Created
December 12, 2014 15:02
-
-
Save dougmcclure/c14cf76e7d79141e76f8 to your computer and use it in GitHub Desktop.
logstash 150b1 patterns not loading
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@nc048152 logstash150b1]# bin/logstash agent -f /opt/logstash150b1/configs/logstash-newpluginv2.conf --verbose | |
| Using milestone 2 input plugin 'tcp'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.5.0.beta1/plugin-milestones {:level=>:warn} | |
| Using milestone 2 input plugin 'file'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.5.0.beta1/plugin-milestones {:level=>:warn} | |
| Using milestone 2 filter plugin 'json'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.5.0.beta1/plugin-milestones {:level=>:warn} | |
| Using milestone 1 output plugin 'scala'. This plugin should work, but would benefit from use by folks like you. Please let us know if you find bugs or have suggestions on how to improve this plugin. For more information on plugin milestones, see http://logstash.net/docs/1.5.0.beta1/plugin-milestones {:level=>:warn} | |
| Using milestone 2 output plugin 'file'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.5.0.beta1/plugin-milestones {:level=>:warn} | |
| Starting tcp input listener {:address=>"0.0.0.0:10515", :level=>:info} | |
| Starting tcp input listener {:address=>"0.0.0.0:10516", :level=>:info} | |
| Starting tcp input listener {:address=>"0.0.0.0:10517", :level=>:info} | |
| Starting tcp input listener {:address=>"0.0.0.0:10518", :level=>:info} | |
| Registering file input {:path=>["/opt/scala/driver/logs/GenericReceiver.log"], :level=>:info} | |
| No sincedb_path set, generating one based on the file path {:sincedb_path=>"/root/.sincedb_af5ab388ead3de9860b80769b006854f", :path=>["/opt/scala/driver/logs/GenericReceiver.log"], :level=>:info} | |
| Registering file input {:path=>["/opt/scala/driver/logs/UnityApplication.log"], :level=>:info} | |
| No sincedb_path set, generating one based on the file path {:sincedb_path=>"/root/.sincedb_dfd19923971e4a5f9354d36af584c188", :path=>["/opt/scala/driver/logs/UnityApplication.log"], :level=>:info} | |
| Registering file input {:path=>["/opt/scala/driver/logs/UnityEifReceiver.log"], :level=>:info} | |
| No sincedb_path set, generating one based on the file path {:sincedb_path=>"/root/.sincedb_732ec9b969e6ec35a1bca513575b960b", :path=>["/opt/scala/driver/logs/UnityEifReceiver.log"], :level=>:info} | |
| Registering file input {:path=>["/opt/scala/driver/solr-4.7.1/scala_instance1/logs/solr.log"], :level=>:info} | |
| No sincedb_path set, generating one based on the file path {:sincedb_path=>"/root/.sincedb_9da818c4af303ca5b947dec47744fa8e", :path=>["/opt/scala/driver/solr-4.7.1/scala_instance1/logs/solr.log"], :level=>:info} | |
| Registering file input {:path=>["/opt/scala/driver/logs/ManangeSolrnodes.log"], :level=>:info} | |
| No sincedb_path set, generating one based on the file path {:sincedb_path=>"/root/.sincedb_4c1b28e4d74ad56a3ad84d18252ded46", :path=>["/opt/scala/driver/logs/ManangeSolrnodes.log"], :level=>:info} | |
| Registering file input {:path=>["/opt/scala/driver/logs/zookeeper.out"], :level=>:info} | |
| No sincedb_path set, generating one based on the file path {:sincedb_path=>"/root/.sincedb_1cfb5e39c4d006dc7f9f9a9f3acf9492", :path=>["/opt/scala/driver/logs/zookeeper.out"], :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/nagios", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/firewalls", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/redis", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/haproxy", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/ruby", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/junos", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/linux-syslog", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/java", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/postgresql", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/mcollective-patterns", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/mongodb", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/mcollective", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/grok-patterns", :level=>:info} | |
