Skip to content

Instantly share code, notes, and snippets.

@iamhowardtheduck

iamhowardtheduck/gist:72f6c5277d45a06d261863510cbc65f0

Created September 6, 2020 21:59
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save iamhowardtheduck/72f6c5277d45a06d261863510cbc65f0 to your computer and use it in GitHub Desktop.
Save iamhowardtheduck/72f6c5277d45a06d261863510cbc65f0 to your computer and use it in GitHub Desktop.
Download ZIP
Zoneminder zma_m#.log ECS Compliant Ingest Node Pipeline Processor
Raw
gistfile1.txt
PUT _ingest/pipeline/zoneminder-a
{
"processors": [
{
"dissect": {
"field": "message",
"pattern": "%{Date} %{TimeS} %{zoneminder.camera.id}[%{process.pid}].%{zoneminder.event.type}-zm_monitor.cpp/%{Discard-1} [%{zoneminder.camera.name}: %{Images} - Opening new event %{zoneminder.alarm.id}, section start]",
"ignore_failure": true,
"description": "zoneminder-a New Alert Start",
"ignore_missing": true
}
},
{
"dissect": {
"field": "message",
"pattern": "%{Date} %{TimeS} %{zoneminder.camera.id}[%{process.pid}].%{zoneminder.event.type}-zm_monitor.cpp/%{Discard-1} [%{zoneminder.camera.name}: %{zoneminder.camera.images} - Analysing at %{zoneminder.camera.fps} fps]",
"ignore_failure": true,
"description": "zoneminder-a Analyzing FPS"
}
},
{
"dissect": {
"field": "message",
"pattern": "%{Date} %{TimeS} %{zoneminder.camera.id}[%{process.pid}].%{zoneminder.event.type}-zm_monitor.cpp/%{Discard-1} [%{zoneminder.event.reason}, consider slowing capture, simplifying analysis or increasing ring buffer size]",
"ignore_failure": true,
"description": "zoneminder-a Buffer Overrun",
"ignore_missing": true
}
},
{
"dissect": {
"field": "message",
"pattern": "%{Date} %{TimeS} %{zoneminder.camera.id}[%{process.pid}].%{zoneminder.event.type}-zm_monitor.cpp/%{Discard-1} [%{zoneminder.camera.name}: %{zoneminder.camera.images} - Closing event %{zoneminder.alarm.id}, section end forced %{event.start} - %{event.stop} = 600 >= 600]",
"ignore_failure": true,
"description": "zoneminder-a Close Alert Stop",
"ignore_missing": true
}
},
{
"dissect": {
"field": "message",
"pattern": "%{Date} %{TimeS} %{zoneminder.camera.id}[%{process.pid}].%{zoneminder.event.type}-zm_monitor.cpp/%{Discard-1} [%{zoneminder.camera.name}: %{zoneminder.alarm.id} - Gone into alarm state PreAlarmCount: %{zoneminder.alarm.pre-count} > AlarmFrameCount:%{zoneminder.alarm.frame-count} Cause: %{zoneminder.alarm.cause}]",
"ignore_failure": true,
"description": "zoneminder-a Alarm Frame Count"
}
},
{
"dissect": {
"field": "message",
"pattern": "%{Date} %{TimeS} %{zoneminder.camera.id}[%{process.pid}].%{zoneminder.event.type}-zm_monitor.cpp/%{Discard-1} [%{zoneminder.camera.name}: %{zoneminder.alarm.id} - Gone into alert state]",
"ignore_failure": true,
"description": "zoneminder-a Alert State"
}
},
{
"dissect": {
"field": "message",
"pattern": "%{Date} %{TimeS} %{zoneminder.camera.id}[%{process.pid}].%{zonemidner.event.type}-zm_monitor.cpp/%{Discard-1} [%{zoneminder.camera.name}: %{zoneminder.camera.images} - Gone back into alert state]",
"ignore_failure": true,
"description": "zoneminder-a Back to Alert State"
}
},
{
"dissect": {
"field": "message",
"pattern": "%{Date} %{TimeS} %{zoneminder.camera.id}[%{process.pid}].%{zoneminder.event.type}-zm_monitor.cpp/%{Discard-1} [%{zoneminder.camera.name}: %{zoneminder.alarm.id} - Left alarm state (%{zoneminder.alarm.id-start}) - %{zoneminder.alarm.id-stop}(%{zoneminder.alarm.images}) images]",
"ignore_failure": true,
"description": "zoneminder-a Left Alert State"
}
},
{
"dissect": {
"field": "message",
"pattern": "%{Date} %{TimeS} %{zoneminder.camera.id}[%{process.pid}].%{zoneminder.event.type}-zm_monitor.cpp/%{Discard-1} [Got alarm centre at %{zoneminder.alarm.centerpoint.x},%{zoneminder.alarm.centerpoint.y}, at count %{zoneminder.alarm.frame-count}]",
"ignore_failure": true,
"description": "zoneminder-a Got Alarm Centre"
}
},
{
"dissect": {
"field": "message",
"pattern": "%{Date} %{TimeS} %{zoneminder.camera.id}[%{process.pid}].%{zoneminder.event.type}-zm_monitor.cpp/%{Discard-1} [Shared data not initialised by capture daemon for monitor %{zoneminder.camer.name}]",
"ignore_failure": true,
"description": "zoneminder-a ERR-Shared data not initialised"
}
},
{
"dissect": {
"field": "message",
"pattern": "%{Date} %{TimeS} %{zoneminder.camera.id}[%{process.pid}].%{zoneminder.event.type}-zma.cpp/%{Discard-1} [In mode %{zoneminder.event.dataset}, %{zoneminder.event.kind}]",
"ignore_failure": true,
"description": "zoneminder-a INF-warming up"
}
},
{
"dissect": {
"field": "message",
"pattern": "%{Date} %{TimeS} %{zoneminder.camera.id}[%{process.pid}].%{zoneminder.event.type}-zm_signal.cpp/%{Discard-1} [Got signal %{zoneminder.event.code} (%{zoneminder.event.action), %{zoneminder.event.reason}]",
"ignore_failure": true,
"description": "zoneminder-a ERR-Got signal 11"
}
},
{
"dissect": {
"field": "message",
"pattern": "%{Date} %{TimeS} %{zoneminder.camera.id}[%{process.pid}].%{zoneminder.event.type}-zm_signal.cpp/%{Discard-1} [Signal address is (%{zoneminder.event.action}), from %{zoneminder.event.reason}]",
"ignore_failure": true,
"description": "zoneminder-a ERR-Signal address us nil"
}
},
{
"dissect": {
"field": "message",
"pattern": "%{Date} %{TimeS} %{zoneminder.camera.id}[%{process.pid}].%{zoneminder.event.type}-zm_signal.cpp/%{Discard-1} [Backtrace %{zoneminder.event.backtrace}: %{zoneminder.event.location}(%{zoneminder.event.reason}) [%{zoneminder.event.code}]]",
"ignore_failure": true,
"description": "zoneminder-a ERR-Backtrace Location"
}
},
{
"dissect": {
"field": "message",
"pattern": "%{Date} %{TimeS} %{zoneminder.camera.id}[%{process.pid}].%{zoneminder.event.type}-zm_signal.cpp/%{Discard-1} [Backtrace %{zoneminder.event.action}, please execute the following command for more information]",
"ignore_failure": true,
"description": "zoneminder-a INF-Backtrace Complete"
}
},
{
"dissect": {
"field": "message",
"pattern": "%{Date} %{TimeS} %{zoneminder.camera.id}[%{process.pid}].%{zoneminder.event.type}-zm_signal.cpp/%{Discard-1} [addr2line -e %{zoneminder.event.reason}]",
"ignore_failure": true,
"description": "zoneminder-a INF-addr2line -e"
}
},
{
"set": {
"field": "zoneminder.event.created",
"value": "{{Date}} {{TimeS}}",
"description": "zoneminder-ALL zoneminder.event.created"
}
},
{
"gsub": {
"field": "zoneminder.event.type",
"pattern": "INF",
"replacement": "info",
"description": "zoneminder-ALL INF to info",
"ignore_missing": true
}
},
{
"gsub": {
"field": "zoneminder.event.type",
"pattern": "DBG",
"replacement": "info",
"description": "zoneminder-ALL DBG to info",
"ignore_missing": true
}
},
{
"gsub": {
"field": "zoneminder.event.type",
"pattern": "WAR",
"replacement": "error",
"description": "zoneminder-ALL WAR to error",
"ignore_missing": true
}
},
{
"gsub": {
"field": "zoneminder.event.type",
"pattern": "ERR",
"replacement": "error",
"description": "zoneminder-ALL ERR to error",
"ignore_missing": true
}
},
{
"dissect": {
"field": "TimeS",
"pattern": "%{Time}.%{Discard-3}",
"description": "zoneminder-ALL TimeS to Time",
"ignore_missing": true
}
},
{
"remove": {
"field": [
"Discard-1",
"Discard-2",
"Discard-3",
"Discard-4",
"Discard-5",
"Discard-6",
"Discard-7",
"TimeS"
],
"description": "zoneminder-ALL Dump the old",
"ignore_missing": true
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment