + diff --git a/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml b/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml new file mode 100644 index 0000000..59a4fca --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml @@ -0,0 +1,27 @@ +filter: "'source_ip' in evt.Meta" +name: crowdsecurity/geoip-enrich +description: "Populate event with geoloc info : as, country, coords, source range." +data: + - source_url: https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-City.mmdb + dest_file: GeoLite2-City.mmdb + - source_url: https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-ASN.mmdb + dest_file: GeoLite2-ASN.mmdb +statics: + - method: GeoIpCity + expression: evt.Meta.source_ip + - meta: IsoCode + expression: evt.Enriched.IsoCode + - meta: IsInEU + expression: evt.Enriched.IsInEU + - meta: GeoCoords + expression: evt.Enriched.GeoCoords + - method: GeoIpASN + expression: evt.Meta.source_ip + - meta: ASNNumber + expression: evt.Enriched.ASNNumber + - meta: ASNOrg + expression: evt.Enriched.ASNOrg + - method: IpToRange + expression: evt.Meta.source_ip + - meta: SourceRange + expression: evt.Enriched.SourceRange diff --git a/parsers/s02-enrich/crowdsecurity/http-logs.md b/parsers/s02-enrich/crowdsecurity/http-logs.md new file mode 100644 index 0000000..43f9292 --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/http-logs.md @@ -0,0 +1,4 @@ +This parser is a generic post-parsing http re-parser and profides more detailed information such as : + - static_ressource : a boolean to tell if the requested ressource is a static file + - file_name : simple file+file-extension + - impact_completion : a boolean flag indicating if the request succeeded (based on the http response code) diff --git a/parsers/s02-enrich/crowdsecurity/http-logs.yaml b/parsers/s02-enrich/crowdsecurity/http-logs.yaml new file mode 100644 index 0000000..0699ce6 --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/http-logs.yaml @@ -0,0 +1,33 @@ +filter: "evt.Meta.service == 'http' && evt.Meta.log_type in ['http_access-log', 'http_error-log']" +description: "Parse more Specifically HTTP logs, such as HTTP Code, HTTP path, HTTP args and if its a static ressource" +name: crowdsecurity/http-logs +pattern_syntax: + DIR: "^.*/" + FILE: "[^/].*?" + EXT: "\\.[^.]*$|$" +nodes: + - statics: + - parsed: "impact_completion" + # the value of a field can as well be determined as the result of an expression + expression: "evt.Meta.http_status in ['404', '403', '502'] ? 'false' : 'true'" + - target: evt.Parsed.static_ressource + value: 'false' + # let's split the path?query if possible + - grok: + pattern: "^%{GREEDYDATA:request}\\?%{GREEDYDATA:http_args}$" + apply_on: request + # this is another node, with its own pattern_syntax + - #debug: true + grok: + pattern: "%{DIR:file_dir}%{FILE:file_frag}%{EXT:file_ext}" + apply_on: request + statics: + - meta: http_path + expression: "evt.Parsed.http_path" + # meta af + - meta: http_args_len + expression: "len(evt.Parsed.http_args)" + - parsed: file_name + expression: evt.Parsed.file_frag + evt.Parsed.file_ext + - parsed: static_ressource + expression: "Upper(evt.Parsed.file_ext) in ['.JPG', '.CSS', '.JS', '.JPEG', '.PNG', '.SVG', '.MAP', '.ICO', '.OTF', '.GIF', '.MP3', '.MP4', '.WOFF', '.WOFF2', '.TTF', '.OTF', '.EOT', '.WEBP'] ? 'true' : 'false'" diff --git a/parsers/s02-enrich/crowdsecurity/naxsi-logs.yaml b/parsers/s02-enrich/crowdsecurity/naxsi-logs.yaml new file mode 100644 index 0000000..9bd2ab1 --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/naxsi-logs.yaml @@ -0,0 +1,16 @@ +#let's try to post-process nginx error log to have naxsi pattern +filter: "evt.Meta.log_type == 'http_error-log' && evt.Parsed.program == 'nginx'" +description: "Enrich logs if its from NAXSI" +name: crowdsecurity/naxsi-logs +grok: + name: "NAXSI_EXLOG" + apply_on: message +statics: + - target: evt.Meta.log_type + value: waf_naxsi-log + - meta: source_ip + expression: "evt.Parsed.naxsi_src_ip" + - meta: http_path + expression: "evt.Parsed.http_path" + - meta: dest_ip + expression: "evt.Parsed.target_ip" \ No newline at end of file diff --git a/parsers/s02-enrich/crowdsecurity/whitelists.md b/parsers/s02-enrich/crowdsecurity/whitelists.md new file mode 100644 index 0000000..41e6284 --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/whitelists.md @@ -0,0 +1,2 @@ +A generic whitelist to avoid banning yourself, whitelisted ranges : +192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12 diff --git a/parsers/s02-enrich/crowdsecurity/whitelists.yaml b/parsers/s02-enrich/crowdsecurity/whitelists.yaml new file mode 100644 index 0000000..d398ee8 --- /dev/null +++ b/parsers/s02-enrich/crowdsecurity/whitelists.yaml @@ -0,0 +1,13 @@ +name: crowdsecurity/whitelists +description: "Whitelist events from private ipv4 addresses" +whitelist: + reason: "private ipv4 ranges" + ip: + - "127.0.0.1" + cidr: + - "192.168.0.0/16" + - "10.0.0.0/8" + - "172.16.0.0/12" + # expression: + # - "'foo.com' in evt.Meta.source_ip.reverse" + diff --git a/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/config.yaml b/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/config.yaml new file mode 100644 index 0000000..0387642 --- /dev/null +++ b/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/config.yaml @@ -0,0 +1,7 @@ +postoverflow_input: po_input.yaml +postoverflow_results: postoverflow_results.yaml +#configuration +index: "./config/hub/.index.json" +configurations: + postoverflows: + - crowdsecurity/rdns diff --git a/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/po_input.yaml b/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/po_input.yaml new file mode 100644 index 0000000..4d0d42c --- /dev/null +++ b/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/po_input.yaml @@ -0,0 +1,16 @@ +- Type: 1 + Alert: + Alert: + remediation: true + source: + ip: 8.8.8.8 + scope: Ip + value: 8.8.8.8 +- Type: 1 + Alert: + Alert: + remediation: true + source: + ip: 192.168.0.100 + scope: Ip + value: 192.168.0.100 diff --git a/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/postoverflow_results.yaml b/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/postoverflow_results.yaml new file mode 100644 index 0000000..df56bfd --- /dev/null +++ b/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/postoverflow_results.yaml @@ -0,0 +1,216 @@ +provisionalresults: +- s00-enrich: + crowdsecurity/rdns: + Type: 1 + Stage: s01-whitelist + Enriched: + reverse_dns: dns.google. + Alert: + Alert: + capacity: null + createdat: "" + decisions: [] + events: [] + eventscount: null + id: 0 + labels: [] + leakspeed: null + machineid: "" + message: null + meta: [] + remediation: true + scenario: null + scenariohash: null + scenarioversion: null + simulated: null + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: null + stopat: null + Meta: + reverse_dns: dns.google. + s01-whitelist: + "": + Type: 1 + Stage: s01-whitelist + Enriched: + reverse_dns: dns.google. + Alert: + Alert: + capacity: null + createdat: "" + decisions: [] + events: [] + eventscount: null + id: 0 + labels: [] + leakspeed: null + machineid: "" + message: null + meta: [] + remediation: true + scenario: null + scenariohash: null + scenarioversion: null + simulated: null + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: null + stopat: null + Meta: + reverse_dns: dns.google. +- s00-enrich: + crowdsecurity/rdns: + Type: 1 + Stage: s01-whitelist + Alert: + Alert: + capacity: null + createdat: "" + decisions: [] + events: [] + eventscount: null + id: 0 + labels: [] + leakspeed: null + machineid: "" + message: null + meta: [] + remediation: true + scenario: null + scenariohash: null + scenarioversion: null + simulated: null + source: + asname: "" + asnumber: "" + cn: "" + ip: 192.168.0.100 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 192.168.0.100 + startat: null + stopat: null + s01-whitelist: + "": + Type: 1 + Stage: s01-whitelist + Alert: + Alert: + capacity: null + createdat: "" + decisions: [] + events: [] + eventscount: null + id: 0 + labels: [] + leakspeed: null + machineid: "" + message: null + meta: [] + remediation: true + scenario: null + scenariohash: null + scenarioversion: null + simulated: null + source: + asname: "" + asnumber: "" + cn: "" + ip: 192.168.0.100 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 192.168.0.100 + startat: null + stopat: null +finalresults: +- Type: 1 + Stage: s01-whitelist + Enriched: + reverse_dns: dns.google. + Alert: + Alert: + capacity: null + createdat: "" + decisions: [] + events: [] + eventscount: null + id: 0 + labels: [] + leakspeed: null + machineid: "" + message: null + meta: [] + remediation: true + scenario: null + scenariohash: null + scenarioversion: null + simulated: null + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: null + stopat: null + Process: true + Meta: + reverse_dns: dns.google. +- Type: 1 + Stage: s01-whitelist + Alert: + Alert: + capacity: null + createdat: "" + decisions: [] + events: [] + eventscount: null + id: 0 + labels: [] + leakspeed: null + machineid: "" + message: null + meta: [] + remediation: true + scenario: null + scenariohash: null + scenarioversion: null + simulated: null + source: + asname: "" + asnumber: "" + cn: "" + ip: 192.168.0.100 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 192.168.0.100 + startat: null + stopat: null + Process: true diff --git a/postoverflows/s00-enrich/crowdsecurity/rdns.md b/postoverflows/s00-enrich/crowdsecurity/rdns.md new file mode 100644 index 0000000..e1878dd --- /dev/null +++ b/postoverflows/s00-enrich/crowdsecurity/rdns.md @@ -0,0 +1,3 @@ +# Rdns enricher + +This will use `reverse_dns` method to enrich en event with the reverse dns of the IP if it exists. \ No newline at end of file diff --git a/postoverflows/s00-enrich/crowdsecurity/rdns.yaml b/postoverflows/s00-enrich/crowdsecurity/rdns.yaml new file mode 100644 index 0000000..2dcc16b --- /dev/null +++ b/postoverflows/s00-enrich/crowdsecurity/rdns.yaml @@ -0,0 +1,9 @@ +onsuccess: next_stage +filter: "evt.Overflow.Alert.Remediation == true" +name: crowdsecurity/rdns +description: "Lookup the DNS associated to the source IP only for overflows" +statics: + - method: reverse_dns + expression: evt.Overflow.Alert.Source.IP + - meta: reverse_dns + expression: evt.Enriched.reverse_dns diff --git a/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/config.yaml b/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/config.yaml new file mode 100644 index 0000000..e3d9227 --- /dev/null +++ b/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/config.yaml @@ -0,0 +1,7 @@ +postoverflow_input: parser_input.yaml +postoverflow_results: parser_results.yaml +#configuration +index: "./config/hub/.index.json" +configurations: + postoverflows: + - crowdsecurity/cdn-whitelist diff --git a/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/parser_input.yaml b/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/parser_input.yaml new file mode 100644 index 0000000..269f407 --- /dev/null +++ b/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/parser_input.yaml @@ -0,0 +1,86 @@ +- Type: 1 + Alert: + Sources: + 173.245.45.5: + asname: "" + asnumber: "" + cn: "" + ip: 173.245.45.5 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 173.245.45.5 + Alert: + capacity: 1 + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 173.245.45.5 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 173.245.45.5 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" +- Type: 1 + Alert: + Sources: + 198.41.128.3: + asname: "" + asnumber: "" + cn: "" + ip: 198.41.128.3 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 198.41.128.3 + Alert: + capacity: 1 + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 198.41.128.3 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 198.41.128.3 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" diff --git a/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/parser_results.yaml b/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/parser_results.yaml new file mode 100644 index 0000000..86ca5bd --- /dev/null +++ b/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/parser_results.yaml @@ -0,0 +1,306 @@ +provisionalresults: +- s00-enrich: + "": + Type: 1 + Stage: s01-whitelist + Alert: + Sources: + 173.245.45.5: + asname: "" + asnumber: "" + cn: "" + ip: 173.245.45.5 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 173.245.45.5 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 173.245.45.5 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 173.245.45.5 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" + s01-whitelist: + crowdsecurity/cdn-whitelist: + Type: 1 + Stage: s01-whitelist + Alert: + Sources: + 173.245.45.5: + asname: "" + asnumber: "" + cn: "" + ip: 173.245.45.5 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 173.245.45.5 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 173.245.45.5 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 173.245.45.5 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" +- s00-enrich: + "": + Type: 1 + Stage: s01-whitelist + Alert: + Sources: + 198.41.128.3: + asname: "" + asnumber: "" + cn: "" + ip: 198.41.128.3 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 198.41.128.3 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 198.41.128.3 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 198.41.128.3 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" + s01-whitelist: + crowdsecurity/cdn-whitelist: + Type: 1 + Whitelisted: true + whitelist_reason: CDN provider + Stage: s01-whitelist + Alert: + Whitelisted: true + Sources: + 198.41.128.3: + asname: "" + asnumber: "" + cn: "" + ip: 198.41.128.3 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 198.41.128.3 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 198.41.128.3 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 198.41.128.3 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" +finalresults: +- Type: 1 + Stage: s01-whitelist + Alert: + Sources: + 173.245.45.5: + asname: "" + asnumber: "" + cn: "" + ip: 173.245.45.5 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 173.245.45.5 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 173.245.45.5 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 173.245.45.5 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" + Process: true +- Type: 1 + Whitelisted: true + whitelist_reason: CDN provider + Stage: s01-whitelist + Alert: + Whitelisted: true + Sources: + 198.41.128.3: + asname: "" + asnumber: "" + cn: "" + ip: 198.41.128.3 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 198.41.128.3 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 198.41.128.3 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 198.41.128.3 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" + Process: true diff --git a/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/config.yaml b/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/config.yaml new file mode 100644 index 0000000..d108f11 --- /dev/null +++ b/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/config.yaml @@ -0,0 +1,7 @@ +postoverflow_input: parser_input.yaml +postoverflow_results: parser_results.yaml +#configuration +index: "./config/hub/.index.json" +configurations: + postoverflows: + - crowdsecurity/seo-bots-whitelist diff --git a/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/parser_input.yaml b/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/parser_input.yaml new file mode 100644 index 0000000..c7335dd --- /dev/null +++ b/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/parser_input.yaml @@ -0,0 +1,226 @@ +#this one is whitelisted by IP (duckduckgo) +- Type: 1 + Alert: + Sources: + 23.21.227.69: + asname: "" + asnumber: "" + cn: "" + ip: 23.21.227.69 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 23.21.227.69 + Alert: + capacity: 1 + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 23.21.227.69 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 23.21.227.69 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" +#this one isn't +- Type: 1 + Alert: + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + Alert: + capacity: 1 + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" +# this one is whitelisted by reverse dns regexp +- Type: 1 + Enriched: + reverse_dns: google-proxy-1-1-1-1.google.com. + Alert: + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + Alert: + capacity: 1 + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" +# this one is whitelisted by reverse dns string match +- Type: 1 + Enriched: + reverse_dns: foobar.googlebot.com. + Alert: + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + Alert: + capacity: 1 + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" +# this one isn't whitelisted by reverse dns +- Type: 1 + Enriched: + reverse_dns: foobar.gagle.com. + Alert: + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + Alert: + capacity: 1 + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" \ No newline at end of file diff --git a/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/parser_results.yaml b/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/parser_results.yaml new file mode 100644 index 0000000..8826bf5 --- /dev/null +++ b/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/parser_results.yaml @@ -0,0 +1,783 @@ +provisionalresults: +- s00-enrich: + "": + Type: 1 + Stage: s01-whitelist + Alert: + Sources: + 23.21.227.69: + asname: "" + asnumber: "" + cn: "" + ip: 23.21.227.69 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 23.21.227.69 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 23.21.227.69 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 23.21.227.69 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" + s01-whitelist: + crowdsecurity/seo-bots-whitelist: + Type: 1 + Whitelisted: true + whitelist_reason: good bots (search engine crawlers) + Stage: s01-whitelist + Alert: + Whitelisted: true + Sources: + 23.21.227.69: + asname: "" + asnumber: "" + cn: "" + ip: 23.21.227.69 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 23.21.227.69 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 23.21.227.69 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 23.21.227.69 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" +- s00-enrich: + "": + Type: 1 + Stage: s01-whitelist + Alert: + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" + s01-whitelist: + crowdsecurity/seo-bots-whitelist: + Type: 1 + Stage: s01-whitelist + Alert: + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" +- s00-enrich: + "": + Type: 1 + Stage: s01-whitelist + Enriched: + reverse_dns: google-proxy-1-1-1-1.google.com. + Alert: + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" + s01-whitelist: + crowdsecurity/seo-bots-whitelist: + Type: 1 + Whitelisted: true + whitelist_reason: good bots (search engine crawlers) + Stage: s01-whitelist + Enriched: + reverse_dns: google-proxy-1-1-1-1.google.com. + Alert: + Whitelisted: true + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" +- s00-enrich: + "": + Type: 1 + Stage: s01-whitelist + Enriched: + reverse_dns: foobar.googlebot.com. + Alert: + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" + s01-whitelist: + crowdsecurity/seo-bots-whitelist: + Type: 1 + Whitelisted: true + whitelist_reason: good bots (search engine crawlers) + Stage: s01-whitelist + Enriched: + reverse_dns: foobar.googlebot.com. + Alert: + Whitelisted: true + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" +- s00-enrich: + "": + Type: 1 + Stage: s01-whitelist + Enriched: + reverse_dns: foobar.gagle.com. + Alert: + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" + s01-whitelist: + crowdsecurity/seo-bots-whitelist: + Type: 1 + Stage: s01-whitelist + Enriched: + reverse_dns: foobar.gagle.com. + Alert: + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" +finalresults: +- Type: 1 + Whitelisted: true + whitelist_reason: good bots (search engine crawlers) + Stage: s01-whitelist + Alert: + Whitelisted: true + Sources: + 23.21.227.69: + asname: "" + asnumber: "" + cn: "" + ip: 23.21.227.69 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 23.21.227.69 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 23.21.227.69 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 23.21.227.69 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" + Process: true +- Type: 1 + Stage: s01-whitelist + Alert: + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" + Process: true +- Type: 1 + Whitelisted: true + whitelist_reason: good bots (search engine crawlers) + Stage: s01-whitelist + Enriched: + reverse_dns: google-proxy-1-1-1-1.google.com. + Alert: + Whitelisted: true + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" + Process: true +- Type: 1 + Whitelisted: true + whitelist_reason: good bots (search engine crawlers) + Stage: s01-whitelist + Enriched: + reverse_dns: foobar.googlebot.com. + Alert: + Whitelisted: true + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" + Process: true +- Type: 1 + Stage: s01-whitelist + Enriched: + reverse_dns: foobar.gagle.com. + Alert: + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: log_type + value: ssh_failed-auth + timestamp: "2020-11-10T15:01:29Z" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" + Process: true diff --git a/postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.md b/postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.md new file mode 100644 index 0000000..f34368b --- /dev/null +++ b/postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.md @@ -0,0 +1,6 @@ +# CDNs whitelist + +CDNs whitelist based on following lists: +* https://www.cloudflare.com/ips-v4 + +It will whitelist overflows triggered on an IP in those lists \ No newline at end of file diff --git a/postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.yaml b/postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.yaml new file mode 100644 index 0000000..c2a2a04 --- /dev/null +++ b/postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.yaml @@ -0,0 +1,10 @@ +name: crowdsecurity/cdn-whitelist +description: "Whitelist CDN providers" +whitelist: + reason: "CDN provider" + expression: + - "any(File('cloudflare_ips.txt'), { IpInRange(evt.Overflow.Alert.Source.IP ,#)})" +data: + - source_url: https://www.cloudflare.com/ips-v4 + dest_file: cloudflare_ips.txt + type: string diff --git a/postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.md b/postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.md new file mode 100644 index 0000000..67aebd8 --- /dev/null +++ b/postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.md @@ -0,0 +1,11 @@ +# SEO Bots Whitelist + +Configuration based on `crowdsecurity/rdns` to whitelist following benign SEO bots: +* duckduckBot +* googlebot +* yandex +* bing +* baidu +* yahoo +* pinterest +* qwant diff --git a/postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.yaml b/postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.yaml new file mode 100644 index 0000000..23c39aa --- /dev/null +++ b/postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.yaml @@ -0,0 +1,18 @@ +name: crowdsecurity/seo-bots-whitelist +description: "Whitelist good search engine crawlers" +whitelist: + reason: "good bots (search engine crawlers)" + expression: + - "any(File('rdns_seo_bots.txt'), { len(#) > 0 && evt.Enriched.reverse_dns endsWith #})" + - "RegexpInFile(evt.Enriched.reverse_dns, 'rdns_seo_bots.regex')" + - "any(File('ip_seo_bots.txt'), { len(#) > 0 && IpInRange(evt.Overflow.Alert.Source.IP ,#)})" +data: + - source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/whitelists/benign_bots/search_engine_crawlers/rdns_seo_bots.txt + dest_file: rdns_seo_bots.txt + type: string + - source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/whitelists/benign_bots/search_engine_crawlers/rnds_seo_bots.regex + dest_file: rdns_seo_bots.regex + type: regexp + - source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/whitelists/benign_bots/search_engine_crawlers/ip_seo_bots.txt + dest_file: ip_seo_bots.txt + type: string \ No newline at end of file diff --git a/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/bucket_input.yaml b/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/bucket_input.yaml new file mode 100644 index 0000000..f05e6a5 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/bucket_input.yaml @@ -0,0 +1,432 @@ +- Type: 1 + Alert: + MapKey: 3cbe015437dac180af7767a997348e490c0e6300 + Reprocess: true + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + Alert: + capacity: 5 + createdat: "" + decisions: [] + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 5 + createdat: "" + decisions: [] + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" +- Type: 1 + Alert: + MapKey: 3cbe015437dac180af7767a997348e490c0e6300 + Reprocess: true + Sources: + 1.1.1.2: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.2 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + Alert: + capacity: 5 + createdat: "" + decisions: [] + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.2 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 5 + createdat: "" + decisions: [] + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.2 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" +- Type: 1 + Alert: + MapKey: 3cbe015437dac180af7767a997348e490c0e6300 + Reprocess: true + Sources: + 1.1.1.3: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.3 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + Alert: + capacity: 5 + createdat: "" + decisions: [] + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.3 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 5 + createdat: "" + decisions: [] + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.3 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" +- Type: 1 + Alert: + MapKey: 3cbe015437dac180af7767a997348e490c0e6300 + Reprocess: true + Sources: + 1.1.1.4: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.4 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + Alert: + capacity: 5 + createdat: "" + decisions: [] + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.4 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 5 + createdat: "" + decisions: [] + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.4 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" +- Type: 1 + Alert: + MapKey: 3cbe015437dac180af7767a997348e490c0e6300 + Reprocess: true + Sources: + 1.1.1.5: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.5 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + Alert: + capacity: 5 + createdat: "" + decisions: [] + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.5 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 5 + createdat: "" + decisions: [] + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.5 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" +- Type: 1 + Alert: + MapKey: 3cbe015437dac180af7767a997348e490c0e6300 + Reprocess: true + Sources: + 1.1.1.6: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.6 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + Alert: + capacity: 5 + createdat: "" + decisions: [] + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.6 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 5 + createdat: "" + decisions: [] + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ssh-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.6 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" diff --git a/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/bucket_results.yaml b/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/bucket_results.yaml new file mode 100644 index 0000000..40cbe1f --- /dev/null +++ b/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/bucket_results.yaml @@ -0,0 +1,263 @@ +- Type: 1 + Alert: + MapKey: 8a13f1184b0f0bc0b762f39e31a4e315288baf80 + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + 1.1.1.2: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.2 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + 1.1.1.3: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.3 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + 1.1.1.4: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.4 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + 1.1.1.5: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.5 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + 1.1.1.6: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.6 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + Alert: + capacity: 5 + createdat: "" + decisions: [] + events: [] + eventscount: 6 + id: 0 + labels: [] + leakspeed: 1m0s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ban-defcon-drop_range + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 5 + createdat: "" + decisions: [] + events: [] + eventscount: 6 + id: 0 + labels: [] + leakspeed: 1m0s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ban-defcon-drop_range + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + - capacity: 5 + createdat: "" + decisions: [] + events: [] + eventscount: 6 + id: 0 + labels: [] + leakspeed: 1m0s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ban-defcon-drop_range + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.2 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + - capacity: 5 + createdat: "" + decisions: [] + events: [] + eventscount: 6 + id: 0 + labels: [] + leakspeed: 1m0s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ban-defcon-drop_range + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.3 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + - capacity: 5 + createdat: "" + decisions: [] + events: [] + eventscount: 6 + id: 0 + labels: [] + leakspeed: 1m0s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ban-defcon-drop_range + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.4 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + - capacity: 5 + createdat: "" + decisions: [] + events: [] + eventscount: 6 + id: 0 + labels: [] + leakspeed: 1m0s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ban-defcon-drop_range + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.5 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + - capacity: 5 + createdat: "" + decisions: [] + events: [] + eventscount: 6 + id: 0 + labels: [] + leakspeed: 1m0s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/ban-defcon-drop_range + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.6 + latitude: 0 + longitude: 0 + range: "" + scope: Range + value: 1.1.1.0/24 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" diff --git a/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/config.yaml b/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/config.yaml new file mode 100644 index 0000000..d13bf7a --- /dev/null +++ b/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/config.yaml @@ -0,0 +1,8 @@ +bucket_input: bucket_input.yaml #unused in our example +bucket_results: bucket_results.yaml #unused in our example + +#configuration +index: "./config/hub/.index.json" +configurations: + scenarios: + - crowdsecurity/ban-defcon-drop_range diff --git a/scenarios/crowdsecurity/.tests/dovecot-spam/bucket_input.yaml b/scenarios/crowdsecurity/.tests/dovecot-spam/bucket_input.yaml new file mode 100644 index 0000000..0bfd9a2 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/dovecot-spam/bucket_input.yaml @@ -0,0 +1,41 @@ +#these are the events we input into parser +- Meta: + source_ip: 8.8.8.8 + log_type: dovecot_logs + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + dovecot_local_ip: 7.7.7.7 + dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs) + dovecot_remote_ip: 4.4.4.4 + dovecot_user: toto@toto.com +- Meta: + source_ip: 8.8.8.8 + log_type: dovecot_logs + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + dovecot_local_ip: 7.7.7.7 + dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs) + dovecot_remote_ip: 4.4.4.4 + dovecot_user: toto@toto.com +- Meta: + source_ip: 8.8.8.8 + log_type: dovecot_logs + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + dovecot_local_ip: 7.7.7.7 + dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs) + dovecot_remote_ip: 4.4.4.4 + dovecot_user: toto@toto.com +- Meta: + source_ip: 8.8.8.8 + log_type: dovecot_logs + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + dovecot_local_ip: 7.7.7.7 + dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs) + dovecot_remote_ip: 4.4.4.4 + dovecot_user: toto@toto.com diff --git a/scenarios/crowdsecurity/.tests/dovecot-spam/bucket_results.yaml b/scenarios/crowdsecurity/.tests/dovecot-spam/bucket_results.yaml new file mode 100644 index 0000000..ba5b235 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/dovecot-spam/bucket_results.yaml @@ -0,0 +1,137 @@ +- Type: 1 + Alert: + MapKey: ffceb7be7e20b8e20db02b764cebc6ef3d351a1c + Sources: + 8.8.8.8: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + Alert: + capacity: 3 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: dovecot_logs + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: dovecot_logs + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: dovecot_logs + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: dovecot_logs + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + eventscount: 4 + id: 0 + labels: [] + leakspeed: 6m0s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/dovecot-spam + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 3 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: dovecot_logs + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: dovecot_logs + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: dovecot_logs + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: dovecot_logs + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + eventscount: 4 + id: 0 + labels: [] + leakspeed: 6m0s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/dovecot-spam + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" diff --git a/scenarios/crowdsecurity/.tests/dovecot-spam/config.yaml b/scenarios/crowdsecurity/.tests/dovecot-spam/config.yaml new file mode 100644 index 0000000..3a92438 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/dovecot-spam/config.yaml @@ -0,0 +1,8 @@ +bucket_input: bucket_input.yaml #unused in our example +bucket_results: bucket_results.yaml #unused in our example + +#configuration +index: "./config/hub/.index.json" +configurations: + scenarios: + - crowdsecurity/dovecot-spam diff --git a/scenarios/crowdsecurity/.tests/http-backdoors-attempts/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-backdoors-attempts/bucket_input.yaml new file mode 100644 index 0000000..6623a23 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-backdoors-attempts/bucket_input.yaml @@ -0,0 +1,30 @@ +#this one won't trigger overflow (backdoors are the same) +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + request: c99.php +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + request: c99.php +#this one will +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + request: c99.php +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + request: jspShell.jsp \ No newline at end of file diff --git a/scenarios/crowdsecurity/.tests/http-backdoors-attempts/bucket_result.yaml b/scenarios/crowdsecurity/.tests/http-backdoors-attempts/bucket_result.yaml new file mode 100644 index 0000000..48c32e5 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-backdoors-attempts/bucket_result.yaml @@ -0,0 +1,105 @@ +- Type: 1 + Alert: + MapKey: a602b5cc97211993b68a64ba360e1697c93e677c + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 1.1.1.1 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 1.1.1.1 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + eventscount: 2 + id: 0 + labels: [] + leakspeed: 5s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-backdoors-attempts + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 1.1.1.1 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 1.1.1.1 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + eventscount: 2 + id: 0 + labels: [] + leakspeed: 5s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-backdoors-attempts + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" diff --git a/scenarios/crowdsecurity/.tests/http-backdoors-attempts/config.yaml b/scenarios/crowdsecurity/.tests/http-backdoors-attempts/config.yaml new file mode 100644 index 0000000..63be7ec --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-backdoors-attempts/config.yaml @@ -0,0 +1,7 @@ +bucket_input: bucket_input.yaml +bucket_results: bucket_result.yaml +#configuration +index: "./config/hub/.index.json" +configurations: + scenarios: + - crowdsecurity/http-backdoors-attempts diff --git a/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_input.yaml new file mode 100644 index 0000000..9740d46 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_input.yaml @@ -0,0 +1,42 @@ +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + http_user_agent: BacklinkCrawler +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + http_user_agent: BacklinkCrawler +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:51.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + http_user_agent: Sqlmap v1.1.1 +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:51.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + http_user_agent: Sqlmap v1.1.1 +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:52.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + http_user_agent: Turnitin +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:52.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + http_user_agent: Turnitin diff --git a/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_results.yaml b/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_results.yaml new file mode 100644 index 0000000..709526b --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_results.yaml @@ -0,0 +1,105 @@ +- Type: 1 + Alert: + MapKey: 25fa9229bd06e973b3e656d1cc9b0a093cb779d1 + Sources: + 8.8.8.8: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + Alert: + capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + eventscount: 2 + id: 0 + labels: [] + leakspeed: 1m0s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-bad-user-agent + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 1 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + eventscount: 2 + id: 0 + labels: [] + leakspeed: 1m0s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-bad-user-agent + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" diff --git a/scenarios/crowdsecurity/.tests/http-bad-user-agent/config.yaml b/scenarios/crowdsecurity/.tests/http-bad-user-agent/config.yaml new file mode 100644 index 0000000..e83b52f --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-bad-user-agent/config.yaml @@ -0,0 +1,8 @@ +bucket_input: bucket_input.yaml #unused in our example +bucket_results: bucket_results.yaml #unused in our example + +#configuration +index: "./config/hub/.index.json" +configurations: + scenarios: + - crowdsecurity/http-bad-user-agent diff --git a/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/bucket_input.yaml new file mode 100644 index 0000000..2069710 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/bucket_input.yaml @@ -0,0 +1,54 @@ +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + file_name: wp-login.php + status: '200' + verb: "POST" +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + file_name: wp-login.php + status: '200' + verb: "POST" +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:51.