Pattern for Radicale Log

dedmaross · February 20, 2025, 2:32pm

Hi,
im trying to create bf detection for radicale caldav server. Im not getting the correct pattern for log, thinking the <'> ist the problem. Could anyone plz help for the correct pattern-line.
This pattern doesnt work:
[%{DATA:timestamp}] [%{INT:thread_id}/Thread-%{INT:thread_number} (%{DATA:thread_name})] [%{LOGLEVEL:loglevel}] Failed login attempt from %{IPV4:source_ip} (forwarded for '%{IPV4:forwarded_ip}'): '%{DATA:username}'\n",“stream”:“stderr”,“time”:“%{TIMESTAMP_ISO8601:log_time}”

The log is:
{“log”:“[2025-02-20 06:32:33 +0000] [7/Thread-490 (process_request_thread)] [WARNING] Failed login attempt from 172.16.10.2 (forwarded for ‘111.111.111.111’): ‘ich’\n”,“stream”:“stderr”,“time”:“2025-02-20T06:32:33.0029606Z”}

LearningSpot · February 21, 2025, 10:15am

Hi, can try the pattern below :

{“log”:“[%{DATA:timestamp}] [%{INT:thread_id}/Thread-%{INT:thread_number} (%{DATA:thread_name})] [%{LOGLEVEL:loglevel}] Failed login attempt from %{IP:source_ip} (forwarded for ‘%{IP:forwarded_ip}’): ‘ich’\n”,“stream”:“stderr”,“time”:“%{TIMESTAMP_ISO8601:log_time}”}

dedmaross · February 27, 2025, 6:07pm

Thx, the solution is: ‘’%{IPV4:source_ip}‘’
No it works

Topic		Replies	Views
Ban after number of attemps crowdsec	12	904	March 11, 2022
Using Sonarr parser on a kubernetes cluster	2	91	August 2, 2024
Http-generic-bf don't work(((	10	1093	June 2, 2022
Cowdsec missing vsftp failures	1	757	April 12, 2021
Issue with Apache / modsec - replay	4	1055	January 28, 2022

Pattern for Radicale Log

Related topics