| Grok patterns path {:patterns_dir=>["/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns"], :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/nagios", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/firewalls", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/redis", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/haproxy", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/ruby", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/junos", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/linux-syslog", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/java", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/postgresql", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/mcollective-patterns", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/mongodb", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/mcollective", :level=>:info} | |
| Grok loading patterns from file {:path=>"/opt/logstash150b1/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.2/patterns/grok-patterns", :level=>:info} | |
| Match data {:match=>{"message"=>"%{RSYSLOGDSV}"}, :level=>:info} | |
| Grok compile {:field=>"message", :patterns=>["%{RSYSLOGDSV}"], :level=>:info} | |
| Adding pattern {"NAGIOSTIME"=>"\\[%{NUMBER:nagios_epoch}\\]", :level=>:info} | |
| Adding pattern {"NAGIOS_TYPE_CURRENT_SERVICE_STATE"=>"CURRENT SERVICE STATE", :level=>:info} | |
| Adding pattern {"NAGIOS_TYPE_CURRENT_HOST_STATE"=>"CURRENT HOST STATE", :level=>:info} | |
| Adding pattern {"NAGIOS_TYPE_SERVICE_NOTIFICATION"=>"SERVICE NOTIFICATION", :level=>:info} | |
| Adding pattern {"NAGIOS_TYPE_HOST_NOTIFICATION"=>"HOST NOTIFICATION", :level=>:info} | |
| Adding pattern {"NAGIOS_TYPE_SERVICE_ALERT"=>"SERVICE ALERT", :level=>:info} | |
| Adding pattern {"NAGIOS_TYPE_HOST_ALERT"=>"HOST ALERT", :level=>:info} | |
| Adding pattern {"NAGIOS_TYPE_SERVICE_FLAPPING_ALERT"=>"SERVICE FLAPPING ALERT", :level=>:info} | |
| Adding pattern {"NAGIOS_TYPE_HOST_FLAPPING_ALERT"=>"HOST FLAPPING ALERT", :level=>:info} | |
| Adding pattern {"NAGIOS_TYPE_SERVICE_DOWNTIME_ALERT"=>"SERVICE DOWNTIME ALERT", :level=>:info} | |
| Adding pattern {"NAGIOS_TYPE_HOST_DOWNTIME_ALERT"=>"HOST DOWNTIME ALERT", :level=>:info} | |
| Adding pattern {"NAGIOS_TYPE_PASSIVE_SERVICE_CHECK"=>"PASSIVE SERVICE CHECK", :level=>:info} | |
| Adding pattern {"NAGIOS_TYPE_PASSIVE_HOST_CHECK"=>"PASSIVE HOST CHECK", :level=>:info} | |
| Adding pattern {"NAGIOS_TYPE_SERVICE_EVENT_HANDLER"=>"SERVICE EVENT HANDLER", :level=>:info} | |
| Adding pattern {"NAGIOS_TYPE_HOST_EVENT_HANDLER"=>"HOST EVENT HANDLER", :level=>:info} | |
| Adding pattern {"NAGIOS_TYPE_EXTERNAL_COMMAND"=>"EXTERNAL COMMAND", :level=>:info} | |
| Adding pattern {"NAGIOS_TYPE_TIMEPERIOD_TRANSITION"=>"TIMEPERIOD TRANSITION", :level=>:info} | |
| Adding pattern {"NAGIOS_EC_DISABLE_SVC_CHECK"=>"DISABLE_SVC_CHECK", :level=>:info} | |
| Adding pattern {"NAGIOS_EC_ENABLE_SVC_CHECK"=>"ENABLE_SVC_CHECK", :level=>:info} | |
| Adding pattern {"NAGIOS_EC_DISABLE_HOST_CHECK"=>"DISABLE_HOST_CHECK", :level=>:info} | |
| Adding pattern {"NAGIOS_EC_ENABLE_HOST_CHECK"=>"ENABLE_HOST_CHECK", :level=>:info} | |
| Adding pattern {"NAGIOS_EC_PROCESS_SERVICE_CHECK_RESULT"=>"PROCESS_SERVICE_CHECK_RESULT", :level=>:info} | |
| Adding pattern {"NAGIOS_EC_PROCESS_HOST_CHECK_RESULT"=>"PROCESS_HOST_CHECK_RESULT", :level=>:info} | |
| Adding pattern {"NAGIOS_EC_SCHEDULE_SERVICE_DOWNTIME"=>"SCHEDULE_SERVICE_DOWNTIME", :level=>:info} | |
| Adding pattern {"NAGIOS_EC_SCHEDULE_HOST_DOWNTIME"=>"SCHEDULE_HOST_DOWNTIME", :level=>:info} | |
| Adding pattern {"NAGIOS_WARNING"=>"Warning:%{SPACE}%{GREEDYDATA:nagios_message}", :level=>:info} | |
| Adding pattern {"NAGIOS_CURRENT_SERVICE_STATE"=>"%{NAGIOS_TYPE_CURRENT_SERVICE_STATE:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statetype};%{DATA:nagios_statecode};%{GREEDYDATA:nagios_message}", :level=>:info} | |
| Adding pattern {"NAGIOS_CURRENT_HOST_STATE"=>"%{NAGIOS_TYPE_CURRENT_HOST_STATE:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statetype};%{DATA:nagios_statecode};%{GREEDYDATA:nagios_message}", :level=>:info} | |
| Adding pattern {"NAGIOS_SERVICE_NOTIFICATION"=>"%{NAGIOS_TYPE_SERVICE_NOTIFICATION:nagios_type}: %{DATA:nagios_notifyname};%{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_contact};%{GREEDYDATA:nagios_message}", :level=>:info} | |
| Adding pattern {"NAGIOS_HOST_NOTIFICATION"=>"%{NAGIOS_TYPE_HOST_NOTIFICATION}: %{DATA:nagios_notifyname};%{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_contact};%{GREEDYDATA:nagios_message}", :level=>:info} | |
| Adding pattern {"NAGIOS_SERVICE_ALERT"=>"%{NAGIOS_TYPE_SERVICE_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{NUMBER:nagios_attempt};%{GREEDYDATA:nagios_message}", :level=>:info} | |
| Adding pattern {"NAGIOS_HOST_ALERT"=>"%{NAGIOS_TYPE_HOST_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{NUMBER:nagios_attempt};%{GREEDYDATA:nagios_message}", :level=>:info} | |
| Adding pattern {"NAGIOS_SERVICE_FLAPPING_ALERT"=>"%{NAGIOS_TYPE_SERVICE_FLAPPING_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_message}", :level=>:info} | |
| Adding pattern {"NAGIOS_HOST_FLAPPING_ALERT"=>"%{NAGIOS_TYPE_HOST_FLAPPING_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_message}", :level=>:info} | |
| Adding pattern {"NAGIOS_SERVICE_DOWNTIME_ALERT"=>"%{NAGIOS_TYPE_SERVICE_DOWNTIME_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}", :level=>:info} | |
| Adding pattern {"NAGIOS_HOST_DOWNTIME_ALERT"=>"%{NAGIOS_TYPE_HOST_DOWNTIME_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}", :level=>:info} | |
| Adding pattern {"NAGIOS_PASSIVE_SERVICE_CHECK"=>"%{NAGIOS_TYPE_PASSIVE_SERVICE_CHECK:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}", :level=>:info} | |
| Adding pattern {"NAGIOS_PASSIVE_HOST_CHECK"=>"%{NAGIOS_TYPE_PASSIVE_HOST_CHECK:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}", :level=>:info} | |
| Adding pattern {"NAGIOS_SERVICE_EVENT_HANDLER"=>"%{NAGIOS_TYPE_SERVICE_EVENT_HANDLER:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{DATA:nagios_event_handler_name}", :level=>:info} | |
| Adding pattern {"NAGIOS_HOST_EVENT_HANDLER"=>"%{NAGIOS_TYPE_HOST_EVENT_HANDLER:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{DATA:nagios_event_handler_name}", :level=>:info} | |
| Adding pattern {"NAGIOS_TIMEPERIOD_TRANSITION"=>"%{NAGIOS_TYPE_TIMEPERIOD_TRANSITION:nagios_type}: %{DATA:nagios_service};%{DATA:nagios_unknown1};%{DATA:nagios_unknown2};", :level=>:info} | |
| Adding pattern {"NAGIOS_EC_LINE_DISABLE_SVC_CHECK"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_DISABLE_SVC_CHECK:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_service}", :level=>:info} | |
| Adding pattern {"NAGIOS_EC_LINE_DISABLE_HOST_CHECK"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_DISABLE_HOST_CHECK:nagios_command};%{DATA:nagios_hostname}", :level=>:info} | |
| Adding pattern {"NAGIOS_EC_LINE_ENABLE_SVC_CHECK"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_ENABLE_SVC_CHECK:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_service}", :level=>:info} | |
| Adding pattern {"NAGIOS_EC_LINE_ENABLE_HOST_CHECK"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_ENABLE_HOST_CHECK:nagios_command};%{DATA:nagios_hostname}", :level=>:info} | |
| Adding pattern {"NAGIOS_EC_LINE_PROCESS_SERVICE_CHECK_RESULT"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_PROCESS_SERVICE_CHECK_RESULT:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_check_result}", :level=>:info} | |
| Adding pattern {"NAGIOS_EC_LINE_PROCESS_HOST_CHECK_RESULT"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_PROCESS_HOST_CHECK_RESULT:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_check_result}", :level=>:info} | |
| Adding pattern {"NAGIOS_EC_LINE_SCHEDULE_HOST_DOWNTIME"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_SCHEDULE_HOST_DOWNTIME:nagios_command};%{DATA:nagios_hostname};%{NUMBER:nagios_start_time};%{NUMBER:nagios_end_time};%{NUMBER:nagios_fixed};%{NUMBER:nagios_trigger_id};%{NUMBER:nagios_duration};%{DATA:author};%{DATA:comment}", :level=>:info} | |
| Adding pattern {"NAGIOSLOGLINE"=>"%{NAGIOSTIME} (?:%{NAGIOS_WARNING}|%{NAGIOS_CURRENT_SERVICE_STATE}|%{NAGIOS_CURRENT_HOST_STATE}|%{NAGIOS_SERVICE_NOTIFICATION}|%{NAGIOS_HOST_NOTIFICATION}|%{NAGIOS_SERVICE_ALERT}|%{NAGIOS_HOST_ALERT}|%{NAGIOS_SERVICE_FLAPPING_ALERT}|%{NAGIOS_HOST_FLAPPING_ALERT}|%{NAGIOS_SERVICE_DOWNTIME_ALERT}|%{NAGIOS_HOST_DOWNTIME_ALERT}|%{NAGIOS_PASSIVE_SERVICE_CHECK}|%{NAGIOS_PASSIVE_HOST_CHECK}|%{NAGIOS_SERVICE_EVENT_HANDLER}|%{NAGIOS_HOST_EVENT_HANDLER}|%{NAGIOS_TIMEPERIOD_TRANSITION}|%{NAGIOS_EC_LINE_DISABLE_SVC_CHECK}|%{NAGIOS_EC_LINE_ENABLE_SVC_CHECK}|%{NAGIOS_EC_LINE_DISABLE_HOST_CHECK|%{NAGIOS_EC_LINE_ENABLE_HOST_CHECK}|%{NAGIOS_EC_LINE_PROCESS_HOST_CHECK_RESULT}|%{NAGIOS_EC_LINE_PROCESS_SERVICE_CHECK_RESULT}|%{NAGIOS_EC_LINE_SCHEDULE_HOST_DOWNTIME})", :level=>:info} | |
| Adding pattern {"NETSCREENSESSIONLOG"=>"%{SYSLOGTIMESTAMP:date} %{IPORHOST:device} %{IPORHOST}: NetScreen device_id=%{WORD:device_id}%{DATA}: start_time=%{QUOTEDSTRING:start_time} duration=%{INT:duration} policy_id=%{INT:policy_id} service=%{DATA:service} proto=%{INT:proto} src zone=%{WORD:src_zone} dst zone=%{WORD:dst_zone} action=%{WORD:action} sent=%{INT:sent} rcvd=%{INT:rcvd} src=%{IPORHOST:src_ip} dst=%{IPORHOST:dst_ip} src_port=%{INT:src_port} dst_port=%{INT:dst_port} src-xlated ip=%{IPORHOST:src_xlated_ip} port=%{INT:src_xlated_port} dst-xlated ip=%{IPORHOST:dst_xlated_ip} port=%{INT:dst_xlated_port} session_id=%{INT:session_id} reason=%{GREEDYDATA:reason}", :level=>:info} | |
| Adding pattern {"CISCO_TAGGED_SYSLOG"=>"^<%{POSINT:syslog_pri}>%{CISCOTIMESTAMP:timestamp}( %{SYSLOGHOST:sysloghost})?: %%{CISCOTAG:ciscotag}:", :level=>:info} | |
| Adding pattern {"CISCOTIMESTAMP"=>"%{MONTH} +%{MONTHDAY}(?: %{YEAR})? %{TIME}", :level=>:info} | |
| Adding pattern {"CISCOTAG"=>"[A-Z0-9]+-%{INT}-(?:[A-Z0-9_]+)", :level=>:info} | |
| Adding pattern {"CISCO_ACTION"=>"Built|Teardown|Deny|Denied|denied|requested|permitted|denied by ACL|discarded|est-allowed|Dropping|created|deleted", :level=>:info} | |
| Adding pattern {"CISCO_REASON"=>"Duplicate TCP SYN|Failed to locate egress interface|Invalid transport field|No matching connection|DNS Response|DNS Query|(?:%{WORD}\\s*)*", :level=>:info} | |
| Adding pattern {"CISCO_DIRECTION"=>"Inbound|inbound|Outbound|outbound", :level=>:info} | |
| Adding pattern {"CISCO_INTERVAL"=>"first hit|%{INT}-second interval", :level=>:info} | |
| Adding pattern {"CISCO_XLATE_TYPE"=>"static|dynamic", :level=>:info} | |
| Adding pattern {"CISCOFW106001"=>"%{CISCO_DIRECTION:direction} %{WORD:protocol} connection %{CISCO_ACTION:action} from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port} flags %{GREEDYDATA:tcp_flags} on interface %{GREEDYDATA:interface}", :level=>:info} | |
| Adding pattern {"CISCOFW106006_106007_106010"=>"%{CISCO_ACTION:action} %{CISCO_DIRECTION:direction} %{WORD:protocol} (?:from|src) %{IP:src_ip}/%{INT:src_port}(\\(%{DATA:src_fwuser}\\))? (?:to|dst) %{IP:dst_ip}/%{INT:dst_port}(\\(%{DATA:dst_fwuser}\\))? (?:on interface %{DATA:interface}|due to %{CISCO_REASON:reason})", :level=>:info} | |
| Adding pattern {"CISCOFW106014"=>"%{CISCO_ACTION:action} %{CISCO_DIRECTION:direction} %{WORD:protocol} src %{DATA:src_interface}:%{IP:src_ip}(\\(%{DATA:src_fwuser}\\))? dst %{DATA:dst_interface}:%{IP:dst_ip}(\\(%{DATA:dst_fwuser}\\))? \\(type %{INT:icmp_type}, code %{INT:icmp_code}\\)", :level=>:info} | |
| Adding pattern {"CISCOFW106015"=>"%{CISCO_ACTION:action} %{WORD:protocol} \\(%{DATA:policy_id}\\) from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port} flags %{DATA:tcp_flags} on interface %{GREEDYDATA:interface}", :level=>:info} | |
| Adding pattern {"CISCOFW106021"=>"%{CISCO_ACTION:action} %{WORD:protocol} reverse path check from %{IP:src_ip} to %{IP:dst_ip} on interface %{GREEDYDATA:interface}", :level=>:info} | |
| Adding pattern {"CISCOFW106023"=>"%{CISCO_ACTION:action} %{WORD:protocol} src %{DATA:src_interface}:%{IP:src_ip}(/%{INT:src_port})?(\\(%{DATA:src_fwuser}\\))? dst %{DATA:dst_interface}:%{IP:dst_ip}(/%{INT:dst_port})?(\\(%{DATA:dst_fwuser}\\))?( \\(type %{INT:icmp_type}, code %{INT:icmp_code}\\))? by access-group %{DATA:policy_id} \\[%{DATA:hashcode1}, %{DATA:hashcode2}\\]", :level=>:info} | |
| Adding pattern {"CISCOFW106100"=>"access-list %{WORD:policy_id} %{CISCO_ACTION:action} %{WORD:protocol} %{DATA:src_interface}/%{IP:src_ip}\\(%{INT:src_port}\\)(\\(%{DATA:src_fwuser}\\))? -> %{DATA:dst_interface}/%{IP:dst_ip}\\(%{INT:dst_port}\\)(\\(%{DATA:src_fwuser}\\))? hit-cnt %{INT:hit_count} %{CISCO_INTERVAL:interval} \\[%{DATA:hashcode1}, %{DATA:hashcode2}\\]", :level=>:info} | |
| Adding pattern {"CISCOFW110002"=>"%{CISCO_REASON:reason} for %{WORD:protocol} from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port}", :level=>:info} | |
| Adding pattern {"CISCOFW302010"=>"%{INT:connection_count} in use, %{INT:connection_count_max} most used", :level=>:info} | |
| Adding pattern {"CISCOFW302013_302014_302015_302016"=>"%{CISCO_ACTION:action}(?: %{CISCO_DIRECTION:direction})? %{WORD:protocol} connection %{INT:connection_id} for %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port}( \\(%{IP:src_mapped_ip}/%{INT:src_mapped_port}\\))?(\\(%{DATA:src_fwuser}\\))? to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}( \\(%{IP:dst_mapped_ip}/%{INT:dst_mapped_port}\\))?(\\(%{DATA:dst_fwuser}\\))?( duration %{TIME:duration} bytes %{INT:bytes})?(?: %{CISCO_REASON:reason})?( \\(%{DATA:user}\\))?", :level=>:info} | |
| Adding pattern {"CISCOFW302020_302021"=>"%{CISCO_ACTION:action}(?: %{CISCO_DIRECTION:direction})? %{WORD:protocol} connection for faddr %{IP:dst_ip}/%{INT:icmp_seq_num}(?:\\(%{DATA:fwuser}\\))? gaddr %{IP:src_xlated_ip}/%{INT:icmp_code_xlated} laddr %{IP:src_ip}/%{INT:icmp_code}( \\(%{DATA:user}\\))?", :level=>:info} | |
| Adding pattern {"CISCOFW305011"=>"%{CISCO_ACTION:action} %{CISCO_XLATE_TYPE:xlate_type} %{WORD:protocol} translation from %{DATA:src_interface}:%{IP:src_ip}(/%{INT:src_port})?(\\(%{DATA:src_fwuser}\\))? to %{DATA:src_xlated_interface}:%{IP:src_xlated_ip}/%{DATA:src_xlated_port}", :level=>:info} | |
| Adding pattern {"CISCOFW313001_313004_313008"=>"%{CISCO_ACTION:action} %{WORD:protocol} type=%{INT:icmp_type}, code=%{INT:icmp_code} from %{IP:src_ip} on interface %{DATA:interface}( to %{IP:dst_ip})?", :level=>:info} | |
| Adding pattern {"CISCOFW313005"=>"%{CISCO_REASON:reason} for %{WORD:protocol} error message: %{WORD:err_protocol} src %{DATA:err_src_interface}:%{IP:err_src_ip}(\\(%{DATA:err_src_fwuser}\\))? dst %{DATA:err_dst_interface}:%{IP:err_dst_ip}(\\(%{DATA:err_dst_fwuser}\\))? \\(type %{INT:err_icmp_type}, code %{INT:err_icmp_code}\\) on %{DATA:interface} interface\\. Original IP payload: %{WORD:protocol} src %{IP:orig_src_ip}/%{INT:orig_src_port}(\\(%{DATA:orig_src_fwuser}\\))? dst %{IP:orig_dst_ip}/%{INT:orig_dst_port}(\\(%{DATA:orig_dst_fwuser}\\))?", :level=>:info} | |
| Adding pattern {"CISCOFW402117"=>"%{WORD:protocol}: Received a non-IPSec packet \\(protocol= %{WORD:orig_protocol}\\) from %{IP:src_ip} to %{IP:dst_ip}", :level=>:info} | |
| Adding pattern {"CISCOFW402119"=>"%{WORD:protocol}: Received an %{WORD:orig_protocol} packet \\(SPI= %{DATA:spi}, sequence number= %{DATA:seq_num}\\) from %{IP:src_ip} \\(user= %{DATA:user}\\) to %{IP:dst_ip} that failed anti-replay checking", :level=>:info} | |
| Adding pattern {"CISCOFW419001"=>"%{CISCO_ACTION:action} %{WORD:protocol} packet from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}, reason: %{GREEDYDATA:reason}", :level=>:info} | |
| Adding pattern {"CISCOFW419002"=>"%{CISCO_REASON:reason} from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port} with different initial sequence number", :level=>:info} | |
| Adding pattern {"CISCOFW500004"=>"%{CISCO_REASON:reason} for protocol=%{WORD:protocol}, from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port}", :level=>:info} | |
| Adding pattern {"CISCOFW602303_602304"=>"%{WORD:protocol}: An %{CISCO_DIRECTION:direction} %{GREEDYDATA:tunnel_type} SA \\(SPI= %{DATA:spi}\\) between %{IP:src_ip} and %{IP:dst_ip} \\(user= %{DATA:user}\\) has been %{CISCO_ACTION:action}", :level=>:info} | |
| Adding pattern {"CISCOFW710001_710002_710003_710005_710006"=>"%{WORD:protocol} (?:request|access) %{CISCO_ACTION:action} from %{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}", :level=>:info} | |
| Adding pattern {"CISCOFW713172"=>"Group = %{GREEDYDATA:group}, IP = %{IP:src_ip}, Automatic NAT Detection Status:\\s+Remote end\\s*%{DATA:is_remote_natted}\\s*behind a NAT device\\s+This\\s+end\\s*%{DATA:is_local_natted}\\s*behind a NAT device", :level=>:info} | |
| Adding pattern {"CISCOFW733100"=>"\\[\\s*%{DATA:drop_type}\\s*\\] drop %{DATA:drop_rate_id} exceeded. Current burst rate is %{INT:drop_rate_current_burst} per second, max configured rate is %{INT:drop_rate_max_burst}; Current average rate is %{INT:drop_rate_current_avg} per second, max configured rate is %{INT:drop_rate_max_avg}; Cumulative total count is %{INT:drop_total_count}", :level=>:info} | |
| Adding pattern {"REDISTIMESTAMP"=>"%{MONTHDAY} %{MONTH} %{TIME}", :level=>:info} | |
| Adding pattern {"REDISLOG"=>"\\[%{POSINT:pid}\\] %{REDISTIMESTAMP:timestamp} \\* ", :level=>:info} | |
| Adding pattern {"HAPROXYTIME"=>"(?!<[0-9])%{HOUR:haproxy_hour}:%{MINUTE:haproxy_minute}(?::%{SECOND:haproxy_second})(?![0-9])", :level=>:info} | |
