Merge branch 'modify-sudo-log-monitoring' of kazu634/itamae into master

This commit is contained in:
Kazuhiro MUSASHI 2020-10-12 14:05:56 +09:00 committed by Gitea
commit 65fd0bb831
1 changed files with 2 additions and 2 deletions

View File

@ -32,7 +32,7 @@ scrape_configs:
selector: '{job="sudo"} |~ "/bin/sh"'
stages:
- drop:
expression: (CRON|sshd|session)
expression: (CRON|sshd|session|securetty)
- regex:
expression: '^(?P<timestamp>\w+ +[0-9]+ [0-9]+:[0-9]+:[0-9]+) [^ ]+ sudo: +(?P<user>[^ ]+) : TTY=(?P<tty>[^ ]+) ; PWD=(?P<pwd>[^ ]+) ; USER=(?P<foo>[^ ]+) ; COMMAND=(?P<cmd>.+)$'
@ -59,7 +59,7 @@ scrape_configs:
selector: '{job="sudo"} !~ "/bin/sh"'
stages:
- drop:
expression: (CRON|sshd|session)
expression: (CRON|sshd|session|securetty)
- regex:
expression: '^(?P<timestamp>\w+ +[0-9]+ [0-9]+:[0-9]+:[0-9]+) [^ ]+ sudo: +(?P<user>[^ ]+) : TTY=(?P<tty>[^ ]+) ; PWD=(?P<pwd>[^ ]+) ; USER=(?P<foo>[^ ]+) ; COMMAND=(?P<cmd>.+)$'