[fmt] add a sudo_log format

2024-11-01 21:40:34 +00:00 · 2015-08-10 20:41:27 -07:00 · 2015-08-10 20:41:27 -07:00 · 5bb0599d7e
commit 5bb0599d7e
parent bedae8c8c2
3 changed files with 51 additions and 1 deletions
--- a/1
+++ b/1
@ -15,6 +15,7 @@ lnav v0.8.0:
       A standard set of extra formats can be installed by doing
       'lnav -i extra'. (You must have git installed for this to work.)
     * Added support for 'VMware vSphere Auto Deploy' log format.
+     * Added a 'sudo' log format.
     * Added hotkeys to move left/right by a smaller increment (H/L or
       Shift+Left/Shift+Right).
     * A color-coded bar has been added to the left side to show where
--- a/src/default-log-formats.json
+++ b/src/default-log-formats.json
@ -793,6 +793,51 @@
            }
        ]
    },
+    "sudo_log" : {
+        "title" : "sudo",
+        "description" : "The sudo privilege management tool.",
+        "url" : "",
+        "regex" : {
+            "std" : {
+                "module-format" : true,
+                "pattern" : "^(?<login>\\S+)\\s*: (?:(?<error_msg>[^;]+);)?\\s*TTY=(?<tty>[^;]+)\\s+;\\s*PWD=(?<pwd>[^;]+)\\s+;\\s*USER=(?<user>[^;]+)\\s+;\\s*COMMAND=(?<command>(\\n|.)*)$"
+            }
+        },
+        "level-field" : "error_msg",
+        "level" : {
+            "error" : ".+"
+        },
+        "value" : {
+            "login" : {
+                "kind" : "string",
+                "identifier" : true
+            },
+            "error_msg" : {
+                "kind" : "string"
+            },
+            "tty" : {
+                "kind" : "string"
+            },
+            "pwd" : {
+                "kind" : "string"
+            },
+            "user" : {
+                "kind" : "string",
+                "identifier" : true
+            },
+            "command" : {
+                "kind" : "string"
+            }
+        },
+        "sample" : [
+            {
+                "line" : "stack : 3 incorrect password attempts ; TTY=ttys005 ; PWD=/Users/stack/ClionProjects/lbuild ; USER=root ; COMMAND=/bin/ls"
+            },
+            {
+                "line" : "stack : TTY=ttys005 ; PWD=/Users/stack/ClionProjects/lbuild ; USER=root ; COMMAND=/bin/ls"
+            }
+        ]
+    },
    "syslog_log" : {
        "title" : "Syslog",
        "description" : "The system logger format found on most posix systems.",
--- a/src/log_format.cc
+++ b/src/log_format.cc
@ -1343,6 +1343,10 @@ void external_log_format::build(std::vector<std::string> &errors)
            }

            if (pat.p_pcre->match(pc, pi)) {
+                if (pat.p_module_format) {
+                    found = true;
+                    continue;
+                }
                pcre_context::capture_t *ts_cap =
                        pc[this->lf_timestamp_field.get()];
                const char *ts = pi.get_substr_start(ts_cap);
@ -1392,7 +1396,7 @@ void external_log_format::build(std::vector<std::string> &errors)
        if (!found) {
            errors.push_back("error:" +
                             this->elf_name.to_string() +
-                             ":invalid sample -- " +
+                             ":invalid sample         -- " +
                             iter->s_line);

            for (std::vector<pattern *>::iterator pat_iter = this->elf_pattern_order.begin();