| Adding pattern {"HAPROXYDATE"=>"%{MONTHDAY:haproxy_monthday}/%{MONTH:haproxy_month}/%{YEAR:haproxy_year}:%{HAPROXYTIME:haproxy_time}.%{INT:haproxy_milliseconds}", :level=>:info} | |
| Adding pattern {"HAPROXYCAPTUREDREQUESTHEADERS"=>"%{DATA:captured_request_headers}", :level=>:info} | |
| Adding pattern {"HAPROXYCAPTUREDRESPONSEHEADERS"=>"%{DATA:captured_response_headers}", :level=>:info} | |
| Adding pattern {"HAPROXYHTTP"=>"%{SYSLOGTIMESTAMP:syslog_timestamp} %{IPORHOST:syslog_server} %{SYSLOGPROG}: %{IP:client_ip}:%{INT:client_port} \\[%{HAPROXYDATE:accept_date}\\] %{NOTSPACE:frontend_name} %{NOTSPACE:backend_name}/%{NOTSPACE:server_name} %{INT:time_request}/%{INT:time_queue}/%{INT:time_backend_connect}/%{INT:time_backend_response}/%{NOTSPACE:time_duration} %{INT:http_status_code} %{NOTSPACE:bytes_read} %{DATA:captured_request_cookie} %{DATA:captured_response_cookie} %{NOTSPACE:termination_state} %{INT:actconn}/%{INT:feconn}/%{INT:beconn}/%{INT:srvconn}/%{NOTSPACE:retries} %{INT:srv_queue}/%{INT:backend_queue} (\\{%{HAPROXYCAPTUREDREQUESTHEADERS}\\})?( )?(\\{%{HAPROXYCAPTUREDRESPONSEHEADERS}\\})?( )?\"(<BADREQ>|(%{WORD:http_verb} (%{URIPROTO:http_proto}://)?(?:%{USER:http_user}(?::[^@]*)?@)?(?:%{URIHOST:http_host})?(?:%{URIPATHPARAM:http_request})?( HTTP/%{NUMBER:http_version})?))?\"", :level=>:info} | |
| Adding pattern {"HAPROXYTCP"=>"%{SYSLOGTIMESTAMP:syslog_timestamp} %{IPORHOST:syslog_server} %{SYSLOGPROG}: %{IP:client_ip}:%{INT:client_port} \\[%{HAPROXYDATE:accept_date}\\] %{NOTSPACE:frontend_name} %{NOTSPACE:backend_name}/%{NOTSPACE:server_name} %{INT:time_queue}/%{INT:time_backend_connect}/%{NOTSPACE:time_duration} %{NOTSPACE:bytes_read} %{NOTSPACE:termination_state} %{INT:actconn}/%{INT:feconn}/%{INT:beconn}/%{INT:srvconn}/%{NOTSPACE:retries} %{INT:srv_queue}/%{INT:backend_queue}", :level=>:info} | |
| Adding pattern {"RUBY_LOGLEVEL"=>"(?:DEBUG|FATAL|ERROR|WARN|INFO)", :level=>:info} | |
| Adding pattern {"RUBY_LOGGER"=>"[DFEWI], \\[%{TIMESTAMP_ISO8601:timestamp} #%{POSINT:pid}\\] *%{RUBY_LOGLEVEL:loglevel} -- +%{DATA:progname}: %{GREEDYDATA:message}", :level=>:info} | |
| Adding pattern {"RT_FLOW_EVENT"=>"(RT_FLOW_SESSION_CREATE|RT_FLOW_SESSION_CLOSE|RT_FLOW_SESSION_DENY)", :level=>:info} | |
| Adding pattern {"RT_FLOW1"=>"%{RT_FLOW_EVENT:event}: %{GREEDYDATA:close-reason}: %{IP:src-ip}/%{DATA:src-port}->%{IP:dst-ip}/%{DATA:dst-port} %{DATA:service} %{IP:nat-src-ip}/%{DATA:nat-src-port}->%{IP:nat-dst-ip}/%{DATA:nat-dst-port} %{DATA:src-nat-rule-name} %{DATA:dst-nat-rule-name} %{INT:protocol-id} %{DATA:policy-name} %{DATA:from-zone} %{DATA:to-zone} %{INT:session-id} \\d+\\(%{DATA:sent}\\) \\d+\\(%{DATA:received}\\) %{INT:elapsed-time} .*", :level=>:info} | |
| Adding pattern {"RT_FLOW2"=>"%{RT_FLOW_EVENT:event}: session created %{IP:src-ip}/%{DATA:src-port}->%{IP:dst-ip}/%{DATA:dst-port} %{DATA:service} %{IP:nat-src-ip}/%{DATA:nat-src-port}->%{IP:nat-dst-ip}/%{DATA:nat-dst-port} %{DATA:src-nat-rule-name} %{DATA:dst-nat-rule-name} %{INT:protocol-id} %{DATA:policy-name} %{DATA:from-zone} %{DATA:to-zone} %{INT:session-id} .*", :level=>:info} | |
| Adding pattern {"RT_FLOW3"=>"%{RT_FLOW_EVENT:event}: session denied %{IP:src-ip}/%{DATA:src-port}->%{IP:dst-ip}/%{DATA:dst-port} %{DATA:service} %{INT:protocol-id}\\(\\d\\) %{DATA:policy-name} %{DATA:from-zone} %{DATA:to-zone} .*", :level=>:info} | |
| Adding pattern {"SYSLOG5424PRINTASCII"=>"[!-~]+", :level=>:info} | |
| Adding pattern {"SYSLOGBASE2"=>"(?:%{SYSLOGTIMESTAMP:timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:", :level=>:info} | |
| Adding pattern {"SYSLOGPAMSESSION"=>"%{SYSLOGBASE} (?=%{GREEDYDATA:message})%{WORD:pam_module}\\(%{DATA:pam_caller}\\): session %{WORD:pam_session_state} for user %{USERNAME:username}(?: by %{GREEDYDATA:pam_by})?", :level=>:info} | |
| Adding pattern {"CRON_ACTION"=>"[A-Z ]+", :level=>:info} | |
| Adding pattern {"CRONLOG"=>"%{SYSLOGBASE} \\(%{USER:user}\\) %{CRON_ACTION:action} \\(%{DATA:message}\\)", :level=>:info} | |
| Adding pattern {"SYSLOGLINE"=>"%{SYSLOGBASE2} %{GREEDYDATA:message}", :level=>:info} | |
| Adding pattern {"SYSLOG5424PRI"=>"<%{NONNEGINT:syslog5424_pri}>", :level=>:info} | |
| Adding pattern {"SYSLOG5424SD"=>"\\[%{DATA}\\]+", :level=>:info} | |
