Skip to content

[HAProxy] SSL handshake fail to parse #1262

@LaurenceJJones

Description

@LaurenceJJones

Currently the HAProxy parser only parses successful proxied requests, however, a user may also want to create a custom scenario if SSL handshake fails

192.168.1.1:33283 [28/Feb/2025:02:07:51.623] 1_HTTPS_frontend/192.168.5.100:443: SSL handshake failure (error:0A0000C1:SSL routines::no shared cipher)

We wouldnt provide a scenario for this as we wouldnt know if a user wants to act on these types of requests, but a parser that can set a log_type to act on would be good enough for now.

line: 192.168.1.1:33283 [28/Feb/2025:02:07:51.623] 1_HTTPS_frontend/192.168.5.100:443: SSL handshake failure (error:0A0000C1:SSL routines::no shared cipher)
    ├ s00-raw
    |    ├ 🔴 crowdsecurity/syslog-logs
    |    └ 🟢 crowdsecurity/non-syslog (+5 ~8)
    ├ s01-parse
    |    ├ 🔴 crowdsecurity/haproxy-logs
    |    ├ 🔴 crowdsecurity/opnsense-gui-logs
    |    ├ 🔴 firewallservices/pf-logs
    |    ├ 🔴 firewallservices/pf-logs-drop
    |    └ 🔴 crowdsecurity/sshd-logs
    └-------- parser failure 🔴

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions