argocd
/
prometheus-es-exporter
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

adjusted query_authlog_root_login

Browse Source 
- filter ssh signature: awx
- filter ssh signature: gitlabci
main
sven.ketelsen 3 years ago
parent 250a838820
commit 12e1eaa923
1 changed files with 47 additions and 25 deletions
Show Stats Download Patch File Download Diff File

72
kustomize/base/files/exporter.cfg
Unescape Escape View File

@ -9,31 +9,53 @@ QueryIndices = <*-authlog-*>
QueryOnError = drop
QueryOnMissing = drop
QueryJson = {
"size": 0,
"query": {
"bool": {
"must": [],
"filter": [
{
"range": {
"@timestamp": {
"format": "strict_date_optional_time",
"gte": "now-5m/m",
"lte": "now"
}
}
},
{
"exists": {
"field": "system.auth.user"
}
},
{
"match_phrase": {
"system.auth.user": "root"
}
"size": 0,
"query": {
"bool": {
"must": [],
"filter": [
{
"range": {
"@timestamp": {
"format": "strict_date_optional_time",
"gte": "now-5m/m",
"lte": "now"
}
]
}
},
{
"exists": {
"field": "system.auth.user"
}
},
{
"match_phrase": {
"system.auth.user": "root"
}
},
{
"match_phrase": {
"system.auth.ssh.event": "Accepted"
}
}
}
],
"must_not": [
{
"exists": {
"field": "system.auth.sudo.user"
}
},
{
"match_phrase": {
"system.auth.ssh.signature": "ED25519 SHA256:mbqaHromGo9o0xRQW7yQG5X4Y72t9k2eJdvsOAOYNvc"
}
},
{
"match_phrase": {
"system.auth.ssh.signature": "ED25519 SHA256:FdAFdv9hoxEWiViXl9k8WRwq5OoWDvGQL+uzg6vjV3Q"
}
}
]
}
}
}

Write Preview
Loading…
Cancel
Save