2013-06-29 13:22:24 +00:00
{
"access_log" : {
2013-07-27 18:04:43 +00:00
"title" : "Common Access Log" ,
"description" : "The default web access log format for servers like Apache." ,
2013-07-31 04:21:28 +00:00
"url" : "http://en.wikipedia.org/wiki/Common_Log_Format" ,
2015-07-11 23:32:48 +00:00
"multiline" : false ,
2013-08-07 13:31:34 +00:00
"regex" : {
"ts-first-noquotes" : {
2015-07-20 12:33:02 +00:00
"pattern" : "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?<c_ip>[^ ]+) (?<cs_username>[^ ]+) (?<cs_method>[A-Z]+) (?<cs_uri_stem>[^ \\?]+)(?:\\?(?<cs_uri_query>[^ ]*))? (?:-1|\\d+) (?<sc_status>\\d+) \\d+\\s*(?<body>.*)"
2013-08-07 13:31:34 +00:00
} ,
"ts-first" : {
2015-07-20 12:33:02 +00:00
"pattern" : "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?<c_ip>[^ ]+) (?<cs_username>[^ ]+) (?<cs_method>[A-Z]+) \"(?<cs_uri_stem>[^ \\?]+)(?:\\?(?<cs_uri_query>[^ ]*))?\" (?:-1|\\d+) (?<sc_status>\\d+) \\d+\\s*(?<body>.*)"
2013-08-07 13:31:34 +00:00
} ,
"std" : {
2015-07-11 04:39:03 +00:00
"pattern" : "^(?<c_ip>[\\w\\.:\\-]+)\\s+[\\w\\.\\-]+\\s+(?<cs_username>\\S+)\\s+\\[(?<timestamp>[^\\]]+)\\] \"(?:\\-|(?<cs_method>\\w+) (?<cs_uri_stem>[^ \\?]+)(?:\\?(?<cs_uri_query>[^ ]*))? (?<cs_version>[\\w/\\.]+))\" (?<sc_status>\\d+) (?<sc_bytes>\\d+|-)(?: \"(?<cs_referer>[^\"]+)\" \"(?<cs_user_agent>[^\"]+)\")?\\s*(?<body>.*)"
2015-07-18 03:39:06 +00:00
} ,
"mod-std" : {
"module-format" : true ,
"pattern" : "^(?<c_ip>[\\w\\.:\\-]+)\\s+[\\w\\.\\-]+\\s+(?<cs_username>\\S+)\\s+\"(?:\\-|(?<cs_method>\\w+) (?<cs_uri_stem>[^ \\?]+)(?:\\?(?<cs_uri_query>[^ ]*))? (?<cs_version>[\\w/\\.]+))\" (?<sc_status>\\d+) (?<sc_bytes>\\d+|-)(?: \"(?<cs_referer>[^\"]+)\" \"(?<cs_user_agent>[^\"]+)\")?\\s*(?<body>.*)"
2013-08-07 13:31:34 +00:00
}
} ,
2013-06-29 13:22:24 +00:00
"level-field" : "sc_status" ,
"level" : {
2015-03-29 21:50:34 +00:00
"error" : "^[^123].*"
2013-06-29 13:22:24 +00:00
} ,
2015-11-25 04:59:24 +00:00
"opid-field" : "c_ip" ,
2013-06-29 13:22:24 +00:00
"value" : {
"c_ip" : {
"kind" : "string" ,
"collate" : "ipaddress" ,
"identifier" : true
} ,
"cs_username" : {
"kind" : "string" ,
"identifier" : true
} ,
"cs_method" : {
"kind" : "string" ,
"identifier" : true
} ,
"cs_uri_stem" : {
"kind" : "string" ,
"identifier" : true
} ,
"cs_uri_query" : {
"kind" : "string"
} ,
"cs_version" : {
"kind" : "string" ,
"identifier" : true
} ,
"sc_status" : {
2013-07-13 22:38:12 +00:00
"kind" : "integer" ,
2016-12-06 00:34:30 +00:00
"foreign-key" : true ,
"rewriter" : ";SELECT :sc_status || ' (' || (SELECT message FROM http_status_codes WHERE status = :sc_status) || ') '"
2013-06-29 13:22:24 +00:00
} ,
"sc_bytes" : {
"kind" : "integer"
} ,
"cs_referer" : {
"kind" : "string" ,
"identifier" : true
} ,
"cs_user_agent" : {
"kind" : "string" ,
"identifier" : true
}
2013-06-30 04:19:03 +00:00
} ,
"sample" : [
{
"line" : "10.112.72.172 - - [11/Feb/2013:06:43:36 +0000] \"GET /client/ HTTP/1.1\" 200 5778 \"-\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17\""
2015-03-17 06:10:34 +00:00
} ,
{
"line" : "10.1.10.51 - - [23/Dec/2014:21:20:35 +0000] \"POST /api/1/rest/foo/bar HTTP/1.1\" 200 - \"-\" \"-\" 293"
2013-06-30 04:19:03 +00:00
}
]
2013-06-29 13:22:24 +00:00
} ,
2015-05-05 06:04:50 +00:00
"autodeploy_log" : {
2015-04-29 03:35:22 +00:00
"title" : "VMware vSphere Auto Deploy log format" ,
2015-05-02 03:52:00 +00:00
"description" : "The log format for the VMware Auto Deploy service" ,
"url" : "http://kb.vmware.com/kb/2000988" ,
2015-04-29 03:35:22 +00:00
"regex" : {
"std" : {
2015-05-05 06:04:50 +00:00
"pattern" : "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) \\[(?<pid>\\d+)\\](?<level>\\w+):(?<module>[\\w-]+):(?<body>.*$)"
2015-04-29 03:35:22 +00:00
}
} ,
"level-field" : "level" ,
"timestamp-field" : "timestamp" ,
"level" : {
"error" : "ERROR" ,
"debug" : "DEBUG" ,
"info" : "INFO" ,
"warning" : "WARNING"
} ,
"value" : {
"pid" : {
"kind" : "integer" ,
2015-05-02 03:52:00 +00:00
"identifier" : true ,
"foreign-key" : true
2015-04-29 03:35:22 +00:00
} ,
"module" : {
"kind" : "string" ,
"identifier" : true
}
} ,
"sample" : [
{
"line" : "2015-04-24T21:09:29.296 [25376]INFO:somemodule:Something very INFOrmative."
}
]
} ,
2013-07-29 00:30:38 +00:00
"block_log" : {
"title" : "Generic Block" ,
"description" : "A generic format for logs, like cron, that have a date at the start of a block." ,
2013-08-07 13:31:34 +00:00
"regex" : {
"std" : {
2015-07-20 12:33:02 +00:00
"pattern" : "^(?<timestamp>\\w{3} \\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2} \\w+ \\d{4})(?<body>(?:.|\\n)*)$"
2013-08-07 13:31:34 +00:00
}
} ,
2013-07-29 00:30:38 +00:00
"sample" : [
{
"line" : "Sat Apr 27 03:33:07 PDT 2013"
}
]
} ,
2015-06-25 04:32:45 +00:00
"candlepin_log" : {
"title" : "Candlepin log format" ,
"description" : "Log format used by Candlepin registration system" ,
"regex" : {
"reqorg" : {
"pattern" : "^(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2},\\d{3}) \\[(req=(?<req>[0-9a-f-]+)|=), org=(?<org>\\w*)\\] (?<alert_level>\\w+) (?<module>[\\w.]+) - (?<body>.*)$"
} ,
"other" : {
"pattern" : "^(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}[+-]\\d{4}) (?<body>.*)$"
}
} ,
"value" : {
"req" : { "kind" : "string" , "identifier" : true } ,
"org" : { "kind" : "string" , "identifier" : true } ,
"alert_level" : { "kind" : "string" } ,
"module" : { "kind" : "string" , "identifier" : true } ,
"body" : { "kind" : "string" }
} ,
"sample" : [
{
"line" : "2015-04-17 09:41:50,544 [=, org=] INFO org.candlepin.guice.CustomizableModules - Found custom module module.config.katello"
} ,
{
"line" : "2015-04-17 09:41:56,320 [req=f91d4a84-020d-4874-9741-3979d0baf58d, org=] INFO org.candlepin.common.filter.LoggingFilter - Request: verb=GET, uri=/candlepin/status"
} ,
{
"line" : "2015-04-17 09:42:39+0200 principalType=trusteduser principal=admin target=OWNER entityId=8ab219c64cc653a7014cc6545a6c0001 type=CREATED owner=8ab219c64cc653a7014cc6545a6c0001"
} ,
{
"line" : "2015-04-17 10:49:21,912 [req=ec7867ea-2501-4036-bb08-e2d830720cb5, org=npr_goep_hm_com] INFO org.candlepin.common.filter.LoggingFilter - Response: status=200, content-type=\"application/json\", time=235ms"
}
]
} ,
2013-07-29 00:30:38 +00:00
"choose_repo_log" : {
"title" : "Yum choose_repo Log" ,
"description" : "The log format for the yum choose_repo tool." ,
2013-08-07 13:31:34 +00:00
"regex" : {
"std" : {
"pattern" : "^\\[(?<level>\\w+):[^\\]]+] [^:]+:\\d+ (?<timestamp>\\d{4}-\\d{2}-\\d{2}[T ]\\d{2}:\\d{2}:\\d{2}(?:[\\.,]\\d{3})?):(?<body>.*)"
}
} ,
2013-07-28 18:03:31 +00:00
"level-field" : "level" ,
"level" : {
2013-07-29 00:30:38 +00:00
"error" : "ERROR" ,
"debug" : "DEBUG" ,
"info" : "INFO" ,
"warning" : "WARNING"
2013-07-28 18:03:31 +00:00
} ,
2013-07-29 00:30:38 +00:00
"sample" : [
{
"line" : "[INFO:choose_repo] choose_repo:47 2013-06-20 17:26:10,691: Setting region in redhat-rhui.repo"
}
]
} ,
2015-06-25 04:32:45 +00:00
"cups_log" : {
"title" : "CUPS log format" ,
"description" : "Log format used by the Common Unix Printing System" ,
"regex" : {
"system" : {
"pattern" : "^(?<level>[IEW]) \\[(?<timestamp>\\d{2}/\\w{3}/\\d{4}:\\d{2}:\\d{2}:\\d{2} [+-]\\d{2,4})\\] (?<section>\\w+): (?<body>.*)$"
} ,
"default" : {
"pattern" : "^(?<level>[IEW]) \\[(?<timestamp>\\d{2}/\\w{3}/\\d{4}:\\d{2}:\\d{2}:\\d{2} [+-]\\d{2,4})\\] (?<body>.*)$"
}
} ,
"level" : {
"error" : "E" ,
"warning" : "W"
} ,
"value" : {
"level" : { "kind" : "string" , "identifier" : true } ,
"section" : { "kind" : "string" , "identifier" : true } ,
"body" : { "kind" : "string" }
} ,
"sample" : [
{
"line" : "I [04/Nov/2010:17:37:40 -0400] Allowing up to 100 client connections per host."
} ,
{
"line" : "I [04/Nov/2010:17:37:40 -0400] LoadPPDs: Wrote \"/etc/cups/ppds.dat\", 14 PPDs..."
} ,
{
"line" : "E [04/Nov/2010:17:37:40 -0400] StartListening: Unable to find IP address for server name \"localhost.localdomain\" - Host name lookup failure"
}
]
} ,
2013-07-29 00:30:38 +00:00
"dpkg_log" : {
"title" : "Dpkg Log" ,
"description" : "The debian dpkg log." ,
2013-08-07 13:31:34 +00:00
"regex" : {
"std" : {
"pattern" : "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}[T ]\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?:(?:(?<action>startup|status|configure|install|upgrade|trigproc|remove|purge)(?: (?<status>config-files|failed-config|half-configured|half-installed|installed|not-installed|post-inst-failed|removal-failed|triggers-awaited|triggers-pending|unpacked))? (?<package>[^ ]+) (?<installed_version>[^ ]+)(?: (?<available_version>[^ ]+))?)|update-alternatives: (?<body>.*))$"
}
} ,
2013-07-28 18:03:31 +00:00
"value" : {
2013-07-29 00:30:38 +00:00
"action" : {
"kind" : "string" ,
"identifier" : true
2013-07-28 18:03:31 +00:00
} ,
2013-07-29 00:30:38 +00:00
"status" : {
2013-07-28 18:03:31 +00:00
"kind" : "string" ,
"identifier" : true
} ,
2013-07-29 00:30:38 +00:00
"package" : {
"kind" : "string" ,
"identifier" : true
} ,
"installed_version" : {
"kind" : "string"
} ,
"available_version" : {
"kind" : "string"
2013-07-28 18:03:31 +00:00
}
} ,
"sample" : [
{
2013-07-29 00:30:38 +00:00
"line" : "2012-02-14 10:44:10 configure base-files 5.0.0ubuntu20 5.0.0ubuntu20"
} ,
{
"line" : "2012-02-14 10:44:30 status unpacked rsyslog 4.2.0-2ubuntu8"
} ,
{
"line" : "2012-02-14 10:44:32 update-alternatives: run with --install /usr/bin/rview rview /usr/bin/vim.tiny 10"
2013-07-28 18:03:31 +00:00
}
]
} ,
2015-11-17 06:58:11 +00:00
"elb_log" : {
"title" : "Amazon ELB log" ,
"description" : "Log format for Amazon Elastic Load Balancers" ,
"url" : "http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/access-log-collection.html" ,
"regex" : {
"std" : {
"pattern" : "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{6}Z) (?<elb>[^ ]+) (?<client_ip>[\\w\\.:]+):(?<client_port>\\d+) (?<backend_ip>[\\w\\.:]+):(?<backend_port>\\d+) (?<request_processing_time>\\d+(\\.\\d+)?) (?<backend_processing_time>\\d+(\\.\\d+)?) (?<response_processing_time>\\d+(\\.\\d+)?) (?<elb_status_code>\\d+|-) (?<backend_status_code>\\d+|-) (?<received_bytes>\\d+) (?<sent_bytes>\\d+) \"(?:\\-|(?<cs_method>\\w+|-) (?<cs_uri_stem>[^ \\?]+)(?:\\?(?<cs_uri_query>[^ ]*))? (?<cs_version>[\\w/\\.]+|-)\\s*)\" \"(?<user_agent>[^\"]+)\" (?<ssl_cipher>[\\w-]+) (?<ssl_protocol>[\\w\\.-]+)(?<body>.*)"
}
} ,
2015-11-25 04:59:24 +00:00
"level-field" : "elb_status_code" ,
"level" : {
"error" : "^[^123].*"
} ,
"opid-field" : "client_ip" ,
2015-11-17 06:58:11 +00:00
"value" : {
"elb" : {
"kind" : "string" ,
"identifier" : true
} ,
"client_ip" : {
"kind" : "string" ,
"collate" : "ipaddress" ,
"identifier" : true
} ,
"client_port" : {
"kind" : "integer" ,
"foreign-key" : true
} ,
"backend_ip" : {
"kind" : "string" ,
"collate" : "ipaddress" ,
"identifier" : true
} ,
"backend_port" : {
"kind" : "integer" ,
"foreign-key" : true
} ,
"request_processing_time" : {
"kind" : "float"
} ,
"backend_processing_time" : {
"kind" : "float"
} ,
"response_processing_time" : {
"kind" : "float"
} ,
"elb_status_code" : {
"kind" : "integer" ,
"foreign-key" : true
} ,
"backend_status_code" : {
"kind" : "integer" ,
"foreign-key" : true
} ,
"received_bytes" : {
"kind" : "integer"
} ,
"sent_bytes" : {
"kind" : "integer"
} ,
"cs_method" : {
"kind" : "string" ,
"identifier" : true
} ,
"cs_uri_stem" : {
"kind" : "string" ,
"identifier" : true
} ,
"cs_uri_query" : {
"kind" : "string"
} ,
"cs_version" : {
"kind" : "string" ,
"identifier" : true
} ,
"user_agent" : {
"kind" : "string" ,
"identifier" : true
} ,
"ssl_cipher" : {
"kind" : "string" ,
"identifier" : true
} ,
"ssl_protocol" : {
"kind" : "string" ,
"identifier" : true
}
} ,
"sample" : [
{
"line" : "2015-11-17T05:45:24.077255Z elastic-prod 54.161.222.121:40909 10.231.68.180:443 0.000031 0.009511 0.000029 200 200 0 415 \"GET https://example.com/foo/bar?baz=1234 HTTP/1.1\" \"test agent\" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2"
} ,
{
"line" : "2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.000073 0.001048 0.000057 200 200 0 29 \"GET http://www.example.com:80/ HTTP/1.1\" \"curl/7.38.0\" - -"
} ,
{
"line" : "2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.000086 0.001048 0.001337 200 200 0 57 \"GET https://www.example.com:443/ HTTP/1.1\" \"curl/7.38.0\" DHE-RSA-AES128-SHA TLSv1.2"
} ,
{
"line" : "2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.001069 0.000028 0.000041 - - 82 305 \"- - - \" \"-\" - -"
} ,
{
"line" : "2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.001065 0.000015 0.000023 - - 57 502 \"- - - \" \"-\" ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2"
}
]
} ,
2014-11-10 19:37:07 +00:00
"engine_log" : {
"title" : "engine log" ,
"description" : "The log format for the engine.log files from RHEV/oVirt" ,
"regex" : {
"std" : {
"pattern" : "^(?<timestamp>.+) (?<level>.+) \\[(?<logger>.+)\\] \\((?<tid>.+)\\) (?<body>(?:-|\\n)*)"
}
} ,
2015-11-25 04:59:24 +00:00
"opid-field" : "tid" ,
2014-11-10 19:37:07 +00:00
"value" : {
"tid" : {
"kind" : "string" ,
"identifier" : true
} ,
"logger" : {
"kind" : "string" ,
"identifier" : true
} ,
"thread" : {
"kind" : "string" ,
"identifier" : true
}
} ,
"level-field" : "level" ,
"level" : {
"error" : "ERROR" ,
"info" : "INFO" ,
"warning" : "WARN"
} ,
"sample" : [
{
"line" : "2014-09-21 04:01:29,522 INFO [org.ovirt.engine.core.bll.OvfDataUpdater] (DefaultQuartzScheduler_Worker-90) Successfully updated VM OVFs in Data Center Test"
}
]
} ,
2013-07-09 13:51:18 +00:00
"error_log" : {
2013-07-27 18:04:43 +00:00
"title" : "Common Error Log" ,
"description" : "The default web error log format for servers like Apache." ,
2013-08-07 13:31:34 +00:00
"regex" : {
"cups" : {
"pattern" : "^(?<level>\\w) \\[(?<timestamp>[^\\]]+)\\] (?<body>.*)"
}
} ,
2013-07-09 13:51:18 +00:00
"level-field" : "level" ,
"level" : {
"error" : "E" ,
"warning" : "W" ,
"info" : "I"
2013-07-09 14:37:14 +00:00
} ,
"sample" : [
{
"line" : "E [08/Jun/2013:11:28:58 -0700] Unknown directive BrowseOrder on line 22 of /private/etc/cups/cupsd.conf."
}
]
2013-07-09 13:51:18 +00:00
} ,
2013-07-29 00:30:38 +00:00
"fsck_hfs_log" : {
"title" : "Fsck_hfs Log" ,
"description" : "Log for the fsck_hfs tool on Mac OS X." ,
2013-08-07 13:31:34 +00:00
"regex" : {
"std" : {
2015-07-20 12:33:02 +00:00
"pattern" : "^(?<device>[^:]+): fsck_hfs (?:run|started) at (?<timestamp>\\w{3} \\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2} \\d{4})(?<body>(?:.|\\n)*)"
2013-08-07 13:31:34 +00:00
}
} ,
2013-07-29 00:30:38 +00:00
"value" : {
"device" : {
"kind" : "string" ,
"identifier" : true
}
} ,
"sample" : [
{
"line" : "/dev/rdisk0s2: fsck_hfs run at Wed Jul 25 23:01:18 2012"
}
]
} ,
"glog_log" : {
"title" : "Glog" ,
"description" : "The google glog format." ,
2013-07-31 04:21:28 +00:00
"url" : "https://code.google.com/p/google-glog/" ,
2013-08-07 13:31:34 +00:00
"regex" : {
"std" : {
2016-07-01 01:36:45 +00:00
"pattern" : "^(?<level>[IWECF])(?<timestamp>\\d{4} \\d{2}:\\d{2}:\\d{2}\\.\\d{6}) +(?<thread>\\d+) (?<src_file>[^:]+):(?<src_line>\\d+)\\] (?<body>(?:.|\\n)*)"
2013-08-07 13:31:34 +00:00
}
} ,
2013-07-29 00:30:38 +00:00
"level-field" : "level" ,
"level" : {
"error" : "E" ,
"warning" : "W" ,
"info" : "I" ,
"critical" : "C" ,
"fatal" : "F"
} ,
2015-11-25 04:59:24 +00:00
"opid-field" : "thread" ,
2013-07-29 00:30:38 +00:00
"value" : {
"thread" : {
"kind" : "integer" ,
"identifier" : true ,
"foreign-key" : true
} ,
"src_file" : {
"kind" : "string" ,
"identifier" : true
} ,
"src_line" : {
"kind" : "integer" ,
"foreign-key" : true
}
} ,
"sample" : [
{
2016-07-01 01:36:45 +00:00
"line" : "E0517 15:04:22.619632 1952452992 logging_unittest.cc:253] Log every 3, iteration 19" ,
"line" : "E0517 15:04:22.619632 52992 logging_unittest.cc:253] Log every 3, iteration 19"
2013-07-29 00:30:38 +00:00
}
]
} ,
2015-06-25 04:32:45 +00:00
"java_log" : {
"title" : "Java log format" ,
"description" : "Log format used by log4j and output by most java programs" ,
"url" : "" ,
"regex" : {
"jvm" : {
"pattern" : "^(?<alert_level>\\w+)\\s+\\|\\s+jvm (?<jvm_no>\\d+)\\s+\\|\\s(?<timestamp>\\d{4}/\\d{2}/\\d{2} \\d{2}:\\d{2}:\\d{2})\\s+\\| (?<timestamp_f>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2},\\d{3}) \\[(?<function>\\w+-\\d+)\\]\\s+(?<debug_level>\\w+)\\s+(?<class>[\\w.]+)\\s+-\\s+(?<body>\\S.*)"
} ,
"dump" : {
"pattern" : "^(?<alert_level>\\w+)\\s+\\|\\s+jvm (?<jvm_no>\\d+)\\s+\\|\\s(?<timestamp>\\d{4}/\\d{2}/\\d{2} \\d{2}:\\d{2}:\\d{2})\\s+\\| JVMDUMP\\w+\\s(?<body>\\S.*)$"
} ,
"tasko" : {
"pattern" : "^(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2},\\d{3}) \\[(?<function>\\w+-\\d+)\\]\\s+(?<alert_level>\\w+)\\s+(?<class>[\\w.]+)\\s+-\\s+(?<body>\\S.*)$"
}
} ,
"level-field" : "alert_level" ,
"level" : {
"error" : "ERROR" ,
"warning" : "WARN" ,
"debug" : "DEBUG" ,
"info" : "INFO"
} ,
"value" : {
"function" : { "kind" : "string" , "identifier" : true } ,
"alert_level" : { "kind" : "string" } ,
"jvm_no" : { "kind" : "integer" } ,
"debug_level" : { "kind" : "string" } ,
"class" : { "kind" : "string" } ,
"body" : { "kind" : "string" }
} ,
"sample" : [
{
"line" : "INFO | jvm 1 | 2015/04/28 18:40:00 | 2015-04-28 18:40:00,077 [DefaultQuartzScheduler_Worker-8] INFO com.redhat.rhn.taskomatic.TaskoJob - errata-queue-default: bunch errata-queue-bunch STARTED"
} ,
{
"line" : "INFO | jvm 1 | 2015/04/28 18:34:18 | 2015-04-28 18:34:18,872 [Thread-46] DEBUG com.redhat.rhn.common.hibernate.ConnectionManager - Adding resource com/redhat/rhn/domain/action/ActionArchType.hbm.xml"
} ,
{
"line" : "2015-05-22 16:10:00,123 [DefaultQuartzScheduler_Worker-5] INFO com.redhat.rhn.taskomatic.task.ErrataCacheTask - In the queue: 24"
} ,
{
"line" : "INFO | jvm 1 | 2015/05/24 07:35:50 | JVMDUMP013I Processed dump event \"user\", detail \"\"."
}
]
} ,
"katello_log" : {
"title" : "Katello log format" ,
"description" : "Log format used by katello and foreman as used in Satellite 6." ,
"url" : "http://theforeman.org/" ,
"regex" : {
"log" : {
"pattern" : "^\\[\\s?(?<alert_level>\\w+)\\s(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2})\\s(?<module>\\w+)\\]\\s+(?<message>\\S.*)$"
}
} ,
"level-field" : "alert_level" ,
"level" : {
"error" : "ERROR" ,
"warning" : "WARN" ,
"debug" : "DEBUG"
} ,
"value" : {
"alert_level" : { "kind" : "string" } ,
"module" : { "kind" : "string" } ,
"message" : { "kind" : "string" }
} ,
"sample" : [
{
"line" : "[DEBUG 2015-05-20 12:22:19 main] /Stage[main]/Certs::Candlepin/Exec[create candlepin qpid exchange]/unless: Failed: ConnectError: [Errno 1] _ssl.c:504: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca"
} ,
{
"line" : "[DEBUG 2015-05-20 12:22:19 main] Exec[create candlepin qpid exchange](provider=posix): Executing 'qpid-config --ssl-certificate /etc/pki/katello/certs/java-client.crt --ssl-key /etc/pki/katello/private/java-client.key -b 'amqps://avl248.bcc.qld.gov.au:5671' add exchange topic event --durable'"
} ,
{
"line" : "[ERROR 2015-05-20 12:22:19 main] qpid-config --ssl-certificate /etc/pki/katello/certs/java-client.crt --ssl-key /etc/pki/katello/private/java-client.key -b 'amqps://avl248.bcc.qld.gov.au:5671' add exchange topic event --durable returned 1 instead of one of [0]"
} ,
{
"line" : "[ INFO 2015-05-20 12:22:19 main] /usr/share/ruby/vendor_ruby/puppet/util/errors.rb:104:in `fail'"
}
]
} ,
2014-06-18 04:29:42 +00:00
"openam_log" : {
"title" : "OpenAM Log" ,
"description" : "The OpenAM identity provider." ,
"url" : "http://openam.forgerock.org" ,
"level-field" : "level" ,
"level" : {
"error" : "ERROR" ,
"warning" : "WARNING" ,
"info" : "INFO" ,
"critical" : "SEVERE" ,
"trace" : "FINE|FINEST"
} ,
2015-07-20 12:33:02 +00:00
"multiline" : false ,
2014-06-18 04:29:42 +00:00
"regex" : {
"std" : {
2015-07-20 12:33:02 +00:00
"pattern" : "^\"(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2})\"\\s+(?<data>[^ \"]+|\"(?:[^\"]*|\"\")*\")\\s+(?<loginid>[^ \"]+|\"(?:[^\"]*|\"\")*\")\\s+(?<contextid>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<ipaddr>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<level>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<domain>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<loggedby>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<messageid>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<modulename>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<nameid>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<hostname>[^ \"]+|\"(?:[^\"]|\"\")*\")(?<body>.*)$"
2014-06-18 04:29:42 +00:00
}
} ,
"value" : {
"data" : {
"kind" : "quoted"
} ,
"loginid" : {
"kind" : "quoted" ,
"identifier" : true
} ,
"contextid" : {
"kind" : "quoted" ,
"identifier" : true
} ,
"ipaddr" : {
"kind" : "quoted" ,
"identifier" : true ,
"collate" : "ipaddress"
} ,
"domain" : {
"kind" : "quoted" ,
"identifier" : true
} ,
"loggedby" : {
"kind" : "quoted" ,
"identifier" : true
} ,
"messageid" : {
"kind" : "quoted" ,
"identifier" : true
} ,
"modulename" : {
"kind" : "quoted" ,
"identifier" : true
} ,
"nameid" : {
"kind" : "quoted" ,
"identifier" : true
} ,
"hostname" : {
"kind" : "quoted" ,
"identifier" : true ,
"collate" : "ipaddress"
}
} ,
"sample" : [
{
"line" : "\"2014-06-14 17:08:39\" \"http://localhost:8086|/|<samlp:AuthnRequest ID=\"\"139a40bba4d340108d91022750c2a3a8\"\" Version=\"\"2.0\"\" IssueInstant=\"\"2014-06-14T17:09:04Z\"\" ProtocolBinding=\"\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\" AssertionConsumerServiceURL=\"\"http://localhost:8086/api/1/rest/admin/org/530e42ccd6f45fd16d0d0717/saml/consume\"\">\\n<saml:Issuer>http://localhost:8086</saml:Issuer>\\n<samlp:NameIDPolicy Format=\"\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\"\" AllowCreate=\"\"true\"\"></samlp:NameIDPolicy>\\n<samlp:RequestedAuthnContext Comparison=\"\"exact\"\"><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>\\n</samlp:AuthnRequest>\" \"cn=dsameuser,ou=DSAME Users,dc=openam\" 8fc43a8f6a8c14101 \"Not Available\" INFO dc=openam \"cn=dsameuser,ou=DSAME Users,dc=openam\" SAML2-36 SAML2.access \"Not Available\" 127.0.1.1"
} ,
{
"line" : "\"2014-06-09 14:49:56\" /etc/openam/openam/log/ \"cn=dsameuser,ou=DSAME Users,dc=openam\" 3d956febb91fed31 \"Not Available\" INFO dc=openam \"cn=dsameuser,ou=DSAME Users,dc=openam\" LOG-1 amPolicy.access \"Not Available\" 127.0.1.1"
}
]
} ,
"openamdb_log" : {
"title" : "OpenAM Debug Log" ,
"description" : "Debug logs for the OpenAM identity provider." ,
"url" : "http://openam.forgerock.org" ,
"regex" : {
"std" : {
"pattern" : "^(?<module>[\\w]+):(?<timestamp>\\d{2}/\\d{2}/\\d{4} \\d{2}:\\d{2}:\\d{2}:\\d{3} [AP]M \\w+): Thread\\[(?<thread>[^,]+,\\d+,[^,]+)\\]\\n?(?:\\*+|(?<body>.*))$"
}
} ,
"sample" : [
{
"line" : "amMonitoring:06/09/2014 02:49:59:447 PM UTC: Thread[http-80-1,5,main]\n**********************************************"
} ,
{
"line" : "amLog:06/09/2014 04:08:22:515 PM UTC: Thread[http-80-8,5,main]\nERROR: LogMessageProviderBase.createLogRecord: unable to locate message ID object for ATTEMPT_GET_METAALIAS"
}
]
} ,
2014-11-12 13:43:46 +00:00
"openstack_log" : {
"title" : "OpenStack log format" ,
"description" : "The log format for the OpenStack log files" ,
2014-11-12 14:47:28 +00:00
"url" : "http://docs.openstack.org/openstack-ops/content/logging_monitoring.html" ,
2014-11-12 13:43:46 +00:00
"regex" : {
"std" : {
2014-11-12 14:47:28 +00:00
"pattern" : "^(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}.\\d{3}) (?<pid>\\d+) (?<level>\\w+) (?<logger>.+) \\[(?<tid>.+)\\] (?<body>.*)"
2014-11-12 13:43:46 +00:00
}
} ,
"level-field" : "level" ,
"level" : {
"error" : "ERROR" ,
"info" : "INFO" ,
"warning" : "WARNING" ,
"trace" : "TRACE" ,
"debug" : "AUDIT"
} ,
"value" : {
"tid" : {
"kind" : "string" ,
"identifier" : true
} ,
"pid" : {
"kind" : "string" ,
"identifier" : true
} ,
"logger" : {
"kind" : "string" ,
"identifier" : true
} ,
"body" : {
"kind" : "string" ,
"identifier" : false
}
} ,
"sample" : [
{
"line" : "2014-10-28 10:42:22.772 23623 INFO neutron.wsgi [req-40743023-00ed-441c-9d0a-19b8167ea0ad None] 10.1.255.252 - - [28/Oct/2014 10:42:22] GET /v2.0/floatingips.json?fixed_ip_address=80.0.0.9&port_id=b4291e0e-a941-4663-9379-7af6471e983f HTTP/1.1 200 208 0.008971"
}
]
} ,
2013-07-09 13:51:18 +00:00
"page_log" : {
2013-07-27 18:04:43 +00:00
"title" : "CUPS Page Log" ,
"description" : "The CUPS server log of printed pages." ,
2013-07-09 14:37:14 +00:00
"url" : "http://www.cups.org/documentation.php/doc-1.7/ref-page_log.html" ,
2015-07-11 23:32:48 +00:00
"multiline" : false ,
2013-08-07 13:31:34 +00:00
"regex" : {
"pre-1.7" : {
2015-07-20 12:33:02 +00:00
"pattern" : "^(?<printer>[\\w_\\-\\.]+) (?<username>[\\w\\.\\-]+) (?<job_id>\\d+) \\[(?<timestamp>[^\\]]+)\\] (?<page_number>total|\\d+) (?<num_copies>\\d+) (?<job_billing>[^ ]+) (?<job_originating_hostname>[\\w\\.:\\-]+)(?<body>.*)$"
2013-08-07 13:31:34 +00:00
} ,
"1.7" : {
2015-07-20 12:33:02 +00:00
"pattern" : "^(?<printer>[\\w_\\-\\.]+) (?<username>[\\w\\.\\-]+) (?<job_id>\\d+) \\[(?<timestamp>[^\\]]+)\\] (?<page_number>total|\\d+) (?<num_copies>\\d+) (?<job_billing>[^ ]+) (?<job_originating_hostname>[\\w\\.:\\-]+) (?<job_name>.+) (?<media>[^ ]+) (?<sides>.+)(?<body>.*)$"
2013-08-07 13:31:34 +00:00
}
} ,
2013-07-09 13:51:18 +00:00
"value" : {
"printer" : {
"kind" : "string" ,
"identifier" : true
} ,
"username" : {
"kind" : "string" ,
"identifier" : true
} ,
"job_id" : {
"kind" : "integer" ,
2015-05-02 03:52:00 +00:00
"identifier" : true ,
"foreign-key" : true
2013-07-09 13:51:18 +00:00
} ,
"page_number" : {
"kind" : "string"
} ,
2013-07-09 14:37:14 +00:00
"num_copies" : {
2013-07-09 13:51:18 +00:00
"kind" : "integer"
} ,
2013-07-09 14:37:14 +00:00
"job_billing" : {
2013-07-09 13:51:18 +00:00
"kind" : "string" ,
"identifier" : true
} ,
2013-07-09 14:37:14 +00:00
"job_originating_hostname" : {
2013-07-09 13:51:18 +00:00
"kind" : "string" ,
2013-07-10 03:52:20 +00:00
"collate" : "ipaddress" ,
2013-07-09 13:51:18 +00:00
"identifier" : true
} ,
2013-07-09 14:37:14 +00:00
"job_name" : {
"kind" : "string" ,
"identifier" : true
} ,
"media" : {
"kind" : "string" ,
"identifier" : true
} ,
"sides" : {
2013-07-09 13:51:18 +00:00
"kind" : "string" ,
"identifier" : true
}
2013-07-09 14:37:14 +00:00
} ,
"sample" : [
{
"line" : "Photosmart_7520_series stack 11 [18/May/2013:13:21:15 -0700] total 0 - localhost 5615311548-159003235-tickets.pdf Letter one-sided"
} ,
{
"line" : "tec_IS2027 kurt 401 [22/Apr/2003:10:28:43 +0100] 1 3 #marketing 10.160.50.13"
}
]
2013-07-09 13:51:18 +00:00
} ,
2015-07-07 03:53:42 +00:00
"papertrail_log" : {
"title" : "Papertrail Service" ,
"url" : "https://papertrailapp.com/" ,
"description" : "Log format for the papertrail log management service" ,
"json" : true ,
"hide-extra" : true ,
2015-07-12 16:57:02 +00:00
"file-pattern" : "pt:.*" ,
2015-07-07 03:53:42 +00:00
"line-format" : [
{ "field" : "display_received_at" } ,
" " ,
{ "field" : "hostname" } ,
" " ,
{ "field" : "program" } ,
": " ,
{ "field" : "message" }
] ,
"level-field" : "severity" ,
"level" : {
"error" : "Error" ,
"debug" : "Debug" ,
"warning" : "Warning" ,
"info" : "Info(?:rmational)?|Notice" ,
"critical" : "Crit(?:ical)?" ,
"fatal" : "Emerg(?:ency)?|Alert"
} ,
"timestamp-field" : "generated_at" ,
"body-field" : "message" ,
"value" : {
2016-10-29 13:52:12 +00:00
"display_received_at" : {
"kind" : "string"
} ,
2015-07-07 03:53:42 +00:00
"program" : {
"kind" : "string" ,
"identifier" : true
} ,
"hostname" : {
"kind" : "string" ,
"identifier" : true
}
}
} ,
2013-06-29 13:22:24 +00:00
"snaplogic_log" : {
2013-07-27 18:04:43 +00:00
"title" : "SnapLogic Server Log" ,
"description" : "The SnapLogic server log format." ,
2013-07-31 04:21:28 +00:00
"url" : "http://www.snaplogic.com/docs/user-guide/user-guide.htm" ,
2013-08-07 13:31:34 +00:00
"regex" : {
"std" : {
2014-03-15 11:40:58 +00:00
"pattern" : "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?:(?:(?<level>\\w{4,}) (?<logger>[^ ]+) (?<facility>[^ ]+) (?<msgid>[^ ]+) (?<pipe_rid>-|\\d+)(?:\\.(?<comp_rid>[^ ]+))? (?<resource_name>[^ ]+) (?<invoker>[^ ]+))|(?:(?:stdout|stderr): ))(?<body>.*)"
2013-08-07 13:31:34 +00:00
}
} ,
2013-06-29 13:22:24 +00:00
"level-field" : "level" ,
"level" : {
"error" : "ERROR" ,
"debug" : "DEBUG" ,
"info" : "INFO" ,
"warning" : "WARNING"
} ,
"value" : {
"logger" : {
"kind" : "string" ,
"identifier" : true
} ,
"facility" : {
"kind" : "string" ,
"identifier" : true
} ,
"msgid" : {
"kind" : "string" ,
"identifier" : true
} ,
"pipe_rid" : {
"kind" : "string" ,
"identifier" : true
} ,
"comp_rid" : {
"kind" : "string" ,
"identifier" : true
} ,
"resource_name" : {
"kind" : "string" ,
"identifier" : true
} ,
"invoker" : {
"kind" : "string" ,
"identifier" : true
}
2013-07-31 04:21:28 +00:00
} ,
"sample" : [
{
"line" : "2013-07-30T09:40:25 DEBUG main_process.main PM - 1768839331504132353247612213662950165988626018 - - Pipeline manager '' sending to Leads. Invoker 'admin': PREPARE {'parent_rid': '1768839331504132353247612213662950165988626018', 'resource_name': u'Leads', 'input_views': {}, 'parameters': {u'DELIMITER': u',', u'INPUTFILE': u'file://tutorial/data/leads.csv'}, 'output_views': {u'Output1': {'method': 'GET'}}, 'context_name': u'', 'snap_control_version': '1.2'}"
}
]
2013-07-18 04:24:33 +00:00
} ,
2015-06-25 04:32:45 +00:00
"sssd_log" : {
"title" : "SSSD log format" ,
"description" : "Log format used by the System Security Services Daemon" ,
"url" : "http://fedorahosted.org/sssd" ,
"regex" : {
"core" : {
"pattern" : "^\\((?<timestamp>\\w{3} \\w{3} ( \\d|\\d{2}) \\d{2}:\\d{2}:\\d{2} \\d{4})\\) \\[sssd\\] \\[(?<function>\\w+)\\] \\((?<debug_level>0x[0-9a-fA-F]{4})\\): (?<body>.*)$"
} ,
"module" : {
"pattern" : "^\\((?<timestamp>\\w{3} \\w{3} ( \\d|\\d{2}) \\d{2}:\\d{2}:\\d{2} \\d{4})\\) \\[sssd(?<module>\\[.*?\\])\\] \\[(?<function>\\w+)\\] \\((?<debug_level>0x[0-9a-fA-F]{4})\\): (?<body>.*)$"
}
} ,
"value" : {
"module" : { "kind" : "string" } ,
"function" : { "kind" : "string" } ,
"debug_level" : { "kind" : "string" } ,
"body" : { "kind" : "string" }
} ,
"sample" : [
{
"line" : "(Tue Mar 31 06:03:46 2015) [sssd[be[default]]] [sysdb_search_by_name] (0x0400): No such entry"
} ,
{
"line" : "(Tue Mar 31 05:58:38 2015) [sssd] [start_service] (0x0100): Queueing service LDAP for startup"
}
]
} ,
2014-10-20 05:16:40 +00:00
"strace_log" : {
"title" : "Strace" ,
"description" : "The strace output format." ,
"url" : "http://en.wikipedia.org/wiki/Strace" ,
2015-07-11 23:32:48 +00:00
"multiline" : false ,
2014-10-20 05:16:40 +00:00
"regex" : {
"std" : {
2014-10-28 14:02:27 +00:00
"pattern" : "^(?<timestamp>\\d{2}:\\d{2}:\\d{2}\\.\\d{6}) (?<syscall>\\w+)\\((?<body>.*)\\)\\s+=\\s+(?<rc>[-\\w]+)(?: (?<errno>\\w+) \\([^\\)]+\\))?(?: <(?<duration>\\d+\\.\\d+)>)?$"
2014-10-20 05:16:40 +00:00
}
} ,
"level-field" : "errno" ,
"level" : {
"error" : ".+"
} ,
"value" : {
"syscall" : {
"kind" : "string" ,
"identifier" : true
} ,
"args" : {
"kind" : "string"
} ,
"rc" : {
2015-05-02 03:52:00 +00:00
"kind" : "integer" ,
"foreign-key" : true
2014-10-20 05:16:40 +00:00
} ,
"duration" : {
"kind" : "float"
} ,
"errno" : {
"kind" : "string" ,
"identifier" : true
}
} ,
"sample" : [
{
"line" : "08:09:33.814936 execve(\"/bin/ls\", [\"ls\"], [/* 38 vars */]) = 0 <0.000264>"
} ,
{
"line" : "08:09:33.815943 access(\"/etc/ld.so.nohwcap\", F_OK) = -1 ENOENT (No such file or directory) <0.000019>"
}
]
} ,
2015-08-11 03:41:27 +00:00
"sudo_log" : {
"title" : "sudo" ,
"description" : "The sudo privilege management tool." ,
"url" : "" ,
"regex" : {
"std" : {
"module-format" : true ,
"pattern" : "^(?<login>\\S+)\\s*: (?:(?<error_msg>[^;]+);)?\\s*TTY=(?<tty>[^;]+)\\s+;\\s*PWD=(?<pwd>[^;]+)\\s+;\\s*USER=(?<user>[^;]+)\\s+;\\s*COMMAND=(?<command>(\\n|.)*)$"
}
} ,
"level-field" : "error_msg" ,
"level" : {
"error" : ".+"
} ,
"value" : {
"login" : {
"kind" : "string" ,
"identifier" : true
} ,
"error_msg" : {
"kind" : "string"
} ,
"tty" : {
"kind" : "string"
} ,
"pwd" : {
"kind" : "string"
} ,
"user" : {
"kind" : "string" ,
"identifier" : true
} ,
"command" : {
"kind" : "string"
}
} ,
"sample" : [
{
"line" : "stack : 3 incorrect password attempts ; TTY=ttys005 ; PWD=/Users/stack/ClionProjects/lbuild ; USER=root ; COMMAND=/bin/ls"
} ,
{
"line" : "stack : TTY=ttys005 ; PWD=/Users/stack/ClionProjects/lbuild ; USER=root ; COMMAND=/bin/ls"
}
]
} ,
2013-07-29 00:30:38 +00:00
"syslog_log" : {
"title" : "Syslog" ,
"description" : "The system logger format found on most posix systems." ,
2013-07-31 04:21:28 +00:00
"url" : "http://en.wikipedia.org/wiki/Syslog" ,
2013-08-07 13:31:34 +00:00
"regex" : {
"std" : {
2015-07-11 04:39:03 +00:00
"pattern" : "^(?<timestamp>\\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2})(?: (?<log_hostname>[a-zA-Z0-9:][^ ]+[a-zA-Z0-9]))?(?:(?: (?<log_procname>(?:[^\\[:]+|[^:]+))(?:\\[(?<log_pid>\\d+)\\])?:(?<body>(?:.|\\n)*))$|:?(?:(?: ---)? last message repeated \\d+ times?(?: ---)?))"
2013-08-07 13:31:34 +00:00
}
} ,
2013-07-29 00:30:38 +00:00
"level-field" : "body" ,
"level" : {
2015-05-31 05:44:41 +00:00
"error" : "(?:(?:(?<![a-zA-Z]))(?:(?i)error(?:s)?)(?:(?![a-zA-Z]))|failed|failure)" ,
"warning" : "(?:(?:(?i)warn)|not responding|init: cannot execute)"
2013-07-29 00:30:38 +00:00
} ,
2015-11-25 04:59:24 +00:00
"opid-field" : "log_pid" ,
2015-07-20 04:38:37 +00:00
"module-field" : "log_procname" ,
2013-07-29 00:30:38 +00:00
"value" : {
"log_hostname" : {
"kind" : "string" ,
"collate" : "ipaddress" ,
"identifier" : true
} ,
"log_procname" : {
"kind" : "string" ,
"identifier" : true
} ,
"log_pid" : {
"kind" : "string" ,
2013-10-11 13:22:29 +00:00
"identifier" : true ,
"action-list" : [ "dump_pid" ]
}
} ,
"action" : {
"dump_pid" : {
"label" : "Show Process Info" ,
"capture-output" : true ,
"cmd" : [ "dump-pid.sh" ]
2013-07-29 00:30:38 +00:00
}
} ,
"sample" : [
{
"line" : "Jun 27 01:47:20 Tims-MacBook-Air.local configd[17]: network changed: v4(en0-:192.168.1.8) DNS- Proxy- SMB"
} ,
{
"line" : "Jun 20 17:26:13 ip-10-188-149-5 [CLOUDINIT] util.py[DEBUG]: Restoring selinux mode for /var/lib/cloud (recursive=False)"
}
2016-03-08 14:48:43 +00:00
]
2013-07-29 00:30:38 +00:00
} ,
2014-04-07 05:11:04 +00:00
"tcf_log" : {
"title" : "TCF Log" ,
"description" : "Target Communication Framework log" ,
"url" : [
"http://wiki.eclipse.org/TCF" ,
"http://git.eclipse.org/c/tcf/org.eclipse.tcf.git/tree/target_explorer/plugins/org.eclipse.tm.te.tcf.log.core/src/org/eclipse/tm/te/tcf/log/core/internal/listener/ChannelTraceListener.java?id=b6e81bb8405f99dda2764b22cff876fa00f734f5#n144"
] ,
"regex" : {
"std" : {
2015-07-20 12:33:02 +00:00
"pattern" : "^TCF (?<timestamp>\\d{2}:\\d{2}.\\d{3}): (?:Server-Properties: (?:.*)|channel server|\\w+: (?<dir>--->|<---) (?<type>\\w)(?: (?<token>\\w+))?(?: (?<service>\\w+))?(?: (?<name>\\w+))?(?: (?<msg>.*))?(?: <eom>))(?<body>.*)$"
2014-04-07 05:11:04 +00:00
}
} ,
"value" : {
"dir" : {
"kind" : "string"
} ,
"type" : {
"kind" : "string" ,
"identifier" : true
} ,
"token" : {
"kind" : "string" ,
"identifier" : true
} ,
"service" : {
"kind" : "string" ,
"identifier" : true
} ,
"name" : {
"kind" : "string" ,
"identifier" : true
2014-05-05 13:44:58 +00:00
} ,
"msg" : {
"kind" : "json"
2014-04-07 05:11:04 +00:00
}
} ,
"sample" : [
{
"line" : "TCF 29:47.191: Server-Properties: {\"Name\":\"TCF Protocol Logger\",\"OSName\":\"Linux 3.2.0-60-generic\",\"UserName\":\"xavier\",\"AgentID\":\"1fde3dd1-d4be-4f79-8090-6f8d212f03bf\",\"TransportName\":\"TCP\",\"Proxy\":\"\",\"ValueAdd\":\"1\",\"Port\":\"1534\"}"
} ,
{
"line" : "TCF 30:11.475: 0: <--- R 2 [\"P1\"] <eom>"
} ,
{
"line" : "TCF 30:11.475: 0: ---> C 4 RunControl getChildren \"P1\" <eom>"
}
]
} ,
2013-07-28 18:03:31 +00:00
"tcsh_history" : {
"title" : "TCSH History" ,
"description" : "The tcsh history file format." ,
2013-09-10 13:45:48 +00:00
"convert-to-local-time" : true ,
2013-08-07 13:31:34 +00:00
"regex" : {
"std" : {
"pattern" : "^#(?<timestamp>\\+\\d+)\\n?(?<body>.*)?$"
}
} ,
2013-07-31 04:21:28 +00:00
"sample" : [
{
"line" : "#+1375138067\necho HELLO=BAR"
}
2013-07-28 18:03:31 +00:00
]
} ,
2013-07-18 04:24:33 +00:00
"uwsgi_log" : {
2013-07-27 18:04:43 +00:00
"title" : "Uwsgi Log" ,
"description" : "The uwsgi log format." ,
2015-07-11 23:32:48 +00:00
"multiline" : false ,
2013-08-07 13:31:34 +00:00
"regex" : {
"std" : {
2015-07-20 12:33:02 +00:00
"pattern" : "^\\[pid: (?<s_pid>\\d+)\\|app: (?<s_app>[\\-\\d]+)\\|req: (?<s_req>[\\-\\d]+)/(?<s_worker_reqs>\\d+)\\] (?<c_ip>[^ ]+) \\((?<cs_username>[^\\)]*)\\) \\{(?<cs_vars>\\d+) vars in (?<cs_bytes>\\d+) bytes\\} \\[(?<timestamp>[^\\]]+)\\] (?<cs_method>[A-Z]+) (?<cs_uri_stem>[^ \\?]+)(?:\\?(?<cs_uri_query>[^ ]*))? => generated (?<sc_bytes>\\d+) bytes in (?<s_runtime>\\d+) (?<rt_unit>\\w+) \\((?<cs_version>[^ ]+) (?<sc_status>\\d+)\\) (?<sc_headers>\\d+) headers in (?<sc_header_bytes>\\d+) bytes \\((?<s_switches>\\d+) switches on core (?<s_core>\\d+)\\)(?<body>.*)"
2013-08-07 13:31:34 +00:00
}
} ,
2013-07-18 04:24:33 +00:00
"level-field" : "sc_status" ,
"level" : {
"error" : "^[^123]"
} ,
2015-11-25 04:59:24 +00:00
"opid-field" : "s_pid" ,
2013-07-18 04:24:33 +00:00
"value" : {
"s_pid" : {
"kind" : "string" ,
"identifier" : true
} ,
"s_app" : {
"kind" : "string" ,
"identifier" : true
} ,
"s_req" : {
2016-03-20 22:15:50 +00:00
"kind" : "integer" ,
"foreign-key" : true
2013-07-18 04:24:33 +00:00
} ,
"s_worker_reqs" : {
2016-03-20 22:15:50 +00:00
"kind" : "integer" ,
"foreign-key" : true
2013-07-18 04:24:33 +00:00
} ,
"c_ip" : {
"kind" : "string" ,
"collate" : "ipaddress" ,
"identifier" : true
} ,
"cs_username" : {
"kind" : "string" ,
"identifier" : true
} ,
"cs_vars" : {
"kind" : "integer"
} ,
"cs_bytes" : {
"kind" : "integer"
} ,
"cs_method" : {
"kind" : "string" ,
"identifier" : true
} ,
"cs_uri_stem" : {
"kind" : "string" ,
"identifier" : true
} ,
"cs_uri_query" : {
"kind" : "string"
} ,
"sc_bytes" : {
"kind" : "integer"
} ,
"s_runtime" : {
2013-07-23 12:55:08 +00:00
"kind" : "float" ,
"unit" : {
"field" : "rt_unit" ,
"scaling-factor" : {
"/msecs" : 1000.0 ,
"/micros" : 1000000.0
}
}
2013-07-18 04:24:33 +00:00
} ,
"cs_version" : {
"kind" : "string" ,
"identifier" : true
} ,
"sc_status" : {
"kind" : "integer" ,
"foreign-key" : true
} ,
"sc_headers" : {
"kind" : "integer"
} ,
"sc_header_bytes" : {
"kind" : "integer"
} ,
"s_switches" : {
"kind" : "integer"
} ,
"s_core" : {
"kind" : "string" ,
"identifier" : true
}
} ,
"sample" : [
{
"line" : "[pid: 24386|app: 0|req: 482950/4125645] 86.221.170.65 () {44 vars in 1322 bytes} [Tue Jan 3 05:01:31 2012] GET /contest/log_presence/shhootter/?_=1325592089910 => generated 192 bytes in 21 msecs (HTTP/1.1 200) 4 headers in 188 bytes (1 switches on core 0)"
}
]
2013-07-29 00:30:38 +00:00
} ,
2014-11-10 16:56:35 +00:00
"vdsm_log" : {
2017-03-13 14:50:03 +00:00
"title" : "Vdsm Logs" ,
"description" : "Vdsm log format" ,
"url" : "http://www.ovirt.org/develop/developer-guide/vdsm/log-files/" ,
2014-11-22 18:33:24 +00:00
"regex" : {
2017-03-13 14:50:03 +00:00
"v4.1" : {
"pattern" : "(?s)^(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2},\\d{3}(?:\\+\\d{4})?) (?<level>\\w+)\\s+\\((?<thread>.+?)\\) \\[(?<logger>.+?)\\]\\s+?(?<body>(?:.|[\\r\\n])*?)\\s+?\\((?<src_file>\\w+?):(?<src_line>\\d+)\\)(\\n(?<traceback>Traceback.*?)(?=\\n(?P=timestamp)|$))?"
} ,
"v4" : {
2014-11-22 18:33:24 +00:00
"pattern" : "^(?<tid>.+)::(?<level>.+)::(?<timestamp>.+)::(?<module>.+)::(?<src_line>.+)::(?<logger>.+)::\\((?<func>[^\\)]+)\\)(?<body>(?:.|\\n)*)"
2014-11-10 16:56:35 +00:00
}
} ,
2014-11-22 18:33:24 +00:00
"level-field" : "level" ,
"level" : {
"error" : "ERROR" ,
"debug" : "DEBUG" ,
"info" : "INFO" ,
2017-03-13 14:50:03 +00:00
"warning" : "WARNING|WARN" ,
"critical" : "CRIT" ,
"trace" : "TRACE"
2014-11-10 16:56:35 +00:00
} ,
2014-11-22 18:33:24 +00:00
"value" : {
"tid" : {
"kind" : "string" ,
"identifier" : true
2014-11-10 16:56:35 +00:00
} ,
2014-11-22 18:33:24 +00:00
"module" : {
"kind" : "string" ,
"identifier" : true
2014-11-10 16:56:35 +00:00
} ,
2014-11-22 18:33:24 +00:00
"src_line" : {
"kind" : "integer" ,
"foreign-key" : true
2014-11-10 16:56:35 +00:00
} ,
2014-11-22 18:33:24 +00:00
"logger" : {
"kind" : "string" ,
"identifier" : true
2014-11-10 16:56:35 +00:00
} ,
2014-11-22 18:33:24 +00:00
"func" : {
"kind" : "string" ,
"identifier" : true
2017-03-13 14:50:03 +00:00
} ,
"thread" : {
"kind" : "string" ,
"identifier" : true
} ,
"src_file" : {
"kind" : "string" ,
"identifier" : true
} ,
"traceback" : {
"kind" : "string" ,
"identifier" : true
}
2014-11-10 16:56:35 +00:00
} ,
2014-11-22 18:33:24 +00:00
"sample" : [
{
2017-03-13 14:50:03 +00:00
"line" : "Thread-1950::INFO::2011-12-07 12:14:15,018::dispatcher::94::Storage.Dispatcher.Protect::(run) Run and protect: getDeviceList, args: ( storageType=2)" ,
"line" : "2017-03-06 14:49:05,167+0200 INFO (vm/9e5dd42e) [virt.vm] (vmId='9e5dd42e-5177-4da3-a6ce-87fa2052d315') (vm:2104)"
2014-11-22 18:33:24 +00:00
}
]
} ,
"vmk_log" : {
"title" : "VMKernel Logs" ,
"description" : "The VMKernel's log format" ,
"url" : "" ,
"regex" : {
"std" : {
2015-04-19 04:29:14 +00:00
"pattern" : "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z) cpu(?<cpu>\\d+):(?<world_id>\\d+)\\)((?:(?<level>WARNING|ALERT)|(?<subsystem>[^:]+)): )?(?<body>.*)"
2014-11-22 18:33:24 +00:00
}
} ,
"level-field" : "level" ,
"level" : {
2015-04-09 02:07:11 +00:00
"error" : "ALERT" ,
2014-11-22 18:33:24 +00:00
"warning" : "WARNING"
} ,
"value" : {
"cpu" : {
"kind" : "integer" ,
2015-05-02 03:52:00 +00:00
"identifier" : true ,
"foreign-key" : true
2014-11-22 18:33:24 +00:00
} ,
"world_id" : {
"kind" : "integer" ,
2015-05-02 03:52:00 +00:00
"identifier" : true ,
"foreign-key" : true
2015-04-19 04:29:14 +00:00
} ,
"subsystem" : {
"kind" : "string" ,
"identifier" : true
2014-11-22 18:33:24 +00:00
}
} ,
"sample" : [
2014-11-10 16:56:35 +00:00
{
2014-11-22 18:33:24 +00:00
"line" : "2014-11-14T19:19:51.559Z cpu7:35233)VC: 2002: Device rescan time 704 msec (total number of devices 91)"
2015-04-09 02:07:11 +00:00
} ,
{
"line" : "2015-04-01T22:22:35.038Z cpu22:44012977)ALERT: This is what an alert looks like."
2014-11-10 16:56:35 +00:00
}
]
} ,
2013-07-29 00:30:38 +00:00
"vmw_log" : {
"title" : "VMware Logs" ,
"description" : "One of the log formats used in VMware's ESXi and vCenter software." ,
2013-07-31 04:21:28 +00:00
"url" : "http://kb.vmware.com/kb/2004201" ,
2013-08-07 13:31:34 +00:00
"regex" : {
2014-11-07 04:32:35 +00:00
"6.0+" : {
2014-11-07 14:16:45 +00:00
"pattern" : "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}(?:Z|[-+]\\d{2}:\\d{2})) (?:Section for VMware VirtualCenter,.*|(?<level>\\w+) (?<prc>\\w+)\\[(?<tid>\\w+)\\] \\[(?<src>[^ \\]]+)\\s*(?: sub=(?<sub>[^ \\]]+))?(?: opID=(?<opid>[^ \\]]+))?(?: user=(?<user>[\\w\\-]+))?\\](?<body>.*)(?:\\n(?:.|\\n)*)?)$"
2014-11-07 04:32:35 +00:00
} ,
2013-08-07 13:31:34 +00:00
"5.0+" : {
2014-11-07 14:16:45 +00:00
"pattern" : "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}(?:Z|[-+]\\d{2}:\\d{2})) \\[(?<tid>\\w+) (?<level>\\w+) '(?<comp>[^']+)'(?: opID=(?<opid>[^ \\]]+))?(?: user=(?<user>[\\w\\-]+))?\\](?<body>.*)(?:\\n(?:.|\\n)*)?$"
2013-08-07 13:31:34 +00:00
} ,
"pre-5.0" : {
2014-11-07 14:16:45 +00:00
"pattern" : "^\\[(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}\\.\\d{3}) (?<tid>\\w+) (?<level>\\w+) '(?<comp>[^']+)'(?: opID=(?<opid>[^ \\]]+))?(?: user=(?<user>[\\w\\-]+))?\\](?<body>.*)(?:\\n(?:.|\\n)*)?$"
2015-12-11 04:36:25 +00:00
} ,
"ls-log" : {
"pattern" : "^\\[(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2},\\d{3}) (?<tid>[\\w\\-]+)\\s+(?<level>\\w+)\\s+(?<comp>[^\\]]+)\\]\\s+(?<body>(?:.|\\n)*)"
2013-08-07 13:31:34 +00:00
}
} ,
2013-07-29 00:30:38 +00:00
"level-field" : "level" ,
"level" : {
2015-12-11 04:36:25 +00:00
"error" : "(error|ERROR|panic|PANIC)" ,
"warning" : "(warning|WARNING|warn|WARN)" ,
2013-07-29 00:30:38 +00:00
"trace" : "verbose"
} ,
2015-11-25 04:59:24 +00:00
"opid-field" : "opid" ,
2013-07-29 00:30:38 +00:00
"value" : {
2014-11-07 04:32:35 +00:00
"prc" : {
"kind" : "string" ,
"identifier" : true
} ,
2013-07-29 00:30:38 +00:00
"tid" : {
"kind" : "string" ,
"identifier" : true
} ,
2014-11-07 04:32:35 +00:00
"src" : {
"kind" : "string" ,
"identifier" : true
} ,
2013-07-29 00:30:38 +00:00
"comp" : {
"kind" : "string" ,
"identifier" : true
} ,
2014-11-07 04:32:35 +00:00
"sub" : {
"kind" : "string" ,
"identifier" : true
} ,
2013-07-29 00:30:38 +00:00
"opid" : {
"kind" : "string" ,
"identifier" : true
} ,
"user" : {
"kind" : "string" ,
"identifier" : true
}
2013-07-31 04:21:28 +00:00
} ,
"sample" : [
{
"line" : "[2011-04-01 15:14:34.203 F5A5AB90 info 'vm:/vmfs/volumes/4d6579ec-23f981cb-465c-00237da0cfee/Vmotion-test/Vmotion-test.vmx' opID=F6FC49D5-000007E6-d] VMotionPrepare: dstMgmtIp=10.21.49.138"
2014-11-07 04:32:35 +00:00
} ,
{
2014-11-07 14:16:45 +00:00
"line" : "2014-11-04T15:53:31.075+05:30 verbose vpxd[05160] [Originator@6876 sub=PropertyProvider opID=ProcessAlarmFiring-427c3c55] RecordOp ASSIGN: declaredAlarmState[\"alarm-1.host-23\"], host-23. Applied change to temp map."
2014-11-07 04:32:35 +00:00
} ,
{
"line" : "2014-01-17T04:55:50.347Z [7F03ECE76700 verbose 'Default' opID=2140bc71] [VpxVmomi] Invoke done: vmodl.query.PropertyCollector.waitForUpdatesEx session: c580b3ef-0011-88a5-b2af-7ca7e74114c8"
} ,
{
"line" : "2014-11-04T12:46:42.990+05:30 Section for VMware VirtualCenter, pid=6432, version=6.0.0, build=2255588, option=BETA"
2015-12-11 04:36:25 +00:00
} ,
{
"line" : "[2013-01-16 02:26:25,500 pool-3-thread-1 INFO com.vmware.vim.license.service.impl.ServiceImpl] License Accounting Service initialized"
2013-07-31 04:21:28 +00:00
}
]
2015-06-25 04:32:45 +00:00
} ,
"xmlrpc_log" : {
"title" : "RHN server XMLRPC log format" ,
"description" : "Generated by Satellite's XMLRPC component" ,
"url" : "https://access.redhat.com/products/red-hat-satellite" ,
"regex" : {
"main" : {
2015-07-20 12:33:02 +00:00
"pattern" : "^(?<timestamp>\\d{4}/\\d{2}/\\d{2} \\d{2}:\\d{2}:\\d{2} [+-]?\\d{2}:\\d{2}) (?<pid>\\d+) (?<client_ip>\\S+): (?<module>\\w+)/(?<function>.*)(?<arguments>\\(.*?\\))?(?<body>.*)$"
2015-06-25 04:32:45 +00:00
}
} ,
"value" : {
"pid" : { "kind" : "integer" , "identifier" : true } ,
"client_ip" : { "kind" : "string" , "identifier" : true } ,
"module" : { "kind" : "string" } ,
"function" : { "kind" : "string" }
} ,
"sample" : [
{
"line" : "2015/05/24 07:48:21 -05:00 767 10.206.22.17: xmlrpc/up2date.listChannels(1000011979,)"
} ,
{
"line" : "2015/05/24 07:48:22 -05:00 1377 10.184.37.105: xmlrpc/registration.welcome_message('lang: None',)"
} ,
{
"line" : "2015/05/24 07:48:22 -05:00 759 10.49.10.30: xmlrpc/registration.register_osad"
} ,
{
"line" : "2015/05/24 07:48:22 -05:00 759 10.49.10.30: rhnServer/server_certificate.valid('Server id ID-1000019942 not found in database',)"
}
]
2013-06-29 13:22:24 +00:00
}
}