Skip to content

Add Mealie collection to hub #1415

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 27 commits into
base: master
Choose a base branch
from
Open

Add Mealie collection to hub #1415

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
d2e0082
Create mealie.md
Jgigantino31 Jul 17, 2025
f25c0d5
Create mealie.yaml
Jgigantino31 Jul 17, 2025
a227251
Create mealie-logs.yaml
Jgigantino31 Jul 17, 2025
182fde6
Create mealie-logs.md
Jgigantino31 Jul 17, 2025
4664c17
Update mealie-logs.yaml
Jgigantino31 Jul 17, 2025
2dd75c7
Create mealie-bf.yaml
Jgigantino31 Jul 17, 2025
92d66a3
Rename mealie-bf.yaml to mealie-bf.md
Jgigantino31 Jul 17, 2025
7a33cc5
Update mealie-bf.md
Jgigantino31 Jul 17, 2025
5a67bb0
Create mealie-bf.yaml
Jgigantino31 Jul 17, 2025
4f98c6f
Create config.yaml
Jgigantino31 Jul 17, 2025
6102e44
Create mealie-bf.log
Jgigantino31 Jul 17, 2025
8dede2a
Create parser.assert
Jgigantino31 Jul 17, 2025
3544818
Create scenario.assert
Jgigantino31 Jul 17, 2025
bde7aeb
Create config.yaml
Jgigantino31 Jul 17, 2025
b19e495
Create mealie-logs.yaml
Jgigantino31 Jul 17, 2025
eaf698c
Create parser.assert
Jgigantino31 Jul 17, 2025
707213a
Create scenario.assert
Jgigantino31 Jul 17, 2025
a9c864b
Update scenario.assert
Jgigantino31 Jul 20, 2025
6f90eaa
Update and rename mealie-logs.yaml to mealie-logs.log
Jgigantino31 Jul 20, 2025
789f3fe
Update parser.assert
Jgigantino31 Jul 20, 2025
90d60db
Update mealie-bf.yaml
Jgigantino31 Jul 21, 2025
755ae49
Update parser.assert
Jgigantino31 Jul 25, 2025
af0b58c
Update scenario.assert
Jgigantino31 Jul 25, 2025
0084744
Update mealie-logs.yaml
Jgigantino31 Aug 3, 2025
916ffeb
Update scenario.assert
Jgigantino31 Aug 3, 2025
3022ebc
Update parser.assert
Jgigantino31 Aug 3, 2025
21c8d27
Update mealie-bf.md
Jgigantino31 Aug 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions .tests/mealie-bf/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
parsers:
- crowdsecurity/syslog-logs
- crowdsecurity/dateparse-enrich
- ./parsers/s01-parse/Jgigantino31/mealie-logs.yaml
scenarios:
- ./scenarios/Jgigantino31/mealie-bf.yaml
postoverflows:
- ""
log_file: mealie-bf.log
log_type: mealie
labels: {}
ignore_parsers: true
override_statics: []
24 changes: 24 additions & 0 deletions .tests/mealie-bf/mealie-bf.log
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
[ERROR|auth|L83] 2025-07-16T19:43:16: Incorrect username or password from 127.0.0.1
[ERROR|auth|L83] 2025-07-16T19:43:16: Incorrect username or password from 127.0.0.1
[ERROR|auth|L83] 2025-07-16T19:43:16: Incorrect username or password from 127.0.0.1
[ERROR|auth|L83] 2025-07-16T19:43:16: Incorrect username or password from 127.0.0.1
[ERROR|auth|L83] 2025-07-16T19:43:16: Incorrect username or password from 127.0.0.1
[ERROR|auth|L83] 2025-07-16T19:43:16: Incorrect username or password from 127.0.0.1
[ERROR|auth|L83] 2025-07-16T19:43:16: Incorrect username or password from 127.0.0.1
[ERROR|auth|L83] 2025-07-16T19:43:16: Incorrect username or password from 127.0.0.1
[ERROR|auth|L83] 2025-07-16T19:43:16: Incorrect username or password from 127.0.0.1
[ERROR|auth|L83] 2025-07-16T19:43:16: Incorrect username or password from 127.0.0.1
[ERROR|auth|L83] 2025-07-16T19:43:16: Incorrect username or password from 127.0.0.1
[ERROR|auth|L83] 2025-07-16T19:43:16: Incorrect username or password from 127.0.0.1
ERROR 2025-07-16T20:12:38 - Incorrect username or password from 127.0.0.1
ERROR 2025-07-16T20:12:38 - Incorrect username or password from 127.0.0.1
ERROR 2025-07-16T20:12:38 - Incorrect username or password from 127.0.0.1
ERROR 2025-07-16T20:12:38 - Incorrect username or password from 127.0.0.1
ERROR 2025-07-16T20:12:38 - Incorrect username or password from 127.0.0.1
ERROR 2025-07-16T20:12:38 - Incorrect username or password from 127.0.0.1
ERROR 2025-07-16T20:12:38 - Incorrect username or password from 127.0.0.1
ERROR 2025-07-16T20:12:38 - Incorrect username or password from 127.0.0.1
ERROR 2025-07-16T20:12:38 - Incorrect username or password from 127.0.0.1
ERROR 2025-07-16T20:12:38 - Incorrect username or password from 127.0.0.1
ERROR 2025-07-16T20:12:38 - Incorrect username or password from 127.0.0.1
ERROR 2025-07-16T20:12:38 - Incorrect username or password from 127.0.0.1
1 change: 1 addition & 0 deletions .tests/mealie-bf/parser.assert
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@

75 changes: 75 additions & 0 deletions .tests/mealie-bf/scenario.assert
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
len(results) == 1
"127.0.0.1" in results[0].Overflow.GetSources()
results[0].Overflow.Sources["127.0.0.1"].IP == "127.0.0.1"
results[0].Overflow.Sources["127.0.0.1"].Range == ""
results[0].Overflow.Sources["127.0.0.1"].GetScope() == "Ip"
results[0].Overflow.Sources["127.0.0.1"].GetValue() == "127.0.0.1"
basename(results[0].Overflow.Alert.Events[0].GetMeta("datasource_path")) == "mealie-bf.log"
results[0].Overflow.Alert.Events[0].GetMeta("datasource_type") == "file"
results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "mealie_failed_auth"
results[0].Overflow.Alert.Events[0].GetMeta("service") == "mealie"
results[0].Overflow.Alert.Events[0].GetMeta("source_ip") == "127.0.0.1"
results[0].Overflow.Alert.Events[0].GetMeta("timestamp") == "2025-07-16T20:12:38Z"
basename(results[0].Overflow.Alert.Events[1].GetMeta("datasource_path")) == "mealie-bf.log"
results[0].Overflow.Alert.Events[1].GetMeta("datasource_type") == "file"
results[0].Overflow.Alert.Events[1].GetMeta("log_type") == "mealie_failed_auth"
results[0].Overflow.Alert.Events[1].GetMeta("service") == "mealie"
results[0].Overflow.Alert.Events[1].GetMeta("source_ip") == "127.0.0.1"
results[0].Overflow.Alert.Events[1].GetMeta("timestamp") == "2025-07-16T20:12:38Z"
basename(results[0].Overflow.Alert.Events[2].GetMeta("datasource_path")) == "mealie-bf.log"
results[0].Overflow.Alert.Events[2].GetMeta("datasource_type") == "file"
results[0].Overflow.Alert.Events[2].GetMeta("log_type") == "mealie_failed_auth"
results[0].Overflow.Alert.Events[2].GetMeta("service") == "mealie"
results[0].Overflow.Alert.Events[2].GetMeta("source_ip") == "127.0.0.1"
results[0].Overflow.Alert.Events[2].GetMeta("timestamp") == "2025-07-16T20:12:38Z"
basename(results[0].Overflow.Alert.Events[3].GetMeta("datasource_path")) == "mealie-bf.log"
results[0].Overflow.Alert.Events[3].GetMeta("datasource_type") == "file"
results[0].Overflow.Alert.Events[3].GetMeta("log_type") == "mealie_failed_auth"
results[0].Overflow.Alert.Events[3].GetMeta("service") == "mealie"
results[0].Overflow.Alert.Events[3].GetMeta("source_ip") == "127.0.0.1"
results[0].Overflow.Alert.Events[3].GetMeta("timestamp") == "2025-07-16T20:12:38Z"
basename(results[0].Overflow.Alert.Events[4].GetMeta("datasource_path")) == "mealie-bf.log"
results[0].Overflow.Alert.Events[4].GetMeta("datasource_type") == "file"
results[0].Overflow.Alert.Events[4].GetMeta("log_type") == "mealie_failed_auth"
results[0].Overflow.Alert.Events[4].GetMeta("service") == "mealie"
results[0].Overflow.Alert.Events[4].GetMeta("source_ip") == "127.0.0.1"
results[0].Overflow.Alert.Events[4].GetMeta("timestamp") == "2025-07-16T20:12:38Z"
basename(results[0].Overflow.Alert.Events[5].GetMeta("datasource_path")) == "mealie-bf.log"
results[0].Overflow.Alert.Events[5].GetMeta("datasource_type") == "file"
results[0].Overflow.Alert.Events[5].GetMeta("log_type") == "mealie_failed_auth"
results[0].Overflow.Alert.Events[5].GetMeta("service") == "mealie"
results[0].Overflow.Alert.Events[5].GetMeta("source_ip") == "127.0.0.1"
results[0].Overflow.Alert.Events[5].GetMeta("timestamp") == "2025-07-16T20:12:38Z"
basename(results[0].Overflow.Alert.Events[6].GetMeta("datasource_path")) == "mealie-bf.log"
results[0].Overflow.Alert.Events[6].GetMeta("datasource_type") == "file"
results[0].Overflow.Alert.Events[6].GetMeta("log_type") == "mealie_failed_auth"
results[0].Overflow.Alert.Events[6].GetMeta("service") == "mealie"
results[0].Overflow.Alert.Events[6].GetMeta("source_ip") == "127.0.0.1"
results[0].Overflow.Alert.Events[6].GetMeta("timestamp") == "2025-07-16T20:12:38Z"
basename(results[0].Overflow.Alert.Events[7].GetMeta("datasource_path")) == "mealie-bf.log"
results[0].Overflow.Alert.Events[7].GetMeta("datasource_type") == "file"
results[0].Overflow.Alert.Events[7].GetMeta("log_type") == "mealie_failed_auth"
results[0].Overflow.Alert.Events[7].GetMeta("service") == "mealie"
results[0].Overflow.Alert.Events[7].GetMeta("source_ip") == "127.0.0.1"
results[0].Overflow.Alert.Events[7].GetMeta("timestamp") == "2025-07-16T20:12:38Z"
basename(results[0].Overflow.Alert.Events[8].GetMeta("datasource_path")) == "mealie-bf.log"
results[0].Overflow.Alert.Events[8].GetMeta("datasource_type") == "file"
results[0].Overflow.Alert.Events[8].GetMeta("log_type") == "mealie_failed_auth"
results[0].Overflow.Alert.Events[8].GetMeta("service") == "mealie"
results[0].Overflow.Alert.Events[8].GetMeta("source_ip") == "127.0.0.1"
results[0].Overflow.Alert.Events[8].GetMeta("timestamp") == "2025-07-16T20:12:38Z"
basename(results[0].Overflow.Alert.Events[9].GetMeta("datasource_path")) == "mealie-bf.log"
results[0].Overflow.Alert.Events[9].GetMeta("datasource_type") == "file"
results[0].Overflow.Alert.Events[9].GetMeta("log_type") == "mealie_failed_auth"
results[0].Overflow.Alert.Events[9].GetMeta("service") == "mealie"
results[0].Overflow.Alert.Events[9].GetMeta("source_ip") == "127.0.0.1"
results[0].Overflow.Alert.Events[9].GetMeta("timestamp") == "2025-07-16T20:12:38Z"
basename(results[0].Overflow.Alert.Events[10].GetMeta("datasource_path")) == "mealie-bf.log"
results[0].Overflow.Alert.Events[10].GetMeta("datasource_type") == "file"
results[0].Overflow.Alert.Events[10].GetMeta("log_type") == "mealie_failed_auth"
results[0].Overflow.Alert.Events[10].GetMeta("service") == "mealie"
results[0].Overflow.Alert.Events[10].GetMeta("source_ip") == "127.0.0.1"
results[0].Overflow.Alert.Events[10].GetMeta("timestamp") == "2025-07-16T20:12:38Z"
results[0].Overflow.Alert.GetScenario() == "Jgigantino31/mealie-bf"
results[0].Overflow.Alert.Remediation == true
results[0].Overflow.Alert.GetEventsCount() == 11
13 changes: 13 additions & 0 deletions .tests/mealie-logs/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
parsers:
- crowdsecurity/syslog-logs
- crowdsecurity/dateparse-enrich
- ./parsers/s01-parse/Jgigantino31/mealie-logs.yaml
scenarios:
- ""
postoverflows:
- ""
log_file: mealie-logs.log
log_type: mealie
labels: {}
ignore_parsers: false
override_statics: []
10 changes: 10 additions & 0 deletions .tests/mealie-logs/mealie-logs.log
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
ERROR 2025-07-16T19:42:45 - Incorrect username or password from 127.0.0.1
ERROR 2025-07-16T19:42:45 - Incorrect username or password from 127.0.0.1
INFO 2025-07-16T19:42:45 - [127.0.0.1:32894] 401 Unauthorized "POST /api/auth/token HTTP/1.1"
INFO 2025-07-16T19:42:45 - [127.0.0.1:53864] 200 OK "GET /api/app/about HTTP/1.1"
INFO 2025-07-16T19:43:15 - [127.0.0.1:42322] 200 OK "GET /api/app/about HTTP/1.1"
WARNING 2025-07-16T19:43:16 - Found user but their auth method is not 'Mealie'. Unable to continue with credentials login
ERROR 2025-07-16T19:43:16 - Incorrect username or password from 127.0.0.1
WARNING 2025-07-16T19:43:16 - Found user but their auth method is not 'Mealie'. Unable to continue with credentials login
ERROR 2025-07-16T19:43:16 - Incorrect username or password from 127.0.0.1
INFO 2025-07-16T19:43:16 - [127.0.0.1:32894] 401 Unauthorized "POST /api/auth/token HTTP/1.1"
Loading