Imunify JSON Logs
Hi guys!
I`m struggling a little to parse the JSONs (that are actually not valid JSONs) from the logs of Imunify at /var/log/imunify360/console.log, below is an example of a line of log ...
INFO [2024-04-16 08:21:29,756] defence360agent.internals.the_sink: SensorAlert({'method': 'ALERT', 'attackers_ip': IPv4Network('151.11.10.141/32'), 'plugin_id': 'lfd', 'ttl': '900', 'rule': 'LF_TRIGGER', 'name': 'LF_TRIGGER', 'message': '(sshd) Failed SSH login from 151.11.10.141 (CN/China/-): 10 in the last 3600 secs', 'timestamp': 1713266489.2352347, 'properties': {'ttl': 300, 'expiration': 1713266789, 'deep': 0}}) processed in 0.5150 seconds
So my question is... am I missing some kind of config to make them valid JSONs at the log file or I would have to parse it manually?
-
Hey there! I'm not aware of a way to change the formatting of that log - that would make for a good feature request if you'd like to submit one at features.cpanel.net.
0 -
Ok, I'll make a post there.
Thanks for the response!
0 -
Sure thing!
0
Please sign in to leave a comment.
Comments
3 comments