Robot
/
lnav
mirror of https://github.com/tstack/lnav.git
2
0
Fork 0
Code Issues Releases Wiki Activity
lnav/src/default-log-formats.json

578 lines
21 KiB
JSON
Raw Blame History

{
"access_log" : {
"title" : "Common Access Log",
"description" : "The default web access log format for servers like Apache.",
"url" : "http://en.wikipedia.org/wiki/Common_Log_Format",
"regex" : {
"ts-first-noquotes" : {
"pattern" : "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?<c_ip>[^ ]+) (?<cs_username>[^ ]+) (?<cs_method>[A-Z]+) (?<cs_uri_stem>[^ \\?]+)(?:\\?(?<cs_uri_query>[^ ]*))? (?:-1|\\d+) (?<sc_status>\\d+) \\d+"
},
"ts-first" : {
"pattern" : "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?<c_ip>[^ ]+) (?<cs_username>[^ ]+) (?<cs_method>[A-Z]+) \"(?<cs_uri_stem>[^ \\?]+)(?:\\?(?<cs_uri_query>[^ ]*))?\" (?:-1|\\d+) (?<sc_status>\\d+) \\d+"
},
"std" : {
"pattern" : "^(?<c_ip>[\\w\\.:\\-]+) [\\w\\.\\-]+ (?<cs_username>\\S+) \\[(?<timestamp>[^\\]]+)\\] \"(?:\\-|(?<cs_method>\\w+) (?<cs_uri_stem>[^ \\?]+)(?:\\?(?<cs_uri_query>[^ ]*))? (?<cs_version>[\\w/\\.]+))\" (?<sc_status>\\d+) (?<sc_bytes>\\d+|-)(?: \"(?<cs_referer>[^\"]+)\" \"(?<cs_user_agent>[^\"]+)\")?.*"
}
},
"level-field": "sc_status",
"level" : {
"error" : "^[^123]"
},
"value" : {
"c_ip" : {
"kind" : "string",
"collate" : "ipaddress",
"identifier" : true
},
"cs_username" : {
"kind" : "string",
"identifier" : true
},
"cs_method" : {
"kind" : "string",
"identifier" : true
},
"cs_uri_stem" : {
"kind" : "string",
"identifier" : true
},
"cs_uri_query" : {
"kind" : "string"
},
"cs_version" : {
"kind" : "string",
"identifier" : true
},
"sc_status" : {
"kind" : "integer",
"foreign-key" : true
},
"sc_bytes" : {
"kind" : "integer"
},
"cs_referer" : {
"kind" : "string",
"identifier" : true
},
"cs_user_agent" : {
"kind" : "string",
"identifier" : true
}
},
"sample" : [
{
"line" : "10.112.72.172 - - [11/Feb/2013:06:43:36 +0000] \"GET /client/ HTTP/1.1\" 200 5778 \"-\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17\""
}
]
},
"block_log" : {
"title" : "Generic Block",
"description" : "A generic format for logs, like cron, that have a date at the start of a block.",
"regex" : {
"std" : {
"pattern" : "^(?<timestamp>\\w{3} \\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2} \\w+ \\d{4})$"
}
},
"sample" : [
{
"line" : "Sat Apr 27 03:33:07 PDT 2013"
}
]
},
"choose_repo_log" : {
"title" : "Yum choose_repo Log",
"description" : "The log format for the yum choose_repo tool.",
"regex" : {
"std" : {
"pattern" : "^\\[(?<level>\\w+):[^\\]]+] [^:]+:\\d+ (?<timestamp>\\d{4}-\\d{2}-\\d{2}[T ]\\d{2}:\\d{2}:\\d{2}(?:[\\.,]\\d{3})?):(?<body>.*)"
}
},
"level-field" : "level",
"level" : {
"error" : "ERROR",
"debug" : "DEBUG",
"info" : "INFO",
"warning" : "WARNING"
},
"sample" : [
{
"line": "[INFO:choose_repo] choose_repo:47 2013-06-20 17:26:10,691: Setting region in redhat-rhui.repo"
}
]
},
"dpkg_log" : {
"title" : "Dpkg Log",
"description" : "The debian dpkg log.",
"regex" : {
"std" : {
"pattern" : "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}[T ]\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?:(?:(?<action>startup|status|configure|install|upgrade|trigproc|remove|purge)(?: (?<status>config-files|failed-config|half-configured|half-installed|installed|not-installed|post-inst-failed|removal-failed|triggers-awaited|triggers-pending|unpacked))? (?<package>[^ ]+) (?<installed_version>[^ ]+)(?: (?<available_version>[^ ]+))?)|update-alternatives: (?<body>.*))$"
}
},
"value" : {
"action" : {
"kind" : "string",
"identifier" : true
},
"status" : {
"kind" : "string",
"identifier" : true
},
"package" : {
"kind" : "string",
"identifier" : true
},
"installed_version" : {
"kind" : "string"
},
"available_version" : {
"kind" : "string"
}
},
"sample" : [
{
"line" : "2012-02-14 10:44:10 configure base-files 5.0.0ubuntu20 5.0.0ubuntu20"
},
{
"line" : "2012-02-14 10:44:30 status unpacked rsyslog 4.2.0-2ubuntu8"
},
{
"line" : "2012-02-14 10:44:32 update-alternatives: run with --install /usr/bin/rview rview /usr/bin/vim.tiny 10"
}
]
},
"error_log" : {
"title" : "Common Error Log",
"description" : "The default web error log format for servers like Apache.",
"regex" : {
"cups" : {
"pattern" : "^(?<level>\\w) \\[(?<timestamp>[^\\]]+)\\] (?<body>.*)"
}
},
"level-field": "level",
"level" : {
"error" : "E",
"warning" : "W",
"info" : "I"
},
"sample" : [
{
"line" : "E [08/Jun/2013:11:28:58 -0700] Unknown directive BrowseOrder on line 22 of /private/etc/cups/cupsd.conf."
}
]
},
"fsck_hfs_log" : {
"title" : "Fsck_hfs Log",
"description" : "Log for the fsck_hfs tool on Mac OS X.",
"regex" : {
"std" : {
"pattern" : "^(?<device>[^:]+): fsck_hfs run at (?<timestamp>\\w{3} \\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2} \\d{4})"
}
},
"value" : {
"device" : {
"kind" : "string",
"identifier" : true
}
},
"sample" : [
{
"line" : "/dev/rdisk0s2: fsck_hfs run at Wed Jul 25 23:01:18 2012"
}
]
},
"glog_log" : {
"title" : "Glog",
"description" : "The google glog format.",
"url" : "https://code.google.com/p/google-glog/",
"regex" : {
"std" : {
"pattern" : "^(?<level>[IWECF])(?<timestamp>\\d{4} \\d{2}:\\d{2}:\\d{2}\\.\\d{6}) (?<thread>\\d+) (?<src_file>[^:]+):(?<src_line>\\d+)\\] (?<body>(?:.|\\n)*)"
}
},
"level-field" : "level",
"level" : {
"error" : "E",
"warning" : "W",
"info" : "I",
"critical" : "C",
"fatal" : "F"
},
"value" : {
"thread" : {
"kind" : "integer",
"identifier" : true,
"foreign-key" : true
},
"src_file" : {
"kind" : "string",
"identifier" : true
},
"src_line" : {
"kind" : "integer",
"foreign-key" : true
}
},
"sample" : [
{
"line" : "E0517 15:04:22.619632 1952452992 logging_unittest.cc:253] Log every 3, iteration 19"
}
]
},
"page_log" : {
"title" : "CUPS Page Log",
"description" : "The CUPS server log of printed pages.",
"url" : "http://www.cups.org/documentation.php/doc-1.7/ref-page_log.html",
"regex" : {
"pre-1.7" : {
"pattern" : "^(?<printer>[\\w_\\-\\.]+) (?<username>[\\w\\.\\-]+) (?<job_id>\\d+) \\[(?<timestamp>[^\\]]+)\\] (?<page_number>total|\\d+) (?<num_copies>\\d+) (?<job_billing>[^ ]+) (?<job_originating_hostname>[\\w\\.:\\-]+)$"
},
"1.7" : {
"pattern" : "^(?<printer>[\\w_\\-\\.]+) (?<username>[\\w\\.\\-]+) (?<job_id>\\d+) \\[(?<timestamp>[^\\]]+)\\] (?<page_number>total|\\d+) (?<num_copies>\\d+) (?<job_billing>[^ ]+) (?<job_originating_hostname>[\\w\\.:\\-]+) (?<job_name>.+) (?<media>[^ ]+) (?<sides>.+)$"
}
},
"value" : {
"printer" : {
"kind" : "string",
"identifier" : true
},
"username" : {
"kind" : "string",
"identifier" : true
},
"job_id" : {
"kind" : "integer",
"identifier" : true
},
"page_number" : {
"kind" : "string"
},
"num_copies" : {
"kind" : "integer"
},
"job_billing" : {
"kind" : "string",
"identifier" : true
},
"job_originating_hostname" : {
"kind" : "string",
"collate" : "ipaddress",
"identifier" : true
},
"job_name" : {
"kind" : "string",
"identifier" : true
},
"media" : {
"kind" : "string",
"identifier" : true
},
"sides" : {
"kind" : "string",
"identifier" : true
}
},
"sample" : [
{
"line" : "Photosmart_7520_series stack 11 [18/May/2013:13:21:15 -0700] total 0 - localhost 5615311548-159003235-tickets.pdf Letter one-sided"
},
{
"line" : "tec_IS2027 kurt 401 [22/Apr/2003:10:28:43 +0100] 1 3 #marketing 10.160.50.13"
}
]
},
"snaplogic_log" : {
"title" : "SnapLogic Server Log",
"description" : "The SnapLogic server log format.",
"url" : "http://www.snaplogic.com/docs/user-guide/user-guide.htm",
"regex" : {
"std" : {
"pattern" : "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?:(?:(?<level>\\w{4,}) (?<logger>[^ ]+) (?<facility>[^ ]+) (?<msgid>[^ ]+) (?<pipe_rid>-|\\d+)(?:\\.(?<comp_rid>[^ ]+))? (?<resource_name>[^ ]+) (?<invoker>[^ ]+))|(?:(?:stdout|stderr): ))(?<body>.*)"
}
},
"level-field" : "level",
"level" : {
"error" : "ERROR",
"debug" : "DEBUG",
"info" : "INFO",
"warning" : "WARNING"
},
"value" : {
"logger" : {
"kind" : "string",
"identifier" : true
},
"facility" : {
"kind" : "string",
"identifier" : true
},
"msgid" : {
"kind" : "string",
"identifier" : true
},
"pipe_rid" : {
"kind" : "string",
"identifier" : true
},
"comp_rid" : {
"kind" : "string",
"identifier" : true
},
"resource_name" : {
"kind" : "string",
"identifier" : true
},
"invoker" : {
"kind" : "string",
"identifier" : true
}
},
"sample" : [
{
"line" : "2013-07-30T09:40:25 DEBUG main_process.main PM - 1768839331504132353247612213662950165988626018 - - Pipeline manager '' sending to Leads. Invoker 'admin': PREPARE {'parent_rid': '1768839331504132353247612213662950165988626018', 'resource_name': u'Leads', 'input_views': {}, 'parameters': {u'DELIMITER': u',', u'INPUTFILE': u'file://tutorial/data/leads.csv'}, 'output_views': {u'Output1': {'method': 'GET'}}, 'context_name': u'', 'snap_control_version': '1.2'}"
}
]
},
"syslog_log" : {
"title" : "Syslog",
"description" : "The system logger format found on most posix systems.",
"url" : "http://en.wikipedia.org/wiki/Syslog",
"regex" : {
"std" : {
"pattern" : "^(?<timestamp>\\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2})(?: (?<log_hostname>[a-zA-Z0-9:][^ ]+[a-zA-Z0-9]))?(?:(?: (?<log_procname>(?:[^\\[:]+|[^:]+))(?:\\[(?<log_pid>\\d+)])?:(?<body>(?:.|\\n)*))$|:?(?:(?: ---)? last message repeated \\d+ times?(?: ---)?))"
}
},
"level-field" : "body",
"level" : {
"error" : "(?:failed|failure|error)",
"warning" : "(?:warn|not responding|init: cannot execute)"
},
"value" : {
"log_hostname" : {
"kind" : "string",
"collate" : "ipaddress",
"identifier" : true
},
"log_procname" : {
"kind" : "string",
"identifier" : true
},
"log_pid" : {
"kind" : "string",
"identifier" : true,
"action-list" : ["dump_pid"]
}
},
"action" : {
"dump_pid" : {
"label" : "Show Process Info",
"capture-output" : true,
"cmd" : ["dump-pid.sh"]
}
},
"sample" : [
{
"line" : "Jun 27 01:47:20 Tims-MacBook-Air.local configd[17]: network changed: v4(en0-:192.168.1.8) DNS- Proxy- SMB"
},
{
"line" : "Jun 20 17:26:13 ip-10-188-149-5 [CLOUDINIT] util.py[DEBUG]: Restoring selinux mode for /var/lib/cloud (recursive=False)"
}
]
},
"tcf_log" : {
"title" : "TCF Log",
"description" : "Target Communication Framework log",
"url" : [
"http://wiki.eclipse.org/TCF",
"http://git.eclipse.org/c/tcf/org.eclipse.tcf.git/tree/target_explorer/plugins/org.eclipse.tm.te.tcf.log.core/src/org/eclipse/tm/te/tcf/log/core/internal/listener/ChannelTraceListener.java?id=b6e81bb8405f99dda2764b22cff876fa00f734f5#n144"
],
"regex" : {
"std" : {
"pattern" : "^TCF (?<timestamp>\\d{2}:\\d{2}.\\d{3}): (?:Server-Properties: |channel server|\\w+: (?<dir>--->|<---) (?<type>\\w)(?: (?<token>\\w+))?(?: (?<service>\\w+))?(?: (?<name>\\w+))? )(?<body>.*)"
}
},
"value" : {
"dir" : {
"kind" : "string"
},
"type" : {
"kind" : "string",
"identifier" : true
},
"token" : {
"kind" : "string",
"identifier" : true
},
"service" : {
"kind" : "string",
"identifier" : true
},
"name" : {
"kind" : "string",
"identifier" : true
}
},
"sample" : [
{
"line" : "TCF 29:47.191: Server-Properties: {\"Name\":\"TCF Protocol Logger\",\"OSName\":\"Linux 3.2.0-60-generic\",\"UserName\":\"xavier\",\"AgentID\":\"1fde3dd1-d4be-4f79-8090-6f8d212f03bf\",\"TransportName\":\"TCP\",\"Proxy\":\"\",\"ValueAdd\":\"1\",\"Port\":\"1534\"}"
},
{
"line" : "TCF 30:11.475: 0: <--- R 2 [\"P1\"] <eom>"
},
{
"line" : "TCF 30:11.475: 0: ---> C 4 RunControl getChildren \"P1\" <eom>"
}
]
},
"tcsh_history" : {
"title" : "TCSH History",
"description" : "The tcsh history file format.",
"convert-to-local-time" : true,
"regex" : {
"std" : {
"pattern" : "^#(?<timestamp>\\+\\d+)\\n?(?<body>.*)?$"
}
},
"sample" : [
{
"line" : "#+1375138067\necho HELLO=BAR"
}
]
},
"uwsgi_log" : {
"title" : "Uwsgi Log",
"description" : "The uwsgi log format.",
"regex" : {
"std" : {
"pattern" : "^\\[pid: (?<s_pid>\\d+)\\|app: (?<s_app>[\\-\\d]+)\\|req: (?<s_req>[\\-\\d]+)/(?<s_worker_reqs>\\d+)\\] (?<c_ip>[^ ]+) \\((?<cs_username>[^\\)]*)\\) \\{(?<cs_vars>\\d+) vars in (?<cs_bytes>\\d+) bytes\\} \\[(?<timestamp>[^\\]]+)\\] (?<cs_method>[A-Z]+) (?<cs_uri_stem>[^ \\?]+)(?:\\?(?<cs_uri_query>[^ ]*))? => generated (?<sc_bytes>\\d+) bytes in (?<s_runtime>\\d+) (?<rt_unit>\\w+) \\((?<cs_version>[^ ]+) (?<sc_status>\\d+)\\) (?<sc_headers>\\d+) headers in (?<sc_header_bytes>\\d+) bytes \\((?<s_switches>\\d+) switches on core (?<s_core>\\d+)\\)"
}
},
"level-field": "sc_status",
"level" : {
"error" : "^[^123]"
},
"value" : {
"s_pid" : {
"kind" : "string",
"identifier" : true
},
"s_app" : {
"kind" : "string",
"identifier" : true
},
"s_req" : {
"kind" : "integer"
},
"s_worker_reqs" : {
"kind" : "integer"
},
"c_ip" : {
"kind" : "string",
"collate" : "ipaddress",
"identifier" : true
},
"cs_username" : {
"kind" : "string",
"identifier" : true
},
"cs_vars" : {
"kind" : "integer"
},
"cs_bytes" : {
"kind" : "integer"
},
"cs_method" : {
"kind" : "string",
"identifier" : true
},
"cs_uri_stem" : {
"kind" : "string",
"identifier" : true
},
"cs_uri_query" : {
"kind" : "string"
},
"sc_bytes" : {
"kind" : "integer"
},
"s_runtime" : {
"kind" : "float",
"unit" : {
"field" : "rt_unit",
"scaling-factor" : {
"/msecs" : 1000.0,
"/micros" : 1000000.0
}
}
},
"cs_version" : {
"kind" : "string",
"identifier" : true
},
"sc_status" : {
"kind" : "integer",
"foreign-key" : true
},
"sc_headers" : {
"kind" : "integer"
},
"sc_header_bytes" : {
"kind" : "integer"
},
"s_switches" : {
"kind" : "integer"
},
"s_core" : {
"kind" : "string",
"identifier" : true
}
},
"sample" : [
{
"line" : "[pid: 24386|app: 0|req: 482950/4125645] 86.221.170.65 () {44 vars in 1322 bytes} [Tue Jan 3 05:01:31 2012] GET /contest/log_presence/shhootter/?_=1325592089910 => generated 192 bytes in 21 msecs (HTTP/1.1 200) 4 headers in 188 bytes (1 switches on core 0)"
}
]
},
"vmw_log" : {
"title" : "VMware Logs",
"description" : "One of the log formats used in VMware's ESXi and vCenter software.",
"url" : "http://kb.vmware.com/kb/2004201",
"regex" : {
"5.0+" : {
"pattern" : "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z) \\[(?<tid>\\w+) (?<level>\\w+) '(?<comp>[^']+)'(?: opID=(?<opid>[^ \\]]+))?(?: user=(?<user>[\\w\\-]+))?\\](?<body>.*)$"
},
"pre-5.0" : {
"pattern" : "^\\[(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}\\.\\d{3}) (?<tid>\\w+) (?<level>\\w+) '(?<comp>[^']+)'(?: opID=(?<opid>[^ \\]]+))?(?: user=(?<user>[\\w\\-]+))?\\](?<body>.*)$"
}
},
"level-field": "level",
"level" : {
"error" : "error",
"warning" : "warning",
"trace" : "verbose"
},
"value" : {
"tid" : {
"kind" : "string",
"identifier" : true
},
"comp" : {
"kind" : "string",
"identifier" : true
},
"opid" : {
"kind" : "string",
"identifier" : true
},
"user" : {
"kind" : "string",
"identifier" : true
}
},
"sample" : [
{
"line" : "[2011-04-01 15:14:34.203 F5A5AB90 info 'vm:/vmfs/volumes/4d6579ec-23f981cb-465c-00237da0cfee/Vmotion-test/Vmotion-test.vmx' opID=F6FC49D5-000007E6-d] VMotionPrepare: dstMgmtIp=10.21.49.138"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink