line: 104.131.183.68 - - [13/Feb/2025:00:47:15 +0000] "GET /.env HTTP/1.1" 444 0

1. line: 104.131.183.68 - - [13/Feb/2025:00:47:15 +0000] "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 Keydrop"
2. ├ s00-raw
3. | ├ 🔴 crowdsecurity/syslog-logs
4. | └ 🟢 crowdsecurity/non-syslog (+5 ~8)
5. ├ s01-parse
6. | ├ 🔴 crowdsecurity/appsec-logs
7. | ├ 🔴 crowdsecurity/auditd-logs
8. | ├ 🔴 laurencejjones/dovecot-pam
9. | ├ 🔴 crowdsecurity/dovecot-logs
10. | ├ 🔴 crowdsecurity/endlessh-logs
11. | ├ 🔴 baudneo/gotify-logs
12. | ├ 🔴 crowdsecurity/iptables-logs
13. | └ 🟢 crowdsecurity/nginx-logs (+23 ~2)
14. ├ s02-enrich
15. | ├ 🟢 crowdsecurity/dateparse-enrich (+2 ~2)
16. | ├ 🟢 crowdsecurity/geoip-enrich (+13)
17. | ├ 🟢 crowdsecurity/http-logs (+7)
18. | ├ 🟢 my/whitelists (unchanged)
19. | └ 🟢 crowdsecurity/whitelists (unchanged)
20. ├-------- parser success 🟢
21. ├ Scenarios
22. ├ 🟢 crowdsecurity/http-crawl-non_statics
23. └ 🟢 crowdsecurity/http-sensitive-files
24.  
25. line: 70.39.90.4 - - [13/Feb/2025:01:26:32 +0000] "GET /alive.php HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
26. ├ s00-raw
27. | ├ 🔴 crowdsecurity/syslog-logs
28. | └ 🟢 crowdsecurity/non-syslog (+5 ~8)
29. ├ s01-parse
30. | ├ 🔴 crowdsecurity/appsec-logs
31. | ├ 🔴 crowdsecurity/auditd-logs
32. | ├ 🔴 laurencejjones/dovecot-pam
33. | ├ 🔴 crowdsecurity/dovecot-logs
34. | ├ 🔴 crowdsecurity/endlessh-logs
35. | ├ 🔴 baudneo/gotify-logs
36. | ├ 🔴 crowdsecurity/iptables-logs
37. | └ 🟢 crowdsecurity/nginx-logs (+23 ~2)
38. ├ s02-enrich
39. | ├ 🟢 crowdsecurity/dateparse-enrich (+2 ~2)
40. | ├ 🟢 crowdsecurity/geoip-enrich (+13)
41. | ├ 🟢 crowdsecurity/http-logs (+7)
42. | ├ 🟢 my/whitelists (unchanged)
43. | └ 🟢 crowdsecurity/whitelists (unchanged)
44. ├-------- parser success 🟢
45. ├ Scenarios
46. └ 🟢 crowdsecurity/http-crawl-non_statics
47.  
48. line: 80.94.92.181 - - [13/Feb/2025:01:33:27 +0000] "POST / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
49. ├ s00-raw
50. | ├ 🔴 crowdsecurity/syslog-logs
51. | └ 🟢 crowdsecurity/non-syslog (+5 ~8)
52. ├ s01-parse
53. | ├ 🔴 crowdsecurity/appsec-logs
54. | ├ 🔴 crowdsecurity/auditd-logs
55. | ├ 🔴 laurencejjones/dovecot-pam
56. | ├ 🔴 crowdsecurity/dovecot-logs
57. | ├ 🔴 crowdsecurity/endlessh-logs
58. | ├ 🔴 baudneo/gotify-logs
59. | ├ 🔴 crowdsecurity/iptables-logs
60. | └ 🟢 crowdsecurity/nginx-logs (+23 ~2)
61. ├ s02-enrich
62. | ├ 🟢 crowdsecurity/dateparse-enrich (+2 ~2)
63. | ├ 🟢 crowdsecurity/geoip-enrich (+13)
64. | ├ 🟢 crowdsecurity/http-logs (+6)
65. | ├ 🟢 my/whitelists (unchanged)
66. | └ 🟢 crowdsecurity/whitelists (unchanged)
67. ├-------- parser success 🟢
68. ├ Scenarios
69.  
70. line: 198.235.24.224 - - [13/Feb/2025:02:39:36 +0000] "\x16\x03\x01\x00\xCA\x01\x00\x00\xC6\x03\x03\x0B\x1A*\xF8\x9D\xA2o\x94n\x81\xAE\xA2\xBD\xF9<\xFA\x85z\xBC\x07:\x94BM\x98MMp\xF8bf\xF0\x00\x00h\xCC\x14\xCC\x13\xC0/\xC0+\xC00\xC0,\xC0\x11\xC0\x07\xC0'\xC0#\xC0\x13\xC0\x09\xC0(\xC0$\xC0\x14\xC0" 400 150 "-" "-"
71. ├ s00-raw
72. | ├ 🔴 crowdsecurity/syslog-logs
73. | └ 🟢 crowdsecurity/non-syslog (+5 ~8)
74. ├ s01-parse
75. | ├ 🔴 crowdsecurity/appsec-logs
76. | ├ 🔴 crowdsecurity/auditd-logs
77. | ├ 🔴 laurencejjones/dovecot-pam
78. | ├ 🔴 crowdsecurity/dovecot-logs
79. | ├ 🔴 crowdsecurity/endlessh-logs
80. | ├ 🔴 baudneo/gotify-logs
81. | ├ 🔴 crowdsecurity/iptables-logs
82. | └ 🟢 crowdsecurity/nginx-logs (+19 ~2)
83. ├ s02-enrich
84. | ├ 🟢 crowdsecurity/dateparse-enrich (+2 ~2)
85. | ├ 🟢 crowdsecurity/geoip-enrich (+13)
86. | ├ 🟢 crowdsecurity/http-logs (+7)
87. | ├ 🟢 my/whitelists (unchanged)
88. | └ 🟢 crowdsecurity/whitelists (unchanged)
89. ├-------- parser success 🟢
90. ├ Scenarios
91. └ 🟢 crowdsecurity/http-probing