diff --git a/.tests/traefik_json/parser.assert b/.tests/traefik_json/parser.assert index d22f486d40f..df1647fa0ca 100644 --- a/.tests/traefik_json/parser.assert +++ b/.tests/traefik_json/parser.assert @@ -1,5 +1,5 @@ len(results) == 4 -len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 6 +len(results["s00-raw"]["crowdsecurity/non-syslog"]) == 7 results["s00-raw"]["crowdsecurity/non-syslog"][0].Success == true results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["message"] == "{\"ClientAddr\":\"172.17.0.1:39496\",\"ClientHost\":\"172.17.0.1\",\"ClientPort\":\"39496\",\"ClientUsername\":\"-\",\"DownstreamContentSize\":357,\"DownstreamStatus\":200,\"Duration\":357313,\"OriginContentSize\":357,\"OriginDuration\":324669,\"OriginStatus\":200,\"Overhead\":32644,\"RequestAddr\":\"test.docker.localhost\",\"RequestContentSize\":0,\"RequestCount\":190,\"RequestHost\":\"test.docker.localhost\",\"RequestMethod\":\"GET\",\"RequestPath\":\"/594VAEoi.save\",\"RequestPort\":\"-\",\"RequestProtocol\":\"HTTP/1.1\",\"RequestScheme\":\"http\",\"RetryAttempts\":0,\"RouterName\":\"test@docker\",\"ServiceAddr\":\"172.17.0.3:80\",\"ServiceName\":\"test@docker\",\"ServiceURL\":{\"Scheme\":\"http\",\"Opaque\":\"\",\"User\":null,\"Host\":\"172.17.0.3:80\",\"Path\":\"\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\",\"RawFragment\":\"\"},\"StartLocal\":\"2021-12-08T14:02:43.587782192Z\",\"StartUTC\":\"2021-12-08T14:02:43.587782192Z\",\"downstream_Content-Length\":\"357\",\"downstream_Content-Type\":\"text/plain; charset=utf-8\",\"downstream_Date\":\"Wed, 08 Dec 2021 14:02:43 GMT\",\"entryPointName\":\"http\",\"level\":\"info\",\"msg\":\"\",\"origin_Content-Length\":\"357\",\"origin_Content-Type\":\"text/plain; charset=utf-8\",\"origin_Date\":\"Wed, 08 Dec 2021 14:02:43 GMT\",\"request_Connection\":\"Keep-Alive\",\"request_User-Agent\":\"Nikto\",\"request_X-Forwarded-Host\":\"test.docker.localhost\",\"request_X-Forwarded-Port\":\"80\",\"request_X-Forwarded-Proto\":\"http\",\"request_X-Forwarded-Server\":\"8f4adf27f2ad\",\"request_X-Real-Ip\":\"172.17.0.1\",\"time\":\"2021-12-08T14:02:43Z\"}" results["s00-raw"]["crowdsecurity/non-syslog"][0].Evt.Parsed["program"] == "traefik" @@ -36,14 +36,21 @@ results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Parsed["program"] == "trae basename(results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_path"]) == "traefik_json.log" results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Meta["datasource_type"] == "file" results["s00-raw"]["crowdsecurity/non-syslog"][5].Evt.Whitelisted == false -len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 6 +results["s00-raw"]["crowdsecurity/non-syslog"][6].Success == true +results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Parsed["message"] == "{\"ClientAddr\":\"172.71.122.85:11029\",\"ClientHost\":\"192.168.1.100,10.0.0.50\",\"ClientPort\":\"11029\",\"ClientUsername\":\"-\",\"DownstreamContentSize\":0,\"DownstreamStatus\":204,\"Duration\":2337877,\"OriginContentSize\":0,\"OriginDuration\":823492,\"OriginStatus\":0,\"Overhead\":1514385,\"RequestAddr\":\"example.com\",\"RequestContentSize\":0,\"RequestCount\":2818,\"RequestHost\":\"example.com\",\"RequestMethod\":\"OPTIONS\",\"RequestPath\":\"/_matrix/client/v3/sync\",\"RequestPort\":\"-\",\"RequestProtocol\":\"HTTP/2.0\",\"RequestScheme\":\"https\",\"RetryAttempts\":0,\"RouterName\":\"matrix-synapse-public-client-api@docker\",\"ServiceAddr\":\"172.16.16.25:8008\",\"ServiceName\":\"matrix-synapse-client-api@docker\",\"ServiceURL\":\"http://172.16.16.25:8008\",\"StartLocal\":\"2025-11-28T09:21:55.645779561Z\",\"StartUTC\":\"2025-11-28T09:21:55.645779561Z\",\"TLSCipher\":\"TLS_AES_128_GCM_SHA256\",\"TLSVersion\":\"1.3\",\"entryPointName\":\"web-secure\",\"level\":\"info\",\"msg\":\"\",\"time\":\"2025-11-28T09:21:55Z\"}" +results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Parsed["program"] == "traefik" +basename(results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Meta["datasource_path"]) == "traefik_json.log" +results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Meta["datasource_type"] == "file" +results["s00-raw"]["crowdsecurity/non-syslog"][6].Evt.Whitelisted == false +len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 7 results["s00-raw"]["crowdsecurity/syslog-logs"][0].Success == false results["s00-raw"]["crowdsecurity/syslog-logs"][1].Success == false results["s00-raw"]["crowdsecurity/syslog-logs"][2].Success == false results["s00-raw"]["crowdsecurity/syslog-logs"][3].Success == false results["s00-raw"]["crowdsecurity/syslog-logs"][4].Success == false results["s00-raw"]["crowdsecurity/syslog-logs"][5].Success == false -len(results["s01-parse"]["crowdsecurity/traefik-logs"]) == 6 +results["s00-raw"]["crowdsecurity/syslog-logs"][6].Success == false +len(results["s01-parse"]["crowdsecurity/traefik-logs"]) == 7 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Success == true results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Parsed["body_bytes_sent"] == "357" results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Parsed["dest_addr"] == "172.17.0.1" @@ -72,58 +79,58 @@ results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Meta["service"] == "ht results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Meta["source_ip"] == "172.17.0.1" results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Meta["target_fqdn"] == "test.docker.localhost" results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Meta["traefik_router_name"] == "test@docker" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.587782192Z" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.587782192Z" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == "" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == "" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == "" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == "" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == "" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == "" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["msg"] == "" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["OriginDuration"] == 324669 +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["entryPointName"] == "http" results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive" results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z" results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 357 -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "357" results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200 -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.587782192Z" results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["entryPointName"] == "http" results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["OriginDuration"] == 324669 -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80" results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "357" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestCount"] == 190 +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.587782192Z" results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["Overhead"] == 32644 +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1" results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 357 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["Duration"] == 357313 -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["Overhead"] == 32644 -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestCount"] == 190 results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.save" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT" results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["level"] == "info" -results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["msg"] == "" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "357" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == "" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == "" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == "" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == "" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == "" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == "" +results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "357" results["s01-parse"]["crowdsecurity/traefik-logs"][0].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/traefik-logs"][1].Success == true results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Parsed["body_bytes_sent"] == "358" @@ -153,58 +160,58 @@ results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Meta["service"] == "ht results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Meta["source_ip"] == "172.17.0.1" results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Meta["target_fqdn"] == "test.docker.localhost" results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Meta["traefik_router_name"] == "test@docker" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["Duration"] == 564849 -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 358 -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["Overhead"] == 25232 -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["OriginDuration"] == 539617 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["level"] == "info" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "358" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestCount"] == 191 -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 358 -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["entryPointName"] == "http" results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "358" results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.589545005Z" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["OriginDuration"] == 539617 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200 +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.589545005Z" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["msg"] == "" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "358" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker" results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT" results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive" results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["Overhead"] == 