diff --git a/.github/workflows/appsec_vpatch_lint.yaml b/.github/workflows/appsec_vpatch_lint.yaml
index bebeee50cba..2d36d81c816 100644
--- a/.github/workflows/appsec_vpatch_lint.yaml
+++ b/.github/workflows/appsec_vpatch_lint.yaml
@@ -48,7 +48,7 @@ jobs:
         with:
           state: open
       - name: Comment PR if errors
-        if: ${{ (env.taxonomy_errors == '1') && (github.event_name == 'push') && (github.ref != 'refs/heads/master') }}
+        if: ${{ (env.taxonomy_errors == '1') && (github.event_name == 'push') && (github.ref != 'refs/heads/master') && (steps.findPr.outputs.pr != 'false') }}
         uses: thollander/actions-comment-pull-request@v2
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/update_taxonomy.yaml b/.github/workflows/update_taxonomy.yaml
index 418f129fdf2..f4248076ea8 100644
--- a/.github/workflows/update_taxonomy.yaml
+++ b/.github/workflows/update_taxonomy.yaml
@@ -54,7 +54,7 @@ jobs:
         with:
           state: open
       - name: Comment PR if errors
-        if: ${{ (env.taxonomy_errors == '1') && (github.event_name == 'push') && (github.ref != 'refs/heads/master') }}
+        if: ${{ (env.taxonomy_errors == '1') && (github.event_name == 'push') && (github.ref != 'refs/heads/master') && (steps.findPr.outputs.pr != 'false') }}
         uses: thollander/actions-comment-pull-request@v2
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.gitignore b/.gitignore
index 8672b1d77ff..6cac6b4d73d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -27,6 +27,7 @@ taxonomy/scenario_taxonomy_errors.md
 
 workspace.code-workspace
 .cache
+runtime/
 
 waf-check/dataset/*
 waf-check/output/*
diff --git a/.index.json b/.index.json
index 03a694535e4..1d04160be41 100644
--- a/.index.json
+++ b/.index.json
@@ -15755,13 +15755,13 @@
     },
     "crowdsecurity/sshd-logs": {
       "author": "crowdsecurity",
-      "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gaW4gWydzc2hkLXNlc3Npb24nLCAnc3NoZCddIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaGQtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG9wZW5TU0ggbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgIyBUaGUgSVAgZ3JvayBwYXR0ZXJuIHRoYXQgc2hpcHMgd2l0aCBjcm93ZHNlYyBpcyBidWdneSBhbmQgZG9lcyBub3QgY2FwdHVyZSB0aGUgbGFzdCBkaWdpdCBvZiBhbiBJUCBpZiBpdCBpcyB0aGUgbGFzdCB0aGluZyBpdCBtYXRjaGVzLCBhbmQgdGhlIGxhc3Qgb2N0ZXQgc3RhcnRzIHdpdGggYSAyCiAgIyBodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcm93ZHNlYy9pc3N1ZXMvOTM4CiAgSVB2NF9XT1JLQVJPVU5EOiAoPzooPzoyNVswLTVdfDJbMC00XVswLTldfFswMV0/WzAtOV1bMC05XT8pXC4pezN9KD86MjVbMC01XXwyWzAtNF1bMC05XXxbMDFdP1swLTldWzAtOV0/KQogIElQX1dPUktBUk9VTkQ6ICg/OiV7SVBWNn18JXtJUHY0X1dPUktBUk9VTkR9KQogIFNTSERfQVVUSF9GQUlMOiAncGFtXyV7REFUQTpwYW1fdHlwZX1cKHNzaGQ6YXV0aFwpOiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlOyBsb2duYW1lPSB1aWQ9JXtOVU1CRVI6dWlkfT8gZXVpZD0le05VTUJFUjpldWlkfT8gdHR5PXNzaCBydXNlcj0gcmhvc3Q9JXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSggJXtTUEFDRX11c2VyPSV7VVNFUk5BTUU6c3NoZF9pbnZhbGlkX3VzZXJ9KT8nCiAgU1NIRF9NQUdJQ19WQUxVRV9GQUlMRUQ6ICdNYWdpYyB2YWx1ZSBjaGVjayBmYWlsZWQgXChcZCtcKSBvbiBvYmZ1c2NhdGVkIGhhbmRzaGFrZSBmcm9tICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0gcG9ydCBcZCsnCiAgU1NIRF9JTlZBTElEX1VTRVI6ICdJbnZhbGlkIHVzZXJccyole1VTRVJOQU1FOnNzaGRfaW52YWxpZF91c2VyfT8gZnJvbSAle0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9KCBwb3J0IFxkKyk/JwogIFNTSERfSU5WQUxJRF9VU0VSX0FMVDogJ0ZhaWxlZCBrZXlib2FyZC1pbnRlcmFjdGl2ZS9wYW0gZm9yIGludmFsaWQgdXNlciAle1VTRVJOQU1FOnNzaGRfaW52YWxpZF91c2VyfSBmcm9tICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0oIHBvcnQgXGQrKT8nCiAgU1NIRF9JTlZBTElEX0JBTk5FUjogJ2Jhbm5lciBleGNoYW5nZTogQ29ubmVjdGlvbiBmcm9tICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0gcG9ydCBcZCs6IGludmFsaWQgZm9ybWF0JwogIFNTSERfUFJFQVVUSF9BVVRIRU5USUNBVElOR19VU0VSOiAnQ29ubmVjdGlvbiAoY2xvc2VkfHJlc2V0KSBieSggKGF1dGhlbnRpY2F0aW5nfGludmFsaWQpIHVzZXIgJXtVU0VSTkFNRTpzc2hkX2ludmFsaWRfdXNlcn0pPyAle0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9IHBvcnQgXGQrIFxbcHJlYXV0aFxdJwogICNmb2xsb3dpbmc6IGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2Nyb3dkc2VjL2lzc3Vlcy8xMjAxIC0gc29tZSBzY2FubmVycyBiZWhhdmUgZGlmZmVyZW50bHkgYW5kIHRyaWdnZXIgdGhpcyBvbmUKICBTU0hEX1BSRUFVVEhfQVVUSEVOVElDQVRJTkdfVVNFUl9BTFQ6ICdEaXNjb25uZWN0ZWQgZnJvbSAoYXV0aGVudGljYXRpbmd8aW52YWxpZCkgdXNlciAle1VTRVJOQU1FOnNzaGRfaW52YWxpZF91c2VyfSAle0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9IHBvcnQgXGQrIFxbcHJlYXV0aFxdJwogIFNTSERfQkFEX0tFWV9ORUdPVElBVElPTjogJ1VuYWJsZSB0byBuZWdvdGlhdGUgd2l0aCAle0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9IHBvcnQgXGQrOiBubyBtYXRjaGluZyAoaG9zdCBrZXkgdHlwZXxrZXkgZXhjaGFuZ2UgbWV0aG9kfE1BQykgZm91bmQuJwogICMgaW4gY2FzZSB0aGV5IGFyZSBibG9ja2VkIGJ5IC9ldGMvc3NoL3NzaGRfY29uZmlnIEFsbG93VXNlcnMgeHggeXkKICBTU0hEX05PVF9BTExPV0VEX1VTRVI6ICdVc2VyICV7VVNFUk5BTUU6c3NoZF9pbnZhbGlkX3VzZXJ9PyBmcm9tICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0oIHBvcnQgXGQrKT8gbm90IGFsbG93ZWQgYmVjYXVzZSBub3QgbGlzdGVkIGluIEFsbG93VXNlcnMnCiAgU1NIRF9BVVRIX1RJTUVPVVQ6ICdUaW1lb3V0IGJlZm9yZSBhdXRoZW50aWNhdGlvbiBmb3IgJXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSggcG9ydCBcZCspPycKICBTU0hEX0RJU1BBVENIX0ZBVEFMOiAnc3NoX2Rpc3BhdGNoX3J1bl9mYXRhbDogQ29ubmVjdGlvbiBmcm9tICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0oIHBvcnQgXGQrKT86IG1lc3NhZ2UgYXV0aGVudGljYXRpb24gY29kZSBpbmNvcnJlY3QgXFtwcmVhdXRoXF0nCiAgU1NIRF9SRUZVU0VEX0NPTk46ICdyZWZ1c2VkIGNvbm5lY3QgZnJvbS4qXCgoOjpmZmZmOik/JXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfVwpJwpub2RlczoKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0ZBSUwiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfUFJFQVVUSF9BVVRIRU5USUNBVElOR19VU0VSX0FMVCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9QUkVBVVRIX0FVVEhFTlRJQ0FUSU5HX1VTRVIiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfRElTQ19QUkVBVVRIIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfQkFEX1ZFUlNJT04iCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9JTlZBTElEX1VTRVIiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfSU5WQUxJRF9VU0VSX0FMVCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9OT1RfQUxMT1dFRF9VU0VSIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0lOVkFMSURfQkFOTkVSIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IGV4dHJhX2xvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2JhZF9iYW5uZXIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX1VTRVJfRkFJTCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9BVVRIX0ZBSUwiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfTUFHSUNfVkFMVUVfRkFJTEVEIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0JBRF9LRVlfTkVHT1RJQVRJT04iCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9iYWRfa2V5ZXhjaGFuZ2UKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0FVVEhfVElNRU9VVCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2F1dGhfdGltZW91dAogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfRElTUEFUQ0hfRkFUQUwiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9kaXNwYXRjaF9mYXRhbAogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfUkVGVVNFRF9DT05OIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfcmVmdXNlZF9jb25uCnN0YXRpY3M6CiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogc3NoCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfY2xpZW50X2lwIgo=",
+      "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gaW4gWydzc2hkLXNlc3Npb24nLCAnc3NoZCddIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaGQtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIG9wZW5TU0ggbG9ncyIKcGF0dGVybl9zeW50YXg6CiAgIyBUaGUgSVAgZ3JvayBwYXR0ZXJuIHRoYXQgc2hpcHMgd2l0aCBjcm93ZHNlYyBpcyBidWdneSBhbmQgZG9lcyBub3QgY2FwdHVyZSB0aGUgbGFzdCBkaWdpdCBvZiBhbiBJUCBpZiBpdCBpcyB0aGUgbGFzdCB0aGluZyBpdCBtYXRjaGVzLCBhbmQgdGhlIGxhc3Qgb2N0ZXQgc3RhcnRzIHdpdGggYSAyCiAgIyBodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcm93ZHNlYy9pc3N1ZXMvOTM4CiAgSVB2NF9XT1JLQVJPVU5EOiAoPzooPzoyNVswLTVdfDJbMC00XVswLTldfFswMV0/WzAtOV1bMC05XT8pXC4pezN9KD86MjVbMC01XXwyWzAtNF1bMC05XXxbMDFdP1swLTldWzAtOV0/KQogIElQX1dPUktBUk9VTkQ6ICg/OiV7SVBWNn18JXtJUHY0X1dPUktBUk9VTkR9KQogIFNTSERfQVVUSF9GQUlMOiAncGFtXyV7REFUQTpwYW1fdHlwZX1cKHNzaGQ6YXV0aFwpOiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlOyBsb2duYW1lPSB1aWQ9JXtOVU1CRVI6dWlkfT8gZXVpZD0le05VTUJFUjpldWlkfT8gdHR5PXNzaCBydXNlcj0gcmhvc3Q9JXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSggJXtTUEFDRX11c2VyPSV7VVNFUk5BTUU6c3NoZF9pbnZhbGlkX3VzZXJ9KT8nCiAgU1NIRF9NQUdJQ19WQUxVRV9GQUlMRUQ6ICdNYWdpYyB2YWx1ZSBjaGVjayBmYWlsZWQgXChcZCtcKSBvbiBvYmZ1c2NhdGVkIGhhbmRzaGFrZSBmcm9tICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0gcG9ydCBcZCsnCiAgU1NIRF9JTlZBTElEX1VTRVI6ICdJbnZhbGlkIHVzZXJccyole1VTRVJOQU1FOnNzaGRfaW52YWxpZF91c2VyfT8gZnJvbSAle0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9KCBwb3J0IFxkKyk/JwogIFNTSERfSU5WQUxJRF9VU0VSX1NZTk86ICdwYW1fJXtEQVRBOnBhbV90eXBlfVwoc3NoZDphdXRoXCk6IENhbi50IGdldCB1c2VyIHVpZCBcKCV7VVNFUk5BTUU6c3NoZF9pbnZhbGlkX3VzZXJ9XCknCiAgU1NIRF9JTlZBTElEX1VTRVJfQUxUOiAnRmFpbGVkIGtleWJvYXJkLWludGVyYWN0aXZlL3BhbSBmb3IgaW52YWxpZCB1c2VyICV7VVNFUk5BTUU6c3NoZF9pbnZhbGlkX3VzZXJ9IGZyb20gJXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSggcG9ydCBcZCspPycKICBTU0hEX0lOVkFMSURfQkFOTkVSOiAnYmFubmVyIGV4Y2hhbmdlOiBDb25uZWN0aW9uIGZyb20gJXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSBwb3J0IFxkKzogaW52YWxpZCBmb3JtYXQnCiAgU1NIRF9QUkVBVVRIX0FVVEhFTlRJQ0FUSU5HX1VTRVI6ICdDb25uZWN0aW9uIChjbG9zZWR8cmVzZXQpIGJ5KCAoYXV0aGVudGljYXRpbmd8aW52YWxpZCkgdXNlciAle1VTRVJOQU1FOnNzaGRfaW52YWxpZF91c2VyfSk/ICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0gcG9ydCBcZCsgXFtwcmVhdXRoXF0nCiAgI2ZvbGxvd2luZzogaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3Jvd2RzZWMvaXNzdWVzLzEyMDEgLSBzb21lIHNjYW5uZXJzIGJlaGF2ZSBkaWZmZXJlbnRseSBhbmQgdHJpZ2dlciB0aGlzIG9uZQogIFNTSERfUFJFQVVUSF9BVVRIRU5USUNBVElOR19VU0VSX0FMVDogJ0Rpc2Nvbm5lY3RlZCBmcm9tIChhdXRoZW50aWNhdGluZ3xpbnZhbGlkKSB1c2VyICV7VVNFUk5BTUU6c3NoZF9pbnZhbGlkX3VzZXJ9ICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0gcG9ydCBcZCsgXFtwcmVhdXRoXF0nCiAgU1NIRF9CQURfS0VZX05FR09USUFUSU9OOiAnVW5hYmxlIHRvIG5lZ290aWF0ZSB3aXRoICV7SVBfV09SS0FST1VORDpzc2hkX2NsaWVudF9pcH0gcG9ydCBcZCs6IG5vIG1hdGNoaW5nIChob3N0IGtleSB0eXBlfGtleSBleGNoYW5nZSBtZXRob2R8TUFDKSBmb3VuZC4nCiAgIyBpbiBjYXNlIHRoZXkgYXJlIGJsb2NrZWQgYnkgL2V0Yy9zc2gvc3NoZF9jb25maWcgQWxsb3dVc2VycyB4eCB5eQogIFNTSERfTk9UX0FMTE9XRURfVVNFUjogJ1VzZXIgJXtVU0VSTkFNRTpzc2hkX2ludmFsaWRfdXNlcn0/IGZyb20gJXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSggcG9ydCBcZCspPyBub3QgYWxsb3dlZCBiZWNhdXNlIG5vdCBsaXN0ZWQgaW4gQWxsb3dVc2VycycKICBTU0hEX0FVVEhfVElNRU9VVDogJ1RpbWVvdXQgYmVmb3JlIGF1dGhlbnRpY2F0aW9uIGZvciAle0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9KCBwb3J0IFxkKyk/JwogIFNTSERfRElTUEFUQ0hfRkFUQUw6ICdzc2hfZGlzcGF0Y2hfcnVuX2ZhdGFsOiBDb25uZWN0aW9uIGZyb20gJXtJUF9XT1JLQVJPVU5EOnNzaGRfY2xpZW50X2lwfSggcG9ydCBcZCspPzogbWVzc2FnZSBhdXRoZW50aWNhdGlvbiBjb2RlIGluY29ycmVjdCBcW3ByZWF1dGhcXScKICBTU0hEX1JFRlVTRURfQ09OTjogJ3JlZnVzZWQgY29ubmVjdCBmcm9tLipcKCg6OmZmZmY6KT8le0lQX1dPUktBUk9VTkQ6c3NoZF9jbGllbnRfaXB9XCknCm5vZGVzOgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfRkFJTCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9QUkVBVVRIX0FVVEhFTlRJQ0FUSU5HX1VTRVJfQUxUIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX1BSRUFVVEhfQVVUSEVOVElDQVRJTkdfVVNFUiIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9ESVNDX1BSRUFVVEgiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9CQURfVkVSU0lPTiIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0lOVkFMSURfVVNFUiIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9JTlZBTElEX1VTRVJfU1lOTyIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9JTlZBTElEX1VTRVJfQUxUIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX05PVF9BTExPV0VEX1VTRVIiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfSU5WQUxJRF9CQU5ORVIiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogZXh0cmFfbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfYmFkX2Jhbm5lcgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfVVNFUl9GQUlMIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfZmFpbGVkLWF1dGgKICAgICAgICAtIG1ldGE6IHRhcmdldF91c2VyCiAgICAgICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2ludmFsaWRfdXNlciIKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0FVVEhfRkFJTCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9NQUdJQ19WQUxVRV9GQUlMRUQiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9mYWlsZWQtYXV0aAogICAgICAgIC0gbWV0YTogdGFyZ2V0X3VzZXIKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNzaGRfaW52YWxpZF91c2VyIgogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfQkFEX0tFWV9ORUdPVElBVElPTiIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2JhZF9rZXlleGNoYW5nZQogIC0gZ3JvazoKICAgICAgbmFtZTogIlNTSERfQVVUSF9USU1FT1VUIgogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBzc2hfYXV0aF90aW1lb3V0CiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9ESVNQQVRDSF9GQVRBTCIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogc3NoX2Rpc3BhdGNoX2ZhdGFsCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9SRUZVU0VEX0NPTk4iCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICAgICAgdmFsdWU6IHNzaF9yZWZ1c2VkX2Nvbm4Kc3RhdGljczoKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBzc2gKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9jbGllbnRfaXAiCg==",
       "description": "Parse openSSH logs",
       "labels": null,
       "long_description": "WW91ciBvbmUgZml0cy1hbGwgc3NoIHBhcnNlciB3aXRoIHN1cHBvcnQgZm9yIHRoZSBtb3N0IGNvbW1vbiBraW5kIG9mIGZhaWxlZCBhdXRoZW50aWNhdGlvbnMgYW5kIGVycm9ycy4KCg==",
       "path": "parsers/s01-parse/crowdsecurity/sshd-logs.yaml",
       "stage": "s01-parse",
-      "version": "3.1",
+      "version": "3.2",
       "versions": {
         "0.1": {
           "deprecated": false,
@@ -15886,6 +15886,10 @@
         "3.1": {
           "deprecated": false,
           "digest": "045ff4c7895888becf161a8666ec173c45b58e52f2a72583a03f22b40203390d"
+        },
+        "3.2": {
+          "deprecated": false,
+          "digest": "2be832b60b60c50bff469b7682fd6556cb879d447c8a77884e50e9db0b74458f"
         }
       }
     },
@@ -15995,13 +15999,13 @@
     },
     "crowdsecurity/synology-dsm-logs": {
       "author": "crowdsecurity",
-      "content": "IyBTeW5vbG9neSBEU00gYXV0aC5sb2cKI2RlYnVnOiB0cnVlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSBtYXRjaGVzICdzeW5vc2NnaV9TWU5PLkFQSS5BdXRoX1sxLTldKFswLTldKT9fbG9naW4nIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3N5bm9sb2d5LWRzbS1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgU3lub2xvZ3kgRFNNIHdlYiBhdXRoIGxvZ3MiCm9uc3VjY2VzczogbmV4dF9zdGFnZQpmb3JtYXQ6IDIuMApwYXR0ZXJuX3N5bnRheDoKICBUSU1FU1RBTVA6ICcle1lFQVJ9LSV7TU9OVEhOVU19LSV7TU9OVEhEQVl9VCV7SE9VUn06JXtNSU5VVEV9OiV7U0VDT05EfSsle0lTTzg2MDFfVElNRVpPTkV9JwojIFRoZSBJUCBncm9rIHBhdHRlcm4gdGhhdCBzaGlwcyB3aXRoIGNyb3dkc2VjIGlzIGJ1Z2d5IGFuZCBkb2VzIG5vdCBjYXB0dXJlIHRoZSBsYXN0IGRpZ2l0IG9mIGFuIElQIGlmIGl0IGlzIHRoZSBsYXN0IHRoaW5nIGl0IG1hdGNoZXMsIGFuZCB0aGUgbGFzdCBvY3RldCBzdGFydHMgd2l0aCBhIDIKIyBodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcm93ZHNlYy9pc3N1ZXMvOTM4CiAgSVB2NF9XT1JLQVJPVU5EOiAnKD86KD86MjVbMC01XXwyWzAtNF1bMC05XXxbMDFdP1swLTldWzAtOV0/KVwuKXszfSg/OjI1WzAtNV18MlswLTRdWzAtOV18WzAxXT9bMC05XVswLTldPyknCiAgSVBfV09SS0FST1VORDogJyg/OiV7SVBWNn18JXtJUHY0X1dPUktBUk9VTkR9KScKICBBVVRIX0xPR19GQUlMOiAncGFtX3VuaXhcKHdlYnVpOmF1dGhcKTogYXV0aGVudGljYXRpb24gZmFpbHVyZTsgbG9nbmFtZT0gdWlkPTAgZXVpZD0wIHR0eT0gcnVzZXI9IHJob3N0PSV7SVBfV09SS0FST1VORDpzcmNfaXB9Jwpncm9rOgogIHBhdHRlcm46ICIle0FVVEhfTE9HX0ZBSUx9IgogIGFwcGx5X29uOiBtZXNzYWdlCiAgc3RhdGljczoKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IHN5bm9sb2d5LWRzbV9mYWlsZWRfYXV0aApzdGF0aWNzOgogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiBzeW5vbG9neS1kc21fZmFpbGVkX2F1dGgKICAtIG1ldGE6IHNlcnZpY2UKICAgIHZhbHVlOiBzeW5vbG9neS1kc20KICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3JjX2lwIgo=",
+      "content": "IyBTeW5vbG9neSBEU00gYXV0aC5sb2cKI2RlYnVnOiB0cnVlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSBtYXRjaGVzICdzeW5vc2NnaV9TWU5PLkFQSS5BdXRoX1sxLTldKFswLTldKT9fbG9naW4nIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3N5bm9sb2d5LWRzbS1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgU3lub2xvZ3kgRFNNIHdlYiBhdXRoIGxvZ3MiCm9uc3VjY2VzczogbmV4dF9zdGFnZQpmb3JtYXQ6IDIuMApwYXR0ZXJuX3N5bnRheDoKICBUSU1FU1RBTVA6ICcle1lFQVJ9LSV7TU9OVEhOVU19LSV7TU9OVEhEQVl9VCV7SE9VUn06JXtNSU5VVEV9OiV7U0VDT05EfSsle0lTTzg2MDFfVElNRVpPTkV9JwojIFRoZSBJUCBncm9rIHBhdHRlcm4gdGhhdCBzaGlwcyB3aXRoIGNyb3dkc2VjIGlzIGJ1Z2d5IGFuZCBkb2VzIG5vdCBjYXB0dXJlIHRoZSBsYXN0IGRpZ2l0IG9mIGFuIElQIGlmIGl0IGlzIHRoZSBsYXN0IHRoaW5nIGl0IG1hdGNoZXMsIGFuZCB0aGUgbGFzdCBvY3RldCBzdGFydHMgd2l0aCBhIDIKIyBodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcm93ZHNlYy9pc3N1ZXMvOTM4CiAgSVB2NF9XT1JLQVJPVU5EOiAnKD86KD86MjVbMC01XXwyWzAtNF1bMC05XXxbMDFdP1swLTldWzAtOV0/KVwuKXszfSg/OjI1WzAtNV18MlswLTRdWzAtOV18WzAxXT9bMC05XVswLTldPyknCiAgSVBfV09SS0FST1VORDogJyg/OiV7SVBWNn18JXtJUHY0X1dPUktBUk9VTkR9KScKICBBVVRIX0xPR19GQUlMOiAncGFtX3VuaXhcKHdlYnVpOmF1dGhcKTogYXV0aGVudGljYXRpb24gZmFpbHVyZTsgbG9nbmFtZT0gdWlkPTAgZXVpZD0wIHR0eT0gcnVzZXI9IHJob3N0PSV7SVBfV09SS0FST1VORDpzcmNfaXB9KFxzK3VzZXI9JXtVU0VSTkFNRTpzc2hkX2ludmFsaWRfdXNlcn0pPycKZ3JvazoKICBwYXR0ZXJuOiAiJXtBVVRIX0xPR19GQUlMfSIKICBhcHBseV9vbjogbWVzc2FnZQogIHN0YXRpY3M6CiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBzeW5vbG9neS1kc21fZmFpbGVkX2F1dGgKc3RhdGljczoKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogc3lub2xvZ3ktZHNtX2ZhaWxlZF9hdXRoCiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogc3lub2xvZ3ktZHNtCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNyY19pcCIK",
       "description": "Parse Synology DSM web auth logs",
       "labels": null,
       "long_description": "IyMgU3lub2xvZ3kgRFNNIHdlYiBhdXRoZW50aWNhdGlvbiBwYXJzZXIKCkEgcGFyc2VyIGZvciBTeW5vbG9neSBEU00gd2ViIGF1dGhlbnRpY2F0aW9uIChmYWlsZWQpIGxvZ3MuClRob3NlIGxvZ3MgYXJlIHVzdWFsbHkgcHJlc2VudCBpbiBgL3Zhci9sb2cvYXV0aC5sb2dgLgoKRXhhbXBsZSBhY3F1aXNpdGlvbjoKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvYXV0aC5sb2cKbGFiZWxzOgogIHR5cGU6IHN5c2xvZwpgYGAK",
       "path": "parsers/s01-parse/crowdsecurity/synology-dsm-logs.yaml",
       "stage": "s01-parse",
-      "version": "0.3",
+      "version": "0.4",
       "versions": {
         "0.1": {
           "deprecated": false,
@@ -16014,6 +16018,10 @@
         "0.3": {
           "deprecated": false,
           "digest": "a50a8b51fe5e43d62e7ccdf88306790e94f824b5474a78ad2c5ce4ae8c1b0d1d"
+        },
+        "0.4": {
+          "deprecated": false,
+          "digest": "c08abb44d3592e2770f1aebfb4116d24a788faeb40eda5ff9e8659b8083c6986"
         }
       }
     },
diff --git a/.tests/synology-dsm-logs-bf-slow-1h/config.yaml b/.tests/synology-dsm-logs-bf-slow-1h/config.yaml
new file mode 100644
index 00000000000..fff582f362b
--- /dev/null
+++ b/.tests/synology-dsm-logs-bf-slow-1h/config.yaml
@@ -0,0 +1,13 @@
+parsers:
+- crowdsecurity/syslog-logs
+- crowdsecurity/dateparse-enrich
+- ./parsers/s01-parse/crowdsecurity/synology-dsm-logs.yaml
+scenarios:
+- ./scenarios/crowdsecurity/synology-dsm-bf-slow-1h.yaml
+postoverflows:
+- ""
+log_file: synology-dsm-logs-bf-slow.log
+log_type: syslog
+labels: { }
+ignore_parsers: false
+
diff --git a/.tests/synology-dsm-logs-bf-slow-1h/parser.assert b/.tests/synology-dsm-logs-bf-slow-1h/parser.assert
new file mode 100644
index 00000000000..91d171a081c
--- /dev/null
+++ b/.tests/synology-dsm-logs-bf-slow-1h/parser.assert
@@ -0,0 +1,829 @@
+len(results["s01-parse"]["crowdsecurity/synology-dsm-logs"]) == 61
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][0].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][0].Evt.Parsed["timestamp8601"] == "2025-11-07T19:21:49+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][0].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][0].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][0].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][0].Evt.Parsed["pid"] == "13716"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][0].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][0].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][0].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][0].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][0].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][0].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][0].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][1].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][1].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][1].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][1].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][1].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][1].Evt.Parsed["timestamp8601"] == "2025-11-07T23:54:33+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][1].Evt.Parsed["pid"] == "22336"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][1].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][1].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][1].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][1].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][1].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][1].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][2].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][2].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][2].Evt.Parsed["timestamp8601"] == "2025-11-08T01:40:29+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][2].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][2].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][2].Evt.Parsed["pid"] == "5630"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][2].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][2].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][2].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][2].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][2].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][2].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][2].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][3].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][3].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][3].Evt.Parsed["pid"] == "15680"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][3].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][3].Evt.Parsed["timestamp8601"] == "2025-11-08T02:48:22+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][3].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][3].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][3].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][3].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][3].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][3].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][3].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][3].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][4].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][4].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][4].Evt.Parsed["pid"] == "1334"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][4].Evt.Parsed["timestamp8601"] == "2025-11-08T08:50:40+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][4].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][4].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][4].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][4].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][4].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][4].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][4].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][4].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][4].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Parsed["pid"] == "404"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Parsed["timestamp8601"] == "2025-11-08T16:03:09+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Parsed["timestamp8601"] == "2025-11-08T18:51:53+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Parsed["pid"] == "25863"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Parsed["pid"] == "31115"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Parsed["timestamp8601"] == "2025-11-08T22:42:43+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Parsed["pid"] == "31868"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Parsed["timestamp8601"] == "2025-11-08T22:48:07+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Parsed["pid"] == "24135"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Parsed["timestamp8601"] == "2025-11-09T01:38:58+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][10].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][10].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][10].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][10].Evt.Parsed["pid"] == "30350"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][10].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][10].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][10].Evt.Parsed["timestamp8601"] == "2025-11-09T02:24:01+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][10].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][10].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][10].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][10].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][10].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][10].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][11].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][11].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][11].Evt.Parsed["pid"] == "389"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][11].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][11].Evt.Parsed["timestamp8601"] == "2025-11-09T02:41:38+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][11].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][11].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][11].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][11].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][11].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][11].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][11].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][11].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][12].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][12].Evt.Parsed["timestamp8601"] == "2025-11-09T05:21:11+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][12].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][12].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][12].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][12].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][12].Evt.Parsed["pid"] == "23617"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][12].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][12].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][12].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][12].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][12].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][12].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][13].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][13].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][13].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][13].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][13].Evt.Parsed["pid"] == "514"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][13].Evt.Parsed["timestamp8601"] == "2025-11-09T06:24:59+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][13].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][13].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][13].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][13].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][13].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][13].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][13].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][14].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][14].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][14].Evt.Parsed["pid"] == "21651"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][14].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][14].Evt.Parsed["timestamp8601"] == "2025-11-09T12:40:07+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][14].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][14].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][14].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][14].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][14].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][14].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][14].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][14].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][15].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][15].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][15].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][15].Evt.Parsed["pid"] == "27883"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][15].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][15].Evt.Parsed["timestamp8601"] == "2025-11-09T16:56:07+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][15].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][15].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][15].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][15].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][15].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][15].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][15].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][16].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][16].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][16].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][16].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][16].Evt.Parsed["pid"] == "1873"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][16].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][16].Evt.Parsed["timestamp8601"] == "2025-11-09T19:34:15+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][16].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][16].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][16].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][16].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][16].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][16].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][17].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][17].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][17].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][17].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][17].Evt.Parsed["timestamp8601"] == "2025-11-09T19:48:31+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][17].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][17].Evt.Parsed["pid"] == "3940"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][17].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][17].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][17].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][17].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][17].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][17].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][18].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][18].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][18].Evt.Parsed["pid"] == "8929"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][18].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][18].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][18].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][18].Evt.Parsed["timestamp8601"] == "2025-11-10T03:37:54+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][18].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][18].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][18].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][18].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][18].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][18].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][19].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][19].Evt.Parsed["timestamp8601"] == "2025-11-10T07:44:35+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][19].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][19].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][19].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][19].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][19].Evt.Parsed["pid"] == "13179"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][19].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][19].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][19].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][19].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][19].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][19].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][20].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][20].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][20].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][20].Evt.Parsed["pid"] == "25661"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][20].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][20].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][20].Evt.Parsed["timestamp8601"] == "2025-11-10T09:07:55+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][20].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][20].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][20].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][20].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][20].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][20].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][21].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][21].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][21].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][21].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][21].Evt.Parsed["pid"] == "22145"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][21].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][21].Evt.Parsed["timestamp8601"] == "2025-11-10T11:47:37+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][21].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][21].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][21].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][21].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][21].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][21].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][22].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][22].Evt.Parsed["timestamp8601"] == "2025-11-10T12:34:39+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][22].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][22].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][22].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][22].Evt.Parsed["pid"] == "29400"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][22].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][22].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][22].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][22].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][22].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][22].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][22].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][23].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][23].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][23].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][23].Evt.Parsed["pid"] == "2839"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][23].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][23].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][23].Evt.Parsed["timestamp8601"] == "2025-11-11T16:10:20+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][23].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][23].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][23].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][23].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][23].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][23].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][24].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][24].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][24].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][24].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][24].Evt.Parsed["timestamp8601"] == "2025-11-11T17:51:42+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][24].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][24].Evt.Parsed["pid"] == "17951"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][24].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][24].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][24].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][24].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][24].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][24].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][25].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][25].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][25].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][25].Evt.Parsed["pid"] == "21832"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][25].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][25].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][25].Evt.Parsed["timestamp8601"] == "2025-11-11T22:48:55+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][25].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][25].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][25].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][25].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][25].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][25].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][26].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][26].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][26].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][26].Evt.Parsed["timestamp8601"] == "2025-11-12T04:49:51+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][26].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][26].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][26].Evt.Parsed["pid"] == "13195"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][26].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][26].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][26].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][26].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][26].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][26].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][26].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][27].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][27].Evt.Parsed["pid"] == "28972"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][27].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][27].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][27].Evt.Parsed["timestamp8601"] == "2025-11-12T06:30:46+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][27].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][27].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][27].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][27].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][27].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][27].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][27].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][27].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][27].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][28].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][28].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][28].Evt.Parsed["pid"] == "25697"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][28].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][28].Evt.Parsed["timestamp8601"] == "2025-11-12T18:35:02+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][28].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][28].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][28].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][28].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][28].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][28].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][28].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][28].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][28].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][29].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][29].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][29].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][29].Evt.Parsed["timestamp8601"] == "2025-11-12T19:38:00+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][29].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][29].Evt.Parsed["pid"] == "3544"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][29].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][29].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][29].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][29].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][29].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][29].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][29].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][29].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][30].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][30].Evt.Parsed["pid"] == "9864"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][30].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][30].Evt.Parsed["timestamp8601"] == "2025-11-12T20:16:49+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][30].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][30].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][30].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][30].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][30].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][30].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][30].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][30].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][30].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][30].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][31].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][31].Evt.Parsed["pid"] == "19126"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][31].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][31].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][31].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][31].Evt.Parsed["timestamp8601"] == "2025-11-12T21:14:01+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][31].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][31].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][31].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][31].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][31].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][31].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][31].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][31].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][32].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][32].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][32].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][32].Evt.Parsed["pid"] == "21025"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][32].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][32].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][32].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][32].Evt.Parsed["timestamp8601"] == "2025-11-12T21:26:20+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][32].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][32].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][32].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][32].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][32].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][32].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][33].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][33].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][33].Evt.Parsed["timestamp8601"] == "2025-11-12T22:45:33+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][33].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][33].Evt.Parsed["pid"] == "1695"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][33].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][33].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][33].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][33].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][33].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][33].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][33].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][33].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][33].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][34].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][34].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][34].Evt.Parsed["pid"] == "11329"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][34].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][34].Evt.Parsed["timestamp8601"] == "2025-11-12T23:45:50+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][34].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][34].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][34].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][34].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][34].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][34].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][34].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][34].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][34].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][35].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][35].Evt.Parsed["pid"] == "23570"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][35].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][35].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][35].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][35].Evt.Parsed["timestamp8601"] == "2025-11-13T00:53:32+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][35].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][35].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][35].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][35].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][35].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][35].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][35].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][35].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][36].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][36].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][36].Evt.Parsed["timestamp8601"] == "2025-11-13T05:46:28+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][36].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][36].Evt.Parsed["pid"] == "3929"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][36].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][36].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][36].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][36].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][36].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][36].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][36].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][36].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][36].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][37].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][37].Evt.Parsed["timestamp8601"] == "2025-11-13T11:20:20+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][37].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][37].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][37].Evt.Parsed["pid"] == "23442"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][37].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][37].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][37].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][37].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][37].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][37].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][37].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][37].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][37].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][38].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][38].Evt.Parsed["timestamp8601"] == "2025-11-13T17:45:14+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][38].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][38].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][38].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][38].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][38].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][38].Evt.Parsed["pid"] == "16642"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][38].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][38].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][38].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][38].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][38].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][38].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][39].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][39].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][39].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][39].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][39].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][39].Evt.Parsed["pid"] == "21762"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][39].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][39].Evt.Parsed["timestamp8601"] == "2025-11-13T18:18:47+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][39].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][39].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][39].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][39].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][39].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][39].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][40].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][40].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][40].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][40].Evt.Parsed["pid"] == "24534"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][40].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][40].Evt.Parsed["timestamp8601"] == "2025-11-13T18:36:14+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][40].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][40].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][40].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][40].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][40].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][40].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][40].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][40].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][41].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][41].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][41].Evt.Parsed["pid"] == "3973"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][41].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][41].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][41].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][41].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][41].Evt.Parsed["timestamp8601"] == "2025-11-13T22:54:33+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][41].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][41].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][41].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][41].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][41].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][41].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][42].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][42].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][42].Evt.Parsed["timestamp8601"] == "2025-11-14T02:54:07+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][42].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][42].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][42].Evt.Parsed["pid"] == "10187"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][42].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][42].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][42].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][42].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][42].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][42].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][42].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][42].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][43].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][43].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][43].Evt.Parsed["pid"] == "10438"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][43].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][43].Evt.Parsed["timestamp8601"] == "2025-11-14T06:21:41+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][43].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][43].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][43].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][43].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][43].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][43].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][43].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][43].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][43].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][44].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][44].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][44].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][44].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][44].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][44].Evt.Parsed["pid"] == "13389"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][44].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][44].Evt.Parsed["timestamp8601"] == "2025-11-14T06:39:06+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][44].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][44].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][44].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][44].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][44].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][44].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][45].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][45].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][45].Evt.Parsed["pid"] == "4103"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][45].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][45].Evt.Parsed["timestamp8601"] == "2025-11-14T09:06:57+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][45].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][45].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][45].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][45].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][45].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][45].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][45].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][45].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][45].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][46].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][46].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][46].Evt.Parsed["pid"] == "28303"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][46].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][46].Evt.Parsed["timestamp8601"] == "2025-11-14T18:47:23+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][46].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][46].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][46].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][46].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][46].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][46].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][46].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][46].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][46].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][47].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][47].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][47].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][47].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][47].Evt.Parsed["timestamp8601"] == "2025-11-14T21:15:45+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][47].Evt.Parsed["pid"] == "18679"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][47].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][47].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][47].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][47].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][47].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][47].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][47].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][47].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][48].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][48].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][48].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][48].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][48].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][48].Evt.Parsed["pid"] == "21802"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][48].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][48].Evt.Parsed["timestamp8601"] == "2025-11-14T21:24:26+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][48].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][48].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][48].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][48].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][48].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][48].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][49].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][49].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][49].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][49].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][49].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][49].Evt.Parsed["timestamp8601"] == "2025-11-15T01:11:08+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][49].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][49].Evt.Parsed["pid"] == "29935"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][49].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][49].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][49].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][49].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][49].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][49].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][50].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][50].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][50].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][50].Evt.Parsed["pid"] == "31743"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][50].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][50].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][50].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][50].Evt.Parsed["timestamp8601"] == "2025-11-15T01:22:27+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][50].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][50].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][50].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][50].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][50].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][50].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][51].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][51].Evt.Parsed["timestamp8601"] == "2025-11-15T04:12:00+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][51].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][51].Evt.Parsed["pid"] == "27175"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][51].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][51].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][51].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][51].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][51].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][51].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][51].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][51].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][51].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][51].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][52].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][52].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][52].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][52].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][52].Evt.Parsed["timestamp8601"] == "2025-11-15T05:04:02+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][52].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][52].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][52].Evt.Parsed["pid"] == "3213"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][52].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][52].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][52].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][52].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][52].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][52].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][53].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][53].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][53].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][53].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][53].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][53].Evt.Parsed["pid"] == "6421"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][53].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][53].Evt.Parsed["timestamp8601"] == "2025-11-15T17:35:23+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][53].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][53].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][53].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][53].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][53].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][53].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][54].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][54].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][54].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][54].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][54].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][54].Evt.Parsed["pid"] == "7076"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][54].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][54].Evt.Parsed["timestamp8601"] == "2025-11-15T17:39:46+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][54].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][54].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][54].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][54].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][54].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][54].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][55].