id: detect-rsyncd info: name: Detect rsyncd reference: https://linux.die.net/man/1/rsync author: vsh00t,geeknik severity: info tags: network,rsyncd network: - inputs: - data: "?\r\n" host: - "{{Hostname}}" - "{{Hostname}}:873" matchers: - type: word words: - "RSYNCD: " - "ERROR: protocol startup error" condition: and extractors: - type: regex regex: - 'RSYNCD: \d\d.\d'