From 80bddbd2e7756ae5752ddb5916a2b7c75bb052d0 Mon Sep 17 00:00:00 2001 From: Timothy Stack Date: Sun, 17 Jul 2022 14:11:23 -0700 Subject: [PATCH] [formats] some more fixes for vmw formats --- src/formats/vmk_log.json | 10 +++++++++- src/formats/vmw_log.json | 9 ++++++--- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/src/formats/vmk_log.json b/src/formats/vmk_log.json index b59a2553..5d93def6 100644 --- a/src/formats/vmk_log.json +++ b/src/formats/vmk_log.json @@ -6,7 +6,7 @@ "url": "", "regex": { "std": { - "pattern": "^(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z) cpu(?\\d+):(?\\d+)\\)((?:(?WARNING|ALERT)|(?[^:]+)): )?(?.*)" + "pattern": "^(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z) cpu(?\\d+):(?\\d+)(?: opID=(?[^\\)]+))?\\)((?:(?WARNING|ALERT)|(?[^:]+)): )?(?.*)" } }, "level-field": "level", @@ -15,6 +15,7 @@ "warning": "WARNING" }, "max-unrecognized-lines": 15000, + "opid-field": "opid", "value": { "cpu": { "kind": "integer", @@ -29,6 +30,10 @@ "subsystem": { "kind": "string", "identifier": true + }, + "opid": { + "kind": "string", + "identifier": true } }, "sample": [ @@ -37,6 +42,9 @@ }, { "line": "2015-04-01T22:22:35.038Z cpu22:44012977)ALERT: This is what an alert looks like." + }, + { + "line": "2022-06-02T02:16:57.414Z cpu31:1001392590 opID=827cfaf): UWVMKSyscall: ForkExec:2408: hostd-worker: Found params " } ] } diff --git a/src/formats/vmw_log.json b/src/formats/vmw_log.json index 80252128..aadf67a7 100644 --- a/src/formats/vmw_log.json +++ b/src/formats/vmw_log.json @@ -6,7 +6,7 @@ "url": "http://kb.vmware.com/kb/2004201", "regex": { "6.0+": { - "pattern": "^(?:\\[#\\d+\\] )?(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}(?:Z|[-+]\\d{2}:\\d{2})) (?\\w+)(?:\\(\\d+\\)+)? (?[\\w\\-]+)\\[(?\\w+)\\]:? (?:\\w+ -\\[\\d+\\] )?\\[(?[^ \\]]+)\\s*(?: sub=(?Http2(?:Client)?Session #\\d+|HTTP session map|HTTP server|Memory checker|Vimsvc\\.Ticket((?: |\\-)[0-9a-fA-F]{2})+|Req@(?:[\\w\\.\\-@/:]+)(?: M?[\\d\\.]+(?:U[\\d\\.]+)?)?|(?:SSL )?(?:[\\w\\.\\-@/:]+(?:\\[[0-9a-fA-F]+\\])?(?:\\([0-9a-fA-F]+\\))?(?:\\{\\d+\\})?)+)?)?(?:\\s+item=(?[\\w\\.\\-@/:]+))?(?: opI(?:D|d)=(?[\\w@ \\-\\.:]+(?!sid|user|reason|update)))?(?: sid=(?[^ \\]]+))?(?: user=(?[^ \\]]+))?(?: update=(?\\d+))?(?:\\s+reason=(?[^\\]]+))?\\]\\s*(?.*)(?:\\n.*)?$" + "pattern": "^(?:\\[#\\d+\\] )?(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}(?:Z|[-+]\\d{2}:\\d{2})) (?\\w+)(?:\\(\\d+\\)+)? (?[\\w\\-]+)\\[(?\\w+)\\]:? (?:\\w+ -\\[\\d+\\] )?\\[(?\\w+@\\d+)(?:\\s+sub=(?Http2(?:Client)?Session #\\d+|HTTP session map|HTTP server|Proxy Req \\d+(?: Tunnel)?|Hostsvc.ResourcePool [\\w+\\-\\.]+|Memory checker|Handle checker|HttpNfcLease-session\\[[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\\][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|Statssvc.StatsCollector.StatsRegistry\\(\\w+\\).Query\\(\\w+\\)|Vimsvc\\.Ticket((?: |\\-)[0-9a-fA-F]{2})+|Req@(?:[\\w\\.\\-@/:]+)(?: M?[\\d\\.]+(?:U[\\d\\.]+)?)?|(?:SSL )?(?:[\\w\\.\\-@/:]+(?:\\[[0-9a-fA-F]+\\])?(?:\\([0-9a-fA-F]+\\))?(?:\\{\\d+\\})?)+)?)?(?:\\s+item=(?[\\w\\.\\-@/:]+))?(?: opI(?:D|d)=(?(?:req=)?[\\w@ \\-\\.:]+(?!sid|user|reason|update)))?(?: sid=(?[^ \\]]+))?(?: user=(?[^ \\]<]+(?:<[^>]+>)?))?(?: update=(?\\d+))?(?:\\s+reason=(?[^\\]]+))?\\]\\s*(?.*)(?:\\n.*)?$" }, "6.0+-nosrc": { "pattern": "^(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}(?:Z|[-+]\\d{2}:\\d{2})) (?\\w+)(?:\\(\\d+\\)+)? (?[\\w\\-]+)\\[(?\\w+)\\]:? \\[(?:opI(?:D|d)=(?[^\\]]+))\\]\\s*(?.*)(?:\\n.*)?$" @@ -30,7 +30,7 @@ "pattern": "^(?\\d{4}-\\d{2}-\\d{2}(T| )\\d{2}:\\d{2}:\\d{2}(?:.|,)\\d{3}(?:Z|[-+]\\d{2}:\\d{2})) \\[(?[^\\[]+)\\[(?\\w+)\\]:\\s+(?.*)\\]$" }, "pylog": { - "pattern": "^(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?(?:Z|[-+]\\d{2}:\\d{2})) (?[^:]+):\\s+(?\\w+):\\s+(?[^:]+):(?\\d+)?\\s+(?\\w+):?\\s+(?.*)(?:\\n.*)?$" + "pattern": "^(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?(?:Z|[-+]\\d{2}:\\d{2})) (?[^:]+):\\s+(?\\d+):\\s+(?[^:]+):(?\\d+)?\\s+(?\\w+):?\\s+(?.*)(?:\\n.*)?$" }, "vum-log4cpp": { "pattern": "^\\[(?\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}:\\d{3}) '(?[^']*)' (?\\d+) (?[a-zA-Z]+)\\]\\s+(?>\\[(?\\S+), (?\\d+)\\])? (?.*$)" @@ -216,7 +216,10 @@ "line": "2022-06-02T02:56:51.640Z In(14) vmsyslogd[1001390391]: Logs rotated. 2022-06-02T02:54:42.721Z - time the service was last started 2022-06-02T02:54:42.708Z, Section for VMware ESX, pid=1001391976, version=8.0.0, build=19833347, option=BETA" }, { - "line": "2022-06-02T02:15:22.987Z In(166) Hostd[1001392061]: info -[1001392061] [Originator@6876 sub=Default] Supported VMs 640\n" + "line": "2022-06-02T02:15:22.987Z In(166) Hostd[1001392061]: info -[1001392061] [Originator@6876 sub=Default] Supported VMs 640" + }, + { + "line": "2022-06-02T03:20:05.107Z Db(167) Hostd[1001392035]: [Originator@6876 sub=AdapterServer opID=531c52d7-9d8a sid=52806149 user=vpxuser:] New request: target='vim.HostSystem:ha-host', method='retrieveInternalCapability', session='52806149-fe15-f6ff-7685-353ae5d93dcc'" } ] }