SSH Auth Log Pipeline

damn it was easier than i thought
so i made the complete SSH authentication failure and success events pipeline
__
what happens is the lil bro (agent) reads the systemd journal logs (yes it only supports this for now T__T) by executing the command journalctl -f -u sshd -o json --since now which basically makes it run the journalctl like tail command so it streams out the logs only when they are ingested.
__
the logs are in JSON format which then gets is handled by Auth Collector in agent, which has parser functions for password failure and success
then its just the normal event pipeline (create event -> send to queue -> worker sends the event to backend)
after that it is displayed on dashboard

next

threshold based rules (first hardcoded, then proper rule table and stuff)