Skip to content

Commit

Permalink
Merge pull request #27 from observIQ/windows-dhcp
Browse files Browse the repository at this point in the history
Added windows dhcp
  • Loading branch information
jmwilliams89 authored Aug 17, 2020

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
2 parents f5b9bfc + 3c4c028 commit 3030710
Showing 1 changed file with 41 additions and 0 deletions.
41 changes: 41 additions & 0 deletions plugins/windows_dhcp.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# Plugin Info
version: 0.0.1
title: Windows DHCP
description: Log parser for Windows DHCP
parameters:
file_path:
label: Log Path
description: The absolute path to the Microsoft IIS logs. Simple globbing can be used to collect multiple log files
type: string
default: "C:/Windows/System32/dhcp/DhcpSrvLog-*.log"
start_at:
label: Start At
description: Start reading file from 'beginning' or 'end'
type: enum
valid_values:
- beginning
- end
default: end

# Set Defaults
{{$file_path := default "C:/Windows/System32/dhcp/DhcpSrvLog-*.log" .file_path}}
{{$start_at := default "end" .start_at}}

# Pipeline Template
pipeline:
- id: windows_dhcp_input
type: file_input
include:
- {{ $file_path }}
start_at: {{ $start_at }}
labels:
log_type: windows_dhcp
output: windows_dhcp_parser

- id: windows_dhcp_parser
type: regex_parser
regex: '^(?P<id>\d+),(?P<timestamp>\d{2}\/\d{2}\/\d{2},\d{2}:\d{2}:\d{2}),(?P<description>[^,]+),(?P<ip_address>[^,]*),(?P<hostname>[^,]*),(?P<mac_address>[^,]*),(?P<username>[^,]*),(?P<transaction_id>[^,]*),(?P<q_result>[^,]*),(?P<probation_time>[^,]*),(?P<correlation_id>[^,]*),(?P<dhc_id>[^,]*),(?P<vendor_class_hex>[^,]*),(?P<vendor_class_ascii>[^,]*),(?P<user_Class_hex>[^,]*),(?P<user_class_ascii>[^,]*),(?P<relay_agent_info>[^,]*),(?P<dns_reg_error>[^,]*)'
timestamp:
parse_from: timestamp
layout: '%m/%d/%y,%H:%M:%S'
output: {{.output}}

0 comments on commit 3030710

Please sign in to comment.