From d22727242a1be1be6019ea63a743ac79b0663cad Mon Sep 17 00:00:00 2001 From: Tim Stack Date: Mon, 1 Aug 2022 15:16:00 -0700 Subject: [PATCH] [formats] pickup old macos syslog format --- src/formats/syslog_log.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/formats/syslog_log.json b/src/formats/syslog_log.json index 3d449aca..138d4a10 100644 --- a/src/formats/syslog_log.json +++ b/src/formats/syslog_log.json @@ -6,7 +6,7 @@ "url": "http://en.wikipedia.org/wiki/Syslog", "regex": { "std": { - "pattern": "^(?(?:\\S{3,8}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2}|\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3,6})?(?:Z|(?:\\+|-)\\d{2}:\\d{2})))(?: (?[a-zA-Z0-9:][^ ]+[a-zA-Z0-9]))?(?: \\[CLOUDINIT\\])?(?:(?: syslogd [\\d\\.]+|(?: (?(?(?:[^\\[: ]+|[^ :]+))(?:\\[(?\\d+)\\])?))):\\s*(?.*)$|:?(?:(?: ---)? last message repeated \\d+ times?(?: ---)?))" + "pattern": "^(?(?:\\S{3,8}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2}|\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3,6})?(?:Z|(?:\\+|-)\\d{2}:\\d{2})))(?: (?[a-zA-Z0-9:][^ ]+[a-zA-Z0-9]))?(?: \\[CLOUDINIT\\])?(?:(?: syslogd [\\d\\.]+|(?: (?(?(?:[^\\[: ]+|[^ :]+))(?:\\[(?\\d+)\\](?: \\([^\\)]+\\))?)?))):\\s*(?.*)$|:?(?:(?: ---)? last message repeated \\d+ times?(?: ---)?))" }, "rfc5424": { "pattern": "^<(?\\d+)>(?\\d+) (?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{6})?(?:[^ ]+)?) (?[^ ]+|-) (?(?[^ ]+|-) (?[^ ]+|-) (?[^ ]+|-)) (?\\[(?:[^\\]\"]|\"(?:\\.|[^\"])+\")*\\]|-|)\\s+(?.*)" @@ -90,6 +90,9 @@ }, { "line": "<78>1 2017-04-27T08:09:01+02:00 nextcloud CRON 1472 - - (root) CMD ( [ -x /usr/lib/php5/sessionclean ] && /usr/lib/php5/sessionclean)" + }, + { + "line": "Aug 1 00:00:03 Tim-Stacks-iMac com.apple.xpc.launchd[1] (com.apple.mdworker.shared.0C000000-0700-0000-0000-000000000000[50989]): Service exited due to SIGKILL | sent by mds[198]" } ] }