{ "access_log" : { "title" : "Common Access Log", "description" : "The default web access log format for servers like Apache.", "url" : "http://en.wikipedia.org/wiki/Common_Log_Format", "multiline" : false, "regex" : { "ts-first-noquotes" : { "pattern" : "^(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?[^ ]+) (?[^ ]+) (?[A-Z]+) (?[^ \\?]+)(?:\\?(?[^ ]*))? (?:-1|\\d+) (?\\d+) \\d+\\s*(?.*)" }, "ts-first" : { "pattern" : "^(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?[^ ]+) (?[^ ]+) (?[A-Z]+) \"(?[^ \\?]+)(?:\\?(?[^ ]*))?\" (?:-1|\\d+) (?\\d+) \\d+\\s*(?.*)" }, "std" : { "pattern" : "^(?[\\w\\.:\\-]+)\\s+[\\w\\.\\-]+\\s+(?\\S+)\\s+\\[(?[^\\]]+)\\] \"(?:\\-|(?\\w+) (?[^ \\?]+)(?:\\?(?[^ ]*))? (?[\\w/\\.]+))\" (?\\d+) (?\\d+|-)(?: \"(?[^\"]+)\" \"(?[^\"]+)\")?\\s*(?.*)" }, "mod-std" : { "module-format" : true, "pattern" : "^(?[\\w\\.:\\-]+)\\s+[\\w\\.\\-]+\\s+(?\\S+)\\s+\"(?:\\-|(?\\w+) (?[^ \\?]+)(?:\\?(?[^ ]*))? (?[\\w/\\.]+))\" (?\\d+) (?\\d+|-)(?: \"(?[^\"]+)\" \"(?[^\"]+)\")?\\s*(?.*)" } }, "level-field": "sc_status", "level" : { "error" : "^[^123].*" }, "value" : { "c_ip" : { "kind" : "string", "collate" : "ipaddress", "identifier" : true }, "cs_username" : { "kind" : "string", "identifier" : true }, "cs_method" : { "kind" : "string", "identifier" : true }, "cs_uri_stem" : { "kind" : "string", "identifier" : true }, "cs_uri_query" : { "kind" : "string" }, "cs_version" : { "kind" : "string", "identifier" : true }, "sc_status" : { "kind" : "integer", "foreign-key" : true }, "sc_bytes" : { "kind" : "integer" }, "cs_referer" : { "kind" : "string", "identifier" : true }, "cs_user_agent" : { "kind" : "string", "identifier" : true } }, "sample" : [ { "line" : "10.112.72.172 - - [11/Feb/2013:06:43:36 +0000] \"GET /client/ HTTP/1.1\" 200 5778 \"-\" \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17\"" }, { "line" : "10.1.10.51 - - [23/Dec/2014:21:20:35 +0000] \"POST /api/1/rest/foo/bar HTTP/1.1\" 200 - \"-\" \"-\" 293" } ] }, "autodeploy_log" : { "title" : "VMware vSphere Auto Deploy log format", "description" : "The log format for the VMware Auto Deploy service", "url" : "http://kb.vmware.com/kb/2000988", "regex" : { "std" : { "pattern" : "^(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) \\[(?\\d+)\\](?\\w+):(?[\\w-]+):(?.*$)" } }, "level-field" : "level", "timestamp-field" : "timestamp", "level" : { "error" : "ERROR", "debug" : "DEBUG", "info" : "INFO", "warning" : "WARNING" }, "value" : { "pid" : { "kind" : "integer", "identifier" : true, "foreign-key" : true }, "module" : { "kind" : "string", "identifier" : true } }, "sample" : [ { "line" : "2015-04-24T21:09:29.296 [25376]INFO:somemodule:Something very INFOrmative." } ] }, "block_log" : { "title" : "Generic Block", "description" : "A generic format for logs, like cron, that have a date at the start of a block.", "regex" : { "std" : { "pattern" : "^(?\\w{3} \\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2} \\w+ \\d{4})(?(?:.|\\n)*)$" } }, "sample" : [ { "line" : "Sat Apr 27 03:33:07 PDT 2013" } ] }, "candlepin_log" : { "title" : "Candlepin log format", "description" : "Log format used by Candlepin registration system", "regex" : { "reqorg" : { "pattern" : "^(?\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2},\\d{3}) \\[(req=(?[0-9a-f-]+)|=), org=(?\\w*)\\] (?\\w+) (?[\\w.]+) - (?.*)$" }, "other" : { "pattern" : "^(?\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}[+-]\\d{4}) (?.*)$" } }, "value" : { "req" : { "kind" : "string", "identifier" : true }, "org" : { "kind" : "string", "identifier" : true }, "alert_level" : { "kind" : "string" }, "module" : { "kind" : "string", "identifier" : true }, "body" : { "kind" : "string" } }, "sample" : [ { "line" : "2015-04-17 09:41:50,544 [=, org=] INFO org.candlepin.guice.CustomizableModules - Found custom module module.config.katello" }, { "line" : "2015-04-17 09:41:56,320 [req=f91d4a84-020d-4874-9741-3979d0baf58d, org=] INFO org.candlepin.common.filter.LoggingFilter - Request: verb=GET, uri=/candlepin/status" }, { "line" : "2015-04-17 09:42:39+0200 principalType=trusteduser principal=admin target=OWNER entityId=8ab219c64cc653a7014cc6545a6c0001 type=CREATED owner=8ab219c64cc653a7014cc6545a6c0001" }, { "line" : "2015-04-17 10:49:21,912 [req=ec7867ea-2501-4036-bb08-e2d830720cb5, org=npr_goep_hm_com] INFO org.candlepin.common.filter.LoggingFilter - Response: status=200, content-type=\"application/json\", time=235ms" } ] }, "choose_repo_log" : { "title" : "Yum choose_repo Log", "description" : "The log format for the yum choose_repo tool.", "regex" : { "std" : { "pattern" : "^\\[(?\\w+):[^\\]]+] [^:]+:\\d+ (?\\d{4}-\\d{2}-\\d{2}[T ]\\d{2}:\\d{2}:\\d{2}(?:[\\.,]\\d{3})?):(?.*)" } }, "level-field" : "level", "level" : { "error" : "ERROR", "debug" : "DEBUG", "info" : "INFO", "warning" : "WARNING" }, "sample" : [ { "line": "[INFO:choose_repo] choose_repo:47 2013-06-20 17:26:10,691: Setting region in redhat-rhui.repo" } ] }, "cups_log" : { "title" : "CUPS log format", "description" : "Log format used by the Common Unix Printing System", "regex" : { "system" : { "pattern" : "^(?[IEW]) \\[(?\\d{2}/\\w{3}/\\d{4}:\\d{2}:\\d{2}:\\d{2} [+-]\\d{2,4})\\] (?
\\w+): (?.*)$" }, "default" : { "pattern" : "^(?[IEW]) \\[(?\\d{2}/\\w{3}/\\d{4}:\\d{2}:\\d{2}:\\d{2} [+-]\\d{2,4})\\] (?.*)$" } }, "level" : { "error" : "E", "warning" : "W" }, "value" : { "level" : { "kind" : "string", "identifier" : true }, "section" : { "kind" : "string", "identifier" : true }, "body" : { "kind" : "string" } }, "sample" : [ { "line" : "I [04/Nov/2010:17:37:40 -0400] Allowing up to 100 client connections per host." }, { "line" : "I [04/Nov/2010:17:37:40 -0400] LoadPPDs: Wrote \"/etc/cups/ppds.dat\", 14 PPDs..." }, { "line" : "E [04/Nov/2010:17:37:40 -0400] StartListening: Unable to find IP address for server name \"localhost.localdomain\" - Host name lookup failure" } ] }, "dpkg_log" : { "title" : "Dpkg Log", "description" : "The debian dpkg log.", "regex" : { "std" : { "pattern" : "^(?\\d{4}-\\d{2}-\\d{2}[T ]\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?:(?:(?startup|status|configure|install|upgrade|trigproc|remove|purge)(?: (?config-files|failed-config|half-configured|half-installed|installed|not-installed|post-inst-failed|removal-failed|triggers-awaited|triggers-pending|unpacked))? (?[^ ]+) (?[^ ]+)(?: (?[^ ]+))?)|update-alternatives: (?.*))$" } }, "value" : { "action" : { "kind" : "string", "identifier" : true }, "status" : { "kind" : "string", "identifier" : true }, "package" : { "kind" : "string", "identifier" : true }, "installed_version" : { "kind" : "string" }, "available_version" : { "kind" : "string" } }, "sample" : [ { "line" : "2012-02-14 10:44:10 configure base-files 5.0.0ubuntu20 5.0.0ubuntu20" }, { "line" : "2012-02-14 10:44:30 status unpacked rsyslog 4.2.0-2ubuntu8" }, { "line" : "2012-02-14 10:44:32 update-alternatives: run with --install /usr/bin/rview rview /usr/bin/vim.tiny 10" } ] }, "elb_log" : { "title" : "Amazon ELB log", "description" : "Log format for Amazon Elastic Load Balancers", "url" : "http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/access-log-collection.html", "regex" : { "std" : { "pattern" : "^(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{6}Z) (?[^ ]+) (?[\\w\\.:]+):(?\\d+) (?[\\w\\.:]+):(?\\d+) (?\\d+(\\.\\d+)?) (?\\d+(\\.\\d+)?) (?\\d+(\\.\\d+)?) (?\\d+|-) (?\\d+|-) (?\\d+) (?\\d+) \"(?:\\-|(?\\w+|-) (?[^ \\?]+)(?:\\?(?[^ ]*))? (?[\\w/\\.]+|-)\\s*)\" \"(?[^\"]+)\" (?[\\w-]+) (?[\\w\\.-]+)(?.*)" } }, "value" : { "elb" : { "kind" : "string", "identifier" : true }, "client_ip" : { "kind" : "string", "collate" : "ipaddress", "identifier" : true }, "client_port" : { "kind" : "integer", "foreign-key" : true }, "backend_ip" : { "kind" : "string", "collate" : "ipaddress", "identifier" : true }, "backend_port" : { "kind" : "integer", "foreign-key" : true }, "request_processing_time" : { "kind" : "float" }, "backend_processing_time" : { "kind" : "float" }, "response_processing_time" : { "kind" : "float" }, "elb_status_code" : { "kind" : "integer", "foreign-key" : true }, "backend_status_code" : { "kind" : "integer", "foreign-key" : true }, "received_bytes" : { "kind" : "integer" }, "sent_bytes" : { "kind" : "integer" }, "cs_method" : { "kind" : "string", "identifier" : true }, "cs_uri_stem" : { "kind" : "string", "identifier" : true }, "cs_uri_query" : { "kind" : "string" }, "cs_version" : { "kind" : "string", "identifier" : true }, "user_agent" : { "kind" : "string", "identifier" : true }, "ssl_cipher" : { "kind" : "string", "identifier" : true }, "ssl_protocol" : { "kind" : "string", "identifier" : true } }, "sample" : [ { "line" : "2015-11-17T05:45:24.077255Z elastic-prod 54.161.222.121:40909 10.231.68.180:443 0.000031 0.009511 0.000029 200 200 0 415 \"GET https://example.com/foo/bar?baz=1234 HTTP/1.1\" \"test agent\" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2" }, { "line" : "2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.000073 0.001048 0.000057 200 200 0 29 \"GET http://www.example.com:80/ HTTP/1.1\" \"curl/7.38.0\" - -" }, { "line" : "2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.000086 0.001048 0.001337 200 200 0 57 \"GET https://www.example.com:443/ HTTP/1.1\" \"curl/7.38.0\" DHE-RSA-AES128-SHA TLSv1.2" }, { "line" : "2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.001069 0.000028 0.000041 - - 82 305 \"- - - \" \"-\" - -" }, { "line" : "2015-05-13T23:39:43.945958Z my-loadbalancer 192.168.131.39:2817 10.0.0.1:80 0.001065 0.000015 0.000023 - - 57 502 \"- - - \" \"-\" ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2" } ] }, "engine_log" : { "title" : "engine log", "description" : "The log format for the engine.log files from RHEV/oVirt", "regex" : { "std" : { "pattern" : "^(?.+) (?.+) \\[(?.+)\\] \\((?.+)\\) (?(?:-|\\n)*)" } }, "value" : { "tid" : { "kind" : "string", "identifier" : true }, "logger" : { "kind" : "string", "identifier" : true }, "thread" : { "kind" : "string", "identifier" : true } }, "level-field" : "level", "level" : { "error" : "ERROR", "info" : "INFO", "warning" : "WARN" }, "sample" : [ { "line": "2014-09-21 04:01:29,522 INFO [org.ovirt.engine.core.bll.OvfDataUpdater] (DefaultQuartzScheduler_Worker-90) Successfully updated VM OVFs in Data Center Test" } ] }, "error_log" : { "title" : "Common Error Log", "description" : "The default web error log format for servers like Apache.", "regex" : { "cups" : { "pattern" : "^(?\\w) \\[(?[^\\]]+)\\] (?.*)" } }, "level-field": "level", "level" : { "error" : "E", "warning" : "W", "info" : "I" }, "sample" : [ { "line" : "E [08/Jun/2013:11:28:58 -0700] Unknown directive BrowseOrder on line 22 of /private/etc/cups/cupsd.conf." } ] }, "fsck_hfs_log" : { "title" : "Fsck_hfs Log", "description" : "Log for the fsck_hfs tool on Mac OS X.", "regex" : { "std" : { "pattern" : "^(?[^:]+): fsck_hfs (?:run|started) at (?\\w{3} \\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2} \\d{4})(?(?:.|\\n)*)" } }, "value" : { "device" : { "kind" : "string", "identifier" : true } }, "sample" : [ { "line" : "/dev/rdisk0s2: fsck_hfs run at Wed Jul 25 23:01:18 2012" } ] }, "glog_log" : { "title" : "Glog", "description" : "The google glog format.", "url" : "https://code.google.com/p/google-glog/", "regex" : { "std" : { "pattern" : "^(?[IWECF])(?\\d{4} \\d{2}:\\d{2}:\\d{2}\\.\\d{6}) (?\\d+) (?[^:]+):(?\\d+)\\] (?(?:.|\\n)*)" } }, "level-field" : "level", "level" : { "error" : "E", "warning" : "W", "info" : "I", "critical" : "C", "fatal" : "F" }, "value" : { "thread" : { "kind" : "integer", "identifier" : true, "foreign-key" : true }, "src_file" : { "kind" : "string", "identifier" : true }, "src_line" : { "kind" : "integer", "foreign-key" : true } }, "sample" : [ { "line" : "E0517 15:04:22.619632 1952452992 logging_unittest.cc:253] Log every 3, iteration 19" } ] }, "java_log" : { "title" : "Java log format", "description" : "Log format used by log4j and output by most java programs", "url" : "", "regex" : { "jvm" : { "pattern" : "^(?\\w+)\\s+\\|\\s+jvm (?\\d+)\\s+\\|\\s(?\\d{4}/\\d{2}/\\d{2} \\d{2}:\\d{2}:\\d{2})\\s+\\| (?\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2},\\d{3}) \\[(?\\w+-\\d+)\\]\\s+(?\\w+)\\s+(?[\\w.]+)\\s+-\\s+(?\\S.*)" }, "dump" : { "pattern" : "^(?\\w+)\\s+\\|\\s+jvm (?\\d+)\\s+\\|\\s(?\\d{4}/\\d{2}/\\d{2} \\d{2}:\\d{2}:\\d{2})\\s+\\| JVMDUMP\\w+\\s(?\\S.*)$" }, "tasko" : { "pattern" : "^(?\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2},\\d{3}) \\[(?\\w+-\\d+)\\]\\s+(?\\w+)\\s+(?[\\w.]+)\\s+-\\s+(?\\S.*)$" } }, "level-field" : "alert_level", "level" : { "error" : "ERROR", "warning" : "WARN", "debug" : "DEBUG", "info" : "INFO" }, "value" : { "function" : { "kind" : "string", "identifier" : true }, "alert_level" : { "kind" : "string" }, "jvm_no" : { "kind" : "integer" }, "debug_level" : { "kind" : "string" }, "class" : { "kind" : "string" }, "body" : { "kind" : "string" } }, "sample" : [ { "line" : "INFO | jvm 1 | 2015/04/28 18:40:00 | 2015-04-28 18:40:00,077 [DefaultQuartzScheduler_Worker-8] INFO com.redhat.rhn.taskomatic.TaskoJob - errata-queue-default: bunch errata-queue-bunch STARTED" }, { "line" : "INFO | jvm 1 | 2015/04/28 18:34:18 | 2015-04-28 18:34:18,872 [Thread-46] DEBUG com.redhat.rhn.common.hibernate.ConnectionManager - Adding resource com/redhat/rhn/domain/action/ActionArchType.hbm.xml" }, { "line" : "2015-05-22 16:10:00,123 [DefaultQuartzScheduler_Worker-5] INFO com.redhat.rhn.taskomatic.task.ErrataCacheTask - In the queue: 24" }, { "line" : "INFO | jvm 1 | 2015/05/24 07:35:50 | JVMDUMP013I Processed dump event \"user\", detail \"\"." } ] }, "katello_log" : { "title" : "Katello log format", "description" : "Log format used by katello and foreman as used in Satellite 6.", "url" : "http://theforeman.org/", "regex" : { "log" : { "pattern" : "^\\[\\s?(?\\w+)\\s(?\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2})\\s(?\\w+)\\]\\s+(?\\S.*)$" } }, "level-field" : "alert_level", "level" : { "error" : "ERROR", "warning" : "WARN", "debug" : "DEBUG" }, "value" : { "alert_level" : { "kind" : "string" }, "module" : { "kind" : "string" }, "message" : { "kind" : "string" } }, "sample" : [ { "line" : "[DEBUG 2015-05-20 12:22:19 main] /Stage[main]/Certs::Candlepin/Exec[create candlepin qpid exchange]/unless: Failed: ConnectError: [Errno 1] _ssl.c:504: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca" }, { "line" : "[DEBUG 2015-05-20 12:22:19 main] Exec[create candlepin qpid exchange](provider=posix): Executing 'qpid-config --ssl-certificate /etc/pki/katello/certs/java-client.crt --ssl-key /etc/pki/katello/private/java-client.key -b 'amqps://avl248.bcc.qld.gov.au:5671' add exchange topic event --durable'" }, { "line" : "[ERROR 2015-05-20 12:22:19 main] qpid-config --ssl-certificate /etc/pki/katello/certs/java-client.crt --ssl-key /etc/pki/katello/private/java-client.key -b 'amqps://avl248.bcc.qld.gov.au:5671' add exchange topic event --durable returned 1 instead of one of [0]" }, { "line" : "[ INFO 2015-05-20 12:22:19 main] /usr/share/ruby/vendor_ruby/puppet/util/errors.rb:104:in `fail'" } ] }, "openam_log": { "title" : "OpenAM Log", "description" : "The OpenAM identity provider.", "url" : "http://openam.forgerock.org", "level-field" : "level", "level" : { "error" : "ERROR", "warning" : "WARNING", "info" : "INFO", "critical" : "SEVERE", "trace" : "FINE|FINEST" }, "multiline" : false, "regex" : { "std" : { "pattern" : "^\"(?\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2})\"\\s+(?[^ \"]+|\"(?:[^\"]*|\"\")*\")\\s+(?[^ \"]+|\"(?:[^\"]*|\"\")*\")\\s+(?[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?[^ \"]+|\"(?:[^\"]|\"\")*\")(?.*)$" } }, "value" : { "data" : { "kind" : "quoted" }, "loginid" : { "kind" : "quoted", "identifier" : true }, "contextid" : { "kind" : "quoted", "identifier" : true }, "ipaddr" : { "kind" : "quoted", "identifier" : true, "collate" : "ipaddress" }, "domain" : { "kind" : "quoted", "identifier" : true }, "loggedby" : { "kind" : "quoted", "identifier" : true }, "messageid" : { "kind" : "quoted", "identifier" : true }, "modulename" : { "kind" : "quoted", "identifier" : true }, "nameid" : { "kind" : "quoted", "identifier" : true }, "hostname" : { "kind" : "quoted", "identifier" : true, "collate" : "ipaddress" } }, "sample" : [ { "line" : "\"2014-06-14 17:08:39\" \"http://localhost:8086|/|\\nhttp://localhost:8086\\n\\nurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport\\n\" \"cn=dsameuser,ou=DSAME Users,dc=openam\" 8fc43a8f6a8c14101 \"Not Available\" INFO dc=openam \"cn=dsameuser,ou=DSAME Users,dc=openam\" SAML2-36 SAML2.access \"Not Available\" 127.0.1.1" }, { "line" : "\"2014-06-09 14:49:56\" /etc/openam/openam/log/ \"cn=dsameuser,ou=DSAME Users,dc=openam\" 3d956febb91fed31 \"Not Available\" INFO dc=openam \"cn=dsameuser,ou=DSAME Users,dc=openam\" LOG-1 amPolicy.access \"Not Available\" 127.0.1.1" } ] }, "openamdb_log": { "title" : "OpenAM Debug Log", "description" : "Debug logs for the OpenAM identity provider.", "url" : "http://openam.forgerock.org", "regex" : { "std" : { "pattern" : "^(?[\\w]+):(?\\d{2}/\\d{2}/\\d{4} \\d{2}:\\d{2}:\\d{2}:\\d{3} [AP]M \\w+): Thread\\[(?[^,]+,\\d+,[^,]+)\\]\\n?(?:\\*+|(?.*))$" } }, "sample" : [ { "line" : "amMonitoring:06/09/2014 02:49:59:447 PM UTC: Thread[http-80-1,5,main]\n**********************************************" }, { "line" : "amLog:06/09/2014 04:08:22:515 PM UTC: Thread[http-80-8,5,main]\nERROR: LogMessageProviderBase.createLogRecord: unable to locate message ID object for ATTEMPT_GET_METAALIAS" } ] }, "openstack_log" : { "title" : "OpenStack log format", "description" : "The log format for the OpenStack log files", "url" : "http://docs.openstack.org/openstack-ops/content/logging_monitoring.html", "regex" : { "std" : { "pattern" : "^(?\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}.\\d{3}) (?\\d+) (?\\w+) (?.+) \\[(?.+)\\] (?.*)" } }, "level-field" : "level", "level" : { "error" : "ERROR", "info" : "INFO", "warning" : "WARNING", "trace" : "TRACE", "debug" : "AUDIT" }, "value" : { "tid" : { "kind" : "string", "identifier" : true }, "pid" : { "kind" : "string", "identifier" : true }, "logger" : { "kind" : "string", "identifier" : true }, "body" : { "kind" : "string", "identifier" : false } }, "sample" : [ { "line": "2014-10-28 10:42:22.772 23623 INFO neutron.wsgi [req-40743023-00ed-441c-9d0a-19b8167ea0ad None] 10.1.255.252 - - [28/Oct/2014 10:42:22] GET /v2.0/floatingips.json?fixed_ip_address=80.0.0.9&port_id=b4291e0e-a941-4663-9379-7af6471e983f HTTP/1.1 200 208 0.008971" } ] }, "page_log" : { "title" : "CUPS Page Log", "description" : "The CUPS server log of printed pages.", "url" : "http://www.cups.org/documentation.php/doc-1.7/ref-page_log.html", "multiline" : false, "regex" : { "pre-1.7" : { "pattern" : "^(?[\\w_\\-\\.]+) (?[\\w\\.\\-]+) (?\\d+) \\[(?[^\\]]+)\\] (?total|\\d+) (?\\d+) (?[^ ]+) (?[\\w\\.:\\-]+)(?.*)$" }, "1.7" : { "pattern" : "^(?[\\w_\\-\\.]+) (?[\\w\\.\\-]+) (?\\d+) \\[(?[^\\]]+)\\] (?total|\\d+) (?\\d+) (?[^ ]+) (?[\\w\\.:\\-]+) (?.+) (?[^ ]+) (?.+)(?.*)$" } }, "value" : { "printer" : { "kind" : "string", "identifier" : true }, "username" : { "kind" : "string", "identifier" : true }, "job_id" : { "kind" : "integer", "identifier" : true, "foreign-key" : true }, "page_number" : { "kind" : "string" }, "num_copies" : { "kind" : "integer" }, "job_billing" : { "kind" : "string", "identifier" : true }, "job_originating_hostname" : { "kind" : "string", "collate" : "ipaddress", "identifier" : true }, "job_name" : { "kind" : "string", "identifier" : true }, "media" : { "kind" : "string", "identifier" : true }, "sides" : { "kind" : "string", "identifier" : true } }, "sample" : [ { "line" : "Photosmart_7520_series stack 11 [18/May/2013:13:21:15 -0700] total 0 - localhost 5615311548-159003235-tickets.pdf Letter one-sided" }, { "line" : "tec_IS2027 kurt 401 [22/Apr/2003:10:28:43 +0100] 1 3 #marketing 10.160.50.13" } ] }, "papertrail_log": { "title" : "Papertrail Service", "url" : "https://papertrailapp.com/", "description" : "Log format for the papertrail log management service", "json" : true, "hide-extra" : true, "file-pattern" : "pt:.*", "line-format" : [ { "field" : "display_received_at" }, " ", { "field" : "hostname" }, " ", { "field" : "program" }, ": ", { "field" : "message" } ], "level-field" : "severity", "level" : { "error" : "Error", "debug" : "Debug", "warning" : "Warning", "info" : "Info(?:rmational)?|Notice", "critical" : "Crit(?:ical)?", "fatal" : "Emerg(?:ency)?|Alert" }, "timestamp-field" : "generated_at", "body-field" : "message", "value" : { "program" : { "kind" : "string", "identifier" : true }, "hostname" : { "kind" : "string", "identifier" : true } } }, "snaplogic_log" : { "title" : "SnapLogic Server Log", "description" : "The SnapLogic server log format.", "url" : "http://www.snaplogic.com/docs/user-guide/user-guide.htm", "regex" : { "std" : { "pattern" : "^(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?) (?:(?:(?\\w{4,}) (?[^ ]+) (?[^ ]+) (?[^ ]+) (?-|\\d+)(?:\\.(?[^ ]+))? (?[^ ]+) (?[^ ]+))|(?:(?:stdout|stderr): ))(?.*)" } }, "level-field" : "level", "level" : { "error" : "ERROR", "debug" : "DEBUG", "info" : "INFO", "warning" : "WARNING" }, "value" : { "logger" : { "kind" : "string", "identifier" : true }, "facility" : { "kind" : "string", "identifier" : true }, "msgid" : { "kind" : "string", "identifier" : true }, "pipe_rid" : { "kind" : "string", "identifier" : true }, "comp_rid" : { "kind" : "string", "identifier" : true }, "resource_name" : { "kind" : "string", "identifier" : true }, "invoker" : { "kind" : "string", "identifier" : true } }, "sample" : [ { "line" : "2013-07-30T09:40:25 DEBUG main_process.main PM - 1768839331504132353247612213662950165988626018 - - Pipeline manager '' sending to Leads. Invoker 'admin': PREPARE {'parent_rid': '1768839331504132353247612213662950165988626018', 'resource_name': u'Leads', 'input_views': {}, 'parameters': {u'DELIMITER': u',', u'INPUTFILE': u'file://tutorial/data/leads.csv'}, 'output_views': {u'Output1': {'method': 'GET'}}, 'context_name': u'', 'snap_control_version': '1.2'}" } ] }, "sssd_log" : { "title" : "SSSD log format", "description" : "Log format used by the System Security Services Daemon", "url" : "http://fedorahosted.org/sssd", "regex" : { "core" : { "pattern" : "^\\((?\\w{3} \\w{3} ( \\d|\\d{2}) \\d{2}:\\d{2}:\\d{2} \\d{4})\\) \\[sssd\\] \\[(?\\w+)\\] \\((?0x[0-9a-fA-F]{4})\\): (?.*)$" }, "module" : { "pattern" : "^\\((?\\w{3} \\w{3} ( \\d|\\d{2}) \\d{2}:\\d{2}:\\d{2} \\d{4})\\) \\[sssd(?\\[.*?\\])\\] \\[(?\\w+)\\] \\((?0x[0-9a-fA-F]{4})\\): (?.*)$" } }, "value" : { "module" : { "kind" : "string" }, "function" : { "kind" : "string" }, "debug_level" : { "kind" : "string" }, "body" : { "kind" : "string" } }, "sample" : [ { "line" : "(Tue Mar 31 06:03:46 2015) [sssd[be[default]]] [sysdb_search_by_name] (0x0400): No such entry" }, { "line" : "(Tue Mar 31 05:58:38 2015) [sssd] [start_service] (0x0100): Queueing service LDAP for startup" } ] }, "strace_log" : { "title" : "Strace", "description" : "The strace output format.", "url" : "http://en.wikipedia.org/wiki/Strace", "multiline" : false, "regex" : { "std" : { "pattern" : "^(?\\d{2}:\\d{2}:\\d{2}\\.\\d{6}) (?\\w+)\\((?.*)\\)\\s+=\\s+(?[-\\w]+)(?: (?\\w+) \\([^\\)]+\\))?(?: <(?\\d+\\.\\d+)>)?$" } }, "level-field" : "errno", "level" : { "error" : ".+" }, "value" : { "syscall" : { "kind" : "string", "identifier" : true }, "args" : { "kind" : "string" }, "rc" : { "kind" : "integer", "foreign-key" : true }, "duration" : { "kind" : "float" }, "errno" : { "kind" : "string", "identifier" : true } }, "sample" : [ { "line" : "08:09:33.814936 execve(\"/bin/ls\", [\"ls\"], [/* 38 vars */]) = 0 <0.000264>" }, { "line" : "08:09:33.815943 access(\"/etc/ld.so.nohwcap\", F_OK) = -1 ENOENT (No such file or directory) <0.000019>" } ] }, "sudo_log" : { "title" : "sudo", "description" : "The sudo privilege management tool.", "url" : "", "regex" : { "std" : { "module-format" : true, "pattern" : "^(?\\S+)\\s*: (?:(?[^;]+);)?\\s*TTY=(?[^;]+)\\s+;\\s*PWD=(?[^;]+)\\s+;\\s*USER=(?[^;]+)\\s+;\\s*COMMAND=(?(\\n|.)*)$" } }, "level-field" : "error_msg", "level" : { "error" : ".+" }, "value" : { "login" : { "kind" : "string", "identifier" : true }, "error_msg" : { "kind" : "string" }, "tty" : { "kind" : "string" }, "pwd" : { "kind" : "string" }, "user" : { "kind" : "string", "identifier" : true }, "command" : { "kind" : "string" } }, "sample" : [ { "line" : "stack : 3 incorrect password attempts ; TTY=ttys005 ; PWD=/Users/stack/ClionProjects/lbuild ; USER=root ; COMMAND=/bin/ls" }, { "line" : "stack : TTY=ttys005 ; PWD=/Users/stack/ClionProjects/lbuild ; USER=root ; COMMAND=/bin/ls" } ] }, "syslog_log" : { "title" : "Syslog", "description" : "The system logger format found on most posix systems.", "url" : "http://en.wikipedia.org/wiki/Syslog", "regex" : { "std" : { "pattern" : "^(?\\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2})(?: (?[a-zA-Z0-9:][^ ]+[a-zA-Z0-9]))?(?:(?: (?(?:[^\\[:]+|[^:]+))(?:\\[(?\\d+)\\])?:(?(?:.|\\n)*))$|:?(?:(?: ---)? last message repeated \\d+ times?(?: ---)?))" } }, "level-field" : "body", "level" : { "error" : "(?:(?:(?\\d{2}:\\d{2}.\\d{3}): (?:Server-Properties: (?:.*)|channel server|\\w+: (?--->|<---) (?\\w)(?: (?\\w+))?(?: (?\\w+))?(?: (?\\w+))?(?: (?.*))?(?: ))(?.*)$" } }, "value" : { "dir" : { "kind" : "string" }, "type" : { "kind" : "string", "identifier" : true }, "token" : { "kind" : "string", "identifier" : true }, "service" : { "kind" : "string", "identifier" : true }, "name" : { "kind" : "string", "identifier" : true }, "msg" : { "kind" : "json" } }, "sample" : [ { "line" : "TCF 29:47.191: Server-Properties: {\"Name\":\"TCF Protocol Logger\",\"OSName\":\"Linux 3.2.0-60-generic\",\"UserName\":\"xavier\",\"AgentID\":\"1fde3dd1-d4be-4f79-8090-6f8d212f03bf\",\"TransportName\":\"TCP\",\"Proxy\":\"\",\"ValueAdd\":\"1\",\"Port\":\"1534\"}" }, { "line" : "TCF 30:11.475: 0: <--- R 2 [\"P1\"] " }, { "line" : "TCF 30:11.475: 0: ---> C 4 RunControl getChildren \"P1\" " } ] }, "tcsh_history" : { "title" : "TCSH History", "description" : "The tcsh history file format.", "convert-to-local-time" : true, "regex" : { "std" : { "pattern" : "^#(?\\+\\d+)\\n?(?.*)?$" } }, "sample" : [ { "line" : "#+1375138067\necho HELLO=BAR" } ] }, "uwsgi_log" : { "title" : "Uwsgi Log", "description" : "The uwsgi log format.", "multiline" : false, "regex" : { "std" : { "pattern" : "^\\[pid: (?\\d+)\\|app: (?[\\-\\d]+)\\|req: (?[\\-\\d]+)/(?\\d+)\\] (?[^ ]+) \\((?[^\\)]*)\\) \\{(?\\d+) vars in (?\\d+) bytes\\} \\[(?[^\\]]+)\\] (?[A-Z]+) (?[^ \\?]+)(?:\\?(?[^ ]*))? => generated (?\\d+) bytes in (?\\d+) (?\\w+) \\((?[^ ]+) (?\\d+)\\) (?\\d+) headers in (?\\d+) bytes \\((?\\d+) switches on core (?\\d+)\\)(?.*)" } }, "level-field": "sc_status", "level" : { "error" : "^[^123]" }, "value" : { "s_pid" : { "kind" : "string", "identifier" : true }, "s_app" : { "kind" : "string", "identifier" : true }, "s_req" : { "kind" : "integer" }, "s_worker_reqs" : { "kind" : "integer" }, "c_ip" : { "kind" : "string", "collate" : "ipaddress", "identifier" : true }, "cs_username" : { "kind" : "string", "identifier" : true }, "cs_vars" : { "kind" : "integer" }, "cs_bytes" : { "kind" : "integer" }, "cs_method" : { "kind" : "string", "identifier" : true }, "cs_uri_stem" : { "kind" : "string", "identifier" : true }, "cs_uri_query" : { "kind" : "string" }, "sc_bytes" : { "kind" : "integer" }, "s_runtime" : { "kind" : "float", "unit" : { "field" : "rt_unit", "scaling-factor" : { "/msecs" : 1000.0, "/micros" : 1000000.0 } } }, "cs_version" : { "kind" : "string", "identifier" : true }, "sc_status" : { "kind" : "integer", "foreign-key" : true }, "sc_headers" : { "kind" : "integer" }, "sc_header_bytes" : { "kind" : "integer" }, "s_switches" : { "kind" : "integer" }, "s_core" : { "kind" : "string", "identifier" : true } }, "sample" : [ { "line" : "[pid: 24386|app: 0|req: 482950/4125645] 86.221.170.65 () {44 vars in 1322 bytes} [Tue Jan 3 05:01:31 2012] GET /contest/log_presence/shhootter/?_=1325592089910 => generated 192 bytes in 21 msecs (HTTP/1.1 200) 4 headers in 188 bytes (1 switches on core 0)" } ] }, "vdsm_log" : { "title": "Vdsm Logs", "description": "The Open Virtual Datacenter VDSM log format", "url": "http://www.ovirt.org/Vdsm_Log_Files", "regex": { "std": { "pattern": "^(?.+)::(?.+)::(?.+)::(?.+)::(?.+)::(?.+)::\\((?[^\\)]+)\\)(?(?:.|\\n)*)" } }, "level-field": "level", "level": { "error": "ERROR", "debug": "DEBUG", "info": "INFO", "warning": "WARNING" }, "value": { "tid": { "kind": "string", "identifier": true }, "module": { "kind": "string", "identifier": true }, "src_line": { "kind": "integer", "foreign-key": true }, "logger": { "kind": "string", "identifier": true }, "func": { "kind": "string", "identifier": true } }, "sample": [ { "line": "Thread-1950::INFO::2011-12-07 12:14:15,018::dispatcher::94::Storage.Dispatcher.Protect::(run) Run and protect: getDeviceList, args: ( storageType=2)" } ] }, "vmk_log" : { "title": "VMKernel Logs", "description": "The VMKernel's log format", "url": "", "regex": { "std": { "pattern": "^(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z) cpu(?\\d+):(?\\d+)\\)((?:(?WARNING|ALERT)|(?[^:]+)): )?(?.*)" } }, "level-field": "level", "level": { "error": "ALERT", "warning": "WARNING" }, "value": { "cpu": { "kind": "integer", "identifier": true, "foreign-key" : true }, "world_id": { "kind": "integer", "identifier": true, "foreign-key" : true }, "subsystem": { "kind": "string", "identifier": true } }, "sample": [ { "line": "2014-11-14T19:19:51.559Z cpu7:35233)VC: 2002: Device rescan time 704 msec (total number of devices 91)" }, { "line": "2015-04-01T22:22:35.038Z cpu22:44012977)ALERT: This is what an alert looks like." } ] }, "vmw_log" : { "title" : "VMware Logs", "description" : "One of the log formats used in VMware's ESXi and vCenter software.", "url" : "http://kb.vmware.com/kb/2004201", "regex" : { "6.0+" : { "pattern" : "^(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}(?:Z|[-+]\\d{2}:\\d{2})) (?:Section for VMware VirtualCenter,.*|(?\\w+) (?\\w+)\\[(?\\w+)\\] \\[(?[^ \\]]+)\\s*(?: sub=(?[^ \\]]+))?(?: opID=(?[^ \\]]+))?(?: user=(?[\\w\\-]+))?\\](?.*)(?:\\n(?:.|\\n)*)?)$" }, "5.0+" : { "pattern" : "^(?\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}(?:Z|[-+]\\d{2}:\\d{2})) \\[(?\\w+) (?\\w+) '(?[^']+)'(?: opID=(?[^ \\]]+))?(?: user=(?[\\w\\-]+))?\\](?.*)(?:\\n(?:.|\\n)*)?$" }, "pre-5.0" : { "pattern" : "^\\[(?\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}\\.\\d{3}) (?\\w+) (?\\w+) '(?[^']+)'(?: opID=(?[^ \\]]+))?(?: user=(?[\\w\\-]+))?\\](?.*)(?:\\n(?:.|\\n)*)?$" } }, "level-field": "level", "level" : { "error" : "(error|panic)", "warning" : "warning", "trace" : "verbose" }, "value" : { "prc" : { "kind" : "string", "identifier" : true }, "tid" : { "kind" : "string", "identifier" : true }, "src" : { "kind" : "string", "identifier" : true }, "comp" : { "kind" : "string", "identifier" : true }, "sub" : { "kind" : "string", "identifier" : true }, "opid" : { "kind" : "string", "identifier" : true }, "user" : { "kind" : "string", "identifier" : true } }, "sample" : [ { "line" : "[2011-04-01 15:14:34.203 F5A5AB90 info 'vm:/vmfs/volumes/4d6579ec-23f981cb-465c-00237da0cfee/Vmotion-test/Vmotion-test.vmx' opID=F6FC49D5-000007E6-d] VMotionPrepare: dstMgmtIp=10.21.49.138" }, { "line" : "2014-11-04T15:53:31.075+05:30 verbose vpxd[05160] [Originator@6876 sub=PropertyProvider opID=ProcessAlarmFiring-427c3c55] RecordOp ASSIGN: declaredAlarmState[\"alarm-1.host-23\"], host-23. Applied change to temp map." }, { "line" : "2014-01-17T04:55:50.347Z [7F03ECE76700 verbose 'Default' opID=2140bc71] [VpxVmomi] Invoke done: vmodl.query.PropertyCollector.waitForUpdatesEx session: c580b3ef-0011-88a5-b2af-7ca7e74114c8" }, { "line" : "2014-11-04T12:46:42.990+05:30 Section for VMware VirtualCenter, pid=6432, version=6.0.0, build=2255588, option=BETA" } ] }, "xmlrpc_log" : { "title" : "RHN server XMLRPC log format", "description" : "Generated by Satellite's XMLRPC component", "url" : "https://access.redhat.com/products/red-hat-satellite", "regex" : { "main" : { "pattern" : "^(?\\d{4}/\\d{2}/\\d{2} \\d{2}:\\d{2}:\\d{2} [+-]?\\d{2}:\\d{2}) (?\\d+) (?\\S+): (?\\w+)/(?.*)(?\\(.*?\\))?(?.*)$" } }, "value" : { "pid" : { "kind" : "integer", "identifier" : true }, "client_ip" : { "kind" : "string", "identifier" : true }, "module" : { "kind" : "string" }, "function" : { "kind" : "string" } }, "sample" : [ { "line" : "2015/05/24 07:48:21 -05:00 767 10.206.22.17: xmlrpc/up2date.listChannels(1000011979,)" }, { "line" : "2015/05/24 07:48:22 -05:00 1377 10.184.37.105: xmlrpc/registration.welcome_message('lang: None',)" }, { "line" : "2015/05/24 07:48:22 -05:00 759 10.49.10.30: xmlrpc/registration.register_osad" }, { "line" : "2015/05/24 07:48:22 -05:00 759 10.49.10.30: rhnServer/server_certificate.valid('Server id ID-1000019942 not found in database',)" } ] } }