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + file_name: wp-login.php + status: '200' + verb: "POST" +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:51.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + file_name: wp-login.php + status: '200' + verb: "POST" +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:52.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + file_name: wp-login.php + status: '200' + verb: "POST" +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:52.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + file_name: wp-login.php + status: '200' + verb: "POST" diff --git a/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/bucket_results.yaml b/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/bucket_results.yaml new file mode 100644 index 0000000..404107d --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/bucket_results.yaml @@ -0,0 +1,169 @@ +- Type: 1 + Alert: + MapKey: 038a98a56c0d99467da6548b28c2bc74f3179534 + Sources: + 8.8.8.8: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + Alert: + capacity: 5 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:51.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:51.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-bf-wordpress_bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 5 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:51.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:51.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-bf-wordpress_bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" diff --git a/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/config.yaml b/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/config.yaml new file mode 100644 index 0000000..2601a00 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/config.yaml @@ -0,0 +1,8 @@ +bucket_input: bucket_input.yaml +bucket_results: bucket_results.yaml + +#configuration +index: "./config/hub/.index.json" +configurations: + scenarios: + - crowdsecurity/http-bf-wordpress_bf diff --git a/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/po_input.yaml b/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/po_input.yaml new file mode 100644 index 0000000..d180dcf --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/po_input.yaml @@ -0,0 +1,169 @@ +- Type: 1 + Alert: + MapKey: cbe79d14d16ad4296f8396cd1983128eac4d5db1 + Sources: + 8.8.8.8: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + Alert: + capacity: 5 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:51.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:51.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-bf-wordpress_bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 5 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:51.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:51.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-bf-wordpress_bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" diff --git a/scenarios/crowdsecurity/.tests/http-crawl-non_statics/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-crawl-non_statics/bucket_input.yaml new file mode 100644 index 0000000..71b9e9e --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-crawl-non_statics/bucket_input.yaml @@ -0,0 +1,372 @@ +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test1.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test2.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test3.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test4.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test5.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test6.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:51.52Z + Time: 2020-12-09T07:20:51.363532653+01:00 + Parsed: + static_ressource: false + file_name: test7.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:51.52Z + Time: 2020-12-09T07:20:51.363532653+01:00 + Parsed: + static_ressource: false + file_name: test8.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:51.52Z + Time: 2020-12-09T07:20:51.363532653+01:00 + Parsed: + static_ressource: false + file_name: test9.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:51.52Z + Time: 2020-12-09T07:20:51.363532653+01:00 + Parsed: + static_ressource: false + file_name: test10.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:51.52Z + Time: 2020-12-09T07:20:51.363532653+01:00 + Parsed: + static_ressource: false + file_name: test11.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:51.52Z + Time: 2020-12-09T07:20:51.363532653+01:00 + Parsed: + static_ressource: false + file_name: test12.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:51.52Z + Time: 2020-12-09T07:20:51.363532653+01:00 + Parsed: + static_ressource: false + file_name: test13.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:52.52Z + Time: 2020-12-09T07:20:52.363532653+01:00 + Parsed: + static_ressource: false + file_name: test14.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:52.52Z + Time: 2020-12-09T07:20:52.363532653+01:00 + Parsed: + static_ressource: false + file_name: test15.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:52.52Z + Time: 2020-12-09T07:20:52.363532653+01:00 + Parsed: + static_ressource: false + file_name: test16.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:52.52Z + Time: 2020-12-09T07:20:52.363532653+01:00 + Parsed: + static_ressource: false + file_name: test17.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:52.52Z + Time: 2020-12-09T07:20:52.363532653+01:00 + Parsed: + static_ressource: false + file_name: test18.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:52.52Z + Time: 2020-12-09T07:20:52.363532653+01:00 + Parsed: + static_ressource: false + file_name: test19.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:52.52Z + Time: 2020-12-09T07:20:52.363532653+01:00 + Parsed: + static_ressource: false + file_name: test20.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:53.52Z + Time: 2020-12-09T07:20:53.363532653+01:00 + Parsed: + static_ressource: false + file_name: test21.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:53.52Z + Time: 2020-12-09T07:20:53.363532653+01:00 + Parsed: + static_ressource: false + file_name: test22.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:53.52Z + Time: 2020-12-09T07:20:53.363532653+01:00 + Parsed: + static_ressource: false + file_name: test23.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:53.52Z + Time: 2020-12-09T07:20:53.363532653+01:00 + Parsed: + static_ressource: false + file_name: test24.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:53.52Z + Time: 2020-12-09T07:20:53.363532653+01:00 + Parsed: + static_ressource: false + file_name: test25.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:53.52Z + Time: 2020-12-09T07:20:53.363532653+01:00 + Parsed: + static_ressource: false + file_name: test26.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:53.52Z + Time: 2020-12-09T07:20:53.363532653+01:00 + Parsed: + static_ressource: false + file_name: test27.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:53.52Z + Time: 2020-12-09T07:20:53.363532653+01:00 + Parsed: + static_ressource: false + file_name: test28.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:53.52Z + Time: 2020-12-09T07:20:53.363532653+01:00 + Parsed: + static_ressource: false + file_name: test29.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:54.52Z + Time: 2020-12-09T07:20:54.363532653+01:00 + Parsed: + static_ressource: false + file_name: test30.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:54.52Z + Time: 2020-12-09T07:20:54.363532653+01:00 + Parsed: + static_ressource: false + file_name: test31.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:54.52Z + Time: 2020-12-09T07:20:54.363532653+01:00 + Parsed: + static_ressource: false + file_name: test32.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:54.52Z + Time: 2020-12-09T07:20:54.363532653+01:00 + Parsed: + static_ressource: false + file_name: test33.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:54.52Z + Time: 2020-12-09T07:20:54.363532653+01:00 + Parsed: + static_ressource: false + file_name: test34.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:54.52Z + Time: 2020-12-09T07:20:54.363532653+01:00 + Parsed: + static_ressource: false + file_name: test123.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:55.52Z + Time: 2020-12-09T07:20:55.363532653+01:00 + Parsed: + static_ressource: false + file_name: test35.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:55.52Z + Time: 2020-12-09T07:20:55.363532653+01:00 + Parsed: + static_ressource: false + file_name: test36.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:55.52Z + Time: 2020-12-09T07:20:55.363532653+01:00 + Parsed: + static_ressource: false + file_name: test37.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:55.52Z + Time: 2020-12-09T07:20:55.363532653+01:00 + Parsed: + static_ressource: false + file_name: test38.php + target_fqdn: www.test.com +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:55.52Z + Time: 2020-12-09T07:20:55.363532653+01:00 + Parsed: + static_ressource: false + file_name: test39.php + target_fqdn: www.test.com + + + diff --git a/scenarios/crowdsecurity/.tests/http-crawl-non_statics/bucket_results.yaml b/scenarios/crowdsecurity/.tests/http-crawl-non_statics/bucket_results.yaml new file mode 100644 index 0000000..5aa2848 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-crawl-non_statics/bucket_results.yaml @@ -0,0 +1,169 @@ +- Type: 1 + Alert: + MapKey: 1968020eb846775e894942d1ea55cd3da1b24895 + Sources: + 8.8.8.8: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + Alert: + capacity: 40 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:54.