Last active
February 23, 2017 18:58
-
-
Save rpagliuca/75f675869cf8e1ceede5c1f17edfc24e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| COLOR brightwhite | |
| { | |
| # PHP log blocks | |
| ^.*([A-Za-z]{3} +[0-9]{2} +[0-9]{2}:[0-9]{2}:[0-9]{2}).*PHP Notice.*$ | |
| ^.*([A-Za-z]{3} +[0-9]{2} +[0-9]{2}:[0-9]{2}:[0-9]{2}).*PHP Fatal error.*$ | |
| ^.*([A-Za-z]{3} +[0-9]{2} +[0-9]{2}:[0-9]{2}:[0-9]{2}).*PHP Warning.*$ | |
| } | |
| COLOR brightred | |
| { | |
| # PHP log blocks | |
| ^.*(PHP Fatal error).*$ | |
| ^.*(PHP Warning).*$ | |
| } | |
| COLOR brightyellow | |
| { | |
| ^.*(PHP Notice).*$ | |
| } | |
| COLOR black | |
| { | |
| # matches PHP traceback | |
| #[Wed Jan 25 16:45:45.087634 2017] [:error] [pid 13545] [client 127.0.0.1:37212] PHP 1. | |
| ^(\[[A-Za-z]{3} +[A-Za-z]{3} +[0-9]{2} +[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{6} +[0-9]{4}\] +\[:error\] +\[pid [0-9]+\] +\[client .+:[0-9]+\] +PHP) +[0-9]+\..*$ | |
| ^(\[[A-Za-z]{3} +[A-Za-z]{3} +[0-9]{2} +[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{6} +[0-9]{4}\] +\[:error\] +\[pid [0-9]+\] +\[client .+:[0-9]+\] +PHP) +Stack.*$ | |
| } | |
| COLOR black | |
| { | |
| ^\[[A-Za-z]{3} +[A-Za-z]{3} +[0-9]{2} +[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{6} +[0-9]{4}\] +\[:error\] +\[pid [0-9]+\] +\[client .+:[0-9]+\] +PHP +[0-9]+\..*(, referer:.*)$ | |
| } | |
| COLOR white | |
| { | |
| ^\[[A-Za-z]{3} +[A-Za-z]{3} +[0-9]{2} +[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{6} +[0-9]{4}\] +\[:error\] +\[pid [0-9]+\] +\[client .+:[0-9]+\] +PHP +[0-9]+\. Smarty_Internal_TemplateBase->display\(\)(.*)$ | |
| } | |
| COLOR blue | |
| { | |
| # matches PHP traceback | |
| #[Wed Jan 25 16:45:45.087634 2017] [:error] [pid 13545] [client 127.0.0.1:37212] PHP 1. | |
| ^\[[A-Za-z]{3} +[A-Za-z]{3} +[0-9]{2} +[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{6} +[0-9]{4}\] +\[:error\] +\[pid [0-9]+\] +\[client .+:[0-9]+\] +PHP( +[0-9]+\..*)$ | |
| } | |
| COLOR brightblue | |
| { | |
| ^.*(PHP Stack trace).*$ | |
| } | |
| #COLOR magenta | |
| #{ | |
| ## matches the date | |
| #^(... ..).*$ | |
| #} | |
| #COLOR cyan | |
| #{ | |
| ## matches the time | |
| #^... .. (..:..:..).*$ | |
| #} | |
| #COLOR green | |
| #{ | |
| ## matches the hostname | |
| #^... .. ..:..:.. ([^ ]+).*$ | |
| #} | |
| #COLOR yellow | |
| #{ | |
| ## matches the "program" that wrote to syslog | |
| #^... .. ..:..:.. [^ ]+ ([^ ]+) | |
| #} | |
| #COLOR brightyellow | |
| #{ | |
| ## matches all ip adresses | |
| #^.*([0-9]{3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*$ | |
| #^.*([0-9]{2}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*$ | |
| #^.*([0-9]{1}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*$ | |
| ## matches two ip adresses in one line | |
| #^.*([0-9]{3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*([0-9]{3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*$ | |
| #^.*([0-9]{2}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*([0-9]{2}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*$ | |
| #^.*([0-9]{1}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*([0-9]{1}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}).*$ | |
| #} | |
| #COLOR brightred | |
| #{ | |
| ## matches the word root | |
| #^.*(root).*$ | |
| ## matches DENY | |
| #^.*(ppp-in DENY ppp0).*$ | |
| #^.*(eth-in DENY eth0).*$ | |
| #} | |
| # | |
| #COLOR brightblue | |
| #{ | |
| ## matches the output from the "program" | |
| #^... .. ..:..:.. [^ ]+ [^ ]+ (.*) | |
| #} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment