From 81bddd3455c861842d86b60c54cb5592a00f52a0 Mon Sep 17 00:00:00 2001
From: eliasgrana <43425223+eliasgrana@users.noreply.github.com>
Date: Mon, 6 Apr 2020 18:14:26 +0200
Subject: [PATCH] Update 0170-nginx_decoders.xml. Extract dstuser
Twin decoders to extract the dstuser for nginx basic auth
---
decoders/0170-nginx_decoders.xml | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/decoders/0170-nginx_decoders.xml b/decoders/0170-nginx_decoders.xml
index b3c33255d..3b79ba86f 100644
--- a/decoders/0170-nginx_decoders.xml
+++ b/decoders/0170-nginx_decoders.xml
@@ -8,10 +8,12 @@
-->
^20\d\d/\d\d/\d\d \d\d:\d\d:\d\d [
@@ -29,6 +31,19 @@ Extract NAXSI WAF alert information https://github.com/nbs-system/naxsi/wiki/nax
srcip,server,uri,learning,vers,total_processed,total_blocked,block,attack,score
+
+ nginx-errorlog
+ user "\.+"
+ user "(\.+)"
+ dstuser
+
+
+
+ nginx-errorlog
+ client: (\S+),
+ srcip
+
+
nginx-errorlog
, client: \S+, server: \S*, request: "\S+