{ "access_log" : { "title" : "Common Access Log", "description" : "The default web access log format for servers like Apache.", "url" : "http://en.wikipedia.org/wiki/Common_Log_Format", "regex" : { "ts-first-noquotes" : { "pattern" : "^(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?[^ ]+) (?[^ ]+) (?[A-Z]+) (?[^ \\?]+)(?:\\?(?[^ ]*))? (?:-1|\\d+) (?\\d+) \\d+" }, "ts-first" : { "pattern" : "^(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?[^ ]+) (?[^ ]+) (?[A-Z]+) \"(?[^ \\?]+)(?:\\?(?[^ ]*))?\" (?:-1|\\d+) (?\\d+) \\d+" }, "std" : { "pattern" : "^(?[\\w\\.:\\-]+) [\\w\\.\\-]+ (?[\\w\\.\\-]+) \\[(?[^\\]]+)\\] \"(?:\\-|(?\\w+) (?[^ \\?]+)(?:\\?(?[^ ]*))? (?[\\w/\\.]+))\" (?\\d+) (?\\d+|-)(?: \"(?[^\"]+)\" \"(?[^\"]+)\")?.*" } }, "level-field": "sc_status", "level" : { "error" : "^[^123]" }, "value" : { "c_ip" : { "kind" : "string", "collate" : "ipaddress", "identifier" : true }, "cs_username" : { "kind" : "string", "identifier" : true }, "cs_method" : { "kind" : "string", "identifier" : true }, "cs_uri_stem" : { "kind" : "string", "identifier" : true }, "cs_uri_query" : { "kind" : "string" }, "cs_version" : { "kind" : "string", "identifier" : true }, "sc_status" : { "kind" : "integer", "foreign-key" : true }, "sc_bytes" : { "kind" : "integer" }, "cs_referer" : { "kind" : "string", "identifier" : true }, "cs_user_agent" : { "kind" : "string", "identifier" : true } }, "sample" : [ { "line" : "10.112.72.172 - - [11/Feb/2013:06:43:36 +0000] \"GET /client/ HTTP/1.1\" 200 5778 \"-\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17\"" } ] }, "block_log" : { "title" : "Generic Block", "description" : "A generic format for logs, like cron, that have a date at the start of a block.", "regex" : { "std" : { "pattern" : "^(?\\w{3} \\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2} \\w+ \\d{4})$" } }, "sample" : [ { "line" : "Sat Apr 27 03:33:07 PDT 2013" } ] }, "choose_repo_log" : { "title" : "Yum choose_repo Log", "description" : "The log format for the yum choose_repo tool.", "regex" : { "std" : { "pattern" : "^\\[(?\\w+):[^\\]]+] [^:]+:\\d+ (?\\d{4}-\\d{2}-\\d{2}[T ]\\d{2}:\\d{2}:\\d{2}(?:[\\.,]\\d{3})?):(?.*)" } }, "level-field" : "level", "level" : { "error" : "ERROR", "debug" : "DEBUG", "info" : "INFO", "warning" : "WARNING" }, "sample" : [ { "line": "[INFO:choose_repo] choose_repo:47 2013-06-20 17:26:10,691: Setting region in redhat-rhui.repo" } ] }, "dpkg_log" : { "title" : "Dpkg Log", "description" : "The debian dpkg log.", "regex" : { "std" : { "pattern" : "^(?\\d{4}-\\d{2}-\\d{2}[T ]\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?:(?:(?startup|status|configure|install|upgrade|trigproc|remove|purge)(?: (?config-files|failed-config|half-configured|half-installed|installed|not-installed|post-inst-failed|removal-failed|triggers-awaited|triggers-pending|unpacked))? (?[^ ]+) (?[^ ]+)(?: (?[^ ]+))?)|update-alternatives: (?.*))$" } }, "value" : { "action" : { "kind" : "string", "identifier" : true }, "status" : { "kind" : "string", "identifier" : true }, "package" : { "kind" : "string", "identifier" : true }, "installed_version" : { "kind" : "string" }, "available_version" : { "kind" : "string" } }, "sample" : [ { "line" : "2012-02-14 10:44:10 configure base-files 5.0.0ubuntu20 5.0.0ubuntu20" }, { "line" : "2012-02-14 10:44:30 status unpacked rsyslog 4.2.0-2ubuntu8" }, { "line" : "2012-02-14 10:44:32 update-alternatives: run with --install /usr/bin/rview rview /usr/bin/vim.tiny 10" } ] }, "error_log" : { "title" : "Common Error Log", "description" : "The default web error log format for servers like Apache.", "regex" : { "cups" : { "pattern" : "^(?\\w) \\[(?[^\\]]+)\\] (?.*)" } }, "level-field": "level", "level" : { "error" : "E", "warning" : "W", "info" : "I" }, "sample" : [ { "line" : "E [08/Jun/2013:11:28:58 -0700] Unknown directive BrowseOrder on line 22 of /private/etc/cups/cupsd.conf." } ] }, "fsck_hfs_log" : { "title" : "Fsck_hfs Log", "description" : "Log for the fsck_hfs tool on Mac OS X.", "regex" : { "std" : { "pattern" : "^(?[^:]+): fsck_hfs run at (?\\w{3} \\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2} \\d{4})" } }, "value" : { "device" : { "kind" : "string", "identifier" : true } }, "sample" : [ { "line" : "/dev/rdisk0s2: fsck_hfs run at Wed Jul 25 23:01:18 2012" } ] }, "glog_log" : { "title" : "Glog", "description" : "The google glog format.", "url" : "https://code.google.com/p/google-glog/", "regex" : { "std" : { "pattern" : "^(?[IWECF])(?\\d{4} \\d{2}:\\d{2}:\\d{2}\\.\\d{6}) (?\\d+) (?[^:]+):(?\\d+)\\] (?(?:.|\\n)*)" } }, "level-field" : "level", "level" : { "error" : "E", "warning" : "W", "info" : "I", "critical" : "C", "fatal" : "F" }, "value" : { "thread" : { "kind" : "integer", "identifier" : true, "foreign-key" : true }, "src_file" : { "kind" : "string", "identifier" : true }, "src_line" : { "kind" : "integer", "foreign-key" : true } }, "sample" : [ { "line" : "E0517 15:04:22.619632 1952452992 logging_unittest.cc:253] Log every 3, iteration 19" } ] }, "page_log" : { "title" : "CUPS Page Log", "description" : "The CUPS server log of printed pages.", "url" : "http://www.cups.org/documentation.php/doc-1.7/ref-page_log.html", "regex" : { "pre-1.7" : { "pattern" : "^(?[\\w_\\-\\.]+) (?[\\w\\.\\-]+) (?\\d+) \\[(?[^\\]]+)\\] (?total|\\d+) (?\\d+) (?[^ ]+) (?[\\w\\.:\\-]+)$" }, "1.7" : { "pattern" : "^(?[\\w_\\-\\.]+) (?[\\w\\.\\-]+) (?\\d+) \\[(?[^\\]]+)\\] (?total|\\d+) (?\\d+) (?[^ ]+) (?[\\w\\.:\\-]+) (?.+) (?[^ ]+) (?.+)$" } }, "value" : { "printer" : { "kind" : "string", "identifier" : true }, "username" : { "kind" : "string", "identifier" : true }, "job_id" : { "kind" : "integer", "identifier" : true }, "page_number" : { "kind" : "string" }, "num_copies" : { "kind" : "integer" }, "job_billing" : { "kind" : "string", "identifier" : true }, "job_originating_hostname" : { "kind" : "string", "collate" : "ipaddress", "identifier" : true }, "job_name" : { "kind" : "string", "identifier" : true }, "media" : { "kind" : "string", "identifier" : true }, "sides" : { "kind" : "string", "identifier" : true } }, "sample" : [ { "line" : "Photosmart_7520_series stack 11 [18/May/2013:13:21:15 -0700] total 0 - localhost 5615311548-159003235-tickets.pdf Letter one-sided" }, { "line" : "tec_IS2027 kurt 401 [22/Apr/2003:10:28:43 +0100] 1 3 #marketing 10.160.50.13" } ] }, "snaplogic_log" : { "title" : "SnapLogic Server Log", "description" : "The SnapLogic server log format.", "url" : "http://www.snaplogic.com/docs/user-guide/user-guide.htm", "regex" : { "std" : { "pattern" : "^(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?:(?:(?\\w+) (?[^ ]+) (?[^ ]+) (?[^ ]+) (?[^ \\.]+)(?:\\.(?[^ ]+))? (?[^ ]+) (?[^ ]+))|(?:(?:stdout|stderr): ))(?.*)" } }, "level-field" : "level", "level" : { "error" : "ERROR", "debug" : "DEBUG", "info" : "INFO", "warning" : "WARNING" }, "value" : { "logger" : { "kind" : "string", "identifier" : true }, "facility" : { "kind" : "string", "identifier" : true }, "msgid" : { "kind" : "string", "identifier" : true }, "pipe_rid" : { "kind" : "string", "identifier" : true }, "comp_rid" : { "kind" : "string", "identifier" : true }, "resource_name" : { "kind" : "string", "identifier" : true }, "invoker" : { "kind" : "string", "identifier" : true } }, "sample" : [ { "line" : "2013-07-30T09:40:25 DEBUG main_process.main PM - 1768839331504132353247612213662950165988626018 - - Pipeline manager '' sending to Leads. Invoker 'admin': PREPARE {'parent_rid': '1768839331504132353247612213662950165988626018', 'resource_name': u'Leads', 'input_views': {}, 'parameters': {u'DELIMITER': u',', u'INPUTFILE': u'file://tutorial/data/leads.csv'}, 'output_views': {u'Output1': {'method': 'GET'}}, 'context_name': u'', 'snap_control_version': '1.2'}" } ] }, "syslog_log" : { "title" : "Syslog", "description" : "The system logger format found on most posix systems.", "url" : "http://en.wikipedia.org/wiki/Syslog", "regex" : { "std" : { "pattern" : "^(?\\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2})(?: (?[a-zA-Z0-9:][^ ]+[a-zA-Z0-9]))?(?:(?: (?(?:[^ \\[:]+|[^:]+))(?:\\[(?\\d+)])?:(?(?:.|\\n)*))$|:?(?:(?: ---)? last message repeated \\d+ times?(?: ---)?))" } }, "level-field" : "body", "level" : { "error" : "(?:failed|failure|error)", "warning" : "(?:warn|not responding|init: cannot execute)" }, "value" : { "log_hostname" : { "kind" : "string", "collate" : "ipaddress", "identifier" : true }, "log_procname" : { "kind" : "string", "identifier" : true }, "log_pid" : { "kind" : "string", "identifier" : true } }, "sample" : [ { "line" : "Jun 27 01:47:20 Tims-MacBook-Air.local configd[17]: network changed: v4(en0-:192.168.1.8) DNS- Proxy- SMB" }, { "line" : "Jun 20 17:26:13 ip-10-188-149-5 [CLOUDINIT] util.py[DEBUG]: Restoring selinux mode for /var/lib/cloud (recursive=False)" } ] }, "tcsh_history" : { "title" : "TCSH History", "description" : "The tcsh history file format.", "convert-to-local-time" : true, "regex" : { "std" : { "pattern" : "^#(?\\+\\d+)\\n?(?.*)?$" } }, "sample" : [ { "line" : "#+1375138067\necho HELLO=BAR" } ] }, "uwsgi_log" : { "title" : "Uwsgi Log", "description" : "The uwsgi log format.", "regex" : { "std" : { "pattern" : "^\\[pid: (?\\d+)\\|app: (?[\\-\\d]+)\\|req: (?[\\-\\d]+)/(?\\d+)\\] (?[^ ]+) \$(?[^\$]*)\\) \\{(?\\d+) vars in (?\\d+) bytes\\} \\[(?[^\\]]+)\\] (?[A-Z]+) (?[^ \\?]+)(?:\\?(?[^ ]*))? => generated (?\\d+) bytes in (?\\d+) (?\\w+) \$(?[^ ]+) (?\\d+)\$ (?\\d+) headers in (?\\d+) bytes \$(?\\d+) switches on core (?\\d+)\$" } }, "level-field": "sc_status", "level" : { "error" : "^[^123]" }, "value" : { "s_pid" : { "kind" : "string", "identifier" : true }, "s_app" : { "kind" : "string", "identifier" : true }, "s_req" : { "kind" : "integer" }, "s_worker_reqs" : { "kind" : "integer" }, "c_ip" : { "kind" : "string", "collate" : "ipaddress", "identifier" : true }, "cs_username" : { "kind" : "string", "identifier" : true }, "cs_vars" : { "kind" : "integer" }, "cs_bytes" : { "kind" : "integer" }, "cs_method" : { "kind" : "string", "identifier" : true }, "cs_uri_stem" : { "kind" : "string", "identifier" : true }, "cs_uri_query" : { "kind" : "string" }, "sc_bytes" : { "kind" : "integer" }, "s_runtime" : { "kind" : "float", "unit" : { "field" : "rt_unit", "scaling-factor" : { "/msecs" : 1000.0, "/micros" : 1000000.0 } } }, "cs_version" : { "kind" : "string", "identifier" : true }, "sc_status" : { "kind" : "integer", "foreign-key" : true }, "sc_headers" : { "kind" : "integer" }, "sc_header_bytes" : { "kind" : "integer" }, "s_switches" : { "kind" : "integer" }, "s_core" : { "kind" : "string", "identifier" : true } }, "sample" : [ { "line" : "[pid: 24386|app: 0|req: 482950/4125645] 86.221.170.65 () {44 vars in 1322 bytes} [Tue Jan 3 05:01:31 2012] GET /contest/log_presence/shhootter/?_=1325592089910 => generated 192 bytes in 21 msecs (HTTP/1.1 200) 4 headers in 188 bytes (1 switches on core 0)" } ] }, "vmw_log" : { "title" : "VMware Logs", "description" : "One of the log formats used in VMware's ESXi and vCenter software.", "url" : "http://kb.vmware.com/kb/2004201", "regex" : { "5.0+" : { "pattern" : "^(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z) \\[(?\\w+) (?\\w+) '(?[^']+)'(?: opID=(?[^ \\]]+))?(?: user=(?[\\w\\-]+))?\\](?.*)$" }, "pre-5.0" : { "pattern" : "^\\[(?\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}\\.\\d{3}) (?\\w+) (?\\w+) '(?[^']+)'(?: opID=(?[^ \\]]+))?(?: user=(?[\\w\\-]+))?\\](?.*)$" } }, "level-field": "level", "level" : { "error" : "error", "warning" : "warning", "trace" : "verbose" }, "value" : { "tid" : { "kind" : "string", "identifier" : true }, "comp" : { "kind" : "string", "identifier" : true }, "opid" : { "kind" : "string", "identifier" : true }, "user" : { "kind" : "string", "identifier" : true } }, "sample" : [ { "line" : "[2011-04-01 15:14:34.203 F5A5AB90 info 'vm:/vmfs/volumes/4d6579ec-23f981cb-465c-00237da0cfee/Vmotion-test/Vmotion-test.vmx' opID=F6FC49D5-000007E6-d] VMotionPrepare: dstMgmtIp=10.21.49.138" } ] } }