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][55].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][55].Evt.Parsed["pid"] == "13741"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][55].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][55].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][55].Evt.Parsed["timestamp8601"] == "2025-11-15T18:21:21+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][55].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][55].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][55].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][55].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][55].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][55].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][55].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][55].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][56].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][56].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][56].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][56].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][56].Evt.Parsed["pid"] == "25829"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][56].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][56].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][56].Evt.Parsed["timestamp8601"] == "2025-11-15T19:38:10+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][56].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][56].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][56].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][56].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][56].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][56].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][57].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][57].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][57].Evt.Parsed["timestamp8601"] == "2025-11-16T00:33:38+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][57].Evt.Parsed["pid"] == "6751"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][57].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][57].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][57].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][57].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][57].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][57].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][57].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][57].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][57].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][57].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][58].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][58].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][58].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][58].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][58].Evt.Parsed["pid"] == "12200"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][58].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][58].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][58].Evt.Parsed["timestamp8601"] == "2025-11-16T08:15:01+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][58].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][58].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][58].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][58].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][58].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][58].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][59].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][59].Evt.Parsed["pid"] == "21165"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][59].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][59].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][59].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][59].Evt.Parsed["timestamp8601"] == "2025-11-16T09:14:03+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][59].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][59].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][59].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][59].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][59].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][59].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][59].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][59].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][60].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][60].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][60].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][60].Evt.Parsed["src_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][60].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][60].Evt.Parsed["pid"] == "29263"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][60].Evt.Parsed["sshd_invalid_user"] == "admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][60].Evt.Parsed["timestamp8601"] == "2025-11-16T10:06:11+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][60].Evt.Meta["source_ip"] == "10.4.2.116"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][60].Evt.Meta["datasource_path"] == "synology-dsm-logs-bf-slow.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][60].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][60].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][60].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][60].Evt.Meta["service"] == "synology-dsm"
diff --git a/.tests/synology-dsm-logs-bf-slow-1h/scenario.assert b/.tests/synology-dsm-logs-bf-slow-1h/scenario.assert
new file mode 100644
index 00000000000..1f8a419f188
--- /dev/null
+++ b/.tests/synology-dsm-logs-bf-slow-1h/scenario.assert
@@ -0,0 +1,49 @@
+results[0].Overflow.Alert.Events[0].GetMeta("datasource_path") == "synology-dsm-logs-bf-slow.log"
+results[0].Overflow.Alert.Events[0].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "synology-dsm_failed_auth"
+results[0].Overflow.Alert.Events[0].GetMeta("machine") == "synologynas"
+results[0].Overflow.Alert.Events[0].GetMeta("service") == "synology-dsm"
+results[0].Overflow.Alert.Events[0].GetMeta("source_ip") == "10.4.2.116"
+results[0].Overflow.Alert.Events[0].GetMeta("timestamp") == "2025-11-07T19:21:49+01:00"
+results[0].Overflow.Alert.Events[1].GetMeta("datasource_path") == "synology-dsm-logs-bf-slow.log"
+results[0].Overflow.Alert.Events[1].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[1].GetMeta("log_type") == "synology-dsm_failed_auth"
+results[0].Overflow.Alert.Events[1].GetMeta("machine") == "synologynas"
+results[0].Overflow.Alert.Events[1].GetMeta("service") == "synology-dsm"
+results[0].Overflow.Alert.Events[1].GetMeta("source_ip") == "10.4.2.116"
+results[0].Overflow.Alert.Events[1].GetMeta("timestamp") == "2025-11-07T23:54:33+01:00"
+results[0].Overflow.Alert.Events[2].GetMeta("datasource_path") == "synology-dsm-logs-bf-slow.log"
+results[0].Overflow.Alert.Events[2].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[2].GetMeta("log_type") == "synology-dsm_failed_auth"
+results[0].Overflow.Alert.Events[2].GetMeta("machine") == "synologynas"
+results[0].Overflow.Alert.Events[2].GetMeta("service") == "synology-dsm"
+results[0].Overflow.Alert.Events[2].GetMeta("source_ip") == "10.4.2.116"
+results[0].Overflow.Alert.Events[2].GetMeta("timestamp") == "2025-11-08T01:40:29+01:00"
+results[0].Overflow.Alert.Events[3].GetMeta("datasource_path") == "synology-dsm-logs-bf-slow.log"
+results[0].Overflow.Alert.Events[3].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[3].GetMeta("log_type") == "synology-dsm_failed_auth"
+results[0].Overflow.Alert.Events[3].GetMeta("machine") == "synologynas"
+results[0].Overflow.Alert.Events[3].GetMeta("service") == "synology-dsm"
+results[0].Overflow.Alert.Events[3].GetMeta("source_ip") == "10.4.2.116"
+results[0].Overflow.Alert.Events[3].GetMeta("timestamp") == "2025-11-08T02:48:22+01:00"
+results[0].Overflow.Alert.Events[4].GetMeta("datasource_path") == "synology-dsm-logs-bf-slow.log"
+results[0].Overflow.Alert.Events[4].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[4].GetMeta("log_type") == "synology-dsm_failed_auth"
+results[0].Overflow.Alert.Events[4].GetMeta("machine") == "synologynas"
+results[0].Overflow.Alert.Events[4].GetMeta("service") == "synology-dsm"
+results[0].Overflow.Alert.Events[4].GetMeta("source_ip") == "10.4.2.116"
+results[0].Overflow.Alert.Events[4].GetMeta("timestamp") == "2025-11-08T08:50:40+01:00"
+results[0].Overflow.Alert.Events[5].GetMeta("datasource_path") == "synology-dsm-logs-bf-slow.log"
+results[0].Overflow.Alert.Events[5].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[5].GetMeta("log_type") == "synology-dsm_failed_auth"
+results[0].Overflow.Alert.Events[5].GetMeta("machine") == "synologynas"
+results[0].Overflow.Alert.Events[5].GetMeta("service") == "synology-dsm"
+results[0].Overflow.Alert.Events[5].GetMeta("source_ip") == "10.4.2.116"
+results[0].Overflow.Alert.Events[5].GetMeta("timestamp") == "2025-11-08T16:03:09+01:00"
+results[0].Overflow.Alert.Events[6].GetMeta("datasource_path") == "synology-dsm-logs-bf-slow.log"
+results[0].Overflow.Alert.Events[6].GetMeta("datasource_type") == "file"
+results[0].Overflow.Alert.Events[6].GetMeta("log_type") == "synology-dsm_failed_auth"
+results[0].Overflow.Alert.Events[6].GetMeta("machine") == "synologynas"
+results[0].Overflow.Alert.Events[6].GetMeta("service") == "synology-dsm"
+results[0].Overflow.Alert.Events[6].GetMeta("source_ip") == "10.4.2.116"
+results[0].Overflow.Alert.Events[6].GetMeta("timestamp") == "2025-11-08T18:51:53+01:00"
diff --git a/.tests/synology-dsm-logs-bf-slow-1h/synology-dsm-logs-bf-slow.log b/.tests/synology-dsm-logs-bf-slow-1h/synology-dsm-logs-bf-slow.log
new file mode 100755
index 00000000000..1eee906c902
--- /dev/null
+++ b/.tests/synology-dsm-logs-bf-slow-1h/synology-dsm-logs-bf-slow.log
@@ -0,0 +1,61 @@
+2025-11-07T19:21:49+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[13716]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-07T23:54:33+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[22336]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-08T01:40:29+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[5630]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-08T02:48:22+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[15680]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-08T08:50:40+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[1334]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-08T16:03:09+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[404]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-08T18:51:53+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[25863]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-08T22:42:43+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[31115]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-08T22:48:07+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[31868]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-09T01:38:58+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[24135]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-09T02:24:01+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[30350]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-09T02:41:38+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[389]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-09T05:21:11+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[23617]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-09T06:24:59+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[514]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-09T12:40:07+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[21651]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-09T16:56:07+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[27883]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-09T19:34:15+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[1873]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-09T19:48:31+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[3940]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-10T03:37:54+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[8929]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-10T07:44:35+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[13179]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-10T09:07:55+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[25661]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-10T11:47:37+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[22145]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-10T12:34:39+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[29400]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-11T16:10:20+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[2839]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-11T17:51:42+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[17951]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-11T22:48:55+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[21832]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
+2025-11-12T04:49:51+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[13195]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-12T06:30:46+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[28972]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-12T18:35:02+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[25697]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-12T19:38:00+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[3544]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-12T20:16:49+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[9864]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-12T21:14:01+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[19126]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-12T21:26:20+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[21025]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-12T22:45:33+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[1695]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-12T23:45:50+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[11329]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-13T00:53:32+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[23570]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-13T05:46:28+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[3929]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-13T11:20:20+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[23442]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-13T17:45:14+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[16642]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-13T18:18:47+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[21762]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-13T18:36:14+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[24534]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-13T22:54:33+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[3973]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-14T02:54:07+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[10187]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-14T06:21:41+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[10438]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-14T06:39:06+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[13389]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-14T09:06:57+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[4103]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-14T18:47:23+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[28303]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-14T21:15:45+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[18679]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-14T21:24:26+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[21802]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-15T01:11:08+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[29935]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-15T01:22:27+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[31743]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-15T04:12:00+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[27175]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-15T05:04:02+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[3213]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-15T17:35:23+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[6421]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-15T17:39:46+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[7076]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-15T18:21:21+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[13741]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-15T19:38:10+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[25829]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-16T00:33:38+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[6751]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-16T08:15:01+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[12200]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-16T09:14:03+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[21165]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
+2025-11-16T10:06:11+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[29263]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116  user=admin
diff --git a/.tests/synology-dsm-logs/parser.assert b/.tests/synology-dsm-logs/parser.assert
index 44669755872..7c774eccec8 100644
--- a/.tests/synology-dsm-logs/parser.assert
+++ b/.tests/synology-dsm-logs/parser.assert
@@ -63,3 +63,68 @@ results["s01-parse"]["crowdsecurity/synology-dsm-logs"][4].Evt.Meta["log_type"]
 results["s01-parse"]["crowdsecurity/synology-dsm-logs"][4].Evt.Meta["machine"] == "synologynas"
 results["s01-parse"]["crowdsecurity/synology-dsm-logs"][4].Evt.Meta["service"] == "synology-dsm"
 results["s01-parse"]["crowdsecurity/synology-dsm-logs"][4].Evt.Meta["source_ip"] == "10.4.2.113"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Parsed["src_ip"] == "88.166.17.26"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Parsed["timestamp8601"] == "2025-11-05T12:39:17+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=88.166.17.26  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Parsed["pid"] == "29814"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Meta["datasource_path"] == "synology-dsm-logs.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][5].Evt.Meta["source_ip"] == "88.166.17.26"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Parsed["src_ip"] == "88.166.17.26"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Parsed["timestamp8601"] == "2025-11-05T13:16:30+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=88.166.17.26  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Parsed["pid"] == "11869"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Meta["datasource_path"] == "synology-dsm-logs.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][6].Evt.Meta["source_ip"] == "88.166.17.26"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Parsed["src_ip"] == "88.166.17.26"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Parsed["timestamp8601"] == "2025-11-05T14:15:53+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=88.166.17.26  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Parsed["pid"] == "1742"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Meta["datasource_path"] == "synology-dsm-logs.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][7].Evt.Meta["source_ip"] == "88.166.17.26"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Parsed["src_ip"] == "88.166.17.26"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Parsed["timestamp8601"] == "2025-11-05T16:00:16+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=88.166.17.26  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Parsed["pid"] == "10921"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Meta["datasource_path"] == "synology-dsm-logs.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][8].Evt.Meta["source_ip"] == "88.166.17.26"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Success == true
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Parsed["program"] == "synoscgi_SYNO.API.Auth_3_login"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Parsed["src_ip"] == "88.166.17.26"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Parsed["timestamp8601"] == "2025-11-05T18:02:16+01:00"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Parsed["message"] == "pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=88.166.17.26  user=admin"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Parsed["pid"] == "26280"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Meta["datasource_path"] == "synology-dsm-logs.log"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Meta["log_type"] == "synology-dsm_failed_auth"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Meta["service"] == "synology-dsm"
+results["s01-parse"]["crowdsecurity/synology-dsm-logs"][9].Evt.Meta["source_ip"] == "88.166.17.26"
\ No newline at end of file
diff --git a/.tests/synology-dsm-logs/synology-dsm-logs.log b/.tests/synology-dsm-logs/synology-dsm-logs.log
index f42897e6ef2..1c2f743a5aa 100644
--- a/.tests/synology-dsm-logs/synology-dsm-logs.log
+++ b/.tests/synology-dsm-logs/synology-dsm-logs.log
@@ -3,3 +3,8 @@
 2022-02-09T20:54:00+01:00 synologynas synoscgi_SYNO.API.Auth_7_login[2368]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.116
 2022-02-09T20:55:08+01:00 synologynas synoscgi_SYNO.API.Auth_7_login[2706]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.114
 2022-02-09T20:55:18+01:00 synologynas synoscgi_SYNO.API.Auth_7_login[2737]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=10.4.2.113
+2025-11-05T12:39:17+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[29814]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=88.166.17.26  user=admin
+2025-11-05T13:16:30+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[11869]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=88.166.17.26  user=admin
+2025-11-05T14:15:53+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[1742]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=88.166.17.26  user=admin
+2025-11-05T16:00:16+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[10921]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=88.166.17.26  user=admin
+2025-11-05T18:02:16+01:00 synologynas synoscgi_SYNO.API.Auth_3_login[26280]: pam_unix(webui:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=88.166.17.26  user=admin
diff --git a/.tests/synology-dsm-ssh-bf/config.yaml b/.tests/synology-dsm-ssh-bf/config.yaml
new file mode 100644
index 00000000000..fb9e1fbd6f9
--- /dev/null
+++ b/.tests/synology-dsm-ssh-bf/config.yaml
@@ -0,0 +1,11 @@
+parsers:
+  - crowdsecurity/sshd-logs
+  - crowdsecurity/syslog-logs
+  - crowdsecurity/dateparse-enrich
+scenarios:
+  - crowdsecurity/ssh-bf
+postoverflows:
+  - ""
+log_file: synology-dsm-ssh-bf.log
+log_type: syslog
+ignore_parsers: false
diff --git a/.tests/synology-dsm-ssh-bf/parser.assert b/.tests/synology-dsm-ssh-bf/parser.assert
new file mode 100644
index 00000000000..878bc76dc7d
--- /dev/null
+++ b/.tests/synology-dsm-ssh-bf/parser.assert
@@ -0,0 +1,760 @@
+len(results) == 4
+len(results["s00-raw"]["crowdsecurity/syslog-logs"]) == 21
+results["s00-raw"]["crowdsecurity/syslog-logs"][0].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][0].Evt.Parsed["program"] == "sshd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][0].Evt.Parsed["timestamp8601"] == "2025-10-27T23:29:36+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][0].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][0].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172  user=root"
+results["s00-raw"]["crowdsecurity/syslog-logs"][0].Evt.Parsed["pid"] == "12031"
+results["s00-raw"]["crowdsecurity/syslog-logs"][0].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][0].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][0].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][1].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][1].Evt.Parsed["timestamp8601"] == "2025-10-27T23:29:52+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][1].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][1].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172  user=postgres"
+results["s00-raw"]["crowdsecurity/syslog-logs"][1].Evt.Parsed["pid"] == "12099"
+results["s00-raw"]["crowdsecurity/syslog-logs"][1].Evt.Parsed["program"] == "sshd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][1].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][1].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][1].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][2].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][2].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][2].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s00-raw"]["crowdsecurity/syslog-logs"][2].Evt.Parsed["pid"] == "12202"
+results["s00-raw"]["crowdsecurity/syslog-logs"][2].Evt.Parsed["program"] == "sshd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][2].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:07+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][2].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][2].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][2].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][3].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][3].Evt.Parsed["program"] == "sshd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][3].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:07+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][3].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][3].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (zm)."
+results["s00-raw"]["crowdsecurity/syslog-logs"][3].Evt.Parsed["pid"] == "12202"
+results["s00-raw"]["crowdsecurity/syslog-logs"][3].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][3].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][3].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][4].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][4].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][4].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s00-raw"]["crowdsecurity/syslog-logs"][4].Evt.Parsed["pid"] == "12275"
+results["s00-raw"]["crowdsecurity/syslog-logs"][4].Evt.Parsed["program"] == "sshd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][4].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:22+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][4].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][4].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][4].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Evt.Parsed["program"] == "sshd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:22+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (alarm)."
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Evt.Parsed["pid"] == "12275"
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][5].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][6].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][6].Evt.Parsed["program"] == "sshd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][6].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:38+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][6].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][6].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172  user=root"
+results["s00-raw"]["crowdsecurity/syslog-logs"][6].Evt.Parsed["pid"] == "12387"
+results["s00-raw"]["crowdsecurity/syslog-logs"][6].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][6].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][6].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][7].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][7].Evt.Parsed["pid"] == "12490"
+results["s00-raw"]["crowdsecurity/syslog-logs"][7].Evt.Parsed["program"] == "sshd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][7].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:53+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][7].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][7].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s00-raw"]["crowdsecurity/syslog-logs"][7].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][7].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][7].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][8].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][8].Evt.Parsed["pid"] == "12490"
+results["s00-raw"]["crowdsecurity/syslog-logs"][8].Evt.Parsed["program"] == "sshd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][8].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:53+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][8].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][8].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (nx)."
+results["s00-raw"]["crowdsecurity/syslog-logs"][8].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][8].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][8].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][9].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][9].Evt.Parsed["program"] == "sshd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][9].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:09+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][9].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][9].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s00-raw"]["crowdsecurity/syslog-logs"][9].Evt.Parsed["pid"] == "12556"
+results["s00-raw"]["crowdsecurity/syslog-logs"][9].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][9].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][9].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][10].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][10].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:09+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][10].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][10].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (k)."
+results["s00-raw"]["crowdsecurity/syslog-logs"][10].Evt.Parsed["pid"] == "12556"
+results["s00-raw"]["crowdsecurity/syslog-logs"][10].Evt.Parsed["program"] == "sshd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][10].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][10].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][10].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][11].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][11].Evt.Parsed["program"] == "sshd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][11].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:23+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][11].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][11].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s00-raw"]["crowdsecurity/syslog-logs"][11].Evt.Parsed["pid"] == "12648"
+results["s00-raw"]["crowdsecurity/syslog-logs"][11].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][11].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][11].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][12].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][12].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (ftpuser)."
+results["s00-raw"]["crowdsecurity/syslog-logs"][12].Evt.Parsed["pid"] == "12648"
+results["s00-raw"]["crowdsecurity/syslog-logs"][12].Evt.Parsed["program"] == "sshd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][12].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:23+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][12].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][12].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][12].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][12].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][13].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][13].Evt.Parsed["pid"] == "12741"
+results["s00-raw"]["crowdsecurity/syslog-logs"][13].Evt.Parsed["program"] == "sshd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][13].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:38+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][13].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][13].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s00-raw"]["crowdsecurity/syslog-logs"][13].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][13].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][13].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][14].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][14].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (cloudadmin)."
+results["s00-raw"]["crowdsecurity/syslog-logs"][14].Evt.Parsed["pid"] == "12741"
+results["s00-raw"]["crowdsecurity/syslog-logs"][14].Evt.Parsed["program"] == "sshd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][14].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:38+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][14].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][14].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][14].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][14].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][15].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][15].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][15].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s00-raw"]["crowdsecurity/syslog-logs"][15].Evt.Parsed["pid"] == "12823"
+results["s00-raw"]["crowdsecurity/syslog-logs"][15].Evt.Parsed["program"] == "sshd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][15].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:53+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][15].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][15].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][15].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][16].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][16].Evt.Parsed["program"] == "sshd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][16].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:55+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][16].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][16].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (tc)."
+results["s00-raw"]["crowdsecurity/syslog-logs"][16].Evt.Parsed["pid"] == "12823"
+results["s00-raw"]["crowdsecurity/syslog-logs"][16].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][16].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][16].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][17].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][17].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][17].Evt.Parsed["message"] == "pushservice_update_ds_token.c:42 ERROR: setresuid(-1, 0, -1) [Operation not permitted]"
+results["s00-raw"]["crowdsecurity/syslog-logs"][17].Evt.Parsed["pid"] == "24968"
+results["s00-raw"]["crowdsecurity/syslog-logs"][17].Evt.Parsed["program"] == "ssnotifyd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][17].Evt.Parsed["timestamp8601"] == "2025-10-29T18:55:53+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][17].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][17].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][17].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][18].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][18].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][18].Evt.Parsed["message"] == "pushservice_update_ds_token.c:42 ERROR: ENTERCriticalSection"
+results["s00-raw"]["crowdsecurity/syslog-logs"][18].Evt.Parsed["pid"] == "24968"
+results["s00-raw"]["crowdsecurity/syslog-logs"][18].Evt.Parsed["program"] == "ssnotifyd"
+results["s00-raw"]["crowdsecurity/syslog-logs"][18].Evt.Parsed["timestamp8601"] == "2025-10-29T18:55:53+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][18].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][18].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][18].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][19].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][19].Evt.Parsed["message"] == "pushservice_update_ds_token.c:42 ERROR: setresuid(-1, 0, -1) [Operation not permitted]"
+results["s00-raw"]["crowdsecurity/syslog-logs"][19].Evt.Parsed["pid"] == "764"
+results["s00-raw"]["crowdsecurity/syslog-logs"][19].Evt.Parsed["program"] == "synoscgi_SYNO.SurveillanceStation.Notification_1_GetRegisterToken"
+results["s00-raw"]["crowdsecurity/syslog-logs"][19].Evt.Parsed["timestamp8601"] == "2025-11-05T18:19:42+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][19].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][19].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][19].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][19].Evt.Meta["machine"] == "synologynas"
+results["s00-raw"]["crowdsecurity/syslog-logs"][20].Success == true
+results["s00-raw"]["crowdsecurity/syslog-logs"][20].Evt.Parsed["logsource"] == "syslog"
+results["s00-raw"]["crowdsecurity/syslog-logs"][20].Evt.Parsed["message"] == "pushservice_update_ds_token.c:42 ERROR: ENTERCriticalSection"
+results["s00-raw"]["crowdsecurity/syslog-logs"][20].Evt.Parsed["pid"] == "764"
+results["s00-raw"]["crowdsecurity/syslog-logs"][20].Evt.Parsed["program"] == "synoscgi_SYNO.SurveillanceStation.Notification_1_GetRegisterToken"
+results["s00-raw"]["crowdsecurity/syslog-logs"][20].Evt.Parsed["timestamp8601"] == "2025-11-05T18:19:42+01:00"
+results["s00-raw"]["crowdsecurity/syslog-logs"][20].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s00-raw"]["crowdsecurity/syslog-logs"][20].Evt.Meta["datasource_type"] == "file"
+results["s00-raw"]["crowdsecurity/syslog-logs"][20].Evt.Meta["machine"] == "synologynas"
+len(results["s01-parse"]["crowdsecurity/sshd-logs"]) == 21
+results["s01-parse"]["crowdsecurity/sshd-logs"][0].Success == true
+results["s01-parse"]["crowdsecurity/sshd-logs"][0].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172  user=root"
+results["s01-parse"]["crowdsecurity/sshd-logs"][0].Evt.Parsed["pid"] == "12031"
+results["s01-parse"]["crowdsecurity/sshd-logs"][0].Evt.Parsed["program"] == "sshd"
+results["s01-parse"]["crowdsecurity/sshd-logs"][0].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][0].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/sshd-logs"][0].Evt.Parsed["sshd_invalid_user"] == "root"
+results["s01-parse"]["crowdsecurity/sshd-logs"][0].Evt.Parsed["timestamp8601"] == "2025-10-27T23:29:36+01:00"
+results["s01-parse"]["crowdsecurity/sshd-logs"][0].Evt.Parsed["uid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][0].Evt.Parsed["euid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][0].Evt.Parsed["pam_type"] == "unix"
+results["s01-parse"]["crowdsecurity/sshd-logs"][0].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s01-parse"]["crowdsecurity/sshd-logs"][0].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/sshd-logs"][0].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s01-parse"]["crowdsecurity/sshd-logs"][0].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/sshd-logs"][0].Evt.Meta["service"] == "ssh"
+results["s01-parse"]["crowdsecurity/sshd-logs"][0].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][0].Evt.Meta["target_user"] == "root"
+results["s01-parse"]["crowdsecurity/sshd-logs"][1].Success == true
+results["s01-parse"]["crowdsecurity/sshd-logs"][1].Evt.Parsed["program"] == "sshd"
+results["s01-parse"]["crowdsecurity/sshd-logs"][1].Evt.Parsed["sshd_invalid_user"] == "postgres"
+results["s01-parse"]["crowdsecurity/sshd-logs"][1].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/sshd-logs"][1].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172  user=postgres"
+results["s01-parse"]["crowdsecurity/sshd-logs"][1].Evt.Parsed["pam_type"] == "unix"
+results["s01-parse"]["crowdsecurity/sshd-logs"][1].Evt.Parsed["euid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][1].Evt.Parsed["pid"] == "12099"
+results["s01-parse"]["crowdsecurity/sshd-logs"][1].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][1].Evt.Parsed["timestamp8601"] == "2025-10-27T23:29:52+01:00"
+results["s01-parse"]["crowdsecurity/sshd-logs"][1].Evt.Parsed["uid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][1].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/sshd-logs"][1].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s01-parse"]["crowdsecurity/sshd-logs"][1].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/sshd-logs"][1].Evt.Meta["service"] == "ssh"
+results["s01-parse"]["crowdsecurity/sshd-logs"][1].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][1].Evt.Meta["target_user"] == "postgres"
+results["s01-parse"]["crowdsecurity/sshd-logs"][1].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s01-parse"]["crowdsecurity/sshd-logs"][2].Success == true
+results["s01-parse"]["crowdsecurity/sshd-logs"][2].Evt.Parsed["pid"] == "12202"
+results["s01-parse"]["crowdsecurity/sshd-logs"][2].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:07+01:00"
+results["s01-parse"]["crowdsecurity/sshd-logs"][2].Evt.Parsed["uid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][2].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/sshd-logs"][2].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][2].Evt.Parsed["program"] == "sshd"
+results["s01-parse"]["crowdsecurity/sshd-logs"][2].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][2].Evt.Parsed["euid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][2].Evt.Parsed["pam_type"] == "unix"
+results["s01-parse"]["crowdsecurity/sshd-logs"][2].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s01-parse"]["crowdsecurity/sshd-logs"][2].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/sshd-logs"][2].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s01-parse"]["crowdsecurity/sshd-logs"][2].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/sshd-logs"][2].Evt.Meta["service"] == "ssh"
+results["s01-parse"]["crowdsecurity/sshd-logs"][2].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][3].Success == true
+results["s01-parse"]["crowdsecurity/sshd-logs"][3].Evt.Parsed["program"] == "sshd"
+results["s01-parse"]["crowdsecurity/sshd-logs"][3].Evt.Parsed["sshd_invalid_user"] == "zm"
+results["s01-parse"]["crowdsecurity/sshd-logs"][3].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/sshd-logs"][3].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (zm)."
+results["s01-parse"]["crowdsecurity/sshd-logs"][3].Evt.Parsed["pid"] == "12202"
+results["s01-parse"]["crowdsecurity/sshd-logs"][3].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:07+01:00"
+results["s01-parse"]["crowdsecurity/sshd-logs"][3].Evt.Parsed["pam_type"] == "syno_log_fail"
+results["s01-parse"]["crowdsecurity/sshd-logs"][3].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/sshd-logs"][3].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s01-parse"]["crowdsecurity/sshd-logs"][3].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/sshd-logs"][3].Evt.Meta["service"] == "ssh"
+results["s01-parse"]["crowdsecurity/sshd-logs"][3].Evt.Meta["target_user"] == "zm"
+results["s01-parse"]["crowdsecurity/sshd-logs"][3].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s01-parse"]["crowdsecurity/sshd-logs"][4].Success == true
+results["s01-parse"]["crowdsecurity/sshd-logs"][4].Evt.Parsed["pid"] == "12275"
+results["s01-parse"]["crowdsecurity/sshd-logs"][4].Evt.Parsed["program"] == "sshd"
+results["s01-parse"]["crowdsecurity/sshd-logs"][4].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][4].Evt.Parsed["euid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][4].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][4].Evt.Parsed["pam_type"] == "unix"
+results["s01-parse"]["crowdsecurity/sshd-logs"][4].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:22+01:00"
+results["s01-parse"]["crowdsecurity/sshd-logs"][4].Evt.Parsed["uid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][4].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/sshd-logs"][4].Evt.Meta["service"] == "ssh"
+results["s01-parse"]["crowdsecurity/sshd-logs"][4].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][4].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s01-parse"]["crowdsecurity/sshd-logs"][4].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/sshd-logs"][4].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s01-parse"]["crowdsecurity/sshd-logs"][4].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/sshd-logs"][5].Success == true
+results["s01-parse"]["crowdsecurity/sshd-logs"][5].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/sshd-logs"][5].Evt.Parsed["pam_type"] == "syno_log_fail"
+results["s01-parse"]["crowdsecurity/sshd-logs"][5].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (alarm)."
+results["s01-parse"]["crowdsecurity/sshd-logs"][5].Evt.Parsed["pid"] == "12275"
+results["s01-parse"]["crowdsecurity/sshd-logs"][5].Evt.Parsed["program"] == "sshd"
+results["s01-parse"]["crowdsecurity/sshd-logs"][5].Evt.Parsed["sshd_invalid_user"] == "alarm"
+results["s01-parse"]["crowdsecurity/sshd-logs"][5].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:22+01:00"
+results["s01-parse"]["crowdsecurity/sshd-logs"][5].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/sshd-logs"][5].Evt.Meta["service"] == "ssh"
+results["s01-parse"]["crowdsecurity/sshd-logs"][5].Evt.Meta["target_user"] == "alarm"
+results["s01-parse"]["crowdsecurity/sshd-logs"][5].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s01-parse"]["crowdsecurity/sshd-logs"][5].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/sshd-logs"][5].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s01-parse"]["crowdsecurity/sshd-logs"][6].Success == true
+results["s01-parse"]["crowdsecurity/sshd-logs"][6].Evt.Parsed["pid"] == "12387"
+results["s01-parse"]["crowdsecurity/sshd-logs"][6].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:38+01:00"
+results["s01-parse"]["crowdsecurity/sshd-logs"][6].Evt.Parsed["uid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][6].Evt.Parsed["euid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][6].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172  user=root"
+results["s01-parse"]["crowdsecurity/sshd-logs"][6].Evt.Parsed["pam_type"] == "unix"
+results["s01-parse"]["crowdsecurity/sshd-logs"][6].Evt.Parsed["sshd_invalid_user"] == "root"
+results["s01-parse"]["crowdsecurity/sshd-logs"][6].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/sshd-logs"][6].Evt.Parsed["program"] == "sshd"
+results["s01-parse"]["crowdsecurity/sshd-logs"][6].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][6].Evt.Meta["target_user"] == "root"
+results["s01-parse"]["crowdsecurity/sshd-logs"][6].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s01-parse"]["crowdsecurity/sshd-logs"][6].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/sshd-logs"][6].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s01-parse"]["crowdsecurity/sshd-logs"][6].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/sshd-logs"][6].Evt.Meta["service"] == "ssh"
+results["s01-parse"]["crowdsecurity/sshd-logs"][6].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][7].Success == true
+results["s01-parse"]["crowdsecurity/sshd-logs"][7].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/sshd-logs"][7].Evt.Parsed["pid"] == "12490"
+results["s01-parse"]["crowdsecurity/sshd-logs"][7].Evt.Parsed["euid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][7].Evt.Parsed["pam_type"] == "unix"
+results["s01-parse"]["crowdsecurity/sshd-logs"][7].Evt.Parsed["program"] == "sshd"
+results["s01-parse"]["crowdsecurity/sshd-logs"][7].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][7].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:53+01:00"
+results["s01-parse"]["crowdsecurity/sshd-logs"][7].Evt.Parsed["uid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][7].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][7].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s01-parse"]["crowdsecurity/sshd-logs"][7].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/sshd-logs"][7].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s01-parse"]["crowdsecurity/sshd-logs"][7].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/sshd-logs"][7].Evt.Meta["service"] == "ssh"
+results["s01-parse"]["crowdsecurity/sshd-logs"][7].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][8].Success == true
+results["s01-parse"]["crowdsecurity/sshd-logs"][8].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/sshd-logs"][8].Evt.Parsed["program"] == "sshd"
+results["s01-parse"]["crowdsecurity/sshd-logs"][8].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:53+01:00"
+results["s01-parse"]["crowdsecurity/sshd-logs"][8].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (nx)."
+results["s01-parse"]["crowdsecurity/sshd-logs"][8].Evt.Parsed["pam_type"] == "syno_log_fail"
+results["s01-parse"]["crowdsecurity/sshd-logs"][8].Evt.Parsed["pid"] == "12490"
+results["s01-parse"]["crowdsecurity/sshd-logs"][8].Evt.Parsed["sshd_invalid_user"] == "nx"
+results["s01-parse"]["crowdsecurity/sshd-logs"][8].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s01-parse"]["crowdsecurity/sshd-logs"][8].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/sshd-logs"][8].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s01-parse"]["crowdsecurity/sshd-logs"][8].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/sshd-logs"][8].Evt.Meta["service"] == "ssh"
+results["s01-parse"]["crowdsecurity/sshd-logs"][8].Evt.Meta["target_user"] == "nx"
+results["s01-parse"]["crowdsecurity/sshd-logs"][9].Success == true
+results["s01-parse"]["crowdsecurity/sshd-logs"][9].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:09+01:00"
+results["s01-parse"]["crowdsecurity/sshd-logs"][9].Evt.Parsed["uid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][9].Evt.Parsed["euid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][9].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][9].Evt.Parsed["pid"] == "12556"
+results["s01-parse"]["crowdsecurity/sshd-logs"][9].Evt.Parsed["program"] == "sshd"
+results["s01-parse"]["crowdsecurity/sshd-logs"][9].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][9].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/sshd-logs"][9].Evt.Parsed["pam_type"] == "unix"
+results["s01-parse"]["crowdsecurity/sshd-logs"][9].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s01-parse"]["crowdsecurity/sshd-logs"][9].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/sshd-logs"][9].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s01-parse"]["crowdsecurity/sshd-logs"][9].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/sshd-logs"][9].Evt.Meta["service"] == "ssh"
+results["s01-parse"]["crowdsecurity/sshd-logs"][9].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][10].Success == true
+results["s01-parse"]["crowdsecurity/sshd-logs"][10].Evt.Parsed["program"] == "sshd"
+results["s01-parse"]["crowdsecurity/sshd-logs"][10].Evt.Parsed["sshd_invalid_user"] == "k"
+results["s01-parse"]["crowdsecurity/sshd-logs"][10].Evt.Parsed["pam_type"] == "syno_log_fail"
+results["s01-parse"]["crowdsecurity/sshd-logs"][10].Evt.Parsed["pid"] == "12556"
+results["s01-parse"]["crowdsecurity/sshd-logs"][10].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:09+01:00"
+results["s01-parse"]["crowdsecurity/sshd-logs"][10].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/sshd-logs"][10].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (k)."
+results["s01-parse"]["crowdsecurity/sshd-logs"][10].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s01-parse"]["crowdsecurity/sshd-logs"][10].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/sshd-logs"][10].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s01-parse"]["crowdsecurity/sshd-logs"][10].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/sshd-logs"][10].Evt.Meta["service"] == "ssh"
+results["s01-parse"]["crowdsecurity/sshd-logs"][10].Evt.Meta["target_user"] == "k"
+results["s01-parse"]["crowdsecurity/sshd-logs"][11].Success == true
+results["s01-parse"]["crowdsecurity/sshd-logs"][11].Evt.Parsed["euid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][11].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/sshd-logs"][11].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][11].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:23+01:00"
+results["s01-parse"]["crowdsecurity/sshd-logs"][11].Evt.Parsed["pam_type"] == "unix"
+results["s01-parse"]["crowdsecurity/sshd-logs"][11].Evt.Parsed["pid"] == "12648"
+results["s01-parse"]["crowdsecurity/sshd-logs"][11].Evt.Parsed["program"] == "sshd"
+results["s01-parse"]["crowdsecurity/sshd-logs"][11].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][11].Evt.Parsed["uid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][11].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/sshd-logs"][11].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s01-parse"]["crowdsecurity/sshd-logs"][11].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/sshd-logs"][11].Evt.Meta["service"] == "ssh"
+results["s01-parse"]["crowdsecurity/sshd-logs"][11].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][11].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s01-parse"]["crowdsecurity/sshd-logs"][12].Success == true
+results["s01-parse"]["crowdsecurity/sshd-logs"][12].Evt.Parsed["pid"] == "12648"
+results["s01-parse"]["crowdsecurity/sshd-logs"][12].Evt.Parsed["sshd_invalid_user"] == "ftpuser"
+results["s01-parse"]["crowdsecurity/sshd-logs"][12].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/sshd-logs"][12].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (ftpuser)."
+results["s01-parse"]["crowdsecurity/sshd-logs"][12].Evt.Parsed["pam_type"] == "syno_log_fail"
+results["s01-parse"]["crowdsecurity/sshd-logs"][12].Evt.Parsed["program"] == "sshd"
+results["s01-parse"]["crowdsecurity/sshd-logs"][12].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:23+01:00"
+results["s01-parse"]["crowdsecurity/sshd-logs"][12].Evt.Meta["target_user"] == "ftpuser"
+results["s01-parse"]["crowdsecurity/sshd-logs"][12].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s01-parse"]["crowdsecurity/sshd-logs"][12].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/sshd-logs"][12].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s01-parse"]["crowdsecurity/sshd-logs"][12].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/sshd-logs"][12].Evt.Meta["service"] == "ssh"
+results["s01-parse"]["crowdsecurity/sshd-logs"][13].Success == true
+results["s01-parse"]["crowdsecurity/sshd-logs"][13].Evt.Parsed["euid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][13].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/sshd-logs"][13].Evt.Parsed["pid"] == "12741"
+results["s01-parse"]["crowdsecurity/sshd-logs"][13].Evt.Parsed["program"] == "sshd"
+results["s01-parse"]["crowdsecurity/sshd-logs"][13].Evt.Parsed["uid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][13].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][13].Evt.Parsed["pam_type"] == "unix"
+results["s01-parse"]["crowdsecurity/sshd-logs"][13].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][13].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:38+01:00"
+results["s01-parse"]["crowdsecurity/sshd-logs"][13].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/sshd-logs"][13].Evt.Meta["service"] == "ssh"
+results["s01-parse"]["crowdsecurity/sshd-logs"][13].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][13].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s01-parse"]["crowdsecurity/sshd-logs"][13].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/sshd-logs"][13].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s01-parse"]["crowdsecurity/sshd-logs"][14].Success == true
+results["s01-parse"]["crowdsecurity/sshd-logs"][14].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:38+01:00"
+results["s01-parse"]["crowdsecurity/sshd-logs"][14].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/sshd-logs"][14].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (cloudadmin)."
+results["s01-parse"]["crowdsecurity/sshd-logs"][14].Evt.Parsed["pid"] == "12741"
+results["s01-parse"]["crowdsecurity/sshd-logs"][14].Evt.Parsed["program"] == "sshd"
+results["s01-parse"]["crowdsecurity/sshd-logs"][14].Evt.Parsed["sshd_invalid_user"] == "cloudadmin"
+results["s01-parse"]["crowdsecurity/sshd-logs"][14].Evt.Parsed["pam_type"] == "syno_log_fail"
+results["s01-parse"]["crowdsecurity/sshd-logs"][14].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/sshd-logs"][14].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s01-parse"]["crowdsecurity/sshd-logs"][14].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/sshd-logs"][14].Evt.Meta["service"] == "ssh"
+results["s01-parse"]["crowdsecurity/sshd-logs"][14].Evt.Meta["target_user"] == "cloudadmin"
+results["s01-parse"]["crowdsecurity/sshd-logs"][14].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s01-parse"]["crowdsecurity/sshd-logs"][15].Success == true
+results["s01-parse"]["crowdsecurity/sshd-logs"][15].Evt.Parsed["pam_type"] == "unix"
+results["s01-parse"]["crowdsecurity/sshd-logs"][15].Evt.Parsed["pid"] == "12823"
+results["s01-parse"]["crowdsecurity/sshd-logs"][15].Evt.Parsed["program"] == "sshd"
+results["s01-parse"]["crowdsecurity/sshd-logs"][15].Evt.Parsed["uid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][15].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/sshd-logs"][15].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][15].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:53+01:00"
+results["s01-parse"]["crowdsecurity/sshd-logs"][15].Evt.Parsed["euid"] == "0"
+results["s01-parse"]["crowdsecurity/sshd-logs"][15].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][15].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s01-parse"]["crowdsecurity/sshd-logs"][15].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/sshd-logs"][15].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s01-parse"]["crowdsecurity/sshd-logs"][15].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/sshd-logs"][15].Evt.Meta["service"] == "ssh"
+results["s01-parse"]["crowdsecurity/sshd-logs"][15].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s01-parse"]["crowdsecurity/sshd-logs"][16].Success == true
+results["s01-parse"]["crowdsecurity/sshd-logs"][16].Evt.Parsed["sshd_invalid_user"] == "tc"
+results["s01-parse"]["crowdsecurity/sshd-logs"][16].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:55+01:00"
+results["s01-parse"]["crowdsecurity/sshd-logs"][16].Evt.Parsed["pam_type"] == "syno_log_fail"
+results["s01-parse"]["crowdsecurity/sshd-logs"][16].Evt.Parsed["pid"] == "12823"
+results["s01-parse"]["crowdsecurity/sshd-logs"][16].Evt.Parsed["program"] == "sshd"
+results["s01-parse"]["crowdsecurity/sshd-logs"][16].Evt.Parsed["logsource"] == "syslog"
+results["s01-parse"]["crowdsecurity/sshd-logs"][16].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (tc)."
+results["s01-parse"]["crowdsecurity/sshd-logs"][16].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s01-parse"]["crowdsecurity/sshd-logs"][16].Evt.Meta["datasource_type"] == "file"
+results["s01-parse"]["crowdsecurity/sshd-logs"][16].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s01-parse"]["crowdsecurity/sshd-logs"][16].Evt.Meta["machine"] == "synologynas"
+results["s01-parse"]["crowdsecurity/sshd-logs"][16].Evt.Meta["service"] == "ssh"
+results["s01-parse"]["crowdsecurity/sshd-logs"][16].Evt.Meta["target_user"] == "tc"
+results["s01-parse"]["crowdsecurity/sshd-logs"][17].Success == false
+results["s01-parse"]["crowdsecurity/sshd-logs"][18].Success == false
+results["s01-parse"]["crowdsecurity/sshd-logs"][19].Success == false
+results["s01-parse"]["crowdsecurity/sshd-logs"][20].Success == false
+len(results["s02-enrich"]["crowdsecurity/dateparse-enrich"]) == 17
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172  user=root"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["pam_type"] == "unix"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["pid"] == "12031"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["timestamp8601"] == "2025-10-27T23:29:36+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["euid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["logsource"] == "syslog"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["uid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["sshd_invalid_user"] == "root"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Parsed["program"] == "sshd"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["service"] == "ssh"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["target_user"] == "root"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["timestamp"] == "2025-10-27T23:29:36+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Meta["machine"] == "synologynas"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][0].Evt.Enriched["MarshaledTime"] == "2025-10-27T23:29:36+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["pid"] == "12099"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["program"] == "sshd"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["sshd_invalid_user"] == "postgres"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["logsource"] == "syslog"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172  user=postgres"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["pam_type"] == "unix"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["timestamp8601"] == "2025-10-27T23:29:52+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["uid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["euid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["machine"] == "synologynas"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["service"] == "ssh"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["target_user"] == "postgres"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["timestamp"] == "2025-10-27T23:29:52+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][1].Evt.Enriched["MarshaledTime"] == "2025-10-27T23:29:52+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["uid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["logsource"] == "syslog"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["pid"] == "12202"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["program"] == "sshd"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:07+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["euid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Parsed["pam_type"] == "unix"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["service"] == "ssh"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["timestamp"] == "2025-10-27T23:30:07+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Meta["machine"] == "synologynas"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][2].Evt.Enriched["MarshaledTime"] == "2025-10-27T23:30:07+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (zm)."
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["program"] == "sshd"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:07+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["sshd_invalid_user"] == "zm"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["logsource"] == "syslog"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["pam_type"] == "syno_log_fail"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Parsed["pid"] == "12202"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["machine"] == "synologynas"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["service"] == "ssh"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["target_user"] == "zm"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Meta["timestamp"] == "2025-10-27T23:30:07+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][3].Evt.Enriched["MarshaledTime"] == "2025-10-27T23:30:07+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["logsource"] == "syslog"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["program"] == "sshd"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["uid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["euid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["pam_type"] == "unix"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["pid"] == "12275"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:22+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["machine"] == "synologynas"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["service"] == "ssh"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Meta["timestamp"] == "2025-10-27T23:30:22+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][4].Evt.Enriched["MarshaledTime"] == "2025-10-27T23:30:22+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["pid"] == "12275"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:22+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["logsource"] == "syslog"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (alarm)."
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["pam_type"] == "syno_log_fail"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["program"] == "sshd"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Parsed["sshd_invalid_user"] == "alarm"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["service"] == "ssh"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["target_user"] == "alarm"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["timestamp"] == "2025-10-27T23:30:22+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Meta["machine"] == "synologynas"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][5].Evt.Enriched["MarshaledTime"] == "2025-10-27T23:30:22+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["euid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["logsource"] == "syslog"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172  user=root"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["pam_type"] == "unix"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["program"] == "sshd"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["uid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["pid"] == "12387"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["sshd_invalid_user"] == "root"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:38+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["timestamp"] == "2025-10-27T23:30:38+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["machine"] == "synologynas"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["service"] == "ssh"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Meta["target_user"] == "root"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][6].Evt.Enriched["MarshaledTime"] == "2025-10-27T23:30:38+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:53+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["uid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["pam_type"] == "unix"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["pid"] == "12490"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["program"] == "sshd"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["euid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Parsed["logsource"] == "syslog"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["machine"] == "synologynas"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["service"] == "ssh"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Meta["timestamp"] == "2025-10-27T23:30:53+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][7].Evt.Enriched["MarshaledTime"] == "2025-10-27T23:30:53+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["sshd_invalid_user"] == "nx"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["timestamp8601"] == "2025-10-27T23:30:53+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["logsource"] == "syslog"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["pid"] == "12490"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["program"] == "sshd"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (nx)."
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Parsed["pam_type"] == "syno_log_fail"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["service"] == "ssh"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["target_user"] == "nx"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["timestamp"] == "2025-10-27T23:30:53+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Meta["machine"] == "synologynas"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][8].Evt.Enriched["MarshaledTime"] == "2025-10-27T23:30:53+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:09+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["uid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["logsource"] == "syslog"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["pam_type"] == "unix"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["pid"] == "12556"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["program"] == "sshd"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["euid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["timestamp"] == "2025-10-27T23:31:09+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["machine"] == "synologynas"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["service"] == "ssh"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][9].Evt.Enriched["MarshaledTime"] == "2025-10-27T23:31:09+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["pam_type"] == "syno_log_fail"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (k)."
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["logsource"] == "syslog"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["pid"] == "12556"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["program"] == "sshd"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["sshd_invalid_user"] == "k"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:09+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["machine"] == "synologynas"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["service"] == "ssh"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["target_user"] == "k"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Meta["timestamp"] == "2025-10-27T23:31:09+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][10].Evt.Enriched["MarshaledTime"] == "2025-10-27T23:31:09+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["pid"] == "12648"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["uid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:23+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["euid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["logsource"] == "syslog"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["pam_type"] == "unix"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["program"] == "sshd"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["timestamp"] == "2025-10-27T23:31:23+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["machine"] == "synologynas"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["service"] == "ssh"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][11].Evt.Enriched["MarshaledTime"] == "2025-10-27T23:31:23+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["logsource"] == "syslog"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (ftpuser)."
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["pid"] == "12648"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["program"] == "sshd"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:23+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["pam_type"] == "syno_log_fail"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Parsed["sshd_invalid_user"] == "ftpuser"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["machine"] == "synologynas"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["service"] == "ssh"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["target_user"] == "ftpuser"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["timestamp"] == "2025-10-27T23:31:23+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][12].Evt.Enriched["MarshaledTime"] == "2025-10-27T23:31:23+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["uid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["pam_type"] == "unix"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["pid"] == "12741"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["program"] == "sshd"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["euid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["logsource"] == "syslog"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:38+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["service"] == "ssh"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["timestamp"] == "2025-10-27T23:31:38+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Meta["machine"] == "synologynas"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][13].Evt.Enriched["MarshaledTime"] == "2025-10-27T23:31:38+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (cloudadmin)."
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["pam_type"] == "syno_log_fail"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["pid"] == "12741"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["sshd_invalid_user"] == "cloudadmin"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:38+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["logsource"] == "syslog"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Parsed["program"] == "sshd"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["machine"] == "synologynas"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["service"] == "ssh"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["target_user"] == "cloudadmin"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["timestamp"] == "2025-10-27T23:31:38+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][14].Evt.Enriched["MarshaledTime"] == "2025-10-27T23:31:38+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["pam_type"] == "unix"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["pid"] == "12823"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["program"] == "sshd"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["sshd_client_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["euid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["message"] == "pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:53+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["uid"] == "0"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Parsed["logsource"] == "syslog"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["service"] == "ssh"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["source_ip"] == "110.235.67.172"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["timestamp"] == "2025-10-27T23:31:53+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Meta["machine"] == "synologynas"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][15].Evt.Enriched["MarshaledTime"] == "2025-10-27T23:31:53+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Success == true
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["pid"] == "12823"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["program"] == "sshd"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["sshd_invalid_user"] == "tc"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["logsource"] == "syslog"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["pam_type"] == "syno_log_fail"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["message"] == "pam_syno_log_fail(sshd:auth): Can't get user uid (tc)."
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Parsed["timestamp8601"] == "2025-10-27T23:31:55+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["datasource_path"] == "synology-dsm-ssh-bf.log"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["datasource_type"] == "file"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["log_type"] == "ssh_failed-auth"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["machine"] == "synologynas"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["service"] == "ssh"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["target_user"] == "tc"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Meta["timestamp"] == "2025-10-27T23:31:55+01:00"
+results["s02-enrich"]["crowdsecurity/dateparse-enrich"][16].Evt.Enriched["MarshaledTime"] == "2025-10-27T23:31:55+01:00"
+len(results["success"][""]) == 0
diff --git a/.tests/synology-dsm-ssh-bf/scenario.assert b/.tests/synology-dsm-ssh-bf/scenario.assert
new file mode 100644
index 00000000000..54d6a9db664
--- /dev/null
+++ b/.tests/synology-dsm-ssh-bf/scenario.assert
@@ -0,0 +1 @@
+len(results) == 0
\ No newline at end of file
diff --git a/.tests/synology-dsm-ssh-bf/synology-dsm-ssh-bf.log b/.tests/synology-dsm-ssh-bf/synology-dsm-ssh-bf.log
new file mode 100644
index 00000000000..52b3b6b46fb
--- /dev/null
+++ b/.tests/synology-dsm-ssh-bf/synology-dsm-ssh-bf.log
@@ -0,0 +1,21 @@
+2025-10-27T23:29:36+01:00 synologynas sshd[12031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172  user=root
+2025-10-27T23:29:52+01:00 synologynas sshd[12099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172  user=postgres
+2025-10-27T23:30:07+01:00 synologynas sshd[12202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172
+2025-10-27T23:30:07+01:00 synologynas sshd[12202]: pam_syno_log_fail(sshd:auth): Can't get user uid (zm).
+2025-10-27T23:30:22+01:00 synologynas sshd[12275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172
+2025-10-27T23:30:22+01:00 synologynas sshd[12275]: pam_syno_log_fail(sshd:auth): Can't get user uid (alarm).
+2025-10-27T23:30:38+01:00 synologynas sshd[12387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172  user=root
+2025-10-27T23:30:53+01:00 synologynas sshd[12490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172
+2025-10-27T23:30:53+01:00 synologynas sshd[12490]: pam_syno_log_fail(sshd:auth): Can't get user uid (nx).
+2025-10-27T23:31:09+01:00 synologynas sshd[12556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172
+2025-10-27T23:31:09+01:00 synologynas sshd[12556]: pam_syno_log_fail(sshd:auth): Can't get user uid (k).
+2025-10-27T23:31:23+01:00 synologynas sshd[12648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172
+2025-10-27T23:31:23+01:00 synologynas sshd[12648]: pam_syno_log_fail(sshd:auth): Can't get user uid (ftpuser).
+2025-10-27T23:31:38+01:00 synologynas sshd[12741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172
+2025-10-27T23:31:38+01:00 synologynas sshd[12741]: pam_syno_log_fail(sshd:auth): Can't get user uid (cloudadmin).
+2025-10-27T23:31:53+01:00 synologynas sshd[12823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.235.67.172
+2025-10-27T23:31:55+01:00 synologynas sshd[12823]: pam_syno_log_fail(sshd:auth): Can't get user uid (tc).
+2025-10-29T18:55:53+01:00 synologynas ssnotifyd[24968]: pushservice_update_ds_token.c:42 ERROR: setresuid(-1, 0, -1) [Operation not permitted]
+2025-10-29T18:55:53+01:00 synologynas ssnotifyd[24968]: pushservice_update_ds_token.c:42 ERROR: ENTERCriticalSection
+2025-11-05T18:19:42+01:00 synologynas synoscgi_SYNO.SurveillanceStation.Notification_1_GetRegisterToken[764]: pushservice_update_ds_token.c:42 ERROR: setresuid(-1, 0, -1) [Operation not permitted]
+2025-11-05T18:19:42+01:00 synologynas synoscgi_SYNO.SurveillanceStation.Notification_1_GetRegisterToken[764]: pushservice_update_ds_token.c:42 ERROR: ENTERCriticalSection
diff --git a/README.md b/README.md
index 5d3fbaadbf1..350337a434d 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 <p align="center">
 <img src="https://raw.githubusercontent.com/crowdsecurity/hub/master/assets/crowdsec_hub.svg" alt="CrowdSec" title="CrowdSec" width="400" height="260"/>
 </p>
-</br>
+<br>
 <p align="center">
 </p>
 
diff --git a/collections/crowdsecurity/synology-dsm.yaml b/collections/crowdsecurity/synology-dsm.yaml
index 328d78f7976..a83df83c563 100644
--- a/collections/crowdsecurity/synology-dsm.yaml
+++ b/collections/crowdsecurity/synology-dsm.yaml
@@ -11,6 +11,7 @@ parsers:
 # the list of scenarios it contains
 scenarios:
   - crowdsecurity/synology-dsm-bf
+  - crowdsecurity/synology-dsm-bf-slow-1h
 description: "Synology DSM web authentication support"
 labels:
   label: "Synology DSM - Bruteforce Protection"
diff --git a/parsers/s01-parse/crowdsecurity/sshd-logs.yaml b/parsers/s01-parse/crowdsecurity/sshd-logs.yaml
index 986a7b58563..09e5878a344 100644
--- a/parsers/s01-parse/crowdsecurity/sshd-logs.yaml
+++ b/parsers/s01-parse/crowdsecurity/sshd-logs.yaml
@@ -11,6 +11,7 @@ pattern_syntax:
   SSHD_AUTH_FAIL: 'pam_%{DATA:pam_type}\(sshd:auth\): authentication failure; logname= uid=%{NUMBER:uid}? euid=%{NUMBER:euid}? tty=ssh ruser= rhost=%{IP_WORKAROUND:sshd_client_ip}( %{SPACE}user=%{USERNAME:sshd_invalid_user})?'
   SSHD_MAGIC_VALUE_FAILED: 'Magic value check failed \(\d+\) on obfuscated handshake from %{IP_WORKAROUND:sshd_client_ip} port \d+'
   SSHD_INVALID_USER: 'Invalid user\s*%{USERNAME:sshd_invalid_user}? from %{IP_WORKAROUND:sshd_client_ip}( port \d+)?'
+  SSHD_INVALID_USER_SYNO: 'pam_%{DATA:pam_type}\(sshd:auth\): Can.t get user uid \(%{USERNAME:sshd_invalid_user}\)'
   SSHD_INVALID_USER_ALT: 'Failed keyboard-interactive/pam for invalid user %{USERNAME:sshd_invalid_user} from %{IP_WORKAROUND:sshd_client_ip}( port \d+)?'
   SSHD_INVALID_BANNER: 'banner exchange: Connection from %{IP_WORKAROUND:sshd_client_ip} port \d+: invalid format'
   SSHD_PREAUTH_AUTHENTICATING_USER: 'Connection (closed|reset) by( (authenticating|invalid) user %{USERNAME:sshd_invalid_user})? %{IP_WORKAROUND:sshd_client_ip} port \d+ \[preauth\]'
@@ -61,6 +62,14 @@ nodes:
           value: ssh_failed-auth
         - meta: target_user
           expression: "evt.Parsed.sshd_invalid_user"
+  - grok:
+      name: "SSHD_INVALID_USER_SYNO"
+      apply_on: message
+      statics:
+        - meta: log_type
+          value: ssh_failed-auth
+        - meta: target_user
+          expression: "evt.Parsed.sshd_invalid_user"
   - grok:
       name: "SSHD_INVALID_USER_ALT"
       apply_on: message
diff --git a/parsers/s01-parse/crowdsecurity/synology-dsm-logs.yaml b/parsers/s01-parse/crowdsecurity/synology-dsm-logs.yaml
index d46e3bb52dc..1cd4682b8e4 100644
--- a/parsers/s01-parse/crowdsecurity/synology-dsm-logs.yaml
+++ b/parsers/s01-parse/crowdsecurity/synology-dsm-logs.yaml
@@ -11,17 +11,14 @@ pattern_syntax:
 # https://github.com/crowdsecurity/crowdsec/issues/938
   IPv4_WORKAROUND: '(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)'
   IP_WORKAROUND: '(?:%{IPV6}|%{IPv4_WORKAROUND})'
-  AUTH_LOG_FAIL: 'pam_unix\(webui:auth\): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=%{IP_WORKAROUND:src_ip}'
+  AUTH_LOG_FAIL: 'pam_unix\(webui:auth\): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=%{IP_WORKAROUND:src_ip}(\s+user=%{USERNAME:sshd_invalid_user})?'
 grok:
   pattern: "%{AUTH_LOG_FAIL}"
   apply_on: message
   statics:
     - meta: log_type
       value: synology-dsm_failed_auth
-statics:
-  - meta: log_type
-    value: synology-dsm_failed_auth
-  - meta: service
-    value: synology-dsm
-  - meta: source_ip
-    expression: "evt.Parsed.src_ip"
+    - meta: service
+      value: synology-dsm
+    - meta: source_ip
+      expression: "evt.Parsed.src_ip"
diff --git a/scenarios/crowdsecurity/ssh-bf.yaml b/scenarios/crowdsecurity/ssh-bf.yaml
index 0cb67f37573..a51f9296682 100644
--- a/scenarios/crowdsecurity/ssh-bf.yaml
+++ b/scenarios/crowdsecurity/ssh-bf.yaml
@@ -4,8 +4,6 @@ name: crowdsecurity/ssh-bf
 description: "Detect ssh bruteforce"
 filter: "evt.Meta.log_type == 'ssh_failed-auth'"
 leakspeed: "10s"
-references:
-  - http://wikipedia.com/ssh-bf-is-bad
 capacity: 5
 groupby: evt.Meta.source_ip
 blackhole: 1m
@@ -14,8 +12,7 @@ labels:
   service: ssh
   confidence: 3
   spoofable: 0
-  classification:
-    - attack.T1110
+  classification: "attack.T1110"
   label: "SSH Bruteforce"
   behavior: "ssh:bruteforce"
   remediation: true
@@ -35,7 +32,6 @@ labels:
   remediation: true
   confidence: 3
   spoofable: 0
-  classification:
-    - attack.T1589
+  classification: "attack.T1589"
   behavior: "ssh:bruteforce"
   label: "SSH User Enumeration"
diff --git a/scenarios/crowdsecurity/synology-dsm-bf-slow-1h.md b/scenarios/crowdsecurity/synology-dsm-bf-slow-1h.md
new file mode 100644
index 00000000000..1388b9e127c
--- /dev/null
+++ b/scenarios/crowdsecurity/synology-dsm-bf-slow-1h.md
@@ -0,0 +1,4 @@
+## Detect Synology DSM bruteforce attack slow strategies.
+
+### Rule
+leakspeed of 1 hour, capacity of 10
diff --git a/scenarios/crowdsecurity/synology-dsm-bf-slow-1h.yaml b/scenarios/crowdsecurity/synology-dsm-bf-slow-1h.yaml
new file mode 100644
index 00000000000..ce16ea08065
--- /dev/null
+++ b/scenarios/crowdsecurity/synology-dsm-bf-slow-1h.yaml
@@ -0,0 +1,18 @@
+# Synology DSM auth.log bruteforce
+type: leaky
+name: crowdsecurity/synology-dsm-bf-slow-1h
+description: "Detect Synology DSM web auth bruteforce slow strategy 1 hour"
+filter: "evt.Meta.log_type == 'synology-dsm_failed_auth'"
+leakspeed: "1h"
+capacity: 10
+groupby: evt.Meta.source_ip
+blackhole: 10h
+reprocess: true
+labels:
+  service: synology_dsm
+  remediation: true
+  confidence: 3
+  spoofable: 0
+  classification: "attack.T1110"
+  behavior: "http:bruteforce"
+  label: "Synology DSM Bruteforce"
\ No newline at end of file
diff --git a/scenarios/crowdsecurity/synology-dsm-bf.yaml b/scenarios/crowdsecurity/synology-dsm-bf.yaml
index 7925ce263cb..22d760185e2 100644
--- a/scenarios/crowdsecurity/synology-dsm-bf.yaml
+++ b/scenarios/crowdsecurity/synology-dsm-bf.yaml
@@ -9,11 +9,10 @@ groupby: evt.Meta.source_ip
 blackhole: 1m
 reprocess: true
 labels:
- service: synology_dsm
- remediation: true
- confidence: 3
- spoofable: 0
- classification:
-  - attack.T1110
- behavior: "http:bruteforce"
- label: "Synology DSM Bruteforce"
\ No newline at end of file
+  service: synology_dsm
+  remediation: true
+  confidence: 3
+  spoofable: 0
+  classification: "attack.T1110"
+  behavior: "http:bruteforce"
+  label: "Synology DSM Bruteforce"
\ No newline at end of file
diff --git a/taxonomy/mitre_attack.json b/taxonomy/mitre_attack.json
index 34d5fd8fae6..b0df998d1fd 100644
--- a/taxonomy/mitre_attack.json
+++ b/taxonomy/mitre_attack.json
@@ -650,7 +650,7 @@
       {
         "name": "T1006",
         "label": "Direct Volume Access",
-        "description": "Adversaries may directly access a volume to bypass file access controls and file system monitoring. Windows allows programs to have direct access to logical volumes. Programs with direct access may read and write files directly from the drive by analyzing file system data structures. This technique may bypass Windows file access controls as well as file system monitoring tools. (Citation: Hakobyan 2009)\n\nUtilities, such as `NinjaCopy`, exist to perform these actions in PowerShell.(Citation: Github PowerSploit Ninjacopy) Adversaries may also use built-in or third-party utilities (such as `vssadmin`, `wbadmin`, and [esentutl](https://attack.mitre.org/software/S0404)) to create shadow copies or backups of data from system volumes.(Citation: LOLBAS Esentutl)"
+        "description": "Adversaries may directly access a volume to bypass file access controls and file system monitoring. Windows allows programs to have direct access to logical volumes. Programs with direct access may read and write files directly from the drive by analyzing file system data structures. This technique may bypass Windows file access controls as well as file system monitoring tools.(Citation: Hakobyan 2009)\n\nUtilities, such as `NinjaCopy`, exist to perform these actions in PowerShell.(Citation: Github PowerSploit Ninjacopy) Adversaries may also use built-in or third-party utilities (such as `vssadmin`, `wbadmin`, and [esentutl](https://attack.mitre.org/software/S0404)) to create shadow copies or backups of data from system volumes.(Citation: LOLBAS Esentutl)"
       },
       {
         "name": "T1014",