71 lines
1.7 KiB
YAML
71 lines
1.7 KiB
YAML
|
---
|
||
|
patterns:
|
||
|
num:
|
||
|
regex: '[0-9]+'
|
||
|
ip:
|
||
|
regex: '(?:(?:[0-9]{1,3}\.){3}[0-9]{1,3})|(?:[0-9a-fA-F:]{2,90})'
|
||
|
ignore:
|
||
|
- 1.0.0.1
|
||
|
|
||
|
streams:
|
||
|
tailDown1:
|
||
|
cmd: [ "sh", "-c", "sleep 2; seq 100010 | while read i; do echo found $(($i % 100)); done" ]
|
||
|
filters:
|
||
|
findIP:
|
||
|
regex:
|
||
|
- '^found <num>$'
|
||
|
retry: 50
|
||
|
retry-period: 1m
|
||
|
actions:
|
||
|
damn:
|
||
|
cmd: [ "echo", "<num>" ]
|
||
|
undamn:
|
||
|
cmd: [ "echo", "undamn", "<num>" ]
|
||
|
after: 1m
|
||
|
onexit: false
|
||
|
tailDown2:
|
||
|
cmd: [ "sh", "-c", "sleep 2; seq 100010 | while read i; do echo prout $(($i % 100)); done" ]
|
||
|
filters:
|
||
|
findIP:
|
||
|
regex:
|
||
|
- '^prout <num>$'
|
||
|
retry: 50
|
||
|
retry-period: 1m
|
||
|
actions:
|
||
|
damn:
|
||
|
cmd: [ "echo", "<num>" ]
|
||
|
undamn:
|
||
|
cmd: [ "echo", "undamn", "<num>" ]
|
||
|
after: 1m
|
||
|
onexit: false
|
||
|
tailDown3:
|
||
|
cmd: [ "sh", "-c", "sleep 2; seq 100010 | while read i; do echo nanana $(($i % 100)); done" ]
|
||
|
filters:
|
||
|
findIP:
|
||
|
regex:
|
||
|
- '^nanana <num>$'
|
||
|
retry: 50
|
||
|
retry-period: 2m
|
||
|
actions:
|
||
|
damn:
|
||
|
cmd: [ "true" ]
|
||
|
undamn:
|
||
|
cmd: [ "true" ]
|
||
|
after: 1m
|
||
|
onexit: false
|
||
|
tailDown4:
|
||
|
cmd: [ "sh", "-c", "sleep 2; seq 100010 | while read i; do echo nanana $(($i % 100)); done" ]
|
||
|
filters:
|
||
|
findIP:
|
||
|
regex:
|
||
|
- '^nomatch <num>$'
|
||
|
retry: 50
|
||
|
retry-period: 2m
|
||
|
actions:
|
||
|
damn:
|
||
|
cmd: [ "echo", "<num>" ]
|
||
|
undamn:
|
||
|
cmd: [ "echo", "undamn", "<num>" ]
|
||
|
after: 1m
|
||
|
onexit: false
|