Robot
/
lnav
mirror of https://github.com/tstack/lnav.git
2
0
Fork 0
Code Issues Releases Wiki Activity

[formats] break up default-log-formats.json into separate files for each file format 

Defect Number:
    Reviewed By:
   Testing Done:
This commit is contained in:
Timothy Stack 2020-05-08 22:04:39 -07:00
parent 7e36c6b3d0
commit 8e9ef5765f
37 changed files with 2061 additions and 1850 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
src/Makefile.am
View File

@ -19,6 +19,46 @@ RE2C_V = $(RE2C_V_@AM_V@)
RE2C_V_ = $(RE2C_V_@AM_DEFAULT_V@)
RE2C_V_0 = @echo " RE2C " $@;
FORMAT_FILES = \
$(srcdir)/formats/access_log.json \
$(srcdir)/formats/alb_log.json \
$(srcdir)/formats/autodeploy_log.json \
$(srcdir)/formats/block_log.json \
$(srcdir)/formats/candlepin_log.json \
$(srcdir)/formats/choose_repo_log.json \
$(srcdir)/formats/cups_log.json \
$(srcdir)/formats/dpkg_log.json \
$(srcdir)/formats/elb_log.json \
$(srcdir)/formats/engine_log.json \
$(srcdir)/formats/error_log.json \
$(srcdir)/formats/fsck_hfs_log.json \
$(srcdir)/formats/glog_log.json \
$(srcdir)/formats/haproxy_log.json \
$(srcdir)/formats/java_log.json \
$(srcdir)/formats/journald_json_log.json \
$(srcdir)/formats/katello_log.json \
$(srcdir)/formats/openam_log.json \
$(srcdir)/formats/openamdb_log.json \
$(srcdir)/formats/openstack_log.json \
$(srcdir)/formats/page_log.json \
$(srcdir)/formats/papertrail_log.json \
$(srcdir)/formats/snaplogic_log.json \
$(srcdir)/formats/sssd_log.json \
$(srcdir)/formats/strace_log.json \
$(srcdir)/formats/sudo_log.json \
$(srcdir)/formats/syslog_log.json \
$(srcdir)/formats/tcf_log.json \
$(srcdir)/formats/tcsh_history.json \
$(srcdir)/formats/uwsgi_log.json \
$(srcdir)/formats/vdsm_log.json \
$(srcdir)/formats/vmk_log.json \
$(srcdir)/formats/vmw_log.json \
$(srcdir)/formats/xmlrpc_log.json \
$()
default-formats.h default-formats.c: bin2c $(FORMAT_FILES)
$(BIN2C_V)./bin2c -n lnav_format_json default-formats $(FORMAT_FILES)
CONFIG_FILES = \
$(srcdir)/root-config.json \
$(srcdir)/keymaps/default-keymap.json \
@ -159,7 +199,6 @@ LDADD = \
dist_noinst_DATA = \
alpha-release.sh \
ansi-palette.json \
default-log-formats.json \
keymaps/default-keymap.json \
root-config.json \
scripts/dhclient-summary.lnav \
@ -187,8 +226,8 @@ BUILT_SOURCES = \
builtin-sh-scripts.c \
default-config.h \
default-config.c \
default-log-formats-json.h \
default-log-formats-json.c \
default-formats.h \
default-formats.c \
help-txt.h \
help-txt.c \
init-sql.h \
@ -434,9 +473,6 @@ ptimec_LDADD =
DISTCLEANFILES = \
$(BUILT_SOURCES) \
data_scanner_re.cc \
default-config.json \
default-config.c \
default-log-formats-json.c \
help-txt.c \
init-sql.c \
log_level_re.cc \

1818
src/default-log-formats.json
View File

File diff suppressed because it is too large Load Diff

93
src/formats/access_log.json Normal file
View File

@ -0,0 +1,93 @@
{
"access_log": {
"title": "Common Access Log",
"description": "The default web access log format for servers like Apache.",
"url": "http://en.wikipedia.org/wiki/Common_Log_Format",
"multiline": false,
"regex": {
"ts-first-noquotes": {
"pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?<c_ip>[^ ]+) (?<cs_username>[^ ]+) (?<cs_method>[A-Z]+) (?<cs_uri_stem>[^ \\?]+)(?:\\?(?<cs_uri_query>[^ ]*))? (?:-1|\\d+) (?<sc_status>\\d+) \\d+\\s*(?<body>.*)"
},
"ts-first": {
"pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?<c_ip>[^ ]+) (?<cs_username>[^ ]+) (?<cs_method>[A-Z]+) \"(?<cs_uri_stem>[^ \\?]+)(?:\\?(?<cs_uri_query>[^ ]*))?\" (?:-1|\\d+) (?<sc_status>\\d+) \\d+\\s*(?<body>.*)"
},
"std": {
"pattern": "^(?<c_ip>[\\w\\.:\\-]+)\\s+[\\w\\.\\-]+\\s+(?<cs_username>\\S+)\\s+\\[(?<timestamp>[^\\]]+)\\] \"(?:\\-|(?<cs_method>\\w+) (?<cs_uri_stem>[^ \\?]+)(?:\\?(?<cs_uri_query>[^ ]*))? (?<cs_version>[\\w/\\.]+))\" (?<sc_status>\\d+) (?<sc_bytes>\\d+|-)(?: \"(?<cs_referer>[^\"]+)\" \"(?<cs_user_agent>[^\"]+)\")?\\s*(?<body>.*)"
},
"mod-std": {
"module-format": true,
"pattern": "^(?<c_ip>[\\w\\.:\\-]+)\\s+[\\w\\.\\-]+\\s+(?<cs_username>\\S+)\\s+\"(?:\\-|(?<cs_method>\\w+) (?<cs_uri_stem>[^ \\?]+)(?:\\?(?<cs_uri_query>[^ ]*))? (?<cs_version>[\\w/\\.]+))\" (?<sc_status>\\d+) (?<sc_bytes>\\d+|-)(?: \"(?<cs_referer>[^\"]+)\" \"(?<cs_user_agent>[^\"]+)\")?\\s*(?<body>.*)"
}
},
"level-field": "sc_status",
"level": {
"error": "^[^123].*"
},
"opid-field": "c_ip",
"value": {
"c_ip": {
"kind": "string",
"collate": "ipaddress",
"identifier": true,
"description": "The client IP address"
},
"cs_username": {
"kind": "string",
"identifier": true,
"description": "The username passed from the client to the server"
},
"cs_method": {
"kind": "string",
"identifier": true,
"description": "The request method"
},
"cs_uri_stem": {
"kind": "string",
"identifier": true,
"description": "The path part of the request URI"
},
"cs_uri_query": {
"kind": "string",
"description": "The query parameters in the request URI"
},
"cs_version": {
"kind": "string",
"identifier": true,
"description": "The client's HTTP version"
},
"sc_status": {
"kind": "integer",
"foreign-key": true,
"rewriter": ";SELECT :sc_status || ' (' || (SELECT message FROM http_status_codes WHERE status = :sc_status) || ') '",
"description": "The status code returned by the server"
},
"sc_bytes": {
"kind": "integer",
"description": "The number of bytes returned by the server"
},
"cs_referer": {
"kind": "string",
"identifier": true,
"description": "The client's referrer"
},
"cs_user_agent": {
"kind": "string",
"identifier": true,
"description": "The client's HTTP agent"
}
},
"sample": [
{
"line": "10.112.72.172 - - [11/Feb/2013:06:43:36 +0000] \"GET /client/ HTTP/1.1\" 200 5778 \"-\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17\"",
"level": "info"
},
{
"line": "10.112.72.172 - - [11/Feb/2013:06:43:36 +0000] \"GET /client/ HTTP/1.1\" 404 5778 \"-\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17\"",
"level": "error"
},
{
"line": "10.1.10.51 - - [23/Dec/2014:21:20:35 +0000] \"POST /api/1/rest/foo/bar HTTP/1.1\" 200 - \"-\" \"-\" 293"
}
]
}
}

132
src/formats/alb_log.json Normal file
View File

@ -0,0 +1,132 @@
{
"alb_log": {
"title": "Amazon ALB log",
"description": "Log format for Amazon Application Load Balancers",
"url": "https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html",
"regex": {
"std": {
"pattern": "^(?<type>(http)|(https)|(h2)|(ws)|(wss)) (?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{6}Z) (?<elb>[^ ]+) (?<client_ip>[\\w\\.:]+):(?<client_port>\\d+) (?<target_ip>[\\w\\.:]+):(?<target_port>\\d+) (?<request_processing_time>(-1)|(\\d+(\\.\\d+))?) (?<target_processing_time>(-1)|(\\d+(\\.\\d+))?) (?<response_processing_time>(-1)|(\\d+(\\.\\d+))?) (?<elb_status_code>\\d+|-) (?<target_status_code>\\d+|-) (?<received_bytes>\\d+) (?<sent_bytes>\\d+) \"(?:\\-|(?<cs_method>\\w+|-) (?<cs_uri_whole>(?<cs_uri_stem>(?:(?<cs_uri_scheme>https|http)?://)?(?:(?<cs_uri_hostname>[^:]+):(?<cs_uri_port>\\d+)?)?(?<cs_uri_path>[^ \\?]+)?)(?:\\?(?<cs_uri_query>[^ ]*))?) (?<cs_version>[\\w/\\.]+|-)\\s*)\" \"(?<user_agent>[^\"]+)\" (?<ssl_cipher>[\\w-]+) (?<ssl_protocol>[\\w\\.-]+) (?<target_group_arn>[^ ]+) \"(?<trace_id>[^ ]+)\" (?<domain_name>[^ ]+) (?<chosen_cert_arn>[^ ]+) ?(?<matched_rule_priority>(-1)|\\b([0-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[1-4][0-9]{4}|50000)\\b)?"
}
},
"level-field": "elb_status_code",
"level": {
"error": "^[^123].*"
},
"opid-field": "client_ip",
"value": {
"type": {
"kind": "string",
"identifier": true
},
"alb": {
"kind": "string",
"identifier": true
},
"client_ip": {
"kind": "string",
"collate": "ipaddress",
"identifier": true
},
"client_port": {
"kind": "integer",
"foreign-key": true
},
"target_ip": {
"kind": "string",
"collate": "ipaddress",
"identifier": true
},
"target_port": {
"kind": "integer",
"foreign-key": true
},
"request_processing_time": {
"kind": "float"
},
"target_processing_time": {
"kind": "float"
},
"response_processing_time": {
"kind": "float"
},
"elb_status_code": {
"kind": "integer",
"foreign-key": true
},
"target_status_code": {
"kind": "integer",
"foreign-key": true
},
"received_bytes": {
"kind": "integer"
},
"sent_bytes": {
"kind": "integer"
},
"cs_method": {
"kind": "string",
"identifier": true
},
"cs_uri_stem": {
"kind": "string",
"identifier": true
},
"cs_uri_query": {
"kind": "string"
},
"cs_version": {
"kind": "string",
"identifier": true
},
"user_agent": {
"kind": "string",
"identifier": true
},
"ssl_cipher": {
"kind": "string",
"identifier": true
},
"ssl_protocol": {
"kind": "string",
"identifier": true
},
"target_group_arn": {
"kind": "string",
"identifier": true
},
"trace_id": {
"kind": "string",
"identifier": true
},
"domain_name": {
"kind": "string",
"identifier": true
},
"chosen_cert_arn": {
"kind": "string",
"identifier": true
},
"matched_rule_priority": {
"kind": "integer",
"identifier": true
}
},
"sample": [
{
"line": "http 2016-08-10T22:08:42.945958Z app/my-loadbalancer/50dc6c495c0c9188 192.168.131.39:2817 10.0.0.1:80 0.000 0.001 0.000 200 200 34 366 \"GET http://www.example.com:80/ HTTP/1.1\" \"curl/7.46.0\" - - arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067 \"Root=1-58337262-36d228ad5d99923122bbe354\" - -"
},
{
"line": "https 2016-08-10T23:39:43.065466Z app/my-loadbalancer/50dc6c495c0c9188 192.168.131.39:2817 10.0.0.1:80 0.086 0.048 0.037 200 200 0 57 \"GET https://www.example.com:443/ HTTP/1.1\" \"curl/7.46.0\" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067 \"Root=1-58337281-1d84f3d73c47ec4e58577259\" www.example.com arn:aws:acm:us-east-2:123456789012:certificate/12345678-1234-1234-1234-123456789012"
},
{
"line": "h2 2016-08-10T00:10:33.145057Z app/my-loadbalancer/50dc6c495c0c9188 10.0.1.252:48160 10.0.0.66:9000 0.000 0.002 0.000 200 200 5 257 \"GET https://10.0.2.105:773/ HTTP/2.0\" \"curl/7.46.0\" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067 \"Root=1-58337327-72bd00b0343d75b906739c42\" - -"
},
{
"line": "ws 2016-08-10T00:32:08.923954Z app/my-loadbalancer/50dc6c495c0c9188 10.0.0.140:40914 10.0.1.192:8010 0.001 0.003 0.000 101 101 218 587 \"GET http://10.0.0.30:80/ HTTP/1.1\" \"-\" - - arn:aws:elasticloadbalancing:us-east-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067 \"Root=1-58337364-23a8c76965a2ef7629b185e3\" - -"
},
{
"line": "wss 2016-08-10T00:42:46.423695Z app/my-loadbalancer/50dc6c495c0c9188 10.0.0.140:44244 10.0.0.171:8010 0.000 0.001 0.000 101 101 218 786 \"GET https://10.0.0.30:443/ HTTP/1.1\" \"-\" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 arn:aws:elasticloadbalancing:us-west-2:123456789012:targetgroup/my-targets/73e2d6bc24d8a067 \"Root=1-58337364-23a8c76965a2ef7629b185e3\" - -"
}
]
}
}

38
src/formats/autodeploy_log.json Normal file
View File

@ -0,0 +1,38 @@
{
"autodeploy_log": {
"title": "VMware vSphere Auto Deploy log format",
"description": "The log format for the VMware Auto Deploy service",
"url": "http://kb.vmware.com/kb/2000988",
"regex": {
"std": {
"pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) \\[(?<pid>\\d+)\\](?<level>\\w+):(?<module>[\\w-]+):(?<body>.*$)"
}
},
"level-field": "level",
"timestamp-field": "timestamp",
"level": {
"error": "ERROR",
"debug": "DEBUG",
"info": "INFO",
"warning": "WARNING"
},
"value": {
"pid": {
"kind": "integer",
"identifier": true,
"foreign-key": true,
"description": "The ID of the process that generated the message"
},
"module": {
"kind": "string",
"identifier": true,
"description": "The name of the module that generated the message"
}
},
"sample": [
{
"line": "2015-04-24T21:09:29.296 [25376]INFO:somemodule:Something very INFOrmative."
}
]
}
}

16
src/formats/block_log.json Normal file
View File

@ -0,0 +1,16 @@
{
"block_log": {
"title": "Generic Block",
"description": "A generic format for logs, like cron, that have a date at the start of a block.",
"regex": {
"std": {
"pattern": "^(?<timestamp>\\S{3,8} \\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2} \\w+ \\d{4})(?<body>(?:.|\\n)*)$"
}
},
"sample": [
{
"line": "Sat Apr 27 03:33:07 PDT 2013"
}
]
}
}

48
src/formats/candlepin_log.json Normal file
View File

@ -0,0 +1,48 @@
{
"candlepin_log": {
"title": "Candlepin log format",
"description": "Log format used by Candlepin registration system",
"regex": {
"reqorg": {
"pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2},\\d{3}) \\[(req=(?<req>[0-9a-f-]+)|=), org=(?<org>\\w*)\\] (?<alert_level>\\w+) (?<module>[\\w.]+) - (?<body>.*)$"
},
"other": {
"pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}[+-]\\d{4}) (?<body>.*)$"
}
},
"value": {
"req": {
"kind": "string",
"identifier": true
},
"org": {
"kind": "string",
"identifier": true
},
"alert_level": {
"kind": "string"
},
"module": {
"kind": "string",
"identifier": true
},
"body": {
"kind": "string"
}
},
"sample": [
{
"line": "2015-04-17 09:41:50,544 [=, org=] INFO org.candlepin.guice.CustomizableModules - Found custom module module.config.katello"
},
{
"line": "2015-04-17 09:41:56,320 [req=f91d4a84-020d-4874-9741-3979d0baf58d, org=] INFO org.candlepin.common.filter.LoggingFilter - Request: verb=GET, uri=/candlepin/status"
},
{
"line": "2015-04-17 09:42:39+0200 principalType=trusteduser principal=admin target=OWNER entityId=8ab219c64cc653a7014cc6545a6c0001 type=CREATED owner=8ab219c64cc653a7014cc6545a6c0001"
},
{
"line": "2015-04-17 10:49:21,912 [req=ec7867ea-2501-4036-bb08-e2d830720cb5, org=npr_goep_hm_com] INFO org.candlepin.common.filter.LoggingFilter - Response: status=200, content-type=\"application/json\", time=235ms"
}
]
}
}

23
src/formats/choose_repo_log.json Normal file
View File

@ -0,0 +1,23 @@
{
"choose_repo_log": {
"title": "Yum choose_repo Log",
"description": "The log format for the yum choose_repo tool.",
"regex": {
"std": {
"pattern": "^\\[(?<level>\\w+):[^\\]]+] [^:]+:\\d+ (?<timestamp>\\d{4}-\\d{2}-\\d{2}[T ]\\d{2}:\\d{2}:\\d{2}(?:[\\.,]\\d{3})?):(?<body>.*)"
}
},
"level-field": "level",
"level": {
"error": "ERROR",
"debug": "DEBUG",
"info": "INFO",
"warning": "WARNING"
},
"sample": [
{
"line": "[INFO:choose_repo] choose_repo:47 2013-06-20 17:26:10,691: Setting region in redhat-rhui.repo"
}
]
}
}

42
src/formats/cups_log.json Normal file
View File

@ -0,0 +1,42 @@
{
"cups_log": {
"title": "CUPS log format",
"description": "Log format used by the Common Unix Printing System",
"regex": {
"system": {
"pattern": "^(?<level>[IEW]) \\[(?<timestamp>\\d{2}/\\S{3,8}/\\d{4}:\\d{2}:\\d{2}:\\d{2} [+-]\\d{2,4})\\] (?<section>\\w+): (?<body>.*)$"
},
"default": {
"pattern": "^(?<level>[IEW]) \\[(?<timestamp>\\d{2}/\\S{3,8}/\\d{4}:\\d{2}:\\d{2}:\\d{2} [+-]\\d{2,4})\\] (?<body>.*)$"
}
},
"level": {
"error": "E",
"warning": "W"
},
"value": {
"level": {
"kind": "string",
"identifier": true
},
"section": {
"kind": "string",
"identifier": true
},
"body": {
"kind": "string"
}
},
"sample": [
{
"line": "I [04/Nov/2010:17:37:40 -0400] Allowing up to 100 client connections per host."
},
{
"line": "I [04/Nov/2010:17:37:40 -0400] LoadPPDs: Wrote \"/etc/cups/ppds.dat\", 14 PPDs..."
},
{
"line": "E [04/Nov/2010:17:37:40 -0400] StartListening: Unable to find IP address for server name \"localhost.localdomain\" - Host name lookup failure"
}
]
}
}

42
src/formats/dpkg_log.json Normal file
View File

@ -0,0 +1,42 @@
{
"dpkg_log": {
"title": "Dpkg Log",
"description": "The debian dpkg log.",
"regex": {
"std": {
"pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}[T ]\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?:(?:(?<action>startup|status|configure|install|upgrade|trigproc|remove|purge)(?: (?<status>config-files|failed-config|half-configured|half-installed|installed|not-installed|post-inst-failed|removal-failed|triggers-awaited|triggers-pending|unpacked))? (?<package>[^ ]+) (?<installed_version>[^ ]+)(?: (?<available_version>[^ ]+))?)|update-alternatives: (?<body>.*))$"
}
},
"value": {
"action": {
"kind": "string",
"identifier": true
},
"status": {
"kind": "string",
"identifier": true
},
"package": {
"kind": "string",
"identifier": true
},
"installed_version": {
"kind": "string"
},
"available_version": {
"kind": "string"
}
},
"sample": [
{
"line": "2012-02-14 10:44:10 configure base-files 5.0.0ubuntu20 5.0.0ubuntu20"
},
{
"line": "2012-02-14 10:44:30 status unpacked rsyslog 4.2.0-2ubuntu8"
},
{
"line": "2012-02-14 10:44:32 update-alternatives: run with --install /usr/bin/rview rview /usr/bin/vim.tiny 10"
}
]
}
}

108
src/formats/elb_log.json Normal file
View File

@ -0,0 +1,108 @@
{
"elb_log": {
"title": "Amazon ELB log",
"description": "Log format for Amazon Elastic Load Balancers",
"url": "http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/access-log-collection.html",
"regex": {
"std": {
"pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{6}Z) (?<elb>[^ ]+) (?<client_ip>[\\w\\.:]+):(?<client_port>\\d+) (?<backend_ip>[\\w\\.:]+):(?<backend_port>\\d+) (?<request_processing_time>\\d+(\\.\\d+)?) (?<backend_processing_time>\\d+(\\.\\d+)?) (?<response_processing_time>\\d+(\\.\\d+)?) (?<elb_status_code>\\d+|-) (?<backend_status_code>\\d+|-) (?<received_bytes>\\d+) (?<sent_bytes>\\d+) \"(?:\\-|(?<cs_method>\\w+|-) (?<cs_uri_stem>[^ \\?]+)(?:\\?(?<cs_uri_query>[^ ]*))? (?<cs_version>[\\w/\\.]+|-)\\s*)\" \"(?<user_agent>[^\"]+)\" (?<ssl_cipher>[\\w-]+) (?<ssl_protocol>[\\w\\.-]+)(?<body>.*)"
}
},
"level-field": "elb_status_code",
"level": {
"error": "^[^123].*"
},
"opid-field": "client_ip",
"value": {
"elb": {
"kind": "string",
"identifier": true
},
"client_ip": {
"kind": "string",
"collate": "ipaddress",
"identifier": true
},
"client_port": {
"kind": "integer",
"foreign-key": true
},
"backend_ip": {
"kind": "string",
"collate": "ipaddress",
"identifier": true
},
"backend_port": {
"kind": "integer",
"foreign-key": true
},
"request_processing_time": {
"kind": "float"
},
"backend_processing_time": {
"kind": "float"
},
"response_processing_time": {
"kind": "float"
},
"elb_status_code": {
"kind": "integer",
"foreign-key": true
},
"backend_status_code": {
"kind": "integer",
"foreign-key": true
},
"received_bytes": {
"kind": "integer"
},
"sent_bytes": {
"kind": "integer"
},
"cs_method": {
"kind": "string",
"identifier": true
},
"cs_uri_stem": {
"kind": "string",
"identifier": true
},
"cs_uri_query": {
"kind": "string"
},
"cs_version": {
"kind": "string",
"identifier": true
},
"user_agent": {
"kind": "string",
"identifier": true
},
"ssl_cipher": {
"kind": "string",
"identifier": true
},
"ssl_protocol": {
"kind": "string",
"identifier": true
}
},
"sample": [
{
"line": "2015-11-17T05:45:24.077255Z elastic-prod 54.161.222.121:40909 10.231.68.180:443 0.000031 0.009511 0.000029 200 200 0 415 \"GET https://example.com/foo/bar?baz=1234 HTTP/1.1\" \"test agent\" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2"
},
{
"line": "2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.000073 0.001048 0.000057 200 200 0 29 \"GET http://www.example.com:80/ HTTP/1.1\" \"curl/7.38.0\" - -"
},
{
"line": "2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.000086 0.001048 0.001337 200 200 0 57 \"GET https://www.example.com:443/ HTTP/1.1\" \"curl/7.38.0\" DHE-RSA-AES128-SHA TLSv1.2"
},
{
"line": "2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.001069 0.000028 0.000041 - - 82 305 \"- - - \" \"-\" - -"
},
{
"line": "2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.001065 0.000015 0.000023 - - 57 502 \"- - - \" \"-\" ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2"
}
]
}
}

37
src/formats/engine_log.json Normal file
View File

@ -0,0 +1,37 @@
{
"engine_log": {
"title": "engine log",
"description": "The log format for the engine.log files from RHEV/oVirt",
"regex": {
"std": {
"pattern": "^(?<timestamp>.+) (?<level>.+) \\[(?<logger>.+)\\] \\((?<tid>.+)\\) (?<body>(?:-|\\n)*)"
}
},
"opid-field": "tid",
"value": {
"tid": {
"kind": "string",
"identifier": true
},
"logger": {
"kind": "string",
"identifier": true
},
"thread": {
"kind": "string",
"identifier": true
}
},
"level-field": "level",
"level": {
"error": "ERROR",
"info": "INFO",
"warning": "WARN"
},
"sample": [
{
"line": "2014-09-21 04:01:29,522 INFO [org.ovirt.engine.core.bll.OvfDataUpdater] (DefaultQuartzScheduler_Worker-90) Successfully updated VM OVFs in Data Center Test"
}
]
}
}

66
src/formats/error_log.json Normal file
View File

@ -0,0 +1,66 @@
{
"error_log": {
"title": "Common Error Log",
"description": "The default web error log format for servers like Apache.",
"regex": {
"cups": {
"pattern": "^(?<level>\\w) \\[(?<timestamp>[^\\]]+)\\] (?<body>.*)"
},
"apache": {
"pattern": "^\\[(?<timestamp>[^\\]]+)\\] \\[(?:(?<module>[^:]+):)?(?<level>\\w+)\\](?: \\[pid (?<pid>\\d+)(:tid (?<tid>\\d+))?\\])?(?: \\[client (?<c_ip>[\\w\\.:\\-]+):(?<c_port>\\d+)\\])? (?<body>.*)"
}
},
"level-field": "level",
"value": {
"module": {
"kind": "string",
"identifier": true
},
"pid": {
"kind": "integer",
"identifier": true
},
"tid": {
"kind": "integer",
"identifier": true,
"description": "The thread id"
},
"c_ip": {
"kind": "string",
"collate": "ipaddress",
"identifier": true,
"description": "The client IP address"
},
"c_port": {
"kind": "integer",
"identifier": true
}
},
"sample": [
{
"line": "E [08/Jun/2013:11:28:58 -0700] Unknown directive BrowseOrder on line 22 of /private/etc/cups/cupsd.conf.",
"level": "error"
},
{
"line": "[Tue Apr 04 06:18:29.712806 2017] [mpm_prefork:notice] [pid 17725] AH00163: Apache/2.4.23 (Unix) configured -- resuming normal operations",
"level": "notice"
},
{
"line": "[Tue Apr 04 06:28:08.605341 2017] [core:error] [pid 17962] [client 127.0.0.1:60444] AH00135: Invalid method in request FOO /",
"level": "error"
},
{
"line": "[Thu Jan 17 02:42:49 2013] [notice] Digest: generating secret for digest authentication ...",
"level": "notice"
},
{
"line": "[Thu May 12 08:28:57.652118 2011] [core:error] [pid 8777:tid 4326490112] [client ::1:58619] File does not exist: /usr/local/apache2/htdocs/favicon.ico",
"level": "error"
},
{
"line": "[Thu Jan 02 22:23:07.368853 2020] [http:info] [pid 4784:tid 139701043291904] [client 66.220.149.10:45948] AH01593: chunked Transfer-Encoding forbidden: /",
"level": "info"
}
]
}
}

22
src/formats/fsck_hfs_log.json Normal file
View File

@ -0,0 +1,22 @@
{
"fsck_hfs_log": {
"title": "Fsck_hfs Log",
"description": "Log for the fsck_hfs tool on Mac OS X.",
"regex": {
"std": {
"pattern": "^(?<device>[^:]+): fsck_hfs (?:run|started) at (?<timestamp>\\S{3,8} \\S{3,8}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2} \\d{4})(?<body>(?:.|\\n)*)"
}
},
"value": {
"device": {
"kind": "string",
"identifier": true
}
},
"sample": [
{
"line": "/dev/rdisk0s2: fsck_hfs run at Wed Jul 25 23:01:18 2012"
}
]
}
}

44
src/formats/glog_log.json Normal file
View File

@ -0,0 +1,44 @@
{
"glog_log": {
"title": "Glog",
"description": "The google glog format.",
"url": "https://code.google.com/p/google-glog/",
"regex": {
"std": {
"pattern": "^(?<level>[IWECF])(?<timestamp>\\d{4} \\d{2}:\\d{2}:\\d{2}\\.\\d{6}) +(?<thread>\\d+) (?<src_file>[^:]+):(?<src_line>\\d+)\\] (?<body>(?:.|\\n)*)"
}
},
"level-field": "level",
"level": {
"error": "E",
"warning": "W",
"info": "I",
"critical": "C",
"fatal": "F"
},
"opid-field": "thread",
"value": {
"thread": {
"kind": "integer",
"identifier": true,
"foreign-key": true
},
"src_file": {
"kind": "string",
"identifier": true
},
"src_line": {
"kind": "integer",
"foreign-key": true
}
},
"sample": [
{
"line": "E0517 15:04:22.619632 1952452992 logging_unittest.cc:253] Log every 3, iteration 19"
},
{
"line": "E0517 15:04:22.619632 52992 logging_unittest.cc:253] Log every 3, iteration 19"
}
]
}
}

172
src/formats/haproxy_log.json Normal file
View File

@ -0,0 +1,172 @@
{
"haproxy_log": {
"title": "HAProxy HTTP Log Format",
"description": "The HAProxy log format",
"url": "http://www.haproxy.org/download/1.4/doc/configuration.txt",
"regex": {
"event_started": {
"pattern": "(?<timestamp>\\w{3} \\d{2} \\d{2}:\\d{2}:\\d{2}) (?<logging_host>[^ ]+) (?<process_name>\\w+)\\[(?<pid>\\d+)\\]: Proxy (?<frontend_name>[^ ]+) started."
},
"event_stopping": {
"pattern": "(?<timestamp>\\w{3} \\d{2} \\d{2}:\\d{2}:\\d{2}) (?<logging_host>[^ ]+) (?<process_name>\\w+)\\[(?<pid>\\d+)\\]: Stopping frontend (?<frontend_name>[^ ]+) in (?<stopping_timeout>\\d+) ms."
},
"event_stopped": {
"pattern": "(?<timestamp>\\w{3} \\d{2} \\d{2}:\\d{2}:\\d{2}) (?<logging_host>[^ ]+) (?<process_name>\\w+)\\[(?<pid>\\d+)\\]: Proxy (?<frontend_name>[^ ]+) stopped \\(FE: (?<frontend_connections>\\d+) conns, BE: (?<backend_connections>\\d+) conns\\)."
},
"tcp": {
"pattern": "(?<timestamp>\\w{3} \\d{2} \\d{2}:\\d{2}:\\d{2}) (?<logging_host>[^ ]+) (?<process_name>\\w+)\\[(?<pid>\\d+)\\]: (?<client_ip>[^:]+):(?<client_port>\\d+) \\[(?<accept_date>\\d{2}\\/\\w{3}\\/\\d{4}:\\d{2}:\\d{2}:\\d{2}.\\d{3})\\] (?<frontend_name>[^ ]+) (?<backend_name>[^ ]+)\\/(?<server_name>[^ ]+) (?<tw>\\d+)\\/(?<tc>\\d+)\\/(?<tt>\\d+) (?<bytes_read>\\d+) (?<termination_state>..) (?<actconn>\\d+)\\/(?<feconn>\\d+)\\/(?<beconn>\\d+)\\/(?<srv_conn>\\d+)\\/(?<retries>\\d+) (?<srv_queue>\\d+)\\/(?<backend_queue>\\d+)"
},
"http": {
"pattern": "(?<timestamp>\\w{3} \\d{2} \\d{2}:\\d{2}:\\d{2}) (?<logging_host>[^ ]+) (?<process_name>\\w+)\\[(?<pid>\\d+)\\]: (?<client_ip>[^:]+):(?<client_port>\\d+) \\[(?<accept_date>\\d{2}\\/\\w{3}\\/\\d{4}:\\d{2}:\\d{2}:\\d{2}.\\d{3})\\] (?<frontend_name>[^ ]+)(?<ssl>~)? (?<backend_name>[^ ]+)\\/(?<server_name>[^ ]+) (?<tq>-?\\d+)\\/(?<tw>-?\\d+)\\/(?<tc>-?\\d+)\\/(?<tr>-?\\d+)\\/(?<tt>\\d+) (?<status_code>\\d{3}|-1) (?<bytes_read>\\d+) (?<captured_request_cookie>.*) (?<captured_response_cookie>.*) (?<termination_state>....) (?<actconn>\\d+)\\/(?<feconn>\\d+)\\/(?<beconn>\\d+)\\/(?<srv_conn>\\d+)\\/(?<retries>\\d+) (?<srv_queue>\\d+)\\/(?<backend_queue>\\d+) (?:\\{(?<captured_request_headers>.*)\\} \\{(?<captured_response_headers>.*)\\} )?\"(?<http_method>[A-Z<>]+)(?: (?<http_url>.*?))?(?: (?<http_version>HTTP\\/\\d+.\\d+))?\"?$"
},
"ssl": {
"pattern": "(?<timestamp>\\w{3} \\d{2} \\d{2}:\\d{2}:\\d{2}) (?<logging_host>[^ ]+) (?<process_name>\\w+)\\[(?<pid>\\d+)\\]: (?<client_ip>[^:]+):(?<client_port>\\d+) \\[(?<accept_date>\\d{2}\\/\\w{3}\\/\\d{4}:\\d{2}:\\d{2}:\\d{2}.\\d{3})\\] (?<backend_name>[^ ]+)\\/(?<server_name>[^ ]+): (?<ssl_error>.+)$"
}
},
"json": false,
"value": {
"stopping_timeout": {
"kind": "integer"
},
"frontend_connections": {
"kind": "integer"
},
"backend_connections": {
"kind": "integer"
},
"logging_host": {
"kind": "string"
},
"process_name": {
"kind": "string"
},
"pid": {
"kind": "integer",
"foreign-key": true
},
"client_ip": {
"kind": "string",
"collate": "ipaddress"
},
"client_port": {
"kind": "integer",
"foreign-key": true
},
"accept_date": {
"kind": "string"
},
"frontend_name": {
"kind": "string",
"identifier": true
},
"ssl": {
"kind": "string"
},
"ssl_error": {
"kind": "string"
},
"backend_name": {
"kind": "string",
"identifier": true
},
"server_name": {
"kind": "string",
"identifier": true
},
"tq": {
"kind": "integer"
},
"tw": {
"kind": "integer"
},
"tc": {
"kind": "integer"
},
"tr": {
"kind": "integer"
},
"tt": {
"kind": "integer"
},
"status_code": {
"kind": "integer",
"identifier": true
},
"bytes_read": {
"kind": "integer"
},
"captured_request_cookie": {
"kind": "string"
},
"captured_response_cookie": {
"kind": "string"
},
"termination_state": {
"kind": "string"
},
"actconn": {
"kind": "integer",
"foreign-key": true
},
"feconn": {
"kind": "integer",
"foreign-key": true
},
"beconn": {
"kind": "integer",
"foreign-key": true
},
"srv_conn": {
"kind": "integer",
"foreign-key": true
},
"retries": {
"kind": "integer"
},
"srv_queue": {
"kind": "integer",
"foreign-key": true
},
"backend_queue": {
"kind": "integer",
"foreign-key": true
},
"captured_request_headers": {
"kind": "string"
},
"captured_response_headers": {
"kind": "string"
},
"http_method": {
"kind": "string",
"identifier": true
},
"http_url": {
"kind": "string"
},
"http_version": {
"kind": "string"
}
},
"sample": [
{
"line": "Feb 26 10:07:24 192.168.8.2 haproxy[1]: Proxy prod_http_in started."
},
{
"line": "Feb 26 10:00:47 192.168.8.2 haproxy[7]: Stopping frontend prod_http_in in 0 ms."
},
{
"line": "Feb 26 10:00:47 192.168.8.2 haproxy[7]: Proxy prod_http_in stopped (FE: 847876 conns, BE: 0 conns)."
},
{
"line": "Feb 26 23:08:47 192.168.8.2 haproxy[7]: 178.203.144.192:50210 [26/Feb/2019:23:08:47.266] prod_http_in/slsp: Connection closed during SSL handshake"
},
{
"line": "Feb 26 23:16:16 192.168.8.2 haproxy[7]: 178.203.144.192:50210 [26/Feb/2019:23:16:15.321] prod_ssh_in prod_ssh_out/ssh1 1/1/861 1485 -- 2/1/0/0/0 0/0"
},
{
"line": "Feb 26 00:29:44 192.168.8.2 haproxy[7]: 178.203.144.192:50210 [26/Feb/2019:00:29:44.326] prod_http_in~ prod_http_out/nginx1 0/0/1/48/49 200 3313 - - ---- 3/2/0/0/0 0/0 {Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0} {} \"POST /schulportal/?Script=934&lehrer=126537&anm=3235&onlinetest=admin HTTP/1.1\""
}
]
}
}

60
src/formats/java_log.json Normal file
View File

@ -0,0 +1,60 @@
{
"java_log": {
"title": "Java log format",
"description": "Log format used by log4j and output by most java programs",
"url": "",
"regex": {
"jvm": {
"pattern": "^(?<alert_level>\\w+)\\s+\\|\\s+jvm (?<jvm_no>\\d+)\\s+\\|\\s(?<timestamp>\\d{4}/\\d{2}/\\d{2} \\d{2}:\\d{2}:\\d{2})\\s+\\| (?<timestamp_f>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2},\\d{3}) \\[(?<function>\\w+-\\d+)\\]\\s+(?<debug_level>\\w+)\\s+(?<class>[\\w.]+)\\s+-\\s+(?<body>\\S.*)"
},
"dump": {
"pattern": "^(?<alert_level>\\w+)\\s+\\|\\s+jvm (?<jvm_no>\\d+)\\s+\\|\\s(?<timestamp>\\d{4}/\\d{2}/\\d{2} \\d{2}:\\d{2}:\\d{2})\\s+\\| JVMDUMP\\w+\\s(?<body>\\S.*)$"
},
"tasko": {
"pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2},\\d{3}) \\[(?<function>\\w+-\\d+)\\]\\s+(?<alert_level>\\w+)\\s+(?<class>[\\w.]+)\\s+-\\s+(?<body>\\S.*)$"
}
},
"level-field": "alert_level",
"level": {
"error": "ERROR",
"warning": "WARN",
"debug": "DEBUG",
"info": "INFO"
},
"value": {
"function": {
"kind": "string",
"identifier": true
},
"alert_level": {
"kind": "string"
},
"jvm_no": {
"kind": "integer"
},
"debug_level": {
"kind": "string"
},
"class": {
"kind": "string"
},
"body": {
"kind": "string"
}
},
"sample": [
{
"line": "INFO | jvm 1 | 2015/04/28 18:40:00 | 2015-04-28 18:40:00,077 [DefaultQuartzScheduler_Worker-8] INFO com.redhat.rhn.taskomatic.TaskoJob - errata-queue-default: bunch errata-queue-bunch STARTED"
},
{
"line": "INFO | jvm 1 | 2015/04/28 18:34:18 | 2015-04-28 18:34:18,872 [Thread-46] DEBUG com.redhat.rhn.common.hibernate.ConnectionManager - Adding resource com/redhat/rhn/domain/action/ActionArchType.hbm.xml"
},
{
"line": "2015-05-22 16:10:00,123 [DefaultQuartzScheduler_Worker-5] INFO com.redhat.rhn.taskomatic.task.ErrataCacheTask - In the queue: 24"
},
{
"line": "INFO | jvm 1 | 2015/05/24 07:35:50 | JVMDUMP013I Processed dump event \"user\", detail \"\"."
}
]
}
}

83
src/formats/journald_json_log.json Normal file
View File

@ -0,0 +1,83 @@
{
"journald_json_log": {
"title": "journalctl JSON log format",
"description": "Logger format as created by systemd journalctl -o json",
"url": "https://www.freedesktop.org/wiki/Software/systemd/json/",
"json": true,
"hide-extra": true,
"convert-to-local-time": true,
"line-format": [
{
"field": "__REALTIME_TIMESTAMP"
},
" ",
{
"field": "__MONOTONIC_TIMESTAMP"
},
" ",
{
"field": "_SYSTEMD_UNIT"
},
" ",
{
"field": "SYSLOG_IDENTIFIER"
},
"[",
{
"field": "_PID"
},
"] ",
{
"field": "__level__",
"text-transform": "uppercase"
},
" ",
{
"field": "MESSAGE"
}
],
"timestamp-field": "__REALTIME_TIMESTAMP",
"timestamp-format": [
"%6"
],
"level-field": "PRIORITY",
"level": {
"fatal": "0|1",
"critical": "2",
"error": "3",
"warning": "4",
"stats": "5",
"info": "6",
"debug": "7"
},
"body-field": "MESSAGE",
"value": {
"__REALTIME_TIMESTAMP": {
"kind": "integer"
},
"__MONOTONIC_TIMESTAMP": {
"kind": "integer"
},
"_SYSTEMD_UNIT": {
"kind": "string",
"identifier": true
},
"SYSLOG_IDENTIFIER": {
"kind": "string",
"identifier": true
},
"_PID": {
"kind": "integer",
"identifier": true
},
"PRIORITY": {
"kind": "string",
"identifier": true,
"foreign-key": true
},
"MESSAGE": {
"kind": "string"
}
}
}
}

47
src/formats/katello_log.json Normal file
View File

@ -0,0 +1,47 @@
{
"katello_log": {
"title": "Katello log format",
"description": "Log format used by katello and foreman as used in Satellite 6.",
"url": "http://theforeman.org/",
"regex": {
"log": {
"pattern": "^\\[\\s?(?<alert_level>\\w+)\\s(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2})\\s(?<module>\\w+)\\]\\s+(?<message>\\S.*)$"
}
},
"level-field": "alert_level",
"level": {
"error": "ERROR",
"warning": "WARN",
"debug": "DEBUG"
},
"value": {
"alert_level": {
"kind": "string"
},
"module": {
"kind": "string"
},
"message": {
"kind": "string"
}
},
"sample": [
{
"line": "[DEBUG 2015-05-20 12:22:19 main] /Stage[main]/Certs::Candlepin/Exec[create candlepin qpid exchange]/unless: Failed: ConnectError: [Errno 1] _ssl.c:504: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca",
"level": "debug"
},
{
"line": "[DEBUG 2015-05-20 12:22:19 main] Exec[create candlepin qpid exchange](provider=posix): Executing 'qpid-config --ssl-certificate /etc/pki/katello/certs/java-client.crt --ssl-key /etc/pki/katello/private/java-client.key -b 'amqps://avl248.bcc.qld.gov.au:5671' add exchange topic event --durable'",
"level": "debug"
},
{
"line": "[ERROR 2015-05-20 12:22:19 main] qpid-config --ssl-certificate /etc/pki/katello/certs/java-client.crt --ssl-key /etc/pki/katello/private/java-client.key -b 'amqps://avl248.bcc.qld.gov.au:5671' add exchange topic event --durable returned 1 instead of one of [0]",
"level": "error"
},
{
"line": "[ INFO 2015-05-20 12:22:19 main] /usr/share/ruby/vendor_ruby/puppet/util/errors.rb:104:in `fail'",
"level": "info"
}
]
}
}

72
src/formats/openam_log.json Normal file
View File

@ -0,0 +1,72 @@
{
"openam_log": {
"title": "OpenAM Log",
"description": "The OpenAM identity provider.",
"url": "http://openam.forgerock.org",
"level-field": "level",
"level": {
"error": "ERROR",
"warning": "WARNING",
"info": "INFO",
"critical": "SEVERE",
"trace": "FINE|FINEST"
},
"multiline": false,
"regex": {
"std": {
"pattern": "^\"(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2})\"\\s+(?<data>[^ \"]+|\"(?:[^\"]*|\"\")*\")\\s+(?<loginid>[^ \"]+|\"(?:[^\"]*|\"\")*\")\\s+(?<contextid>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<ipaddr>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<level>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<domain>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<loggedby>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<messageid>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<modulename>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<nameid>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<hostname>[^ \"]+|\"(?:[^\"]|\"\")*\")(?<body>.*)$"
}
},
"value": {
"data": {
"kind": "quoted"
},
"loginid": {
"kind": "quoted",
"identifier": true
},
"contextid": {
"kind": "quoted",
"identifier": true
},
"ipaddr": {
"kind": "quoted",
"identifier": true,
"collate": "ipaddress"
},
"domain": {
"kind": "quoted",
"identifier": true
},
"loggedby": {
"kind": "quoted",
"identifier": true
},
"messageid": {
"kind": "quoted",
"identifier": true
},
"modulename": {
"kind": "quoted",
"identifier": true
},
"nameid": {
"kind": "quoted",
"identifier": true
},
"hostname": {
"kind": "quoted",
"identifier": true,
"collate": "ipaddress"
}
},
"sample": [
{
"line": "\"2014-06-14 17:08:39\" \"http://localhost:8086|/|<samlp:AuthnRequest ID=\"\"139a40bba4d340108d91022750c2a3a8\"\" Version=\"\"2.0\"\" IssueInstant=\"\"2014-06-14T17:09:04Z\"\" ProtocolBinding=\"\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\" AssertionConsumerServiceURL=\"\"http://localhost:8086/api/1/rest/admin/org/530e42ccd6f45fd16d0d0717/saml/consume\"\">\\n<saml:Issuer>http://localhost:8086</saml:Issuer>\\n<samlp:NameIDPolicy Format=\"\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\"\" AllowCreate=\"\"true\"\"></samlp:NameIDPolicy>\\n<samlp:RequestedAuthnContext Comparison=\"\"exact\"\"><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>\\n</samlp:AuthnRequest>\" \"cn=dsameuser,ou=DSAME Users,dc=openam\" 8fc43a8f6a8c14101 \"Not Available\" INFO dc=openam \"cn=dsameuser,ou=DSAME Users,dc=openam\" SAML2-36 SAML2.access \"Not Available\" 127.0.1.1"
},
{
"line": "\"2014-06-09 14:49:56\" /etc/openam/openam/log/ \"cn=dsameuser,ou=DSAME Users,dc=openam\" 3d956febb91fed31 \"Not Available\" INFO dc=openam \"cn=dsameuser,ou=DSAME Users,dc=openam\" LOG-1 amPolicy.access \"Not Available\" 127.0.1.1"
}
]
}
}

20
src/formats/openamdb_log.json Normal file
View File

@ -0,0 +1,20 @@
{
"openamdb_log": {
"title": "OpenAM Debug Log",
"description": "Debug logs for the OpenAM identity provider.",
"url": "http://openam.forgerock.org",
"regex": {
"std": {
"pattern": "^(?<module>[\\w]+):(?<timestamp>\\d{2}/\\d{2}/\\d{4} \\d{2}:\\d{2}:\\d{2}:\\d{3} [AP]M \\w+): Thread\\[(?<thread>[^,]+,\\d+,[^,]+)\\]\\n?(?:\\*+|(?<body>.*))$"
}
},
"sample": [
{
"line": "amMonitoring:06/09/2014 02:49:59:447 PM UTC: Thread[http-80-1,5,main]\n**********************************************"
},
{
"line": "amLog:06/09/2014 04:08:22:515 PM UTC: Thread[http-80-8,5,main]\nERROR: LogMessageProviderBase.createLogRecord: unable to locate message ID object for ATTEMPT_GET_METAALIAS"
}
]
}
}

43
src/formats/openstack_log.json Normal file
View File

@ -0,0 +1,43 @@
{
"openstack_log": {
"title": "OpenStack log format",
"description": "The log format for the OpenStack log files",
"url": "http://docs.openstack.org/openstack-ops/content/logging_monitoring.html",
"regex": {
"std": {
"pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}.\\d{3}) (?<pid>\\d+) (?<level>\\w+) (?<logger>.+) \\[(?<tid>.+)\\] (?<body>.*)"
}
},
"level-field": "level",
"level": {
"error": "ERROR",
"info": "INFO",
"warning": "WARNING",
"trace": "TRACE",
"debug": "DEBUG"
},
"value": {
"tid": {
"kind": "string",
"identifier": true
},
"pid": {
"kind": "string",
"identifier": true
},
"logger": {
"kind": "string",
"identifier": true
},
"body": {
"kind": "string",
"identifier": false
}
},
"sample": [
{
"line": "2014-10-28 10:42:22.772 23623 INFO neutron.wsgi [req-40743023-00ed-441c-9d0a-19b8167ea0ad None] 10.1.255.252 - - [28/Oct/2014 10:42:22] GET /v2.0/floatingips.json?fixed_ip_address=80.0.0.9&port_id=b4291e0e-a941-4663-9379-7af6471e983f HTTP/1.1 200 208 0.008971"
}
]
}
}

66
src/formats/page_log.json Normal file
View File

@ -0,0 +1,66 @@
{
"page_log": {
"title": "CUPS Page Log",
"description": "The CUPS server log of printed pages.",
"url": "http://www.cups.org/documentation.php/doc-1.7/ref-page_log.html",
"multiline": false,
"regex": {
"pre-1.7": {
"pattern": "^(?<printer>[\\w_\\-\\.]+) (?<username>[\\w\\.\\-]+) (?<job_id>\\d+) \\[(?<timestamp>[^\\]]+)\\] (?<page_number>total|\\d+) (?<num_copies>\\d+) (?<job_billing>[^ ]+) (?<job_originating_hostname>[\\w\\.:\\-]+)(?<body>.*)$"
},
"1.7": {
"pattern": "^(?<printer>[\\w_\\-\\.]+) (?<username>[\\w\\.\\-]+) (?<job_id>\\d+) \\[(?<timestamp>[^\\]]+)\\] (?<page_number>total|\\d+) (?<num_copies>\\d+) (?<job_billing>[^ ]+) (?<job_originating_hostname>[\\w\\.:\\-]+) (?<job_name>.+) (?<media>[^ ]+) (?<sides>.+)(?<body>.*)$"
}
},
"value": {
"printer": {
"kind": "string",
"identifier": true
},
"username": {
"kind": "string",
"identifier": true
},
"job_id": {
"kind": "integer",
"identifier": true,
"foreign-key": true
},
"page_number": {
"kind": "string"
},
"num_copies": {
"kind": "integer"
},
"job_billing": {
"kind": "string",
"identifier": true
},
"job_originating_hostname": {
"kind": "string",
"collate": "ipaddress",
"identifier": true
},
"job_name": {
"kind": "string",
"identifier": true
},
"media": {
"kind": "string",
"identifier": true
},
"sides": {
"kind": "string",
"identifier": true
}
},
"sample": [
{
"line": "Photosmart_7520_series stack 11 [18/May/2013:13:21:15 -0700] total 0 - localhost 5615311548-159003235-tickets.pdf Letter one-sided"
},
{
"line": "tec_IS2027 kurt 401 [22/Apr/2003:10:28:43 +0100] 1 3 #marketing 10.160.50.13"
}
]
}
}

51
src/formats/papertrail_log.json Normal file
View File

@ -0,0 +1,51 @@
{
"papertrail_log": {
"title": "Papertrail Service",
"url": "https://papertrailapp.com/",
"description": "Log format for the papertrail log management service",
"json": true,
"hide-extra": true,
"file-pattern": "pt:.*",
"line-format": [
{
"field": "display_received_at"
},
" ",
{
"field": "hostname"
},
" ",
{
"field": "program"
},
": ",
{
"field": "message"
}
],
"level-field": "severity",
"level": {
"error": "Error",
"debug": "Debug",
"warning": "Warning",
"info": "Info(?:rmational)?|Notice",
"critical": "Crit(?:ical)?",
"fatal": "Emerg(?:ency)?|Alert"
},
"timestamp-field": "generated_at",
"body-field": "message",
"value": {
"display_received_at": {
"kind": "string"
},
"program": {
"kind": "string",
"identifier": true
},
"hostname": {
"kind": "string",
"identifier": true
}
}
}
}

54
src/formats/snaplogic_log.json Normal file
View File

@ -0,0 +1,54 @@
{
"snaplogic_log": {
"title": "SnapLogic Server Log",
"description": "The SnapLogic server log format.",
"url": "http://www.snaplogic.com/docs/user-guide/user-guide.htm",
"regex": {
"std": {
"pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?:(?:(?<level>\\w{4,}) (?<logger>[^ ]+) (?<facility>[^ ]+) (?<msgid>[^ ]+) (?<pipe_rid>-|\\d+)(?:\\.(?<comp_rid>[^ ]+))? (?<resource_name>[^ ]+) (?<invoker>[^ ]+))|(?:(?:stdout|stderr): ))(?<body>.*)"
}
},
"level-field": "level",
"level": {
"error": "ERROR",
"debug": "DEBUG",
"info": "INFO",
"warning": "WARNING"
},
"value": {
"logger": {
"kind": "string",
"identifier": true
},
"facility": {
"kind": "string",
"identifier": true
},
"msgid": {
"kind": "string",
"identifier": true
},
"pipe_rid": {
"kind": "string",
"identifier": true
},
"comp_rid": {
"kind": "string",
"identifier": true
},
"resource_name": {
"kind": "string",
"identifier": true
},
"invoker": {
"kind": "string",
"identifier": true
}
},
"sample": [
{
"line": "2013-07-30T09:40:25 DEBUG main_process.main PM - 1768839331504132353247612213662950165988626018 - - Pipeline manager '' sending to Leads. Invoker 'admin': PREPARE {'parent_rid': '1768839331504132353247612213662950165988626018', 'resource_name': u'Leads', 'input_views': {}, 'parameters': {u'DELIMITER': u',', u'INPUTFILE': u'file://tutorial/data/leads.csv'}, 'output_views': {u'Output1': {'method': 'GET'}}, 'context_name': u'', 'snap_control_version': '1.2'}"
}
]
}
}

37
src/formats/sssd_log.json Normal file
View File

@ -0,0 +1,37 @@
{
"sssd_log": {
"title": "SSSD log format",
"description": "Log format used by the System Security Services Daemon",
"url": "http://fedorahosted.org/sssd",
"regex": {
"core": {
"pattern": "^\\((?<timestamp>\\S{3,8} \\S{3,8} ( \\d|\\d{2}) \\d{2}:\\d{2}:\\d{2} \\d{4})\\) \\[sssd\\] \\[(?<function>\\w+)\\] \\((?<debug_level>0x[0-9a-fA-F]{4})\\): (?<body>.*)$"
},
"module": {
"pattern": "^\\((?<timestamp>\\S{3,8} \\S{3,8} ( \\d|\\d{2}) \\d{2}:\\d{2}:\\d{2} \\d{4})\\) \\[sssd(?<module>\\[.*?\\])\\] \\[(?<function>\\w+)\\] \\((?<debug_level>0x[0-9a-fA-F]{4})\\): (?<body>.*)$"
}
},
"value": {
"module": {
"kind": "string"
},
"function": {
"kind": "string"
},
"debug_level": {
"kind": "string"
},
"body": {
"kind": "string"
}
},
"sample": [
{
"line": "(Tue Mar 31 06:03:46 2015) [sssd[be[default]]] [sysdb_search_by_name] (0x0400): No such entry"
},
{
"line": "(Tue Mar 31 05:58:38 2015) [sssd] [start_service] (0x0100): Queueing service LDAP for startup"
}
]
}
}

46
src/formats/strace_log.json Normal file
View File

@ -0,0 +1,46 @@
{
"strace_log": {
"title": "Strace",
"description": "The strace output format.",
"url": "http://en.wikipedia.org/wiki/Strace",
"multiline": false,
"regex": {
"std": {
"pattern": "^(?<timestamp>\\d{2}:\\d{2}:\\d{2}\\.\\d{6}) (?<syscall>\\w+)\\((?<body>.*)\\)\\s+=\\s+(?<rc>[-\\w]+)(?: (?<errno>\\w+) \\([^\\)]+\\))?(?: <(?<duration>\\d+\\.\\d+)>)?$"
}
},
"level-field": "errno",
"level": {
"error": ".+"
},
"value": {
"syscall": {
"kind": "string",
"identifier": true,
"rewriter": ":pipe-line-to explain-syscall.sh ${syscall}"
},
"args": {
"kind": "string"
},
"rc": {
"kind": "integer",
"foreign-key": true
},
"duration": {
"kind": "float"
},
"errno": {
"kind": "string",
"identifier": true
}
},
"sample": [
{
"line": "08:09:33.814936 execve(\"/bin/ls\", [\"ls\"], [/* 38 vars */]) = 0 <0.000264>"
},
{
"line": "08:09:33.815943 access(\"/etc/ld.so.nohwcap\", F_OK) = -1 ENOENT (No such file or directory) <0.000019>"
}
]
}
}

47
src/formats/sudo_log.json Normal file
View File

@ -0,0 +1,47 @@
{
"sudo_log": {
"title": "sudo",
"description": "The sudo privilege management tool.",
"url": "",
"regex": {
"std": {
"module-format": true,
"pattern": "^(?<login>\\S+)\\s*: (?:(?<error_msg>[^;]+);)?\\s*TTY=(?<tty>[^;]+)\\s+;\\s*PWD=(?<pwd>[^;]+)\\s+;\\s*USER=(?<user>[^;]+)\\s+;\\s*COMMAND=(?<command>(\\n|.)*)$"
}
},
"level-field": "error_msg",
"level": {
"error": ".+"
},
"value": {
"login": {
"kind": "string",
"identifier": true
},
"error_msg": {
"kind": "string"
},
"tty": {
"kind": "string"
},
"pwd": {
"kind": "string"
},
"user": {
"kind": "string",
"identifier": true
},
"command": {
"kind": "string"
}
},
"sample": [
{
"line": "stack : 3 incorrect password attempts ; TTY=ttys005 ; PWD=/Users/stack/ClionProjects/lbuild ; USER=root ; COMMAND=/bin/ls"
},
{
"line": "stack : TTY=ttys005 ; PWD=/Users/stack/ClionProjects/lbuild ; USER=root ; COMMAND=/bin/ls"
}
]
}
}

87
src/formats/syslog_log.json Normal file
View File

@ -0,0 +1,87 @@
{
"syslog_log": {
"title": "Syslog",
"description": "The system logger format found on most posix systems.",
"url": "http://en.wikipedia.org/wiki/Syslog",
"regex": {
"std": {
"pattern": "^(?<timestamp>(?:\\S{3,8}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2}|\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?Z))(?: (?<log_hostname>[a-zA-Z0-9:][^ ]+[a-zA-Z0-9]))?(?:(?: (?<log_procname>(?:[^\\[:]+|[^:]+))(?:\\[(?<log_pid>\\d+)\\])?:(?<body>(?:.|\\n)*))$|:?(?:(?: ---)? last message repeated \\d+ times?(?: ---)?))"
},
"rfc5424": {
"pattern": "^<(?<log_pri>\\d+)>(?<syslog_version>\\d+) (?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{6})?(?:[^ ]+)?) (?<log_hostname>[^ ]+|-) (?<log_procname>[^ ]+|-) (?<log_pid>[^ ]+|-) (?<log_msgid>[^ ]+|-) (?<log_struct>\\[(?:[^\\]\"]|\"(?:\\.|[^\"])+\")*\\]|-|)\\s+(?<body>(?:.|\\n)*)"
}
},
"level-field": "body",
"level": {
"error": "(?:(?:(?<![a-zA-Z]))(?:(?i)error(?:s)?)(?:(?![a-zA-Z]))|failed|failure)",
"warning": "(?:(?:(?i)warn)|not responding|init: cannot execute)"
},
"opid-field": "log_pid",
"multiline": false,
"module-field": "log_procname",
"value": {
"log_pri": {
"kind": "integer",
"foreign-key": true,
"description": "The priority level of the message"
},
"syslog_version": {
"kind": "integer",
"foreign-key": true,
"description": "The version of the syslog format used for this message"
},
"log_hostname": {
"kind": "string",
"collate": "ipaddress",
"identifier": true,
"description": "The name of the host that generated the message"
},
"log_procname": {
"kind": "string",
"identifier": true,
"description": "The name of the process that generated the message"
},
"log_pid": {
"kind": "string",
"identifier": true,
"action-list": [
"dump_pid"
],
"description": "The ID of the process that generated the message"
},
"log_msgid": {
"kind": "string",
"identifier": true
},
"log_struct": {
"kind": "struct"
}
},
"action": {
"dump_pid": {
"label": "Show Process Info",
"capture-output": true,
"cmd": [
"dump-pid.sh"
]
}
},
"sample": [
{
"line": "Jun 27 01:47:20 Tims-MacBook-Air.local configd[17]: network changed: v4(en0-:192.168.1.8) DNS- Proxy- SMB"
},
{
"line": "Jun 20 17:26:13 ip-10-188-149-5 [CLOUDINIT] util.py[DEBUG]: Restoring selinux mode for /var/lib/cloud (recursive=False)"
},
{
"line": "<46>1 2017-04-27T07:50:47.381967+02:00 logserver rsyslogd - - [origin software=\"rsyslogd\" swVersion=\"8.4.2\" x-pid=\"900\" x-info=\"http://www.rsyslog.com\"] start"
},
{
"line": "<30>1 2017-04-27T07:59:12+02:00 nextcloud dhclient - - - DHCPREQUEST on eth0 to 192.168.1.1 port 67"
},
{
"line": "<78>1 2017-04-27T08:09:01+02:00 nextcloud CRON 1472 - - (root) CMD ( [ -x /usr/lib/php5/sessionclean ] && /usr/lib/php5/sessionclean)"
}
]
}
}

50
src/formats/tcf_log.json Normal file
View File

@ -0,0 +1,50 @@
{
"tcf_log": {
"title": "TCF Log",
"description": "Target Communication Framework log",
"url": [
"http://wiki.eclipse.org/TCF",
"http://git.eclipse.org/c/tcf/org.eclipse.tcf.git/tree/target_explorer/plugins/org.eclipse.tm.te.tcf.log.core/src/org/eclipse/tm/te/tcf/log/core/internal/listener/ChannelTraceListener.java?id=b6e81bb8405f99dda2764b22cff876fa00f734f5#n144"
],
"regex": {
"std": {
"pattern": "^TCF (?<timestamp>\\d{2}:\\d{2}.\\d{3}): (?:Server-Properties: (?:.*)|channel server|\\w+: (?<dir>--->|<---) (?<type>\\w)(?: (?<token>\\w+))?(?: (?<service>\\w+))?(?: (?<name>\\w+))?(?: (?<msg>.*))?(?: <eom>))(?<body>.*)$"
}
},
"value": {
"dir": {
"kind": "string"
},
"type": {
"kind": "string",
"identifier": true
},
"token": {
"kind": "string",
"identifier": true
},
"service": {
"kind": "string",
"identifier": true
},
"name": {
"kind": "string",
"identifier": true
},
"msg": {
"kind": "json"
}
},
"sample": [
{
"line": "TCF 29:47.191: Server-Properties: {\"Name\":\"TCF Protocol Logger\",\"OSName\":\"Linux 3.2.0-60-generic\",\"UserName\":\"xavier\",\"AgentID\":\"1fde3dd1-d4be-4f79-8090-6f8d212f03bf\",\"TransportName\":\"TCP\",\"Proxy\":\"\",\"ValueAdd\":\"1\",\"Port\":\"1534\"}"
},
{
"line": "TCF 30:11.475: 0: <--- R 2 [\"P1\"] <eom>"
},
{
"line": "TCF 30:11.475: 0: ---> C 4 RunControl getChildren \"P1\" <eom>"
}
]
}
}

17
src/formats/tcsh_history.json Normal file
View File

@ -0,0 +1,17 @@
{
"tcsh_history": {
"title": "TCSH History",
"description": "The tcsh history file format.",
"convert-to-local-time": true,
"regex": {
"std": {
"pattern": "^#(?<timestamp>\\+\\d+)\\n?(?<body>.*)?$"
}
},
"sample": [
{
"line": "#+1375138067\necho HELLO=BAR"
}
]
}
}

100
src/formats/uwsgi_log.json Normal file
View File

@ -0,0 +1,100 @@
{
"uwsgi_log": {
"title": "Uwsgi Log",
"description": "The uwsgi log format.",
"multiline": false,
"regex": {
"std": {
"pattern": "^\\[pid: (?<s_pid>\\d+)\\|app: (?<s_app>[\\-\\d]+)\\|req: (?<s_req>[\\-\\d]+)/(?<s_worker_reqs>\\d+)\\] (?<c_ip>[^ ]+) \\((?<cs_username>[^\\)]*)\\) \\{(?<cs_vars>\\d+) vars in (?<cs_bytes>\\d+) bytes\\} \\[(?<timestamp>[^\\]]+)\\] (?<cs_method>[A-Z]+) (?<cs_uri_stem>[^ \\?]+)(?:\\?(?<cs_uri_query>[^ ]*))? => generated (?<sc_bytes>\\d+) bytes in (?<s_runtime>\\d+) (?<rt_unit>\\w+) \\((?<cs_version>[^ ]+) (?<sc_status>\\d+)\\) (?<sc_headers>\\d+) headers in (?<sc_header_bytes>\\d+) bytes \\((?<s_switches>\\d+) switches on core (?<s_core>\\d+)\\)(?<body>.*)"
}
},
"level-field": "sc_status",
"level": {
"error": "^[^123]"
},
"opid-field": "s_pid",
"value": {
"s_pid": {
"kind": "string",
"identifier": true
},
"s_app": {
"kind": "string",
"identifier": true
},
"s_req": {
"kind": "integer",
"foreign-key": true
},
"s_worker_reqs": {
"kind": "integer",
"foreign-key": true
},
"c_ip": {
"kind": "string",
"collate": "ipaddress",
"identifier": true
},
"cs_username": {
"kind": "string",
"identifier": true
},
"cs_vars": {
"kind": "integer"
},
"cs_bytes": {
"kind": "integer"
},
"cs_method": {
"kind": "string",
"identifier": true
},
"cs_uri_stem": {
"kind": "string",
"identifier": true
},
"cs_uri_query": {
"kind": "string"
},
"sc_bytes": {
"kind": "integer"
},
"s_runtime": {
"kind": "float",
"unit": {
"field": "rt_unit",
"scaling-factor": {
"/msecs": 1000.0,
"/micros": 1000000.0
}
}
},
"cs_version": {
"kind": "string",
"identifier": true
},
"sc_status": {
"kind": "integer",
"foreign-key": true
},
"sc_headers": {
"kind": "integer"
},
"sc_header_bytes": {
"kind": "integer"
},
"s_switches": {
"kind": "integer"
},
"s_core": {
"kind": "string",
"identifier": true
}
},
"sample": [
{
"line": "[pid: 24386|app: 0|req: 482950/4125645] 86.221.170.65 () {44 vars in 1322 bytes} [Tue Jan 3 05:01:31 2012] GET /contest/log_presence/shhootter/?_=1325592089910 => generated 192 bytes in 21 msecs (HTTP/1.1 200) 4 headers in 188 bytes (1 switches on core 0)"
}
]
}
}

66
src/formats/vdsm_log.json Normal file
View File

@ -0,0 +1,66 @@
{
"vdsm_log": {
"title": "Vdsm Logs",
"description": "Vdsm log format",
"url": "http://www.ovirt.org/develop/developer-guide/vdsm/log-files/",
"regex": {
"v4.1": {
"pattern": "(?s)^(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2},\\d{3}(?:\\+\\d{4})?) (?<level>\\w+)\\s+\\((?<thread>.+?)\\) \\[(?<logger>.+?)\\]\\s+?(?<body>(?:.|[\\r\\n])*?)\\s+?\\((?<src_file>\\w+?):(?<src_line>\\d+)\\)(\\n(?<traceback>Traceback.*?)(?=\\n(?P=timestamp)|$))?"
},
"v4": {
"pattern": "^(?<tid>.+)::(?<level>.+)::(?<timestamp>.+)::(?<module>.+)::(?<src_line>.+)::(?<logger>.+)::\\((?<func>[^\\)]+)\\)(?<body>(?:.|\\n)*)"
}
},
"level-field": "level",
"level": {
"error": "ERROR",
"debug": "DEBUG",
"info": "INFO",
"warning": "WARNING|WARN",
"critical": "CRIT",
"trace": "TRACE"
},
"value": {
"tid": {
"kind": "string",
"identifier": true
},
"module": {
"kind": "string",
"identifier": true
},
"src_line": {
"kind": "integer",
"foreign-key": true
},
"logger": {
"kind": "string",
"identifier": true
},
"func": {
"kind": "string",
"identifier": true
},
"thread": {
"kind": "string",
"identifier": true
},
"src_file": {
"kind": "string",
"identifier": true
},
"traceback": {
"kind": "string",
"identifier": true
}
},
"sample": [
{
"line": "Thread-1950::INFO::2011-12-07 12:14:15,018::dispatcher::94::Storage.Dispatcher.Protect::(run) Run and protect: getDeviceList, args: ( storageType=2)"
},
{
"line": "2017-03-06 14:49:05,167+0200 INFO (vm/9e5dd42e) [virt.vm] (vmId='9e5dd42e-5177-4da3-a6ce-87fa2052d315') (vm:2104)"
}
]
}
}

41
src/formats/vmk_log.json Normal file
View File

@ -0,0 +1,41 @@
{
"vmk_log": {
"title": "VMKernel Logs",
"description": "The VMKernel's log format",
"url": "",
"regex": {
"std": {
"pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z) cpu(?<cpu>\\d+):(?<world_id>\\d+)\\)((?:(?<level>WARNING|ALERT)|(?<subsystem>[^:]+)): )?(?<body>.*)"
}
},
"level-field": "level",
"level": {
"error": "ALERT",
"warning": "WARNING"
},
"value": {
"cpu": {
"kind": "integer",
"identifier": true,
"foreign-key": true
},
"world_id": {
"kind": "integer",
"identifier": true,
"foreign-key": true
},
"subsystem": {
"kind": "string",
"identifier": true
}
},
"sample": [
{
"line": "2014-11-14T19:19:51.559Z cpu7:35233)VC: 2002: Device rescan time 704 msec (total number of devices 91)"
},
{
"line": "2015-04-01T22:22:35.038Z cpu22:44012977)ALERT: This is what an alert looks like."
}
]
}
}

75
src/formats/vmw_log.json Normal file
View File

@ -0,0 +1,75 @@
{
"vmw_log": {
"title": "VMware Logs",
"description": "One of the log formats used in VMware's ESXi and vCenter software.",
"url": "http://kb.vmware.com/kb/2004201",
"regex": {
"6.0+": {
"pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}(?:Z|[-+]\\d{2}:\\d{2})) (?:Section for VMware VirtualCenter,.*|(?<level>\\w+) (?<prc>\\w+)\\[(?<tid>\\w+)\\] \\[(?<src>[^ \\]]+)\\s*(?: sub=(?<sub>[^ \\]]+))?(?: opID=(?<opid>[^ \\]]+))?(?: user=(?<user>[\\w\\-:]+))?\\]\\s*(?<body>.*)(?:\\n(?:.|\\n)*)?)$"
},
"5.0+": {
"pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}(?:Z|[-+]\\d{2}:\\d{2})) \\[(?<tid>\\w+) (?<level>\\w+) '(?<comp>[^']+)'(?: opID=(?<opid>[^ \\]]+))?(?: user=(?<user>[\\w\\-]+))?\\](?<body>.*)(?:\\n(?:.|\\n)*)?$"
},
"pre-5.0": {
"pattern": "^\\[(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}\\.\\d{3}) (?<tid>\\w+) (?<level>\\w+) '(?<comp>[^']+)'(?: opID=(?<opid>[^ \\]]+))?(?: user=(?<user>[\\w\\-]+))?\\](?<body>.*)(?:\\n(?:.|\\n)*)?$"
},
"ls-log": {
"pattern": "^\\[(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2},\\d{3}) (?<tid>[\\w\\-]+)\\s+(?<level>\\w+)\\s+(?<comp>[^\\]]+)\\]\\s+(?<body>(?:.|\\n)*)"
}
},
"level-field": "level",
"level": {
"error": "(error|ERROR|panic|PANIC)",
"warning": "(warning|WARNING|warn|WARN)",
"trace": "verbose"
},
"opid-field": "opid",
"value": {
"prc": {
"kind": "string",
"identifier": true
},
"tid": {
"kind": "string",
"identifier": true
},
"src": {
"kind": "string",
"identifier": true
},
"comp": {
"kind": "string",
"identifier": true
},
"sub": {
"kind": "string",
"identifier": true
},
"opid": {
"kind": "string",
"identifier": true
},
"user": {
"kind": "string",
"identifier": true
}
},
"sample": [
{
"line": "[2011-04-01 15:14:34.203 F5A5AB90 info 'vm:/vmfs/volumes/4d6579ec-23f981cb-465c-00237da0cfee/Vmotion-test/Vmotion-test.vmx' opID=F6FC49D5-000007E6-d] VMotionPrepare: dstMgmtIp=10.21.49.138"
},
{
"line": "2014-11-04T15:53:31.075+05:30 verbose vpxd[05160] [Originator@6876 sub=PropertyProvider opID=ProcessAlarmFiring-427c3c55] RecordOp ASSIGN: declaredAlarmState[\"alarm-1.host-23\"], host-23. Applied change to temp map."
},
{
"line": "2014-01-17T04:55:50.347Z [7F03ECE76700 verbose 'Default' opID=2140bc71] [VpxVmomi] Invoke done: vmodl.query.PropertyCollector.waitForUpdatesEx session: c580b3ef-0011-88a5-b2af-7ca7e74114c8"
},
{
"line": "2014-11-04T12:46:42.990+05:30 Section for VMware VirtualCenter, pid=6432, version=6.0.0, build=2255588, option=BETA"
},
{
"line": "[2013-01-16 02:26:25,500 pool-3-thread-1 INFO com.vmware.vim.license.service.impl.ServiceImpl] License Accounting Service initialized"
}
]
}
}

42
src/formats/xmlrpc_log.json Normal file
View File

@ -0,0 +1,42 @@
{
"xmlrpc_log": {
"title": "RHN server XMLRPC log format",
"description": "Generated by Satellite's XMLRPC component",
"url": "https://access.redhat.com/products/red-hat-satellite",
"regex": {
"main": {
"pattern": "^(?<timestamp>\\d{4}/\\d{2}/\\d{2} \\d{2}:\\d{2}:\\d{2} [+-]?\\d{2}:\\d{2}) (?<pid>\\d+) (?<client_ip>\\S+): (?<module>\\w+)/(?<function>.*)(?<arguments>\\(.*?\\))?(?<body>.*)$"
}
},
"value": {
"pid": {
"kind": "integer",
"identifier": true
},
"client_ip": {
"kind": "string",
"identifier": true
},
"module": {
"kind": "string"
},
"function": {
"kind": "string"
}
},
"sample": [
{
"line": "2015/05/24 07:48:21 -05:00 767 10.206.22.17: xmlrpc/up2date.listChannels(1000011979,)"
},
{
"line": "2015/05/24 07:48:22 -05:00 1377 10.184.37.105: xmlrpc/registration.welcome_message('lang: None',)"
},
{
"line": "2015/05/24 07:48:22 -05:00 759 10.49.10.30: xmlrpc/registration.register_osad"
},
{
"line": "2015/05/24 07:48:22 -05:00 759 10.49.10.30: rhnServer/server_certificate.valid('Server id ID-1000019942 not found in database',)"
}
]
}
}

58
src/log_format_loader.cc
View File

@ -51,7 +51,7 @@
#include "sql_util.hh"
#include "builtin-scripts.h"
#include "builtin-sh-scripts.h"
#include "default-log-formats-json.h"
#include "default-formats.h"
#include "log_format_loader.hh"
#include "bin2c.h"
@ -746,18 +746,20 @@ struct json_path_container root_format_handler = json_path_container {
}
.with_schema_id(SUPPORTED_FORMAT_SCHEMAS.back());
static void write_sample_file(void)
static void write_sample_file()
{
auto sample_path = dotlnav_path() / "formats/default/default-formats.json.sample";
auto_fd sample_fd;
for (int lpc = 0; lnav_format_json[lpc].bsf_name; lpc++) {
auto &bsf = lnav_format_json[lpc];
auto sample_path = dotlnav_path() /
fmt::format("formats/default/{}.sample", bsf.bsf_name);
auto_fd sample_fd;
if ((sample_fd = openp(sample_path,
O_WRONLY|O_TRUNC|O_CREAT,
0644)) == -1 ||
(write(sample_fd.get(),
default_log_formats_json.bsf_data,
default_log_formats_json.bsf_size) == -1)) {
perror("error: unable to write default format file");
if ((sample_fd = openp(sample_path,
O_WRONLY | O_TRUNC | O_CREAT,
0644)) == -1 ||
(write(sample_fd.get(), bsf.bsf_data, bsf.bsf_size) == -1)) {
perror("error: unable to write default format file");
}
}
for (int lpc = 0; lnav_sh_scripts[lpc].bsf_name; lpc++) {
@ -915,22 +917,26 @@ void load_formats(const std::vector<filesystem::path> &extra_paths,
write_sample_file();
log_debug("Loading default formats");
handle = yajl_alloc(&ypc_builtin.ypc_callbacks, nullptr, &ypc_builtin);
ud.ud_format_names = &retval;
ud.ud_errors = &errors;
ypc_builtin
.with_obj(ud)
.with_handle(handle)
.with_error_reporter(format_error_reporter)
.ypc_userdata = &ud;
yajl_config(handle, yajl_allow_comments, 1);
if (ypc_builtin.parse(default_log_formats_json.bsf_data,
default_log_formats_json.bsf_size) != yajl_status_ok) {
errors.push_back("builtin: invalid json -- " +
string((char *)yajl_get_error(handle, 1, default_log_formats_json.bsf_data, default_log_formats_json.bsf_size)));
for (int lpc = 0; lnav_format_json[lpc].bsf_name; lpc++) {
auto &bsf = lnav_format_json[lpc];
handle = yajl_alloc(&ypc_builtin.ypc_callbacks, nullptr, &ypc_builtin);
ud.ud_format_names = &retval;
ud.ud_errors = &errors;
ypc_builtin
.with_obj(ud)
.with_handle(handle)
.with_error_reporter(format_error_reporter)
.ypc_userdata = &ud;
yajl_config(handle, yajl_allow_comments, 1);
if (ypc_builtin.parse(bsf.bsf_data, bsf.bsf_size) != yajl_status_ok) {
errors.push_back("builtin: invalid json -- " +
string((char *) yajl_get_error(handle, 1,
bsf.bsf_data,
bsf.bsf_size)));
}
ypc_builtin.complete_parse();
yajl_free(handle);
}
ypc_builtin.complete_parse();
yajl_free(handle);
for (const auto & extra_path : extra_paths) {
load_from_path(extra_path, errors);