teler requires a minimum of configuration to process and/or log analysis, and execute threats and/or alerts. See teler.example.yaml for an example.

Log Formats

Because we use gonx package to parse the log, you can write any log format. As an examples:

Apache

log_format: |
  $remote_addr - $remote_user [$time_local] "$request_method $request_uri $request_protocol" $status $body_bytes_sent "$http_referer" "$http_user_agent"

Nginx

log_format: |
  $remote_addr $remote_user - [$time_local] "$request_method $request_uri $request_protocol"
  $status $body_bytes_sent "$http_referer" "$http_user_agent"

Nginx Ingress

log_format: |
  $remote_addr - [$remote_addr] $remote_user - [$time_local]
  "$request_method $request_uri $request_protocol" $status $body_bytes_sent
  "$http_referer" "$http_user_agent" $request_length $request_time
  [$proxy_upstream_name] $upstream_addr $upstream_response_length $upstream_response_time $upstream_status $req_id

Amazon S3

log_format: |
  $bucket_owner $bucket [$time_local] $remote_addr $requester $req_id $operationration $key
  "$request_method $request_uri $request_protocol" $status $error_code $body_bytes_sent -
  $total_time - "$http_referer" "$http_user_agent" $version_id $host_id
  $signature_version $cipher_suite $http_auth_type $http_host_header $tls_version

Elastic LB

log_format: |
  $time_local $elb_name $remote_addr $upstream_addr $request_processing_time
  $upstream_processing_time $response_processing_time $status $upstream_status $body_received_bytes $body_bytes_sent
  "$request_method $request_uri $request_protocol" "$http_user_agent" $cipher_suite $tls_version

CloudFront

log_format: |
  $date $time $edge_location  $body_bytes_sent  $remote_addr
  $request_method $http_host_header $requst_uri $status
  $http_referer $http_user_agent  $request_query  $http_cookie  $edge_type  $req_id
  $http_host_header $ssl_protocol $body_bytes_sent  $response_processing_time $http_host_forwarded
  $tls_version  $cipher_suite $edge_result_type $request_protocol $fle_status $fle_encrypted_fields
  $http_port  $time_first_byte  $edge_detail_result_type
  $http_content_type  $request_length $request_length_start $request_length_end

How to write log format

See here:

Log Format

Threat rules

Cache