Skip to content

UFW

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
{
  "extractors": [
    {
      "title": "UFW Action",
      "extractor_type": "regex",
      "converters": [],
      "order": 0,
      "cursor_strategy": "copy",
      "source_field": "message",
      "target_field": "ufw_action",
      "extractor_config": {
        "regex_value": "\\[UFW\\s([A-Z]*)\\]"
      },
      "condition_type": "string",
      "condition_value": "UFW"
    },
    {
      "title": "UFW Protocol",
      "extractor_type": "regex",
      "converters": [],
      "order": 1,
      "cursor_strategy": "copy",
      "source_field": "message",
      "target_field": "ufw_protocol",
      "extractor_config": {
        "regex_value": "PROTO=(UDP|TCP)\\s"
      },
      "condition_type": "string",
      "condition_value": "UFW"
    },
    {
      "title": "UFW Destination Port",
      "extractor_type": "regex",
      "converters": [],
      "order": 5,
      "cursor_strategy": "copy",
      "source_field": "message",
      "target_field": "ufw_destination_port",
      "extractor_config": {
        "regex_value": "DPT=(\\d{1,5})\\s"
      },
      "condition_type": "string",
      "condition_value": "UFW"
    },
    {
      "title": "UFW Source Port",
      "extractor_type": "regex",
      "converters": [],
      "order": 3,
      "cursor_strategy": "copy",
      "source_field": "message",
      "target_field": "ufw_source_port",
      "extractor_config": {
        "regex_value": "SPT=(\\d{1,5})\\s"
      },
      "condition_type": "string",
      "condition_value": "UFW"
    },
    {
      "title": "UFW Source Location",
      "extractor_type": "regex",
      "converters": [
        {
          "type": "lookup_table",
          "config": {
            "lookup_table_name": "geo-ip"
          }
        }
      ],
      "order": 0,
      "cursor_strategy": "copy",
      "source_field": "message",
      "target_field": "ufw_source_location",
      "extractor_config": {
        "regex_value": "SRC=(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})"
      },
      "condition_type": "string",
      "condition_value": "UFW"
    },
    {
      "title": "UFW Destination IP",
      "extractor_type": "regex",
      "converters": [],
      "order": 4,
      "cursor_strategy": "copy",
      "source_field": "message",
      "target_field": "ufw_destination_ip",
      "extractor_config": {
        "regex_value": "DST=(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})"
      },
      "condition_type": "string",
      "condition_value": "UFW"
    },
    {
      "title": "UFW Source IP",
      "extractor_type": "regex",
      "converters": [],
      "order": 2,
      "cursor_strategy": "copy",
      "source_field": "message",
      "target_field": "ufw_source_ip",
      "extractor_config": {
        "regex_value": "SRC=(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})"
      },
      "condition_type": "string",
      "condition_value": "UFW"
    },
    {
      "title": "UFW Destination Location",
      "extractor_type": "regex",
      "converters": [
        {
          "type": "lookup_table",
          "config": {
            "lookup_table_name": "geo-ip"
          }
        }
      ],
      "order": 0,
      "cursor_strategy": "copy",
      "source_field": "message",
      "target_field": "ufw_destination_location",
      "extractor_config": {
        "regex_value": "DST=(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})"
      },
      "condition_type": "string",
      "condition_value": "UFW"
    }
  ],
  "version": "4.0.5"
}