├── images ├── Lookup_Tables.png └── Exemple_Worldmap.png ├── LICENSE ├── README.md ├── extractor_Nginx.json └── extractors.json /images/Lookup_Tables.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jbsky/graylog/HEAD/images/Lookup_Tables.png -------------------------------------------------------------------------------- /images/Exemple_Worldmap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jbsky/graylog/HEAD/images/Exemple_Worldmap.png -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | This is free and unencumbered software released into the public domain. 2 | 3 | Anyone is free to copy, modify, publish, use, compile, sell, or 4 | distribute this software, either in source code form or as a compiled 5 | binary, for any purpose, commercial or non-commercial, and by any 6 | means. 7 | 8 | In jurisdictions that recognize copyright laws, the author or authors 9 | of this software dedicate any and all copyright interest in the 10 | software to the public domain. We make this dedication for the benefit 11 | of the public at large and to the detriment of our heirs and 12 | successors. We intend this dedication to be an overt act of 13 | relinquishment in perpetuity of all present and future rights to this 14 | software under copyright law. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR 20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 22 | OTHER DEALINGS IN THE SOFTWARE. 23 | 24 | For more information, please refer to 25 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | This is a set of extractors for use within Graylog, to parse the output of 2 | Pfsense filter and Nginx logs. 3 | # Prerequisites 4 | #### Pfsense 2.6.0-RELEASE 5 | * Select Log Message Format to "syslog (RFC 5424, with RFC 3339 microsecond-precision timestamps)" 6 | * Set Remote log servers 7 | * check Remote Syslog Content 8 | 9 | 10 | #### Graylog 5 11 | ##### System/Input => Syslog UDP: 12 | * Set store_full_message: false 13 | 14 | It is no need anymore ;) 15 | 16 | # Installation 17 | ## Extractor 18 | * Open the Graylog administrative interface 19 | * Open the "System/Inputs" menu 20 | * Select "Inputs" 21 | * Select "Manage Extractors" for the input that receives Pfsense logs 22 | * Select "Actions" menu 23 | * Select "Import extractors" 24 | * Paste the contents of [extractors.json](extractors.json), into the text box 25 | * Select the button "Add extractors to input" 26 | * Repeat import extractors for [extractor_Nginx.json](extractor_Nginx.json) 27 | 28 | ## Lookup Table 29 | * Check that you have the same configuration as the capture ![Screenshot](images/Lookup_Tables.png) 30 | 31 | ## Nginx precaution 32 | * For Nginx, thanks to respect this log format: 33 | ``` 34 | '"$http_x_forwarded_for" - $remote_user [$time_local] "host: $host" "$request" ' 35 | '$status $body_bytes_sent "$http_referer" ' 36 | '"$http_user_agent" $request_time "$http_x_forwarded_proto"' 37 | ``` 38 | 39 | # Usage 40 | ## Exemple 1 41 | * Open your Graylog search 42 | * Search for `application_name:filterlog` 43 | * The search results should now be showing all TCP/UDP/ICMP data as separate fields 44 | 45 | ## Exemple 2 46 | What is interesting is the passage of the IPs to the lookup tables in order to obtain either the City, Country, or ASN coordinates (and tell me what it is ;)) 47 | 48 | Yes, we will get SourceCity, DestCity and City. With the world map, we will aggregate the data. 49 | 50 | ![Screenshot](images/Exemple_Worldmap.png) 51 | 52 | 53 | # GeoIP 54 | * Set order Message Processors Configuration in menu System/Configuraiton 55 | ``` 56 | n : Message Filter Chain 57 | n+1 : GeoIP Resolver 58 | ``` 59 | 60 | # Background 61 | Thank you for this repository https://github.com/facyber/pfSense-Graylog-Extractor.git 62 | but I had to adapt to work :? 63 | -------------------------------------------------------------------------------- /extractor_Nginx.json: -------------------------------------------------------------------------------- 1 | { 2 | "extractors": [ 3 | { 4 | "title": "Nginx Extractor format '\"$http_x_forwarded_for\" - $remote_user [$time_local] \"host: $host\" \"$request\" ' '$status $body_bytes_sent \"$http_referer\" ' '\"$http_user_agent\" $request_time \"$http_x_forwarded_proto\"'", 5 | "extractor_type": "grok", 6 | "converters": [], 7 | "order": 0, 8 | "cursor_strategy": "copy", 9 | "source_field": "message", 10 | "target_field": "", 11 | "extractor_config": { 12 | "grok_pattern": "nginx: \"%{IPORHOST:SourceNginxIP}\" - - \\[%{HTTPDATE:http_date}\\] \"host: %{HOSTNAME:http_hostname}\" \"%{WORD:http_method} %{URIPATH:uripath} %{DATA:http_version}\" %{INT:http_coderetour} %{INT:http_length} \"%{DATA:http_url}\" \"%{DATA:http_useragent}\" %{BASE16FLOAT:http_timeelapsed} \"%{WORD:http_backendproto}\"" 13 | }, 14 | "condition_type": "regex", 15 | "condition_value": "^nginx: \".*" 16 | }, 17 | { 18 | "title": "SourceNginxIP geo-lookup-country", 19 | "extractor_type": "lookup_table", 20 | "converters": [], 21 | "order": 0, 22 | "cursor_strategy": "copy", 23 | "source_field": "SourceNginxIP", 24 | "target_field": "SourceNginxCountry", 25 | "extractor_config": { 26 | "lookup_table_name": "geo-lookup-country" 27 | }, 28 | "condition_type": "none", 29 | "condition_value": "" 30 | }, 31 | { 32 | "title": "SourceNginxIP geo-lookup-city", 33 | "extractor_type": "lookup_table", 34 | "converters": [], 35 | "order": 0, 36 | "cursor_strategy": "copy", 37 | "source_field": "SourceNginxIP", 38 | "target_field": "SourceNginxCity", 39 | "extractor_config": { 40 | "lookup_table_name": "geo-lookup-city" 41 | }, 42 | "condition_type": "none", 43 | "condition_value": "" 44 | }, 45 | { 46 | "title": "SourceNginxIP geo-lookup-asn", 47 | "extractor_type": "lookup_table", 48 | "converters": [], 49 | "order": 0, 50 | "cursor_strategy": "copy", 51 | "source_field": "SourceNginxIP", 52 | "target_field": "SourceNginxASN", 53 | "extractor_config": { 54 | "lookup_table_name": "geo-lookup-asn" 55 | }, 56 | "condition_type": "none", 57 | "condition_value": "" 58 | }, 59 | { 60 | "title": "SourceNginxCity -> City", 61 | "extractor_type": "copy_input", 62 | "converters": [], 63 | "order": 0, 64 | "cursor_strategy": "copy", 65 | "source_field": "SourceNginxCity", 66 | "target_field": "City", 67 | "extractor_config": {}, 68 | "condition_type": "none", 69 | "condition_value": "" 70 | }, 71 | { 72 | "title": "SourceNginxCountry -> Country", 73 | "extractor_type": "copy_input", 74 | "converters": [], 75 | "order": 0, 76 | "cursor_strategy": "copy", 77 | "source_field": "SourceNginxCountry", 78 | "target_field": "Country", 79 | "extractor_config": {}, 80 | "condition_type": "none", 81 | "condition_value": "" 82 | }, 83 | { 84 | "title": "SourceNginxASN -> ASN", 85 | "extractor_type": "copy_input", 86 | "converters": [], 87 | "order": 0, 88 | "cursor_strategy": "copy", 89 | "source_field": "SourceNginxASN", 90 | "target_field": "Country", 91 | "extractor_config": {}, 92 | "condition_type": "none", 93 | "condition_value": "" 94 | } 95 | ], 96 | "version": "5.0.0" 97 | } -------------------------------------------------------------------------------- /extractors.json: -------------------------------------------------------------------------------- 1 | { 2 | "extractors": [ 3 | { 4 | "title": "pfSense filterlog: IPv6 TCP", 5 | "extractor_type": "regex", 6 | "converters": [ 7 | { 8 | "type": "csv", 9 | "config": { 10 | "trim_leading_whitespace": false, 11 | "column_header": "RuleNumber,SubRuleNumber,Anchor,Tracker,Interface,Reason,Action,Direction,IPVersion,Class,FlowLabel,HopLimit,Protocol,ProtocolID,Length,SourceIP,DestIP,SourcePort,DestPort,DataLength,TCPFlags,Sequence,ACK,Window,URG,Options" 12 | } 13 | } 14 | ], 15 | "order": 0, 16 | "cursor_strategy": "copy", 17 | "source_field": "message", 18 | "target_field": "FilterData", 19 | "extractor_config": { 20 | "regex_value": "^(.*)$" 21 | }, 22 | "condition_type": "regex", 23 | "condition_value": "(.*),(in|out),6,.*,6,tcp,.*$" 24 | }, 25 | { 26 | "title": "pfSense filterlog: IPv6 UDP", 27 | "extractor_type": "regex", 28 | "converters": [ 29 | { 30 | "type": "csv", 31 | "config": { 32 | "trim_leading_whitespace": false, 33 | "column_header": "RuleNumber,SubRuleNumber,Anchor,Tracker,Interface,Reason,Action,Direction,IPVersion,Class,FlowLabel,HopLimit,Protocol,ProtocolID,Length,SourceIP,DestIP,SourcePort,DestPort,DataLength" 34 | } 35 | } 36 | ], 37 | "order": 0, 38 | "cursor_strategy": "copy", 39 | "source_field": "message", 40 | "target_field": "FilterData", 41 | "extractor_config": { 42 | "regex_value": "^(.*)$" 43 | }, 44 | "condition_type": "regex", 45 | "condition_value": "(.*),(in|out),6,.*,17,udp,.*$" 46 | }, 47 | { 48 | "title": "pfSense filterlog: IPv4 TCP", 49 | "extractor_type": "regex", 50 | "converters": [ 51 | { 52 | "type": "csv", 53 | "config": { 54 | "trim_leading_whitespace": false, 55 | "column_header": "RuleNumber,SubRuleNumber,Anchor,Tracker,Interface,Reason,Action,Direction,IPVersion,TOS,ECN,TTL,ID,Offset,Flags,ProtocolID,Protocol,Length,SourceIP,DestIP,SourcePort,DestPort,DataLength,TCPFlags,Sequence,ACK,Window,URG,Options", 56 | "strict_quotes": false 57 | } 58 | } 59 | ], 60 | "order": 0, 61 | "cursor_strategy": "copy", 62 | "source_field": "message", 63 | "target_field": "FilterData", 64 | "extractor_config": { 65 | "regex_value": "^(.*)$" 66 | }, 67 | "condition_type": "regex", 68 | "condition_value": "(.*),(in|out),4,.*,6,tcp,.*$" 69 | }, 70 | { 71 | "title": "pfSense filterlog: IPv4 UDP", 72 | "extractor_type": "regex", 73 | "converters": [ 74 | { 75 | "type": "csv", 76 | "config": { 77 | "trim_leading_whitespace": false, 78 | "column_header": "RuleNumber,SubRuleNumber,Anchor,Tracker,Interface,Reason,Action,Direction,IPVersion,TOS,ECN,TTL,ID,Offset,Flags,ProtocolID,Protocol,Length,SourceIP,DestIP,SourcePort,DestPort,DataLength", 79 | "strict_quotes": false 80 | } 81 | } 82 | ], 83 | "order": 0, 84 | "cursor_strategy": "copy", 85 | "source_field": "message", 86 | "target_field": "FilterData", 87 | "extractor_config": { 88 | "regex_value": "^(.*)$" 89 | }, 90 | "condition_type": "regex", 91 | "condition_value": "(.*),(in|out),4,.*,17,udp,.*$" 92 | }, 93 | { 94 | "title": "pfSense filterlog: IPv4 ICMP Echo", 95 | "extractor_type": "regex", 96 | "converters": [ 97 | { 98 | "type": "csv", 99 | "config": { 100 | "trim_leading_whitespace": false, 101 | "column_header": "RuleNumber,SubRuleNumber,Anchor,Tracker,Interface,Reason,Action,Direction,IPVersion,TOS,ECN,TTL,ID,Offset,Flags,ProtocolID,Protocol,Length,SourceIP,DestIP,ICMP_Type,ICMP_ID,ICMP_Sequence" 102 | } 103 | } 104 | ], 105 | "order": 0, 106 | "cursor_strategy": "copy", 107 | "source_field": "message", 108 | "target_field": "FilterData", 109 | "extractor_config": { 110 | "regex_value": "^(.*)$" 111 | }, 112 | "condition_type": "regex", 113 | "condition_value": "(.*),(in|out),4,.*,icmp,.*,(request|reply),.*$" 114 | }, 115 | { 116 | "title": "pfSense filterlog: IPv4 ICMP Need Frag", 117 | "extractor_type": "regex", 118 | "converters": [ 119 | { 120 | "type": "csv", 121 | "config": { 122 | "trim_leading_whitespace": false, 123 | "column_header": "RuleNumber,SubRuleNumber,Anchor,Tracker,Interface,Reason,Action,Direction,IPVersion,TOS,ECN,TTL,ID,Offset,Flags,ProtocolID,Protocol,Length,SourceIP,DestIP,ICMP_Type,ICMP_DestIP,ICMP_MTU" 124 | } 125 | } 126 | ], 127 | "order": 0, 128 | "cursor_strategy": "copy", 129 | "source_field": "message", 130 | "target_field": "FilterData", 131 | "extractor_config": { 132 | "regex_value": "^(.*)$" 133 | }, 134 | "condition_type": "regex", 135 | "condition_value": "(.*),(in|out),4,.*,icmp,.*,needfrag,.*$" 136 | }, 137 | { 138 | "title": "pfSense filterlog: IPv4 ICMP Unreachable Other", 139 | "extractor_type": "regex", 140 | "converters": [ 141 | { 142 | "type": "csv", 143 | "config": { 144 | "trim_leading_whitespace": false, 145 | "column_header": "RuleNumber,SubRuleNumber,Anchor,Tracker,Interface,Reason,Action,Direction,IPVersion,TOS,ECN,TTL,ID,Offset,Flags,ProtocolID,Protocol,Length,SourceIP,DestIP,ICMP_Type,ICMP_Description" 146 | } 147 | } 148 | ], 149 | "order": 0, 150 | "cursor_strategy": "copy", 151 | "source_field": "message", 152 | "target_field": "FilterData", 153 | "extractor_config": { 154 | "regex_value": "^(.*)$" 155 | }, 156 | "condition_type": "regex", 157 | "condition_value": "(.*),(in|out),4,.*,icmp,.*,(unreach|timexceed|paramprob|redirect|maskreply),.*$" 158 | }, 159 | { 160 | "title": "pfSense filterlog: IPv4 ICMP Unreachable Protocol", 161 | "extractor_type": "regex", 162 | "converters": [ 163 | { 164 | "type": "csv", 165 | "config": { 166 | "trim_leading_whitespace": false, 167 | "column_header": "RuleNumber,SubRuleNumber,Anchor,Tracker,Interface,Reason,Action,Direction,IPVersion,TOS,ECN,TTL,ID,Offset,Flags,ProtocolID,Protocol,Length,SourceIP,DestIP,ICMP_Type,ICMP_DestIP,ICMP_ProtocolID" 168 | } 169 | } 170 | ], 171 | "order": 0, 172 | "cursor_strategy": "copy", 173 | "source_field": "message", 174 | "target_field": "FilterData", 175 | "extractor_config": { 176 | "regex_value": "^(.*)$" 177 | }, 178 | "condition_type": "regex", 179 | "condition_value": "(.*),(in|out),4,.*,icmp,.*,unreachproto,.*$" 180 | }, 181 | { 182 | "title": "pfSense filterlog: IPv4 ICMP Unreachable Port", 183 | "extractor_type": "regex", 184 | "converters": [ 185 | { 186 | "type": "csv", 187 | "config": { 188 | "trim_leading_whitespace": false, 189 | "column_header": "RuleNumber,SubRuleNumber,Anchor,Tracker,Interface,Reason,Action,Direction,IPVersion,TOS,ECN,TTL,ID,Offset,Flags,ProtocolID,Protocol,Length,SourceIP,DestIP,ICMP_Type,ICMP_DestIP,ICMP_ProtocolID,ICMP_Port" 190 | } 191 | } 192 | ], 193 | "order": 0, 194 | "cursor_strategy": "copy", 195 | "source_field": "message", 196 | "target_field": "FilterData", 197 | "extractor_config": { 198 | "regex_value": "^(.*)$" 199 | }, 200 | "condition_type": "regex", 201 | "condition_value": "(.*),(in|out),4,.*,icmp,.*,unreachport,.*$" 202 | }, 203 | { 204 | "title": "pfSense filterlog: IPv4 ICMP Tstamp", 205 | "extractor_type": "regex", 206 | "converters": [ 207 | { 208 | "type": "csv", 209 | "config": { 210 | "trim_leading_whitespace": false, 211 | "column_header": "RuleNumber,SubRuleNumber,Anchor,Tracker,Interface,Reason,Action,Direction,IPVersion,TOS,ECN,TTL,ID,Offset,Flags,ProtocolID,Protocol,Length,SourceIP,DestIP,ICMP_Type,ICMP_ID,ICMP_Sequence" 212 | } 213 | } 214 | ], 215 | "order": 0, 216 | "cursor_strategy": "copy", 217 | "source_field": "message", 218 | "target_field": "FilterData", 219 | "extractor_config": { 220 | "regex_value": "^(.*)$" 221 | }, 222 | "condition_type": "regex", 223 | "condition_value": "(.*),(in|out),4,.*,icmp,.*,tstamp,.*$" 224 | }, 225 | { 226 | "title": "pfSense filterlog: IPv4 ICMP Tstamp Reply", 227 | "extractor_type": "regex", 228 | "converters": [ 229 | { 230 | "type": "csv", 231 | "config": { 232 | "trim_leading_whitespace": false, 233 | "column_header": "RuleNumber,SubRuleNumber,Anchor,Tracker,Interface,Reason,Action,Direction,IPVersion,TOS,ECN,TTL,ID,Offset,Flags,ProtocolID,Protocol,Length,SourceIP,DestIP,ICMP_Type,ICMP_ID,ICMP_Sequence,ICMP_otime,ICMP_rtime,ICMP_ttime" 234 | } 235 | } 236 | ], 237 | "order": 0, 238 | "cursor_strategy": "copy", 239 | "source_field": "message", 240 | "target_field": "FilterData", 241 | "extractor_config": { 242 | "regex_value": "^(.*)$" 243 | }, 244 | "condition_type": "regex", 245 | "condition_value": "(.*),(in|out),4,.*,icmp,.*,tstampreply,.*$" 246 | }, 247 | { 248 | "title": "pfSense filterlog: IPv4 ICMP Default", 249 | "extractor_type": "regex", 250 | "converters": [ 251 | { 252 | "type": "csv", 253 | "config": { 254 | "trim_leading_whitespace": false, 255 | "column_header": "RuleNumber,SubRuleNumber,Anchor,Tracker,Interface,Reason,Action,Direction,IPVersion,TOS,ECN,TTL,ID,Offset,Flags,ProtocolID,Protocol,Length,SourceIP,DestIP,ICMP_Type,ICMP_Description" 256 | } 257 | } 258 | ], 259 | "order": 0, 260 | "cursor_strategy": "copy", 261 | "source_field": "message", 262 | "target_field": "FilterData", 263 | "extractor_config": { 264 | "regex_value": "^(.*)$" 265 | }, 266 | "condition_type": "regex", 267 | "condition_value": "(.*),(in|out),4,.*,icmp,.*,(?!(request|reply|unreachproto|unreachport|unreach|timexceed|paramprob|redirect|maskreply|needfrag|tstamp|tstampreply)),.*$" 268 | }, 269 | { 270 | "title": "pfSense filterlog: IPv6 ICMP Options", 271 | "extractor_type": "regex", 272 | "converters": [ 273 | { 274 | "type": "csv", 275 | "config": { 276 | "trim_leading_whitespace": false, 277 | "column_header": "RuleNumber,SubRuleNumber,Anchor,Tracker,Interface,Reason,Action,Direction,IPVersion,TOS,ECN,ProtocolID,Protocol,Offset,Length,SourceIP,DestIP,Headers,bourage,ICMP_Type,Flags,unknown_end_field" 278 | } 279 | } 280 | ], 281 | "order": 0, 282 | "cursor_strategy": "copy", 283 | "source_field": "message", 284 | "target_field": "FilterData", 285 | "extractor_config": { 286 | "regex_value": "^(.*)$" 287 | }, 288 | "condition_type": "regex", 289 | "condition_value": "(.*),(in|out),6,.*,1,Options,.*$" 290 | }, 291 | { 292 | "title": "pfSense suricata", 293 | "extractor_type": "grok", 294 | "converters": [], 295 | "order": 0, 296 | "cursor_strategy": "copy", 297 | "source_field": "message", 298 | "target_field": "", 299 | "extractor_config": { 300 | "grok_pattern": "%{DATA:info}..[Priority: %{NUMBER:priority}]\\{%{URIPROTO:protocol}} %{IPORHOST:SourceIP}:%{POSINT:SourcePort} -> %{IPORHOST:DestIP}:%{POSINT:DestPort}", 301 | "named_captures_only": false 302 | }, 303 | "condition_type": "none", 304 | "condition_value": "" 305 | }, 306 | { 307 | "title": "SourceIP geo-lookup-country", 308 | "extractor_type": "lookup_table", 309 | "converters": [], 310 | "order": 0, 311 | "cursor_strategy": "copy", 312 | "source_field": "SourceIP", 313 | "target_field": "SourceCountry", 314 | "extractor_config": { 315 | "lookup_table_name": "geo-lookup-country" 316 | }, 317 | "condition_type": "none", 318 | "condition_value": "" 319 | }, 320 | { 321 | "title": "SourceIP geo-lookup-city", 322 | "extractor_type": "lookup_table", 323 | "converters": [], 324 | "order": 0, 325 | "cursor_strategy": "copy", 326 | "source_field": "SourceIP", 327 | "target_field": "SourceCity", 328 | "extractor_config": { 329 | "lookup_table_name": "geo-lookup-city" 330 | }, 331 | "condition_type": "none", 332 | "condition_value": "" 333 | }, 334 | { 335 | "title": "DestIP geo-lookup-country", 336 | "extractor_type": "lookup_table", 337 | "converters": [], 338 | "order": 0, 339 | "cursor_strategy": "copy", 340 | "source_field": "DestIP", 341 | "target_field": "DestCountry", 342 | "extractor_config": { 343 | "lookup_table_name": "geo-lookup-country" 344 | }, 345 | "condition_type": "none", 346 | "condition_value": "" 347 | }, 348 | { 349 | "title": "DestIP geo-lookup-city", 350 | "extractor_type": "lookup_table", 351 | "converters": [], 352 | "order": 0, 353 | "cursor_strategy": "copy", 354 | "source_field": "DestIP", 355 | "target_field": "DestCity", 356 | "extractor_config": { 357 | "lookup_table_name": "geo-lookup-city" 358 | }, 359 | "condition_type": "none", 360 | "condition_value": "" 361 | }, 362 | { 363 | "title": "DestIP geo-lookup-asn", 364 | "extractor_type": "lookup_table", 365 | "converters": [], 366 | "order": 0, 367 | "cursor_strategy": "copy", 368 | "source_field": "DestIP", 369 | "target_field": "DestASN", 370 | "extractor_config": { 371 | "lookup_table_name": "geo-lookup-asn" 372 | }, 373 | "condition_type": "none", 374 | "condition_value": "" 375 | }, 376 | { 377 | "title": "SourceIP geo-lookup-asn", 378 | "extractor_type": "lookup_table", 379 | "converters": [], 380 | "order": 0, 381 | "cursor_strategy": "copy", 382 | "source_field": "SourceIP", 383 | "target_field": "SourceASN", 384 | "extractor_config": { 385 | "lookup_table_name": "geo-lookup-asn" 386 | }, 387 | "condition_type": "none", 388 | "condition_value": "" 389 | }, 390 | { 391 | "title": "SourceCity -> City", 392 | "extractor_type": "copy_input", 393 | "converters": [], 394 | "order": 0, 395 | "cursor_strategy": "copy", 396 | "source_field": "SourceCity", 397 | "target_field": "City", 398 | "extractor_config": {}, 399 | "condition_type": "none", 400 | "condition_value": "" 401 | }, 402 | { 403 | "title": "DestCity -> City", 404 | "extractor_type": "copy_input", 405 | "converters": [], 406 | "order": 0, 407 | "cursor_strategy": "copy", 408 | "source_field": "DestCity", 409 | "target_field": "City", 410 | "extractor_config": {}, 411 | "condition_type": "none", 412 | "condition_value": "" 413 | }, 414 | { 415 | "title": "SourceASN -> ASN", 416 | "extractor_type": "copy_input", 417 | "converters": [], 418 | "order": 0, 419 | "cursor_strategy": "copy", 420 | "source_field": "SourceASN", 421 | "target_field": "ASN", 422 | "extractor_config": {}, 423 | "condition_type": "none", 424 | "condition_value": "" 425 | }, 426 | { 427 | "title": "DestASN -> ASN", 428 | "extractor_type": "copy_input", 429 | "converters": [], 430 | "order": 0, 431 | "cursor_strategy": "copy", 432 | "source_field": "DestASN", 433 | "target_field": "ASN", 434 | "extractor_config": {}, 435 | "condition_type": "none", 436 | "condition_value": "" 437 | }, 438 | { 439 | "title": "SourceCountry -> Country", 440 | "extractor_type": "copy_input", 441 | "converters": [], 442 | "order": 0, 443 | "cursor_strategy": "copy", 444 | "source_field": "SourceCountry", 445 | "target_field": "Country", 446 | "extractor_config": {}, 447 | "condition_type": "none", 448 | "condition_value": "" 449 | }, 450 | { 451 | "title": "DestCountry -> Country", 452 | "extractor_type": "copy_input", 453 | "converters": [], 454 | "order": 0, 455 | "cursor_strategy": "copy", 456 | "source_field": "DestCountry", 457 | "target_field": "Country", 458 | "extractor_config": {}, 459 | "condition_type": "none", 460 | "condition_value": "" 461 | } 462 | ], 463 | "version": "5.0.0" 464 | } --------------------------------------------------------------------------------