| Adding pattern {"SYSLOG5424BASE"=>"%{SYSLOG5424PRI}%{NONNEGINT:syslog5424_ver} +(?:%{TIMESTAMP_ISO8601:syslog5424_ts}|-) +(?:%{HOSTNAME:syslog5424_host}|-) +(-|%{SYSLOG5424PRINTASCII:syslog5424_app}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_proc}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_msgid}) +(?:%{SYSLOG5424SD:syslog5424_sd}|-|)", :level=>:info} | |
| Adding pattern {"SYSLOG5424LINE"=>"%{SYSLOG5424BASE} +%{GREEDYDATA:syslog5424_msg}", :level=>:info} | |
| Adding pattern {"JAVACLASS"=>"(?:[a-zA-Z$_][a-zA-Z$_0-9]*\\.)*[a-zA-Z$_][a-zA-Z$_0-9]*", :level=>:info} | |
| Adding pattern {"JAVAFILE"=>"(?:[A-Za-z0-9_. -]+)", :level=>:info} | |
| Adding pattern {"JAVAMETHOD"=>"(?:(<init>)|[a-zA-Z$_][a-zA-Z$_0-9]*)", :level=>:info} | |
| Adding pattern {"JAVASTACKTRACEPART"=>"%{SPACE}at %{JAVACLASS:class}\\.%{JAVAMETHOD:method}\\(%{JAVAFILE:file}(?::%{NUMBER:line})?\\)", :level=>:info} | |
| Adding pattern {"POSTGRESQL"=>"%{DATESTAMP:timestamp} %{TZ} %{DATA:user_id} %{GREEDYDATA:connection_id} %{POSINT:pid}", :level=>:info} | |
| Adding pattern {"MCOLLECTIVE"=>"., \\[%{TIMESTAMP_ISO8601:timestamp} #%{POSINT:pid}\\]%{SPACE}%{LOGLEVEL:event_level}", :level=>:info} | |
| Adding pattern {"MCOLLECTIVEAUDIT"=>"%{TIMESTAMP_ISO8601:timestamp}:", :level=>:info} | |
| Adding pattern {"MONGO_LOG"=>"%{SYSLOGTIMESTAMP:timestamp} \\[%{WORD:component}\\] %{GREEDYDATA:message}", :level=>:info} | |
| Adding pattern {"MONGO_QUERY"=>"\\{ (?<={ ).*(?= } ntoreturn:) \\}", :level=>:info} | |
| Adding pattern {"MONGO_SLOWQUERY"=>"%{WORD} %{MONGO_WORDDASH:database}\\.%{MONGO_WORDDASH:collection} %{WORD}: %{MONGO_QUERY:query} %{WORD}:%{NONNEGINT:ntoreturn} %{WORD}:%{NONNEGINT:ntoskip} %{WORD}:%{NONNEGINT:nscanned}.*nreturned:%{NONNEGINT:nreturned}..+ (?<duration>[0-9]+)ms", :level=>:info} | |
| Adding pattern {"MONGO_WORDDASH"=>"\\b[\\w-]+\\b", :level=>:info} | |
| Adding pattern {"MCOLLECTIVEAUDIT"=>"%{TIMESTAMP_ISO8601:timestamp}:", :level=>:info} | |
| Adding pattern {"USERNAME"=>"[a-zA-Z0-9._-]+", :level=>:info} | |
| Adding pattern {"USER"=>"%{USERNAME}", :level=>:info} | |
| Adding pattern {"INT"=>"(?:[+-]?(?:[0-9]+))", :level=>:info} | |
| Adding pattern {"BASE10NUM"=>"(?<![0-9.+-])(?>[+-]?(?:(?:[0-9]+(?:\\.[0-9]+)?)|(?:\\.[0-9]+)))", :level=>:info} | |
| Adding pattern {"NUMBER"=>"(?:%{BASE10NUM})", :level=>:info} | |
| Adding pattern {"BASE16NUM"=>"(?<![0-9A-Fa-f])(?:[+-]?(?:0x)?(?:[0-9A-Fa-f]+))", :level=>:info} | |
| Adding pattern {"BASE16FLOAT"=>"\\b(?<![0-9A-Fa-f.])(?:[+-]?(?:0x)?(?:(?:[0-9A-Fa-f]+(?:\\.[0-9A-Fa-f]*)?)|(?:\\.[0-9A-Fa-f]+)))\\b", :level=>:info} | |
| Adding pattern {"POSINT"=>"\\b(?:[1-9][0-9]*)\\b", :level=>:info} | |
| Adding pattern {"NONNEGINT"=>"\\b(?:[0-9]+)\\b", :level=>:info} | |
| Adding pattern {"WORD"=>"\\b\\w+\\b", :level=>:info} | |
| Adding pattern {"NOTSPACE"=>"\\S+", :level=>:info} | |
| Adding pattern {"SPACE"=>"\\s*", :level=>:info} | |
| Adding pattern {"DATA"=>".*?", :level=>:info} | |
| Adding pattern {"GREEDYDATA"=>".*", :level=>:info} | |
| Adding pattern {"QUOTEDSTRING"=>"(?>(?<!\\\\)(?>\"(?>\\\\.|[^\\\\\"]+)+\"|\"\"|(?>'(?>\\\\.|[^\\\\']+)+')|''|(?>`(?>\\\\.|[^\\\\`]+)+`)|``))", :level=>:info} | |
| Adding pattern {"UUID"=>"[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}", :level=>:info} | |
| Adding pattern {"MAC"=>"(?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})", :level=>:info} | |
| Adding pattern {"CISCOMAC"=>"(?:(?:[A-Fa-f0-9]{4}\\.){2}[A-Fa-f0-9]{4})", :level=>:info} | |
| Adding pattern {"WINDOWSMAC"=>"(?:(?:[A-Fa-f0-9]{2}-){5}[A-Fa-f0-9]{2})", :level=>:info} | |
| Adding pattern {"COMMONMAC"=>"(?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})", :level=>:info} | |
| Adding pattern {"IPV6"=>"((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?", :level=>:info} | |
| Adding pattern {"IPV4"=>"(?<![0-9])(?:(?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2}))(?![0-9])", :level=>:info} | |
| Adding pattern {"IP"=>"(?:%{IPV6}|%{IPV4})", :level=>:info} | |
| Adding pattern {"HOSTNAME"=>"\\b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\\.?|\\b)", :level=>:info} | |
| Adding pattern {"HOST"=>"%{HOSTNAME}", :level=>:info} | |
| Adding pattern {"IPORHOST"=>"(?:%{HOSTNAME}|%{IP})", :level=>:info} | |
| Adding pattern {"HOSTPORT"=>"%{IPORHOST}:%{POSINT}", :level=>:info} | |
