argocd
/
prometheus-es-exporter
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

adjusted query_authlog_root_login

Browse Source 
- filter ssh signature: awx
- filter ssh signature: gitlabci
main
sven.ketelsen 3 years ago
parent 250a838820
commit 12e1eaa923
1 changed files with 47 additions and 25 deletions
Show Stats Download Patch File Download Diff File

72
kustomize/base/files/exporter.cfg
Unescape Escape View File

@ -9,31 +9,53 @@ QueryIndices = <*-authlog-*>
QueryOnError = drop QueryOnError = drop
QueryOnMissing = drop QueryOnMissing = drop
QueryJson = { QueryJson = {
"size": 0, "size": 0,
"query": { "query": {
"bool": { "bool": {
"must": [], "must": [],
"filter": [ "filter": [
{ {
"range": { "range": {
"@timestamp": { "@timestamp": {
"format": "strict_date_optional_time", "format": "strict_date_optional_time",
"gte": "now-5m/m", "gte": "now-5m/m",
"lte": "now" "lte": "now"
}
}
},
{
"exists": {
"field": "system.auth.user"
}
},
{
"match_phrase": {
"system.auth.user": "root"
}
} }
] }
},
{
"exists": {
"field": "system.auth.user"
}
},
{
"match_phrase": {
"system.auth.user": "root"
}
},
{
"match_phrase": {
"system.auth.ssh.event": "Accepted"
}
} }
} ],
"must_not": [
{
"exists": {
"field": "system.auth.sudo.user"
}
},
{
"match_phrase": {
"system.auth.ssh.signature": "ED25519 SHA256:mbqaHromGo9o0xRQW7yQG5X4Y72t9k2eJdvsOAOYNvc"
}
},
{
"match_phrase": {
"system.auth.ssh.signature": "ED25519 SHA256:FdAFdv9hoxEWiViXl9k8WRwq5OoWDvGQL+uzg6vjV3Q"
}
}
]
}
} }
}

Write Preview
Loading…
Cancel
Save