|
@@ -3,6 +3,12 @@
|
|
|
!!! info
|
|
!!! info
|
|
|
Please ensure that you have working env or setup test environment before writing your parser.
|
|
Please ensure that you have working env or setup test environment before writing your parser.
|
|
|
|
|
|
|
|
|
|
+!!! warning "Parser dependency"
|
|
|
|
|
+
|
|
|
|
|
+The crowdsecurity/syslog-logs parsers is needed by the core parsing
|
|
|
|
|
+engine. Deletion or modification of this could result of {{crowdsec.name}}
|
|
|
|
|
+being unable to parse logs, so this should be done very carefully.
|
|
|
|
|
+
|
|
|
> In the current example, we'll write a parser for the logs produced by `iptables` (netfilter) with the `-j LOG` target.
|
|
> In the current example, we'll write a parser for the logs produced by `iptables` (netfilter) with the `-j LOG` target.
|
|
|
> This document aims at detailing the process of writing and testing new parsers.
|
|
> This document aims at detailing the process of writing and testing new parsers.
|
|
|
|
|
|
|
@@ -410,4 +416,4 @@ statics:
|
|
|
- meta: http_path
|
|
- meta: http_path
|
|
|
expression: "evt.Parsed.request"
|
|
expression: "evt.Parsed.request"
|
|
|
```
|
|
```
|
|
|
-</details> -->
|
|
|
|
|
|
|
+</details> -->
|
FaricaUnknown