| Adding pattern {"PATH"=>"(?:%{UNIXPATH}|%{WINPATH})", :level=>:info} | |
| Adding pattern {"UNIXPATH"=>"(?>/(?>[\\w_%!$@:.,~-]+|\\\\.)*)+", :level=>:info} | |
| Adding pattern {"TTY"=>"(?:/dev/(pts|tty([pq])?)(\\w+)?/?(?:[0-9]+))", :level=>:info} | |
| Adding pattern {"WINPATH"=>"(?>[A-Za-z]+:|\\\\)(?:\\\\[^\\\\?*]*)+", :level=>:info} | |
| Adding pattern {"URIPROTO"=>"[A-Za-z]+(\\+[A-Za-z+]+)?", :level=>:info} | |
| Adding pattern {"URIHOST"=>"%{IPORHOST}(?::%{POSINT:port})?", :level=>:info} | |
| Adding pattern {"URIPATH"=>"(?:/[A-Za-z0-9$.+!*'(){},~:;=@#%_\\-]*)+", :level=>:info} | |
| Adding pattern {"URIPARAM"=>"\\?[A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\\-\\[\\]]*", :level=>:info} | |
| Adding pattern {"URIPATHPARAM"=>"%{URIPATH}(?:%{URIPARAM})?", :level=>:info} | |
| Adding pattern {"URI"=>"%{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?", :level=>:info} | |
| Adding pattern {"MONTH"=>"\\b(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|Jun(?:e)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?)\\b", :level=>:info} | |
| Adding pattern {"MONTHNUM"=>"(?:0?[1-9]|1[0-2])", :level=>:info} | |
| Adding pattern {"MONTHNUM2"=>"(?:0[1-9]|1[0-2])", :level=>:info} | |
| Adding pattern {"MONTHDAY"=>"(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])", :level=>:info} | |
| Adding pattern {"DAY"=>"(?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)", :level=>:info} | |
| Adding pattern {"YEAR"=>"(?>\\d\\d){1,2}", :level=>:info} | |
| Adding pattern {"HOUR"=>"(?:2[0123]|[01]?[0-9])", :level=>:info} | |
| Adding pattern {"MINUTE"=>"(?:[0-5][0-9])", :level=>:info} | |
| Adding pattern {"SECOND"=>"(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)", :level=>:info} | |
| Adding pattern {"TIME"=>"(?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![0-9])", :level=>:info} | |
| Adding pattern {"DATE_US"=>"%{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}", :level=>:info} | |
| Adding pattern {"DATE_EU"=>"%{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}", :level=>:info} | |
| Adding pattern {"ISO8601_TIMEZONE"=>"(?:Z|[+-]%{HOUR}(?::?%{MINUTE}))", :level=>:info} | |
| Adding pattern {"ISO8601_SECOND"=>"(?:%{SECOND}|60)", :level=>:info} | |
| Adding pattern {"TIMESTAMP_ISO8601"=>"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?", :level=>:info} | |
| Adding pattern {"DATE"=>"%{DATE_US}|%{DATE_EU}", :level=>:info} | |
| Adding pattern {"DATESTAMP"=>"%{DATE}[- ]%{TIME}", :level=>:info} | |
| Adding pattern {"TZ"=>"(?:[PMCE][SD]T|UTC)", :level=>:info} | |
| Adding pattern {"DATESTAMP_RFC822"=>"%{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}", :level=>:info} | |
| Adding pattern {"DATESTAMP_RFC2822"=>"%{DAY}, %{MONTHDAY} %{MONTH} %{YEAR} %{TIME} %{ISO8601_TIMEZONE}", :level=>:info} | |
| Adding pattern {"DATESTAMP_OTHER"=>"%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR}", :level=>:info} | |
| Adding pattern {"DATESTAMP_EVENTLOG"=>"%{YEAR}%{MONTHNUM2}%{MONTHDAY}%{HOUR}%{MINUTE}%{SECOND}", :level=>:info} | |
| Adding pattern {"SYSLOGTIMESTAMP"=>"%{MONTH} +%{MONTHDAY} %{TIME}", :level=>:info} | |
| Adding pattern {"PROG"=>"(?:[\\w._/%-]+)", :level=>:info} | |
| Adding pattern {"SYSLOGPROG"=>"%{PROG:program}(?:\\[%{POSINT:pid}\\])?", :level=>:info} | |
| Adding pattern {"SYSLOGHOST"=>"%{IPORHOST}", :level=>:info} | |
| Adding pattern {"SYSLOGFACILITY"=>"<%{NONNEGINT:facility}.%{NONNEGINT:priority}>", :level=>:info} | |
| Adding pattern {"HTTPDATE"=>"%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT}", :level=>:info} | |
| Adding pattern {"QS"=>"%{QUOTEDSTRING}", :level=>:info} | |
| Adding pattern {"SYSLOGBASE"=>"%{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:", :level=>:info} | |
| Adding pattern {"COMMONAPACHELOG"=>"%{IPORHOST:clientip} %{USER:ident} %{USER:auth} \\[%{HTTPDATE:timestamp}\\] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response} (?:%{NUMBER:bytes}|-)", :level=>:info} | |
| Adding pattern {"COMBINEDAPACHELOG"=>"%{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}", :level=>:info} | |
| Adding pattern {"LOGLEVEL"=>"([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)", :level=>:info} | |
| The error reported is: | |
| pattern %{RSYSLOGDSV} not defined |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment