-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig.json
123 lines (121 loc) · 5.28 KB
/
config.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
{
"title": "Host/Agent Log Parser server",
"hdt-repo": "http://localhost:3000/upload",
"url": "http://localhost",
"port": 8080,
"outputDir": "experiment/output/",
"logSources": [
{
"title": "authlog",
"type": "File",
"logLocation": "experiment/logfile/auth/",
"logMeta": "experiment/logmeta/auth_meta.ttl",
"mapping": "experiment/rml/authlog.rml",
"grokFile": "experiment/pattern/pattern.grok",
"grokPattern": "%{SYSLOGBASE} %{GREEDYDATA:message}",
"outputModel": "experiment/output/authlog_model.ttl",
"hdtOutput": "experiment/output/authlog.hdt",
"namegraph": "http://w3id.org/sepses/graph/log/auth",
"vocabulary":"https://w3id.org/sepses/vocab/log/auth#",
"regexPattern": "experiment/pattern/regexPattern.ttl",
"logDateFormat":"yyyy MMM d HH:mm:ss",
"logTimeRegex":"\\d+\\s+\\w+\\s+\\d+\\s\\d{2}:\\d{2}:\\d{2}"
},
{
"title": "apachelog",
"type": "File",
"logLocation": "experiment/logfile/apache/",
"logMeta": "experiment/logmeta/apache_meta.ttl",
"mapping": "experiment/rml/apachelog.rml",
"grokFile": "experiment/pattern/pattern.grok",
"grokPattern": "%{COMMONAPACHELOG}",
"outputModel": "experiment/output/apache_model.ttl",
"hdtOutput": "experiment/output/apache.hdt",
"namegraph": "http://w3id.org/sepses/graph/log/apache",
"vocabulary":"https://w3id.org/sepses/vocab/log/apache#",
"regexPattern": "experiment/pattern/regexPattern.ttl",
"logDateFormat":"dd/MMM/yyyy:HH:mm:ss",
"logTimeRegex":"\\d{2}/\\w+/\\d{4}:\\d{2}:\\d{2}:\\d{2}"
},{
"title": "apacheErrorlog",
"type": "File",
"logLocation": "experiment/logfile/apache/error/",
"logMeta": "experiment/logmeta/apache_error_meta.ttl",
"mapping": "experiment/rml/apacheErrorlog.rml",
"grokFile": "experiment/pattern/pattern.grok",
"grokPattern": "%{COMMONAPACHELOG}",
"outputModel": "experiment/output/apache_error_model.ttl",
"hdtOutput": "experiment/output/apache_error.hdt",
"namegraph": "http://w3id.org/sepses/graph/log/apacheError",
"vocabulary":"https://w3id.org/sepses/vocab/log/apacheError#",
"regexPattern": "experiment/pattern/regexPattern.ttl",
"logDateFormat":"MMM dd HH:mm:ss.SSSSSS yyyy",
"logTimeRegex":"\\w{3}\\s+\\d{2}\\s+\\d{2}:\\d{2}:\\d{2}.\\d{6}\\s+\\d{4}"
}, {
"title": "auditlog",
"type": "File",
"logLocation": "experiment/logfile/audit/",
"logMeta": "experiment/logmeta/audit_meta.ttl",
"mapping": "experiment/rml/auditlog.rml",
"grokFile": "experiment/pattern/pattern.grok",
"grokPattern": "%{AUDIT}",
"outputModel": "experiment/output/audit_model.ttl",
"hdtOutput": "experiment/output/audit.hdt",
"namegraph": "http://w3id.org/sepses/graph/log/audit",
"regexPattern": "experiment/pattern/regexPattern.ttl",
"vocabulary":"https://w3id.org/sepses/vocab/log/audit#",
"logDateFormat":"epoch",
"logTimeRegex":"(\\d+)"
},{
"title": "eximlog",
"type": "File",
"logLocation": "experiment/logfile/exim/",
"logMeta": "experiment/logmeta/exim_meta.ttl",
"mapping": "experiment/rml/eximlog.rml",
"grokFile": "experiment/pattern/pattern.grok",
"grokPattern": "%{EXIM}",
"outputModel": "experiment/output/exim_model.ttl",
"hdtOutput": "experiment/output/exim.hdt",
"namegraph": "http://w3id.org/sepses/graph/log/exim",
"regexPattern": "experiment/pattern/regexPattern.ttl",
"vocabulary":"https://w3id.org/sepses/vocab/log/exim#",
"logDateFormat":"yyyy-MM-dd HH:mm:ss",
"logTimeRegex":"\\d{4}-\\d{2}-\\d{2}\\s\\d{2}:\\d{2}:\\d{2}"
},{
"title": "syslog",
"type": "File",
"logLocation": "experiment/logfile/sys/",
"logMeta": "experiment/logmeta/sys_meta.ttl",
"mapping": "experiment/rml/syslog.rml",
"grokFile": "experiment/pattern/pattern.grok",
"grokPattern": "%{SYS}",
"outputModel": "experiment/output/sys_model.ttl",
"hdtOutput": "experiment/output/sys.hdt",
"namegraph": "http://w3id.org/sepses/graph/log/sys",
"regexPattern": "experiment/pattern/regexPattern.ttl",
"vocabulary":"https://w3id.org/sepses/vocab/log/sys#",
"logDateFormat":"yyyy MMM dd HH:mm:ss",
"logTimeRegex":"\\d{4}\\s\\w{3}\\s+\\d+\\s\\d{2}:\\d{2}:\\d{2}"
},{
"title": "snortAlertlog",
"type": "File",
"logLocation": "experiment/logfile/snort/",
"logMeta": "experiment/logmeta/snort_meta.ttl",
"mapping": "experiment/rml/snortAlertlog.rml",
"grokFile": "experiment/pattern/pattern.grok",
"grokPattern": "%{SNORT}",
"outputModel": "experiment/output/snort_alert_model.ttl",
"hdtOutput": "experiment/output/snort_alert.hdt",
"namegraph": "http://w3id.org/sepses/graph/log/snort",
"vocabulary":"https://w3id.org/sepses/vocab/log/snort-alert#",
"regexPattern": "experiment/pattern/regexPattern.ttl",
"logDateFormat":"MM/dd-HH:mm:ss",
"logTimeRegex":"\\d{2}\/\\d{2}-\\d{2}:\\d{2}:\\d+"
}
],
"endpoint": {
"sparqlEndpoint": "http://localhost:8890/sparql",
"user": "dba",
"pass": "dba"
}
}