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:54.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + eventscount: 41 + id: 0 + labels: [] + leakspeed: 500ms + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-crawl-non_statics + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 40 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:54.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:54.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + eventscount: 41 + id: 0 + labels: [] + leakspeed: 500ms + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-crawl-non_statics + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" diff --git a/scenarios/crowdsecurity/.tests/http-crawl-non_statics/config.yaml b/scenarios/crowdsecurity/.tests/http-crawl-non_statics/config.yaml new file mode 100644 index 0000000..1738254 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-crawl-non_statics/config.yaml @@ -0,0 +1,8 @@ +bucket_input: bucket_input.yaml #unused in our example +bucket_results: bucket_results.yaml #unused in our example + +#configuration +index: "./config/hub/.index.json" +configurations: + scenarios: + - crowdsecurity/http-crawl-non_statics diff --git a/scenarios/crowdsecurity/.tests/http-crawl-non_statics/po_input.yaml b/scenarios/crowdsecurity/.tests/http-crawl-non_statics/po_input.yaml new file mode 100644 index 0000000..5aa2848 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-crawl-non_statics/po_input.yaml @@ -0,0 +1,169 @@ +- Type: 1 + Alert: + MapKey: 1968020eb846775e894942d1ea55cd3da1b24895 + Sources: + 8.8.8.8: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + Alert: + capacity: 40 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:54.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:54.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + eventscount: 41 + id: 0 + labels: [] + leakspeed: 500ms + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-crawl-non_statics + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 40 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:54.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:54.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:55.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:55.363532653+01:00" + eventscount: 41 + id: 0 + labels: [] + leakspeed: 500ms + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-crawl-non_statics + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" diff --git a/scenarios/crowdsecurity/.tests/http-generic-bf/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-generic-bf/bucket_input.yaml new file mode 100644 index 0000000..bf41559 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-generic-bf/bucket_input.yaml @@ -0,0 +1,100 @@ +- Meta: + service: http + source_ip: 8.8.8.8 + sub_type: auth_fail + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + request: wp-login.php + status: '403' +- Meta: + service: http + source_ip: 8.8.8.8 + sub_type: auth_fail + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + request: wp-login.php + status: '403' +- Meta: + service: http + source_ip: 8.8.8.8 + sub_type: auth_fail + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + request: wp-login.php + status: '403' +- Meta: + service: http + source_ip: 8.8.8.8 + sub_type: auth_fail + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + request: wp-login.php + status: '403' +- Meta: + service: http + source_ip: 8.8.8.8 + sub_type: auth_fail + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + request: wp-login.php + status: '403' +- Meta: + service: http + source_ip: 8.8.8.8 + sub_type: auth_fail + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + request: wp-login.php + status: '403' +# this one won't +- Meta: + service: http + source_ip: 1.1.1.1 + sub_type: auth_fail + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + request: wp-login.php + status: '403' +- Meta: + service: http + source_ip: 1.1.1.1 + sub_type: auth_fail + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + request: wp-login.php + status: '403' +- Meta: + service: http + source_ip: 1.1.1.1 + sub_type: auth_fail + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + request: wp-login.php + status: '403' +- Meta: + service: http + source_ip: 1.1.1.1 + sub_type: auth_fail + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + request: wp-login.php + status: '403' +- Meta: + service: http + source_ip: 1.1.1.1 + sub_type: auth_fail + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + request: wp-login.php + status: '403' \ No newline at end of file diff --git a/scenarios/crowdsecurity/.tests/http-generic-bf/bucket_result.yaml b/scenarios/crowdsecurity/.tests/http-generic-bf/bucket_result.yaml new file mode 100644 index 0000000..dc6d0e6 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-generic-bf/bucket_result.yaml @@ -0,0 +1,193 @@ +- Type: 1 + Alert: + MapKey: a685cc1a6bc11cec7b6443c898a27604dec9a3e9 + Sources: + 8.8.8.8: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + Alert: + capacity: 5 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + - key: sub_type + value: auth_fail + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + - key: sub_type + value: auth_fail + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + - key: sub_type + value: auth_fail + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + - key: sub_type + value: auth_fail + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + - key: sub_type + value: auth_fail + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + - key: sub_type + value: auth_fail + timestamp: "2020-12-09T07:20:50.363532653+01:00" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-generic-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 5 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + - key: sub_type + value: auth_fail + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + - key: sub_type + value: auth_fail + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + - key: sub_type + value: auth_fail + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + - key: sub_type + value: auth_fail + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + - key: sub_type + value: auth_fail + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + - key: sub_type + value: auth_fail + timestamp: "2020-12-09T07:20:50.363532653+01:00" + eventscount: 6 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-generic-bf + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" diff --git a/scenarios/crowdsecurity/.tests/http-generic-bf/config.yaml b/scenarios/crowdsecurity/.tests/http-generic-bf/config.yaml new file mode 100644 index 0000000..06b7219 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-generic-bf/config.yaml @@ -0,0 +1,8 @@ +bucket_input: bucket_input.yaml +bucket_results: bucket_result.yaml + +#configuration +index: "./config/hub/.index.json" +configurations: + scenarios: + - crowdsecurity/http-generic-bf \ No newline at end of file diff --git a/scenarios/crowdsecurity/.tests/http-path-traversal-probing/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-path-traversal-probing/bucket_input.yaml new file mode 100644 index 0000000..480e1e5 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-path-traversal-probing/bucket_input.yaml @@ -0,0 +1,82 @@ +#will trigger +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + http_path: "/../1" + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + http_path: "/../2" + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + http_path: "/../3" + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + http_path: "/../4" + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com +#won't trigger (same path) +- Meta: + source_ip: 2.2.2.2 + log_type: http_access-log + http_path: "/../FP" + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com +- Meta: + source_ip: 2.2.2.2 + log_type: http_access-log + http_path: "/../FP" + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com +- Meta: + source_ip: 2.2.2.2 + log_type: http_access-log + http_path: "/../FP" + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com +- Meta: + source_ip: 2.2.2.2 + log_type: http_access-log + http_path: "/../FP" + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com diff --git a/scenarios/crowdsecurity/.tests/http-path-traversal-probing/bucket_result.yaml b/scenarios/crowdsecurity/.tests/http-path-traversal-probing/bucket_result.yaml new file mode 100644 index 0000000..f81fe80 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-path-traversal-probing/bucket_result.yaml @@ -0,0 +1,154 @@ +- Type: 1 + Alert: + MapKey: 6f32710a2f629ca6ec59f8dfd16a0fed5a5bffe6 + Reprocess: true + Sources: + 1.1.1.1: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + Alert: + capacity: 3 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: http_path + value: /../1 + - key: log_type + value: http_access-log + - key: source_ip + value: 1.1.1.1 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: http_path + value: /../2 + - key: log_type + value: http_access-log + - key: source_ip + value: 1.1.1.1 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: http_path + value: /../3 + - key: log_type + value: http_access-log + - key: source_ip + value: 1.1.1.1 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: http_path + value: /../4 + - key: log_type + value: http_access-log + - key: source_ip + value: 1.1.1.1 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + eventscount: 4 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-path-traversal-probing + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 3 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: http_path + value: /../1 + - key: log_type + value: http_access-log + - key: source_ip + value: 1.1.1.1 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: http_path + value: /../2 + - key: log_type + value: http_access-log + - key: source_ip + value: 1.1.1.1 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: http_path + value: /../3 + - key: log_type + value: http_access-log + - key: source_ip + value: 1.1.1.1 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: http_path + value: /../4 + - key: log_type + value: http_access-log + - key: source_ip + value: 1.1.1.1 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + eventscount: 4 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-path-traversal-probing + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 1.1.1.1 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 1.1.1.1 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" diff --git a/scenarios/crowdsecurity/.tests/http-path-traversal-probing/config.yaml b/scenarios/crowdsecurity/.tests/http-path-traversal-probing/config.yaml new file mode 100644 index 0000000..dc63817 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-path-traversal-probing/config.yaml @@ -0,0 +1,8 @@ +bucket_input: bucket_input.yaml #unused in our example +bucket_results: bucket_result.yaml #unused in our example + +#configuration +index: "./config/hub/.index.json" +configurations: + scenarios: + - crowdsecurity/http-path-traversal-probing diff --git a/scenarios/crowdsecurity/.tests/http-probing/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-probing/bucket_input.yaml new file mode 100644 index 0000000..06b1776 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-probing/bucket_input.yaml @@ -0,0 +1,99 @@ +- Meta: + service: http + http_status: '404' + source_ip: 8.8.8.8 + http_path: "admin.php" + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false +- Meta: + service: http + http_status: '403' + source_ip: 8.8.8.8 + http_path: ".git" + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false +- Meta: + service: http + http_status: '403' + source_ip: 8.8.8.8 + http_path: ".htaccess" + MarshaledTime: 2020-12-09T07:20:51.52Z + Time: 2020-12-09T07:20:51.363532653+01:00 + Parsed: + static_ressource: false +- Meta: + service: http + http_status: '404' + source_ip: 8.8.8.8 + http_path: "099.php" + MarshaledTime: 2020-12-09T07:20:52.52Z + Time: 2020-12-09T07:20:52.363532653+01:00 + Parsed: + static_ressource: false +- Meta: + service: http + http_status: '404' + source_ip: 8.8.8.8 + http_path: "config.php" + MarshaledTime: 2020-12-09T07:20:52.52Z + Time: 2020-12-09T07:20:52.363532653+01:00 + Parsed: + static_ressource: false +- Meta: + service: http + http_status: '404' + source_ip: 8.8.8.8 + http_path: "db.php" + MarshaledTime: 2020-12-09T07:20:52.52Z + Time: 2020-12-09T07:20:52.363532653+01:00 + Parsed: + static_ressource: false +- Meta: + service: http + http_status: '403' + source_ip: 8.8.8.8 + http_path: "admin/index.php" + MarshaledTime: 2020-12-09T07:20:52.52Z + Time: 2020-12-09T07:20:52.363532653+01:00 + Parsed: + static_ressource: false +- Meta: + service: http + http_status: '404' + source_ip: 8.8.8.8 + http_path: "test.php" + MarshaledTime: 2020-12-09T07:20:53.52Z + Time: 2020-12-09T07:20:53.363532653+01:00 + Parsed: + static_ressource: false +- Meta: + service: http + http_status: '403' + source_ip: 8.8.8.8 + http_path: "backup.db" + MarshaledTime: 2020-12-09T07:20:53.52Z + Time: 2020-12-09T07:20:53.363532653+01:00 + Parsed: + static_ressource: false +- Meta: + service: http + http_status: '404' + source_ip: 8.8.8.8 + http_path: "backup.db.tgz" + MarshaledTime: 2020-12-09T07:20:53.52Z + Time: 2020-12-09T07:20:53.363532653+01:00 + Parsed: + static_ressource: false +- Meta: + service: http + http_status: '404' + source_ip: 8.8.8.8 + http_path: "backup.db.zip" + MarshaledTime: 2020-12-09T07:20:53.52Z + Time: 2020-12-09T07:20:53.363532653+01:00 + Parsed: + static_ressource: false \ No newline at end of file diff --git a/scenarios/crowdsecurity/.tests/http-probing/bucket_results.yaml b/scenarios/crowdsecurity/.tests/http-probing/bucket_results.yaml new file mode 100644 index 0000000..130a93f --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-probing/bucket_results.yaml @@ -0,0 +1,338 @@ +- Type: 1 + Alert: + MapKey: 2c836db1e2dbcfd4bb280f49ea2b4e7610dfc426 + Reprocess: true + Sources: + 8.8.8.8: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + Alert: + capacity: 10 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: http_path + value: admin.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: http_path + value: .git + - key: http_status + value: "403" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:51.52Z" + - key: http_path + value: .htaccess + - key: http_status + value: "403" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:51.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: http_path + value: 099.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:52.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: http_path + value: config.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:52.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: http_path + value: db.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:52.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: http_path + value: admin/index.php + - key: http_status + value: "403" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:52.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:53.52Z" + - key: http_path + value: test.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:53.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:53.52Z" + - key: http_path + value: backup.db + - key: http_status + value: "403" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:53.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:53.52Z" + - key: http_path + value: backup.db.tgz + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:53.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:53.52Z" + - key: http_path + value: backup.db.zip + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:53.363532653+01:00" + eventscount: 11 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-probing + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 10 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: http_path + value: admin.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: http_path + value: .git + - key: http_status + value: "403" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:51.52Z" + - key: http_path + value: .htaccess + - key: http_status + value: "403" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:51.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: http_path + value: 099.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:52.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: http_path + value: config.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:52.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: http_path + value: db.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:52.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: http_path + value: admin/index.php + - key: http_status + value: "403" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:52.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:53.52Z" + - key: http_path + value: test.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:53.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:53.52Z" + - key: http_path + value: backup.db + - key: http_status + value: "403" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:53.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:53.52Z" + - key: http_path + value: backup.db.tgz + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:53.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:53.52Z" + - key: http_path + value: backup.db.zip + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:53.363532653+01:00" + eventscount: 11 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-probing + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" diff --git a/scenarios/crowdsecurity/.tests/http-probing/config.yaml b/scenarios/crowdsecurity/.tests/http-probing/config.yaml new file mode 100644 index 0000000..5bc3f65 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-probing/config.yaml @@ -0,0 +1,8 @@ +bucket_input: bucket_input.yaml #unused in our example +bucket_results: bucket_results.yaml #unused in our example + +#configuration +index: "./config/hub/.index.json" +configurations: + scenarios: + - crowdsecurity/http-probing diff --git a/scenarios/crowdsecurity/.tests/http-probing/po_input.yaml b/scenarios/crowdsecurity/.tests/http-probing/po_input.yaml new file mode 100644 index 0000000..130a93f --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-probing/po_input.yaml @@ -0,0 +1,338 @@ +- Type: 1 + Alert: + MapKey: 2c836db1e2dbcfd4bb280f49ea2b4e7610dfc426 + Reprocess: true + Sources: + 8.8.8.8: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + Alert: + capacity: 10 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: http_path + value: admin.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: http_path + value: .git + - key: http_status + value: "403" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:51.52Z" + - key: http_path + value: .htaccess + - key: http_status + value: "403" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:51.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: http_path + value: 099.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:52.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: http_path + value: config.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:52.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: http_path + value: db.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:52.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: http_path + value: admin/index.php + - key: http_status + value: "403" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:52.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:53.52Z" + - key: http_path + value: test.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:53.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:53.52Z" + - key: http_path + value: backup.db + - key: http_status + value: "403" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:53.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:53.52Z" + - key: http_path + value: backup.db.tgz + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:53.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:53.52Z" + - key: http_path + value: backup.db.zip + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:53.363532653+01:00" + eventscount: 11 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-probing + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 10 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: http_path + value: admin.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: http_path + value: .git + - key: http_status + value: "403" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:51.52Z" + - key: http_path + value: .htaccess + - key: http_status + value: "403" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:51.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: http_path + value: 099.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:52.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: http_path + value: config.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:52.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: http_path + value: db.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:52.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:52.52Z" + - key: http_path + value: admin/index.php + - key: http_status + value: "403" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:52.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:53.52Z" + - key: http_path + value: test.php + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:53.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:53.52Z" + - key: http_path + value: backup.db + - key: http_status + value: "403" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:53.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:53.52Z" + - key: http_path + value: backup.db.tgz + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:53.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:53.52Z" + - key: http_path + value: backup.db.zip + - key: http_status + value: "404" + - key: service + value: http + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:53.363532653+01:00" + eventscount: 11 + id: 0 + labels: [] + leakspeed: 10s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-probing + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" diff --git a/scenarios/crowdsecurity/.tests/http-sensitive-files/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-sensitive-files/bucket_input.yaml new file mode 100644 index 0000000..6f9b1ae --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-sensitive-files/bucket_input.yaml @@ -0,0 +1,102 @@ +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + request: /foobar.sql +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + request: /foobar.sql.gz +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + request: /foobar.sql.tar +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + request: /foobar.sql.bzip2 +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + request: /foobar.sql.zip +#this one won't +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + request: /foobar.sql.zip +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + request: /foobar.sql.zip +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + request: /foobar.sql.zip +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + request: /foobar.sql.zip +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + request: /foobar.sql.zip + diff --git a/scenarios/crowdsecurity/.tests/http-sensitive-files/bucket_results.yaml b/scenarios/crowdsecurity/.tests/http-sensitive-files/bucket_results.yaml new file mode 100644 index 0000000..f34942f --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-sensitive-files/bucket_results.yaml @@ -0,0 +1,153 @@ +- Type: 1 + Alert: + MapKey: 8ab0744e663ec6c704e1a79c881f23c68975aa3e + Sources: + 8.8.8.8: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + Alert: + capacity: 4 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + eventscount: 5 + id: 0 + labels: [] + leakspeed: 5s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-sensitive-files + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 4 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + eventscount: 5 + id: 0 + labels: [] + leakspeed: 5s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-sensitive-files + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" diff --git a/scenarios/crowdsecurity/.tests/http-sensitive-files/config.yaml b/scenarios/crowdsecurity/.tests/http-sensitive-files/config.yaml new file mode 100644 index 0000000..ff72a7c --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-sensitive-files/config.yaml @@ -0,0 +1,8 @@ +bucket_input: bucket_input.yaml +bucket_results: bucket_results.yaml + +#configuration +index: "./config/hub/.index.json" +configurations: + scenarios: + - crowdsecurity/http-sensitive-files diff --git a/scenarios/crowdsecurity/.tests/http-sqli-probing/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-sqli-probing/bucket_input.yaml new file mode 100644 index 0000000..798c70d --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-sqli-probing/bucket_input.yaml @@ -0,0 +1,222 @@ +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%281)" +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%282)" +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%283)" +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%284)" +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%285)" +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%286)" +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%287)" +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%288)" +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%289)" +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%2810)" +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%2811)" +#this one won't (non distinct) +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%2811)" +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%2811)" +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%2811)" +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%2811)" +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%2811)" +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%2811)" +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%2811)" +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%2811)" +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%2811)" +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%2811)" +- Meta: + source_ip: 1.1.1.1 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "foobar=SLEEP%2811)" + diff --git a/scenarios/crowdsecurity/.tests/http-sqli-probing/bucket_results.yaml b/scenarios/crowdsecurity/.tests/http-sqli-probing/bucket_results.yaml new file mode 100644 index 0000000..225365d --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-sqli-probing/bucket_results.yaml @@ -0,0 +1,249 @@ +- Type: 1 + Alert: + MapKey: 15f3bf22c6e11686b7d9e1fd0bc18a02e629dd27 + Sources: + 8.8.8.8: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + Alert: + capacity: 10 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + eventscount: 11 + id: 0 + labels: [] + leakspeed: 1s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-sqli-probbing-detection + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + APIAlerts: + - capacity: 10 + createdat: "" + decisions: [] + events: + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + - meta: + - key: MarshaledTime + value: "2020-12-09T07:20:50.52Z" + - key: log_type + value: http_access-log + - key: source_ip + value: 8.8.8.8 + timestamp: "2020-12-09T07:20:50.363532653+01:00" + eventscount: 11 + id: 0 + labels: [] + leakspeed: 1s + machineid: "" + message: "" + meta: [] + remediation: true + scenario: crowdsecurity/http-sqli-probbing-detection + scenariohash: "" + scenarioversion: "" + simulated: false + source: + asname: "" + asnumber: "" + cn: "" + ip: 8.8.8.8 + latitude: 0 + longitude: 0 + range: "" + scope: Ip + value: 8.8.8.8 + startat: "0001-01-01T00:00:00Z" + stopat: "0001-01-01T00:00:00Z" + MarshaledTime: "0001-01-01T00:00:00Z" diff --git a/scenarios/crowdsecurity/.tests/http-sqli-probing/config.yaml b/scenarios/crowdsecurity/.tests/http-sqli-probing/config.yaml new file mode 100644 index 0000000..52d0051 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-sqli-probing/config.yaml @@ -0,0 +1,7 @@ +bucket_input: bucket_input.yaml +bucket_results: bucket_results.yaml +#configuration +index: "./config/hub/.index.json" +configurations: + scenarios: + - crowdsecurity/http-sqli-probing diff --git a/scenarios/crowdsecurity/.tests/http-xss-probing/bucket_input.yaml b/scenarios/crowdsecurity/.tests/http-xss-probing/bucket_input.yaml new file mode 100644 index 0000000..3973177 --- /dev/null +++ b/scenarios/crowdsecurity/.tests/http-xss-probing/bucket_input.yaml @@ -0,0 +1,128 @@ +- Meta: + source_ip: 8.8.8.8 + log_type: http_access-log + MarshaledTime: 2020-12-09T07:20:50.52Z + Time: 2020-12-09T07:20:50.363532653+01:00 + Parsed: + static_ressource: false + file_name: test.php + target_fqdn: www.test.com + http_args: "