-
Notifications
You must be signed in to change notification settings - Fork 0
/
pdns.grok
20 lines (14 loc) · 2.1 KB
/
pdns.grok
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
PDNS_SERVER_PATTERN %{GREEDYDATA:pdns_message}
POWERADMIN_SUCCESSFUL_LOGIN %{WORD:pdns_content} %{WORD:pdns_action} attempt from \[%{IP:pdns_client_ip}\] for user '%{USERNAME:pdns_user}'
POWERADMIN_FAILED_LOGIN %{WORD:pdns_content} %{WORD:pdns_action} attempt from \[%{IP:pdns_client_ip}\](?: with user '%{USERNAME:pdns_user}'|)
POWERADMIN_LOGIN %{POWERADMIN_SUCCESSFUL_LOGIN}|%{POWERADMIN_FAILED_LOGIN}
SRV_RECORD (_[a-z0-9]+.){0,2}%{IPORHOST}
PDNS_RECORD (?:%{IPORHOST}|[.]%{IPORHOST}|%{SRV_RECORD})
POWERADMIN_ADD_ZONE client_ip:%{IP:pdns_client_ip} user:%{USERNAME:pdns_user} operation:%{WORD:pdns_action} zone:%{IPORHOST:pdns_zone} zone_type:%{WORD:pdns_zone_type} zone_template:%{WORD:pdns_zone_template}
POWERADMIN_DELETE_ZONE client_ip:%{IP:pdns_client_ip} user:%{USERNAME:pdns_user} operation:%{WORD:pdns_action} zone:%{IPORHOST:pdns_zone} zone_type:%{WORD:pdns_zone_type}
POWERADMIN_ADD_RECORD client_ip:%{IP:pdns_client_ip} user:%{USERNAME:pdns_user} operation:%{WORD:pdns_action} record_type:%{WORD:pdns_record_type} record:%{PDNS_RECORD:pdns_record} content:%{GREEDYDATA:pdns_content} ttl:%{INT:pdns_ttl} priority:%{INT:pdns_priority}
POWERADMIN_EDIT_RECORD client_ip:%{IP:pdns_client_ip} user:%{USERNAME:pdns_user} operation:%{WORD:pdns_action} old_record_type:%{WORD:pdns_old_record_type} old_record:%{PDNS_RECORD:pdns_old_record} old_content:%{GREEDYDATA:pdns_old_content} old_ttl:%{INT:pdns_old_ttl} old_priority:%{INT:pdns_old_priority} record_type:%{WORD:pdns_record_type} record:%{PDNS_RECORD:pdns_record} content:%{GREEDYDATA:pdns_content} ttl:%{INT:pdns_ttl} priority:%{INT:pdns_priority}
POWERADMIN_DELETE_RECORD client_ip:%{IP:pdns_client_ip} user:%{USERNAME:pdns_user} operation:%{WORD:pdns_action} record_type:%{WORD:pdns_record_type} record:%{PDNS_RECORD:pdns_record} content:%{GREEDYDATA:pdns_content} ttl:%{INT:pdns_ttl} priority:%{INT:pdns_priority}
POWERADMIN_ACTION %{POWERADMIN_ADD_ZONE}|%{POWERADMIN_DELETE_ZONE}|%{POWERADMIN_ADD_RECORD}|%{POWERADMIN_DELETE_RECORD}|%{POWERADMIN_EDIT_RECORD}
POWERADMIN_PATTERN %{POWERADMIN_LOGIN}|%{POWERADMIN_ACTION}
PDNS_PATTERN %{POWERADMIN_PATTERN}|%{PDNS_SERVER_PATTERN}