25232 +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.local" results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.589545005Z" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["msg"] == "" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == "" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 358 +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["Duration"] == 564849 +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestCount"] == 191 +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == "" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == "" results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == "" results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == "" results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == "" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == "" results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == "" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == "" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http" results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.local" -results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "358" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 358 +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["entryPointName"] == "http" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1" +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 +results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 results["s01-parse"]["crowdsecurity/traefik-logs"][1].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/traefik-logs"][2].Success == true results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Parsed["body_bytes_sent"] == "364" @@ -237,37 +244,37 @@ results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Meta["traefik_router_n results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Meta["traefik_router_name_intermediate"] == "intermediate1@file -> intermediate2@file" results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Meta["traefik_router_name_leaf"] == "leaf@file" results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Meta["traefik_router_name_root"] == "root@file" -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:19:15.980170592Z" -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29366" -FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["Duration"], 2001375.000000) -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364 results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestCount"] == 1 +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:19:15.980170592Z" +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:19:15.980170592Z" results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:19:15Z" results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestAddr"] == "whoami.localhost" -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestHost"] == "whoami.localhost" +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestPath"] == "/" +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RouterName"] == "root@file -> intermediate1@file -> intermediate2@file -> leaf@file" +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["msg"] == "" +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29366" +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientPort"] == "29366" +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://whoami:80" +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1" +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["Overhead"] == 66084 +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364 -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestPath"] == "/" +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "whoami:80" +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["entryPointName"] == "web" results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["level"] == "info" results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200 -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["Overhead"] == 66084 -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientPort"] == "29366" -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:19:15.980170592Z" -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["entryPointName"] == "web" -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1" -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364 +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 +FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["Duration"], 2001375.000000) FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["OriginDuration"], 1935291.000000) -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" +results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestHost"] == "whoami.localhost" results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ServiceName"] == "whoami@file" -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://whoami:80" -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["msg"] == "" -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" -results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "whoami:80" results["s01-parse"]["crowdsecurity/traefik-logs"][2].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/traefik-logs"][3].Success == true results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Parsed["body_bytes_sent"] == "364" @@ -298,37 +305,37 @@ results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Meta["target_fqdn"] == results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Meta["traefik_router_name"] == "parent@file -> child@file" results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Meta["traefik_router_name_leaf"] == "child@file" results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Meta["traefik_router_name_root"] == "parent@file" -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestMethod"] == "POST" -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestPath"] == "/api/data" -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:20:00.000000000Z" -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["entryPointName"] == "web" -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1" -FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["Duration"], 1500000.000000) -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://api:8080" -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29367" -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["msg"] == "" -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:20:00Z" -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200 -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestHost"] == "api.localhost" -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RouterName"] == "parent@file -> child@file" +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "api:8080" results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ServiceName"] == "api@file" -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:20:00.000000000Z" +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://api:8080" +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29367" results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364 +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestAddr"] == "api.localhost" -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestCount"] == 2 +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200 +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestPath"] == "/api/data" results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientPort"] == "29367" -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1" FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["OriginDuration"], 1450000.000000) +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestHost"] == "api.localhost" +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:20:00.000000000Z" +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["msg"] == "" +FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["Duration"], 1500000.000000) +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RouterName"] == "parent@file -> child@file" results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["level"] == "info" +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestCount"] == 2 +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ClientPort"] == "29367" results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["Overhead"] == 50000 -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "api:8080" -results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:20:00.000000000Z" +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["entryPointName"] == "web" +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:20:00Z" +results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Unmarshaled["traefik"]["RequestMethod"] == "POST" results["s01-parse"]["crowdsecurity/traefik-logs"][3].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/traefik-logs"][4].Success == true results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Parsed["body_bytes_sent"] == "19" @@ -352,39 +359,99 @@ results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["log_type"] == "h results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["service"] == "http" results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["source_ip"] == "192.168.1.115" results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Meta["target_fqdn"] == "admin.mydomain.com" -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/2.0" -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["TLSCipher"] == "TLS_AES_128_GCM_SHA256" -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.1.115:56446" -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 404 -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["Overhead"] == 10158 -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["entryPointName"] == "https" -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["OriginDuration"] == 0 -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestAddr"] == "admin.mydomain.com" -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-14T10:45:33.759014877+01:00" results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 19 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["GzipRatio"] == 0 -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestPath"] == "/" -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestScheme"] == "https" +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestHost"] == "admin.mydomain.com" +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["TLSVersion"] == "1.3" +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestAddr"] == "admin.mydomain.com" +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestScheme"] == "https" results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["time"] == "2026-01-14T10:45:33+01:00" -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.1.115" -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["Duration"] == 10158 -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["OriginStatus"] == 0 -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestHost"] == "admin.mydomain.com" -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["msg"] == "" -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientPort"] == "56446" -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestCount"] == 3100 +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/2.0" results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["level"] == "info" +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientPort"] == "56446" +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["Duration"] == 10158 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 0 -results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestCount"] == 3100 results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-14T09:45:33.759014877Z" +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["entryPointName"] == "https" +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["OriginStatus"] == 0 +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.1.115:56446" +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 404 +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["OriginDuration"] == 0 +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestPath"] == "/" +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.1.115" +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["Overhead"] == 10158 +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["TLSCipher"] == "TLS_AES_128_GCM_SHA256" +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-14T10:45:33.759014877+01:00" +results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Unmarshaled["traefik"]["msg"] == "" results["s01-parse"]["crowdsecurity/traefik-logs"][4].Evt.Whitelisted == false results["s01-parse"]["crowdsecurity/traefik-logs"][5].Success == false -len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 5 +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Success == true +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Parsed["body_bytes_sent"] == "0" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Parsed["dest_addr"] == "172.71.122.85" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Parsed["http_version"] == "2.0" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Parsed["message"] == "{\"ClientAddr\":\"172.71.122.85:11029\",\"ClientHost\":\"192.168.1.100,10.0.0.50\",\"ClientPort\":\"11029\",\"ClientUsername\":\"-\",\"DownstreamContentSize\":0,\"DownstreamStatus\":204,\"Duration\":2337877,\"OriginContentSize\":0,\"OriginDuration\":823492,\"OriginStatus\":0,\"Overhead\":1514385,\"RequestAddr\":\"example.com\",\"RequestContentSize\":0,\"RequestCount\":2818,\"RequestHost\":\"example.com\",\"RequestMethod\":\"OPTIONS\",\"RequestPath\":\"/_matrix/client/v3/sync\",\"RequestPort\":\"-\",\"RequestProtocol\":\"HTTP/2.0\",\"RequestScheme\":\"https\",\"RetryAttempts\":0,\"RouterName\":\"matrix-synapse-public-client-api@docker\",\"ServiceAddr\":\"172.16.16.25:8008\",\"ServiceName\":\"matrix-synapse-client-api@docker\",\"ServiceURL\":\"http://172.16.16.25:8008\",\"StartLocal\":\"2025-11-28T09:21:55.645779561Z\",\"StartUTC\":\"2025-11-28T09:21:55.645779561Z\",\"TLSCipher\":\"TLS_AES_128_GCM_SHA256\",\"TLSVersion\":\"1.3\",\"entryPointName\":\"web-secure\",\"level\":\"info\",\"msg\":\"\",\"time\":\"2025-11-28T09:21:55Z\"}" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Parsed["program"] == "traefik" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Parsed["remote_addr"] == "10.0.0.50" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Parsed["request"] == "/_matrix/client/v3/sync" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Parsed["request_addr"] == "example.com" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Parsed["request_duration_in_ms"] == "2337877" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Parsed["service_addr"] == "172.16.16.25" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Parsed["status"] == "204" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Parsed["time_local"] == "2025-11-28T09:21:55Z" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Parsed["traefik_router_name"] == "matrix-synapse-public-client-api@docker" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Parsed["traefik_router_name_root"] == "matrix-synapse-public-client-api@docker" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Parsed["verb"] == "OPTIONS" +basename(results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Meta["datasource_path"]) == "traefik_json.log" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Meta["datasource_type"] == "file" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Meta["http_path"] == "/_matrix/client/v3/sync" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Meta["http_status"] == "204" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Meta["http_verb"] == "OPTIONS" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Meta["log_type"] == "http_access-log" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Meta["service"] == "http" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Meta["source_ip"] == "10.0.0.50" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Meta["target_fqdn"] == "example.com" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Meta["traefik_router_name"] == "matrix-synapse-public-client-api@docker" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["RequestMethod"] == "OPTIONS" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["RequestCount"] == 2818 +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/2.0" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["TLSCipher"] == "TLS_AES_128_GCM_SHA256" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.16.16.25:8008" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.71.122.85:11029" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["RequestAddr"] == "example.com" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["RequestHost"] == "example.com" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["RequestPath"] == "/_matrix/client/v3/sync" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["msg"] == "" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 0 +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 204 +FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["Overhead"], 1514385.000000) +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["TLSVersion"] == "1.3" +FloatApproxEqual(results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["Duration"], 2337877.000000) +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://172.16.16.25:8008" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["StartLocal"] == "2025-11-28T09:21:55.645779561Z" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["level"] == "info" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["OriginDuration"] == 823492 +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["ServiceName"] == "matrix-synapse-client-api@docker" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["time"] == "2025-11-28T09:21:55Z" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["StartUTC"] == "2025-11-28T09:21:55.645779561Z" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["ClientPort"] == "11029" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 0 +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["RequestScheme"] == "https" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["entryPointName"] == "web-secure" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.1.100,10.0.0.50" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["OriginStatus"] == 0 +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Unmarshaled["traefik"]["RouterName"] == "matrix-synapse-public-client-api@docker" +results["s01-parse"]["crowdsecurity/traefik-logs"][6].Evt.Whitelisted == false +len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 6 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["body_bytes_sent"] == "357" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["dest_addr"] == "172.17.0.1" @@ -415,58 +482,58 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["target_fqdn results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2021-12-08T14:02:43Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["traefik_router_name"] == "test@docker" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2021-12-08T14:02:43Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["Duration"] == 357313 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["OriginDuration"] == 324669 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.save" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "357" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 357 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestCount"] == 190 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["entryPointName"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["OriginDuration"] == 324669 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["level"] == "info" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.587782192Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["Overhead"] == 32644 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == "" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == "" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == "" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == "" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == "" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == "" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == "" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == "" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.save" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "357" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.587782192Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["msg"] == "" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 357 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 357 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == "" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestCount"] == 190 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["Overhead"] == 32644 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.587782192Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["msg"] == "" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "357" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.587782192Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["Duration"] == 357313 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["entryPointName"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 357 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["body_bytes_sent"] == "358" @@ -498,58 +565,58 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["target_fqdn results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2021-12-08T14:02:43Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["traefik_router_name"] == "test@docker" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2021-12-08T14:02:43Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["level"] == "info" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "358" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.589545005Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestCount"] == 191 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "358" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 358 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.local" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.589545005Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["Duration"] == 564849 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["Overhead"] == 25232 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["OriginDuration"] == 539617 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.589545005Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["entryPointName"] == "http" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["msg"] == "" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["Duration"] == 564849 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["Overhead"] == 25232 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 358 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "358" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["level"] == "info" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["msg"] == "" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 358 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == "" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestCount"] == 191 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == "" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == "" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == "" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == "" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == "" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == "" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == "" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == "" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "358" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.589545005Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["body_bytes_sent"] == "364" @@ -584,37 +651,37 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["traefik_rou results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["traefik_router_name_leaf"] == "leaf@file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["traefik_router_name_root"] == "root@file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"] == "2026-01-08T14:19:15Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestPath"] == "/" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ServiceName"] == "whoami@file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://whoami:80" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["msg"] == "" +FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["OriginDuration"], 1935291.000000) +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RouterName"] == "root@file -> intermediate1@file -> intermediate2@file -> leaf@file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["level"] == "info" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["Duration"], 2001375.000000) results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestAddr"] == "whoami.localhost" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestHost"] == "whoami.localhost" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["entryPointName"] == "web" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29366" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["Overhead"] == 66084 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RouterName"] == "root@file -> intermediate1@file -> intermediate2@file -> leaf@file" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["msg"] == "" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:19:15Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29366" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestAddr"] == "whoami.localhost" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ServiceName"] == "whoami@file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:19:15.980170592Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://whoami:80" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:19:15.980170592Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "whoami:80" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["entryPointName"] == "web" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestCount"] == 1 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientPort"] == "29366" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 -FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["OriginDuration"], 1935291.000000) results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestHost"] == "whoami.localhost" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:19:15.980170592Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestCount"] == 1 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "whoami:80" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:19:15Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Unmarshaled["traefik"]["RequestPath"] == "/" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["body_bytes_sent"] == "364" @@ -647,37 +714,37 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["traefik_rou results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["traefik_router_name_leaf"] == "child@file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["traefik_router_name_root"] == "parent@file" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Enriched["MarshaledTime"] == "2026-01-08T14:20:00Z" -FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["OriginDuration"], 1450000.000000) -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "api:8080" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["Overhead"] == 50000 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364 +FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["Duration"], 1500000.000000) results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestMethod"] == "POST" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["msg"] == "" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ServiceName"] == "api@file" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://api:8080" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29367" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RouterName"] == "parent@file -> child@file" -FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["Duration"], 1500000.000000) -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestAddr"] == "api.localhost" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:20:00.000000000Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["level"] == "info" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:20:00.000000000Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientPort"] == "29367" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RouterName"] == "parent@file -> child@file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://api:8080" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29367" +FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["OriginDuration"], 1450000.000000) +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "api:8080" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ServiceName"] == "api@file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:20:00.000000000Z" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestCount"] == 2 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestPath"] == "/api/data" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestHost"] == "api.localhost" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestPath"] == "/api/data" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["entryPointName"] == "web" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["level"] == "info" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["msg"] == "" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:20:00Z" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["ClientPort"] == "29367" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["Overhead"] == 50000 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestAddr"] == "api.localhost" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Unmarshaled["traefik"]["RequestHost"] == "api.localhost" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Success == true results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["body_bytes_sent"] == "19" @@ -703,38 +770,100 @@ results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["source_ip"] results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["target_fqdn"] == "admin.mydomain.com" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["timestamp"] == "2026-01-14T10:45:33+01:00" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Enriched["MarshaledTime"] == "2026-01-14T10:45:33+01:00" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["OriginStatus"] == 0 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["Overhead"] == 10158 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestCount"] == 3100 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["time"] == "2026-01-14T10:45:33+01:00" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 404 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["Duration"] == 10158 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 0 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestCount"] == 3100 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/2.0" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-14T10:45:33.759014877+01:00" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-14T09:45:33.759014877Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["TLSVersion"] == "1.3" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.1.115:56446" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["OriginDuration"] == 0 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 19 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.1.115" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestPath"] == "/" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["time"] == "2026-01-14T10:45:33+01:00" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestScheme"] == "https" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["TLSCipher"] == "TLS_AES_128_GCM_SHA256" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["level"] == "info" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["GzipRatio"] == 0 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 19 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["Duration"] == 10158 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestHost"] == "admin.mydomain.com" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["msg"] == "" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["ClientPort"] == "56446" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestAddr"] == "admin.mydomain.com" -results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestScheme"] == "https" results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["entryPointName"] == "https" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.1.115:56446" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.1.115" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestAddr"] == "admin.mydomain.com" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/2.0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["ClientPort"] == "56446" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["OriginDuration"] == 0 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-14T10:45:33.759014877+01:00" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["level"] == "info" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["msg"] == "" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-14T09:45:33.759014877Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["Overhead"] == 10158 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["GzipRatio"] == 0 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Unmarshaled["traefik"]["OriginStatus"] == 0 results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Whitelisted == false -len(results["s02-enrich"]["crowdsecurity/http-logs"]) == 5 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Success == true +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["body_bytes_sent"] == "0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["dest_addr"] == "172.71.122.85" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["message"] == "{\"ClientAddr\":\"172.71.122.85:11029\",\"ClientHost\":\"192.168.1.100,10.0.0.50\",\"ClientPort\":\"11029\",\"ClientUsername\":\"-\",\"DownstreamContentSize\":0,\"DownstreamStatus\":204,\"Duration\":2337877,\"OriginContentSize\":0,\"OriginDuration\":823492,\"OriginStatus\":0,\"Overhead\":1514385,\"RequestAddr\":\"example.com\",\"RequestContentSize\":0,\"RequestCount\":2818,\"RequestHost\":\"example.com\",\"RequestMethod\":\"OPTIONS\",\"RequestPath\":\"/_matrix/client/v3/sync\",\"RequestPort\":\"-\",\"RequestProtocol\":\"HTTP/2.0\",\"RequestScheme\":\"https\",\"RetryAttempts\":0,\"RouterName\":\"matrix-synapse-public-client-api@docker\",\"ServiceAddr\":\"172.16.16.25:8008\",\"ServiceName\":\"matrix-synapse-client-api@docker\",\"ServiceURL\":\"http://172.16.16.25:8008\",\"StartLocal\":\"2025-11-28T09:21:55.645779561Z\",\"StartUTC\":\"2025-11-28T09:21:55.645779561Z\",\"TLSCipher\":\"TLS_AES_128_GCM_SHA256\",\"TLSVersion\":\"1.3\",\"entryPointName\":\"web-secure\",\"level\":\"info\",\"msg\":\"\",\"time\":\"2025-11-28T09:21:55Z\"}" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["program"] == "traefik" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["remote_addr"] == "10.0.0.50" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["request"] == "/_matrix/client/v3/sync" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["request_addr"] == "example.com" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["request_duration_in_ms"] == "2337877" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["service_addr"] == "172.16.16.25" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["status"] == "204" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["time_local"] == "2025-11-28T09:21:55Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["traefik_router_name"] == "matrix-synapse-public-client-api@docker" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["traefik_router_name_root"] == "matrix-synapse-public-client-api@docker" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["verb"] == "OPTIONS" +basename(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_path"]) == "traefik_json.log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["http_path"] == "/_matrix/client/v3/sync" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["http_status"] == "204" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["http_verb"] == "OPTIONS" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["source_ip"] == "10.0.0.50" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["target_fqdn"] == "example.com" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["timestamp"] == "2025-11-28T09:21:55Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["traefik_router_name"] == "matrix-synapse-public-client-api@docker" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Enriched["MarshaledTime"] == "2025-11-28T09:21:55Z" +FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["Overhead"], 1514385.000000) +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["RequestCount"] == 2818 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["RequestScheme"] == "https" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://172.16.16.25:8008" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 0 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["OriginStatus"] == 0 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["RequestHost"] == "example.com" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.16.16.25:8008" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["TLSVersion"] == "1.3" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 0 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["msg"] == "" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["ClientPort"] == "11029" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["RequestAddr"] == "example.com" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["RequestMethod"] == "OPTIONS" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["StartLocal"] == "2025-11-28T09:21:55.645779561Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["TLSCipher"] == "TLS_AES_128_GCM_SHA256" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["entryPointName"] == "web-secure" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["level"] == "info" +FloatApproxEqual(results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["Duration"], 2337877.000000) +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["OriginDuration"] == 823492 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["RouterName"] == "matrix-synapse-public-client-api@docker" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["ServiceName"] == "matrix-synapse-client-api@docker" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["StartUTC"] == "2025-11-28T09:21:55.645779561Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["time"] == "2025-11-28T09:21:55Z" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.71.122.85:11029" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 204 +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["RequestPath"] == "/_matrix/client/v3/sync" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/2.0" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.1.100,10.0.0.50" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" +results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Whitelisted == false +len(results["s02-enrich"]["crowdsecurity/http-logs"]) == 6 results["s02-enrich"]["crowdsecurity/http-logs"][0].Success == true results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["body_bytes_sent"] == "357" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Parsed["dest_addr"] == "172.17.0.1" @@ -772,58 +901,58 @@ results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["target_fqdn"] == " results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["timestamp"] == "2021-12-08T14:02:43Z" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Meta["traefik_router_name"] == "test@docker" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Enriched["MarshaledTime"] == "2021-12-08T14:02:43Z" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["entryPointName"] == "http" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "357" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestCount"] == 190 -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["level"] == "info" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "357" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["msg"] == "" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["OriginDuration"] == 324669 +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 357 -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["Overhead"] == 32644 -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestCount"] == 190 +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.save" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["entryPointName"] == "http" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["Duration"] == 357313 +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["level"] == "info" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "357" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 357 +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200 -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == "" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == "" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == "" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == "" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == "" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == "" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == "" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == "" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 357 -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["Duration"] == 357313 -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["OriginDuration"] == 324669 +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.587782192Z" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.587782192Z" -results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.587782192Z" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["msg"] == "" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT" +results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "357" results["s02-enrich"]["crowdsecurity/http-logs"][0].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/http-logs"][1].Success == true results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Parsed["body_bytes_sent"] == "358" @@ -862,58 +991,58 @@ results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["target_fqdn"] == " results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["timestamp"] == "2021-12-08T14:02:43Z" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Meta["traefik_router_name"] == "test@docker" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Enriched["MarshaledTime"] == "2021-12-08T14:02:43Z" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["entryPointName"] == "http" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["msg"] == "" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestCount"] == 191 -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["entryPointName"] == "http" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.589545005Z" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_User-Agent"] == "Nikto" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientHost"] == "172.17.0.1" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 358 +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["Duration"] == 564849 +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.local" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.589545005Z" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Proto"] == "http" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["Overhead"] == 25232 +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["level"] == "info" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["msg"] == "" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "358" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["OriginDuration"] == 539617 results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestAddr"] == "test.docker.localhost" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["StartUTC"] == "2021-12-08T14:02:43.589545005Z" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Type"] == "text/plain; charset=utf-8" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["origin_Content-Length"] == "358" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["time"] == "2021-12-08T14:02:43Z" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "358" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["origin_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientPort"] == "39496" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.17.0.3:80" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == "" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 358 +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestCount"] == 191 +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Opaque"] == "" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Path"] == "" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawPath"] == "" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawQuery"] == "" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["ForceQuery"] == false +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Scheme"] == "http" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Fragment"] == "" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["Host"] == "172.17.0.3:80" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["StartLocal"] == "2021-12-08T14:02:43.589545005Z" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Port"] == "80" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceName"] == "test@docker" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["Duration"] == 564849 -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["OriginDuration"] == 539617 -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200 -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["origin_Content-Type"] == "text/plain; charset=utf-8" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 358 -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["Overhead"] == 25232 -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_Connection"] == "Keep-Alive" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ServiceURL"]["RawFragment"] == "" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Host"] == "test.docker.localhost" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 358 -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestPath"] == "/594VAEoi.local" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Real-Ip"] == "172.17.0.1" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.17.0.1:39496" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RequestHost"] == "test.docker.localhost" +results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Content-Length"] == "358" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["downstream_Date"] == "Wed, 08 Dec 2021 14:02:43 GMT" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["level"] == "info" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["request_X-Forwarded-Server"] == "8f4adf27f2ad" -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 -results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Unmarshaled["traefik"]["RouterName"] == "test@docker" results["s02-enrich"]["crowdsecurity/http-logs"][1].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/http-logs"][2].Success == true results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Parsed["body_bytes_sent"] == "364" @@ -952,37 +1081,37 @@ results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["traefik_router_nam results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["traefik_router_name_leaf"] == "leaf@file" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Meta["traefik_router_name_root"] == "root@file" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Enriched["MarshaledTime"] == "2026-01-08T14:19:15Z" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29366" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestCount"] == 1 -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "whoami:80" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ServiceName"] == "whoami@file" -FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["OriginDuration"], 1935291.000000) -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["level"] == "info" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientPort"] == "29366" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:19:15.980170592Z" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["level"] == "info" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:19:15Z" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["Overhead"] == 66084 -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["msg"] == "" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://whoami:80" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364 FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["Duration"], 2001375.000000) -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestHost"] == "whoami.localhost" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestPath"] == "/" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364 +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://whoami:80" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["msg"] == "" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 +FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["OriginDuration"], 1935291.000000) +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["Overhead"] == 66084 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RouterName"] == "root@file -> intermediate1@file -> intermediate2@file -> leaf@file" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["entryPointName"] == "web" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientPort"] == "29366" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:19:15.980170592Z" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestAddr"] == "whoami.localhost" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29366" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364 results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["entryPointName"] == "web" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:19:15.980170592Z" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ServiceName"] == "whoami@file" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" -results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364 +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestHost"] == "whoami.localhost" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["RequestPath"] == "/" +results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "whoami:80" results["s02-enrich"]["crowdsecurity/http-logs"][2].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/http-logs"][3].Success == true results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Parsed["body_bytes_sent"] == "364" @@ -1021,36 +1150,36 @@ results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["traefik_router_nam results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["traefik_router_name_leaf"] == "child@file" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Meta["traefik_router_name_root"] == "parent@file" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Enriched["MarshaledTime"] == "2026-01-08T14:20:00Z" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestPath"] == "/api/data" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["msg"] == "" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["Duration"], 1500000.000000) -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:20:00.000000000Z" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestMethod"] == "POST" +FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["OriginDuration"], 1450000.000000) +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestScheme"] == "http" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RouterName"] == "parent@file -> child@file" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["entryPointName"] == "web" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ServiceName"] == "api@file" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://api:8080" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-08T14:20:00.000000000Z" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["time"] == "2026-01-08T14:20:00Z" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestCount"] == 2 +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364 +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestPath"] == "/api/data" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 200 -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestHost"] == "api.localhost" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 364 -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:20:00.000000000Z" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["entryPointName"] == "web" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ServiceName"] == "api@file" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["level"] == "info" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RouterName"] == "parent@file -> child@file" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "api:8080" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://api:8080" -FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["OriginDuration"], 1450000.000000) -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200 -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestCount"] == 2 -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/1.1" -results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29367" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientPort"] == "29367" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 364 +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["OriginStatus"] == 200 results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["Overhead"] == 50000 +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestMethod"] == "POST" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["msg"] == "" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.65.1:29367" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.65.1" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" +results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-08T14:20:00.000000000Z" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Unmarshaled["traefik"]["RequestAddr"] == "api.localhost" results["s02-enrich"]["crowdsecurity/http-logs"][3].Evt.Whitelisted == false results["s02-enrich"]["crowdsecurity/http-logs"][4].Success == true @@ -1081,35 +1210,103 @@ results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["source_ip"] == "19 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["target_fqdn"] == "admin.mydomain.com" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Meta["timestamp"] == "2026-01-14T10:45:33+01:00" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Enriched["MarshaledTime"] == "2026-01-14T10:45:33+01:00" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestHost"] == "admin.mydomain.com" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-14T10:45:33.759014877+01:00" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.1.115" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 404 -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["OriginStatus"] == 0 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["TLSVersion"] == "1.3" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["msg"] == "" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.1.115:56446" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 19 -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/2.0" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["Overhead"] == 10158 -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestPath"] == "/" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["entryPointName"] == "https" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["time"] == "2026-01-14T10:45:33+01:00" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["level"] == "info" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 0 -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["Overhead"] == 10158 +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["StartLocal"] == "2026-01-14T10:45:33.759014877+01:00" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestScheme"] == "https" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["GzipRatio"] == 0 -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestCount"] == 3100 -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-14T09:45:33.759014877Z" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["msg"] == "" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestHost"] == "admin.mydomain.com" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestMethod"] == "GET" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/2.0" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 19 +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["GzipRatio"] == 0 +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestPath"] == "/" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["level"] == "info" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.1.115" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["Duration"] == 10158 +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["time"] == "2026-01-14T10:45:33+01:00" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["ClientPort"] == "56446" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestAddr"] == "admin.mydomain.com" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 404 +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["OriginDuration"] == 0 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["StartUTC"] == "2026-01-14T09:45:33.759014877Z" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestAddr"] == "admin.mydomain.com" results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["TLSCipher"] == "TLS_AES_128_GCM_SHA256" -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["Duration"] == 10158 -results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["OriginDuration"] == 0 +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["ClientAddr"] == "192.168.1.115:56446" +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["OriginStatus"] == 0 +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 +results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Unmarshaled["traefik"]["RequestCount"] == 3100 results["s02-enrich"]["crowdsecurity/http-logs"][4].Evt.Whitelisted == false +results["s02-enrich"]["crowdsecurity/http-logs"][5].Success == true +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["body_bytes_sent"] == "0" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["dest_addr"] == "172.71.122.85" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["file_dir"] == "/_matrix/client/v3/" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["file_frag"] == "sync" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["file_name"] == "sync" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["http_version"] == "2.0" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["impact_completion"] == "true" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["message"] == "{\"ClientAddr\":\"172.71.122.85:11029\",\"ClientHost\":\"192.168.1.100,10.0.0.50\",\"ClientPort\":\"11029\",\"ClientUsername\":\"-\",\"DownstreamContentSize\":0,\"DownstreamStatus\":204,\"Duration\":2337877,\"OriginContentSize\":0,\"OriginDuration\":823492,\"OriginStatus\":0,\"Overhead\":1514385,\"RequestAddr\":\"example.com\",\"RequestContentSize\":0,\"RequestCount\":2818,\"RequestHost\":\"example.com\",\"RequestMethod\":\"OPTIONS\",\"RequestPath\":\"/_matrix/client/v3/sync\",\"RequestPort\":\"-\",\"RequestProtocol\":\"HTTP/2.0\",\"RequestScheme\":\"https\",\"RetryAttempts\":0,\"RouterName\":\"matrix-synapse-public-client-api@docker\",\"ServiceAddr\":\"172.16.16.25:8008\",\"ServiceName\":\"matrix-synapse-client-api@docker\",\"ServiceURL\":\"http://172.16.16.25:8008\",\"StartLocal\":\"2025-11-28T09:21:55.645779561Z\",\"StartUTC\":\"2025-11-28T09:21:55.645779561Z\",\"TLSCipher\":\"TLS_AES_128_GCM_SHA256\",\"TLSVersion\":\"1.3\",\"entryPointName\":\"web-secure\",\"level\":\"info\",\"msg\":\"\",\"time\":\"2025-11-28T09:21:55Z\"}" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["program"] == "traefik" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["remote_addr"] == "10.0.0.50" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["request"] == "/_matrix/client/v3/sync" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["request_addr"] == "example.com" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["request_duration_in_ms"] == "2337877" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["service_addr"] == "172.16.16.25" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["static_ressource"] == "false" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["status"] == "204" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["time_local"] == "2025-11-28T09:21:55Z" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["traefik_router_name"] == "matrix-synapse-public-client-api@docker" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["traefik_router_name_root"] == "matrix-synapse-public-client-api@docker" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Parsed["verb"] == "OPTIONS" +basename(results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["datasource_path"]) == "traefik_json.log" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["datasource_type"] == "file" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["http_args_len"] == "0" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["http_path"] == "/_matrix/client/v3/sync" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["http_status"] == "204" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["http_verb"] == "OPTIONS" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["log_type"] == "http_access-log" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["service"] == "http" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["source_ip"] == "10.0.0.50" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["target_fqdn"] == "example.com" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["timestamp"] == "2025-11-28T09:21:55Z" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Meta["traefik_router_name"] == "matrix-synapse-public-client-api@docker" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Enriched["MarshaledTime"] == "2025-11-28T09:21:55Z" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["StartLocal"] == "2025-11-28T09:21:55.645779561Z" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["OriginContentSize"] == 0 +FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["Overhead"], 1514385.000000) +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["RequestPath"] == "/_matrix/client/v3/sync" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["RequestScheme"] == "https" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["entryPointName"] == "web-secure" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["RouterName"] == "matrix-synapse-public-client-api@docker" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["TLSCipher"] == "TLS_AES_128_GCM_SHA256" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["msg"] == "" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["DownstreamStatus"] == 204 +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["RequestContentSize"] == 0 +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["RequestProtocol"] == "HTTP/2.0" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["ServiceName"] == "matrix-synapse-client-api@docker" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["TLSVersion"] == "1.3" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["ClientHost"] == "192.168.1.100,10.0.0.50" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["ClientPort"] == "11029" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["time"] == "2025-11-28T09:21:55Z" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["RequestCount"] == 2818 +FloatApproxEqual(results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["Duration"], 2337877.000000) +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["OriginDuration"] == 823492 +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["ServiceAddr"] == "172.16.16.25:8008" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["RequestMethod"] == "OPTIONS" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["StartUTC"] == "2025-11-28T09:21:55.645779561Z" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["level"] == "info" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["OriginStatus"] == 0 +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["RequestAddr"] == "example.com" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["RequestHost"] == "example.com" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["ClientAddr"] == "172.71.122.85:11029" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["ClientUsername"] == "-" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["DownstreamContentSize"] == 0 +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["RequestPort"] == "-" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["RetryAttempts"] == 0 +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Unmarshaled["traefik"]["ServiceURL"] == "http://172.16.16.25:8008" +results["s02-enrich"]["crowdsecurity/http-logs"][5].Evt.Whitelisted == false len(results["success"][""]) == 0 diff --git a/.tests/traefik_json/traefik_json.log b/.tests/traefik_json/traefik_json.log index 412dfea6103..a3e84c8dfa7 100644 --- a/.tests/traefik_json/traefik_json.log +++ b/.tests/traefik_json/traefik_json.log @@ -3,4 +3,5 @@ {"ClientAddr":"192.168.65.1:29366","ClientHost":"192.168.65.1","ClientPort":"29366","ClientUsername":"-","DownstreamContentSize":364,"DownstreamStatus":200,"Duration":2001375,"OriginContentSize":364,"OriginDuration":1935291,"OriginStatus":200,"Overhead":66084,"RequestAddr":"whoami.localhost","RequestContentSize":0,"RequestCount":1,"RequestHost":"whoami.localhost","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"http","RetryAttempts":0,"RouterName":"root@file -> intermediate1@file -> intermediate2@file -> leaf@file","ServiceAddr":"whoami:80","ServiceName":"whoami@file","ServiceURL":"http://whoami:80","StartLocal":"2026-01-08T14:19:15.980170592Z","StartUTC":"2026-01-08T14:19:15.980170592Z","entryPointName":"web","level":"info","msg":"","time":"2026-01-08T14:19:15Z"} {"ClientAddr":"192.168.65.1:29367","ClientHost":"192.168.65.1","ClientPort":"29367","ClientUsername":"-","DownstreamContentSize":364,"DownstreamStatus":200,"Duration":1500000,"OriginContentSize":364,"OriginDuration":1450000,"OriginStatus":200,"Overhead":50000,"RequestAddr":"api.localhost","RequestContentSize":0,"RequestCount":2,"RequestHost":"api.localhost","RequestMethod":"POST","RequestPath":"/api/data","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"http","RetryAttempts":0,"RouterName":"parent@file -> child@file","ServiceAddr":"api:8080","ServiceName":"api@file","ServiceURL":"http://api:8080","StartLocal":"2026-01-08T14:20:00.000000000Z","StartUTC":"2026-01-08T14:20:00.000000000Z","entryPointName":"web","level":"info","msg":"","time":"2026-01-08T14:20:00Z"} {"ClientAddr":"192.168.1.115:56446","ClientHost":"192.168.1.115","ClientPort":"56446","ClientUsername":"-","DownstreamContentSize":19,"DownstreamStatus":404,"Duration":10158,"GzipRatio":0,"OriginContentSize":0,"OriginDuration":0,"OriginStatus":0,"Overhead":10158,"RequestAddr":"admin.mydomain.com","RequestContentSize":0,"RequestCount":3100,"RequestHost":"admin.mydomain.com","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"StartLocal":"2026-01-14T10:45:33.759014877+01:00","StartUTC":"2026-01-14T09:45:33.759014877Z","TLSCipher":"TLS_AES_128_GCM_SHA256","TLSVersion":"1.3","entryPointName":"https","level":"info","msg":"","time":"2026-01-14T10:45:33+01:00"} -DEBUG: CrowdsecBouncerTraefikPlugin: 2025/09/05 13:53:40 handleStreamCache:updated \ No newline at end of file +DEBUG: CrowdsecBouncerTraefikPlugin: 2025/09/05 13:53:40 handleStreamCache:updated +{"ClientAddr":"172.71.122.85:11029","ClientHost":"192.168.1.100,10.0.0.50","ClientPort":"11029","ClientUsername":"-","DownstreamContentSize":0,"DownstreamStatus":204,"Duration":2337877,"OriginContentSize":0,"OriginDuration":823492,"OriginStatus":0,"Overhead":1514385,"RequestAddr":"example.com","RequestContentSize":0,"RequestCount":2818,"RequestHost":"example.com","RequestMethod":"OPTIONS","RequestPath":"/_matrix/client/v3/sync","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"RouterName":"matrix-synapse-public-client-api@docker","ServiceAddr":"172.16.16.25:8008","ServiceName":"matrix-synapse-client-api@docker","ServiceURL":"http://172.16.16.25:8008","StartLocal":"2025-11-28T09:21:55.645779561Z","StartUTC":"2025-11-28T09:21:55.645779561Z","TLSCipher":"TLS_AES_128_GCM_SHA256","TLSVersion":"1.3","entryPointName":"web-secure","level":"info","msg":"","time":"2025-11-28T09:21:55Z"} \ No newline at end of file diff --git a/parsers/s01-parse/crowdsecurity/traefik-logs.yaml b/parsers/s01-parse/crowdsecurity/traefik-logs.yaml index b2093930927..f354d848a46 100644 --- a/parsers/s01-parse/crowdsecurity/traefik-logs.yaml +++ b/parsers/s01-parse/crowdsecurity/traefik-logs.yaml @@ -30,7 +30,8 @@ nodes: expression: "evt.Unmarshaled.traefik.RouterName ?? ''" statics: - parsed: remote_addr - expression: evt.Unmarshaled.traefik.ClientHost + ## Split by comma and take last IP to handle proxied requests (e.g., ZScaler) + expression: "TrimSpace(Split(evt.Unmarshaled.traefik.ClientHost, ',')[-1])" - parsed: dest_addr ## Split dest_addr to get IP only as this is original functionality expression: Split(evt.Unmarshaled.traefik.ClientAddr, ':')[0]