mirror of https://github.com/tstack/lnav
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6.1 KiB
6.1 KiB
ⓘ The following is a rendered view of the content. Use :set-text-view-mode raw to view the raw version of this text
{
"$schema":"https://lnav.org/schemas/format-v1.schema.json",
"syslog_log":{
"title":"Syslog",
"description":"The system logger format found on most posix systems.",
"url":"http://en.wikipedia.org/wiki/Syslog",
"regex":{
"std":{"pattern":""
^(?<timestamp>(?:\S{
3,
8
}\s+\d{
1,
2
} \d{2}:\d{2}:\d{2}|\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d{
3,
6
}
)?(?:Z|(?:\+|-)\d{2}:\d{2})
)
)(?: (?<log_hostname>[a-zA-Z0-9:][^ ]+[a-zA-Z0-9]))?(?: \[CLOUDINIT\])?(?:(?: syslogd [\d\.]+|(?: (?<log_syslog_tag>(?<log_procname>(?:[^\[: ]+|[^ :]+))(?:\[(?<log_pid>\d+)\](?: \([^\)]+\))?)?))):\s*(?<body>.*)$|:?(?:(?: ---)? last message repeated \d+ times?(?: ---)?))
""},
"rfc5424":{"pattern":""
^<(?<log_pri>\d+)>(?<syslog_version>\d+) (?<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d{6})?(?:[^ ]+)?) (?<log_hostname>[^ ]+|-) (?<log_syslog_tag>(?<log_procname>[^ ]+|-) (?<log_pid>[^ ]+|-) (?<log_msgid>[^ ]+|-)) (?<log_struct>\[(?:[
^\]"]|"(?:\.|[^"])+")*\]|-|)\s+(?<body>.*)
""}
},
"level-field":"body",
"level":{
"error":"(?:(?:(?<![a-zA-Z]))(?:(?i)error(?:s)?)(?:(?![a-zA-Z]))|failed|failure)",
"warning":"(?:(?:(?i)warn)|not responding|init: cannot execute)"
},
"opid-field":"log_syslog_tag",
"multiline":true,
"module-field":"log_procname",
"value":{
"log_pri":{
"kind":"integer",
"foreign-key":true,
"description":"The priority level of the message"
},
"syslog_version":{
"kind":"integer",
"foreign-key":true,
"description":"The version of the syslog format used for this message"
},
"log_hostname":{
"kind":"string",
"collate":"ipaddress",
"identifier":true,
"description":"The name of the host that generated the message"
},
"log_procname":{
"kind":"string",
"identifier":true,
"description":"The name of the process that generated the message"
},
"log_pid":{
"kind":"string",
"identifier":true,
"action-list":["dump_pid"],
"description":"The ID of the process that generated the message"
},
"log_syslog_tag":{
"kind":"string",
"identifier":true,
"description":"The combination of the procname and pid"
},
"log_msgid":{
"kind":"string",
"identifier":true
},
"log_struct":{"kind":"struct"}
},
"action":{
"dump_pid":{
"label":"Show Process Info",
"capture-output":true,
"cmd":["dump-pid.sh"]
}
},
"sample":[
{"line":"Apr 28 04:02:03 tstack-centos5 syslogd 1.4.1: restart."},
{"line":"Jun 27 01:47:20 Tims-MacBook-Air.local configd[17]: network changed: v4(en0-:192.168.1.8) DNS- Proxy- SMB"},
{"line":"Jun 20 17:26:13 ip-10-188-149-5 [CLOUDINIT] util.py[DEBUG]: Restoring selinux mode for /var/lib/cloud (recursive=False)"},
{"line":"<46>1 2017-04-27T07:50:47.381967+02:00 logserver rsyslogd - - [origin software=\"rsyslogd\" swVersion=\"8.4.2\" x-pid=\"900\" x-info=\"http://www.rsyslog.com\"] start"},
{"line":"<30>1 2017-04-27T07:59:12+02:00 nextcloud dhclient - - - DHCPREQUEST on eth0 to 192.168.1.1 port 67"},
{"line":"<78>1 2017-04-27T08:09:01+02:00 nextcloud CRON 1472 - - (root) CMD ( [ -x /usr/lib/php5/sessionclean ] && /usr/lib/php5/sessionclean)"},
{"line":"Aug 1 00:00:03 Tim-Stacks-iMac com.apple.xpc.launchd[1] (com.apple.mdworker.shared.0C000000-0700-0000-0000-000000000000[50989]): Service exited due to SIGKILL | sent by mds[198]"}
]
}
}
{
"$schema":"https://lnav.org/schemas/format-v1.schema.json",
"syslog_log":{
"title":"Syslog",
"description":"The system logger format found on most posix systems.",
"url":"http://en.wikipedia.org/wiki/Syslog",
"regex":{
"std":{"pattern":""
^(?<timestamp>(?:\S{
3,
8
}\s+\d{
1,
2
} \d{2}:\d{2}:\d{2}|\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d{
3,
6
}
)?(?:Z|(?:\+|-)\d{2}:\d{2})
)
)(?: (?<log_hostname>[a-zA-Z0-9:][^ ]+[a-zA-Z0-9]))?(?: \[CLOUDINIT\])?(?:(?: syslogd [\d\.]+|(?: (?<log_syslog_tag>(?<log_procname>(?:[^\[: ]+|[^ :]+))(?:\[(?<log_pid>\d+)\](?: \([^\)]+\))?)?))):\s*(?<body>.*)$|:?(?:(?: ---)? last message repeated \d+ times?(?: ---)?))
""},
"rfc5424":{"pattern":""
^<(?<log_pri>\d+)>(?<syslog_version>\d+) (?<timestamp>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d{6})?(?:[^ ]+)?) (?<log_hostname>[^ ]+|-) (?<log_syslog_tag>(?<log_procname>[^ ]+|-) (?<log_pid>[^ ]+|-) (?<log_msgid>[^ ]+|-)) (?<log_struct>\[(?:[
^\]"]|"(?:\.|[^"])+")*\]|-|)\s+(?<body>.*)
""}
},
"level-field":"body",
"level":{
"error":"(?:(?:(?<![a-zA-Z]))(?:(?i)error(?:s)?)(?:(?![a-zA-Z]))|failed|failure)",
"warning":"(?:(?:(?i)warn)|not responding|init: cannot execute)"
},
"opid-field":"log_syslog_tag",
"multiline":true,
"module-field":"log_procname",
"value":{
"log_pri":{
"kind":"integer",
"foreign-key":true,
"description":"The priority level of the message"
},
"syslog_version":{
"kind":"integer",
"foreign-key":true,
"description":"The version of the syslog format used for this message"
},
"log_hostname":{
"kind":"string",
"collate":"ipaddress",
"identifier":true,
"description":"The name of the host that generated the message"
},
"log_procname":{
"kind":"string",
"identifier":true,
"description":"The name of the process that generated the message"
},
"log_pid":{
"kind":"string",
"identifier":true,
"action-list":["dump_pid"],
"description":"The ID of the process that generated the message"
},
"log_syslog_tag":{
"kind":"string",
"identifier":true,
"description":"The combination of the procname and pid"
},
"log_msgid":{
"kind":"string",
"identifier":true
},
"log_struct":{"kind":"struct"}
},
"action":{
"dump_pid":{
"label":"Show Process Info",
"capture-output":true,
"cmd":["dump-pid.sh"]
}
},
"sample":[
{"line":"Apr 28 04:02:03 tstack-centos5 syslogd 1.4.1: restart."},
{"line":"Jun 27 01:47:20 Tims-MacBook-Air.local configd[17]: network changed: v4(en0-:192.168.1.8) DNS- Proxy- SMB"},
{"line":"Jun 20 17:26:13 ip-10-188-149-5 [CLOUDINIT] util.py[DEBUG]: Restoring selinux mode for /var/lib/cloud (recursive=False)"},
{"line":"<46>1 2017-04-27T07:50:47.381967+02:00 logserver rsyslogd - - [origin software=\"rsyslogd\" swVersion=\"8.4.2\" x-pid=\"900\" x-info=\"http://www.rsyslog.com\"] start"},
{"line":"<30>1 2017-04-27T07:59:12+02:00 nextcloud dhclient - - - DHCPREQUEST on eth0 to 192.168.1.1 port 67"},
{"line":"<78>1 2017-04-27T08:09:01+02:00 nextcloud CRON 1472 - - (root) CMD ( [ -x /usr/lib/php5/sessionclean ] && /usr/lib/php5/sessionclean)"},
{"line":"Aug 1 00:00:03 Tim-Stacks-iMac com.apple.xpc.launchd[1] (com.apple.mdworker.shared.0C000000-0700-0000-0000-000000000000[50989]): Service exited due to SIGKILL | sent by mds[198]"}
]
}
}