Created
January 17, 2016 21:39
-
-
Save asimzaidi/7dd0e58abd07a4385efa to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2016-01-17T21:16:13.037Z ip-172-31-42-57 91.177.205.119 - - [04/Jan/2015:05:22:03 +0000] "GET /images/jordan-80.png HTTP/1.1" 200 6146 "http://semicomplete.com/blog/geekery/xvfb-firefox.html" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" | |
2016-01-17T21:16:13.042Z ip-172-31-42-57 91.177.205.119 - - [04/Jan/2015:05:22:03 +0000] "GET /images/web/2009/banner.png HTTP/1.1" 200 52315 "http://semicomplete.com/blog/geekery/xvfb-firefox.html" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" | |
2016-01-17T21:16:13.042Z ip-172-31-42-57 91.177.205.119 - - [04/Jan/2015:05:22:04 +0000] "GET /favicon.ico HTTP/1.1" 200 3638 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Win64; x64; Trident/6.0)" | |
2016-01-17T21:16:13.045Z ip-172-31-42-57 66.249.73.185 - - [04/Jan/2015:05:22:13 +0000] "GET /doc/index.html?org/elasticsearch/action/search/SearchResponse.html HTTP/1.1" 404 294 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" | |
2016-01-17T21:16:13.053Z ip-172-31-42-57 207.241.237.228 - - [04/Jan/2015:05:22:23 +0000] "GET /blog/tags/defcon HTTP/1.0" 200 24142 "http://www.semicomplete.com/blog/tags/C" "Mozilla/5.0 (compatible; archive.org_bot +http://www.archive.org/details/archive.org_bot)" | |
2016-01-17T21:16:13.056Z ip-172-31-42-57 207.241.237.101 - - [04/Jan/2015:05:22:27 +0000] "GET /blog/tags/regex HTTP/1.0" 200 14888 "http://www.semicomplete.com/blog/tags/C" "Mozilla/5.0 (compatible; archive.org_bot +http://www.archive.org/details/archive.org_bot)" | |
2016-01-17T21:16:13.061Z ip-172-31-42-57 87.169.99.232 - - [04/Jan/2015:05:23:41 +0000] "GET /presentations/puppet-at-loggly/puppet-at-loggly.pdf.html HTTP/1.1" 200 24747 "https://www.google.de/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36" | |
2016-01-17T21:16:13.066Z ip-172-31-42-57 209.85.238.199 - - [04/Jan/2015:05:23:47 +0000] "GET /blog/tags/firefox?flav=rss20 HTTP/1.1" 200 16021 "-" "Feedfetcher-Google; (+http://www.google.com/feedfetcher.html; 3 subscribers; feed-id=14171215010336145331)" | |
2016-01-17T21:16:13.068Z ip-172-31-42-57 209.85.238.199 - - [04/Jan/2015:05:24:00 +0000] "GET /test.xml HTTP/1.1" 200 1370 "-" "Feedfetcher-Google; (+http://www.google.com/feedfetcher.html; 1 subscribers; feed-id=11390274670024826467)" | |
2016-01-17T21:16:13.071Z ip-172-31-42-57 81.220.24.207 - - [04/Jan/2015:05:24:57 +0000] "GET /blog/geekery/ssl-latency.html HTTP/1.1" 200 17147 "http://www.google.fr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=5&ved=0CE4QFjAE&url=http%3A%2F%2Fwww.semicomplete.com%2Fblog%2Fgeekery%2Fssl-latency.html&ei=ZdEAU9mGGuWX1AW09IDoBw&usg=AFQjCNHw6zioJpizqX8Q0YpKKaF4zdCSEg&bvm=bv.61535280,d.d2k" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/7.0.1 Safari/537.73.11" | |
2016-01-17T21:16:13.072Z ip-172-31-42-57 81.220.24.207 - - [04/Jan/2015:05:24:57 +0000] "GET /reset.css HTTP/1.1" 200 1015 "http://www.semicomplete.com/blog/geekery/ssl-latency.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/7.0.1 Safari/537.73.11" | |
2016-01-17T21:16:13.073Z ip-172-31-42-57 81.220.24.207 - - [04/Jan/2015:05:24:57 +0000] "GET /images/jordan-80.png HTTP/1.1" 200 6146 "http://www.semicomplete.com/blog/geekery/ssl-latency.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/7.0.1 Safari/537.73.11" | |
2016-01-17T21:16:13.107Z ip-172-31-42-57 81.220.24.207 - - [04/Jan/2015:05:24:57 +0000] "GET /style2.css HTTP/1.1" 200 4877 "http://www.semicomplete.com/blog/geekery/ssl-latency.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/7.0.1 Safari/537.73.11" | |
2016-01-17T21:16:13.129Z ip-172-31-42-57 81.220.24.207 - - [04/Jan/2015:05:24:57 +0000] "GET /images/web/2009/banner.png HTTP/1.1" 200 52315 "http://www.semicomplete.com/blog/geekery/ssl-latency.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/7.0.1 Safari/537.73.11" | |
2016-01-17T21:16:13.131Z ip-172-31-42-57 81.220.24.207 - - [04/Jan/2015:05:24:58 +0000] "GET /favicon.ico HTTP/1.1" 200 3638 "http://www.semicomplete.com/blog/geekery/ssl-latency.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/7.0.1 Safari/537.73.11" | |
2016-01-17T21:16:13.132Z ip-172-31-42-57 66.249.73.135 - - [04/Jan/2015:05:25:05 +0000] "GET /blog/geekery/vmware-cpu-performance.html HTTP/1.1" 200 12908 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5376e Safari/8536.25 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" | |
2016-01-17T21:16:13.134Z ip-172-31-42-57 46.105.14.53 - - [04/Jan/2015:05:26:17 +0000] "GET /blog/tags/puppet?flav=rss20 HTTP/1.1" 200 14872 "-" "UniversalFeedParser/4.2-pre-314-svn +http://feedparser.org/" | |
2016-01-17T21:16:13.134Z ip-172-31-42-57 218.30.103.62 - - [04/Jan/2015:05:27:05 +0000] "GET /robots.txt HTTP/1.1" 200 - "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" | |
2016-01-17T21:16:13.151Z ip-172-31-42-57 218.30.103.62 - - [04/Jan/2015:05:27:10 +0000] "GET /robots.txt HTTP/1.1" 200 - "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" | |
2016-01-17T21:16:13.151Z ip-172-31-42-57 218.30.103.62 - - [04/Jan/2015:05:27:15 +0000] "GET /projects/fex/ HTTP/1.1" 200 14352 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" | |
2016-01-17T21:16:13.151Z ip-172-31-42-57 74.125.40.20 - - [04/Jan/2015:05:27:22 +0000] "GET /?flav=rss20 HTTP/1.1" 200 29941 "-" "FeedBurner/1.0 (http://www.FeedBurner.com)" | |
2016-01-17T21:16:13.151Z ip-172-31-42-57 71.212.224.97 - - [04/Jan/2015:05:27:34 +0000] "GET /projects/xdotool/ HTTP/1.1" 200 12292 "http://suckless.org/rocks" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36" | |
2016-01-17T21:16:13.151Z ip-172-31-42-57 71.212.224.97 - - [04/Jan/2015:05:27:34 +0000] "GET /reset.css HTTP/1.1" 200 1015 "http://www.semicomplete.com/projects/xdotool/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36" | |
2016-01-17T21:16:13.151Z ip-172-31-42-57 71.212.224.97 - - [04/Jan/2015:05:27:35 +0000] "GET /style2.css HTTP/1.1" 200 4877 "http://www.semicomplete.com/projects/xdotool/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36" | |
2016-01-17T21:16:13.151Z ip-172-31-42-57 71.212.224.97 - - [04/Jan/2015:05:27:35 +0000] "GET /images/jordan-80.png HTTP/1.1" 200 6146 "http://www.semicomplete.com/projects/xdotool/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36" | |
2016-01-17T21:16:13.152Z ip-172-31-42-57 71.212.224.97 - - [04/Jan/2015:05:27:35 +0000] "GET /images/web/2009/banner.png HTTP/1.1" 200 52315 "http://www.semicomplete.com/projects/xdotool/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36" | |
2016-01-17T21:16:13.152Z ip-172-31-42-57 218.30.103.62 - - [04/Jan/2015:05:27:36 +0000] "GET /projects/xdotool/xdotool.xhtml HTTP/1.1" 304 - "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" | |
2016-01-17T21:16:13.153Z ip-172-31-42-57 108.174.55.234 - - [04/Jan/2015:05:27:45 +0000] "GET /?flav=rss20 HTTP/1.1" 200 29941 "-" "-" | |
2016-01-17T21:16:13.156Z ip-172-31-42-57 218.30.103.62 - - [04/Jan/2015:05:27:57 +0000] "GET /blog/geekery/c-vs-python-bdb.html HTTP/1.1" 200 11388 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" | |
2016-01-17T21:16:13.159Z ip-172-31-42-57 121.107.188.202 - - [04/Jan/2015:05:27:57 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-dashboard3.png HTTP/1.1" 200 171717 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36" | |
2016-01-17T21:16:13.159Z ip-172-31-42-57 218.30.103.62 - - [04/Jan/2015:05:28:21 +0000] "GET /blog/productivity/better-zsh-xterm-title-fix.html HTTP/1.1" 200 10185 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" | |
2016-01-17T21:16:13.161Z ip-172-31-42-57 218.30.103.62 - - [04/Jan/2015:05:28:43 +0000] "GET /blog/geekery/xvfb-firefox.html HTTP/1.1" 200 10975 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" | |
2016-01-17T21:16:13.161Z ip-172-31-42-57 218.30.103.62 - - [04/Jan/2015:05:29:06 +0000] "GET /blog/geekery/puppet-facts-into-mcollective.html HTTP/1.1" 200 9872 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" | |
2016-01-17T21:16:13.164Z ip-172-31-42-57 198.46.149.143 - - [04/Jan/2015:05:29:13 +0000] "GET /blog/geekery/disabling-battery-in-ubuntu-vms.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+semicomplete%2Fmain+%28semicomplete.com+-+Jordan+Sissel%29 HTTP/1.1" 200 9316 "-" "Tiny Tiny RSS/1.11 (http://tt-rss.org/)" | |
2016-01-17T21:16:13.165Z ip-172-31-42-57 198.46.149.143 - - [04/Jan/2015:05:29:13 +0000] "GET /blog/geekery/solving-good-or-bad-problems.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+semicomplete%2Fmain+%28semicomplete.com+-+Jordan+Sissel%29 HTTP/1.1" 200 10756 "-" "Tiny Tiny RSS/1.11 (http://tt-rss.org/)" | |
2016-01-17T21:16:13.167Z ip-172-31-42-57 218.30.103.62 - - [04/Jan/2015:05:29:26 +0000] "GET /blog/geekery/jquery-interface-puffer.html%20target= HTTP/1.1" 200 202 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" | |
2016-01-17T21:16:13.168Z ip-172-31-42-57 218.30.103.62 - - [04/Jan/2015:05:29:48 +0000] "GET /blog/geekery/ec2-reserved-vs-ondemand.html HTTP/1.1" 200 11834 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" | |
2016-01-17T21:16:13.168Z ip-172-31-42-57 66.249.73.135 - - [04/Jan/2015:05:30:06 +0000] "GET /blog/web/firefox-scrolling-fix.html HTTP/1.1" 200 8956 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5376e Safari/8536.25 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" | |
2016-01-17T21:16:13.169Z ip-172-31-42-57 86.1.76.62 - - [04/Jan/2015:05:30:37 +0000] "GET /projects/xdotool/ HTTP/1.1" 200 12292 "http://www.haskell.org/haskellwiki/Xmonad/Frequently_asked_questions" "Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20140205 Firefox/24.0 Iceweasel/24.3.0" | |
2016-01-17T21:16:13.171Z ip-172-31-42-57 86.1.76.62 - - [04/Jan/2015:05:30:37 +0000] "GET /reset.css HTTP/1.1" 200 1015 "http://www.semicomplete.com/projects/xdotool/" "Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20140205 Firefox/24.0 Iceweasel/24.3.0" | |
2016-01-17T21:16:13.172Z ip-172-31-42-57 86.1.76.62 - - [04/Jan/2015:05:30:37 +0000] "GET /style2.css HTTP/1.1" 200 4877 "http://www.semicomplete.com/projects/xdotool/" "Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20140205 Firefox/24.0 Iceweasel/24.3.0" | |
2016-01-17T21:16:13.172Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:43 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-dashboard.png HTTP/1.1" 200 321631 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
Logstash shutdown completed | |
ubuntu@ip-172-31-42-57:/opt/logstash$ cat /tmp/logstash-tutorial.log | bin/logstash -e 'input { stdin { } } filter { grok { match => { "message" => "%{COMBINEDAPACHELOG}"} } geoip { source => "clientip" } } output { elasticsearch {index => "asim"} stdout {} }' | |
Jan 17, 2016 9:20:20 PM org.elasticsearch.node.internal.InternalNode <init> | |
INFO: [logstash-ip-172-31-42-57-6454-12130] version[1.7.0], pid[6454], build[929b973/2015-07-16T14:31:07Z] | |
Jan 17, 2016 9:20:20 PM org.elasticsearch.node.internal.InternalNode <init> | |
INFO: [logstash-ip-172-31-42-57-6454-12130] initializing ... | |
Jan 17, 2016 9:20:20 PM org.elasticsearch.plugins.PluginsService <init> | |
INFO: [logstash-ip-172-31-42-57-6454-12130] loaded [], sites [] | |
^CSIGINT received. Shutting down the pipeline. {:level=>:warn} | |
Jan 17, 2016 9:20:21 PM org.elasticsearch.bootstrap.Natives <clinit> | |
WARNING: JNA not found. native methods will be disabled. | |
Jan 17, 2016 9:20:22 PM org.elasticsearch.node.internal.InternalNode <init> | |
INFO: [logstash-ip-172-31-42-57-6454-12130] initialized | |
Jan 17, 2016 9:20:22 PM org.elasticsearch.node.internal.InternalNode start | |
INFO: [logstash-ip-172-31-42-57-6454-12130] starting ... | |
Jan 17, 2016 9:20:22 PM org.elasticsearch.transport.TransportService doStart | |
INFO: [logstash-ip-172-31-42-57-6454-12130] bound_address {inet[/0:0:0:0:0:0:0:0:9302]}, publish_address {inet[/172.31.42.57:9302]} | |
Jan 17, 2016 9:20:22 PM org.elasticsearch.discovery.DiscoveryService doStart | |
INFO: [logstash-ip-172-31-42-57-6454-12130] elasticsearch/7SW4A0r5QP63HT4aMgjFkA | |
Jan 17, 2016 9:20:25 PM org.elasticsearch.cluster.service.InternalClusterService$UpdateTask run | |
INFO: [logstash-ip-172-31-42-57-6454-12130] detected_master [Maggott][vvOvvPPPTwmEZfHuqEaOkA][ip-172-31-42-57][inet[/172.31.42.57:9300]], added {[logstash-ip-172-31-42-57-6252-13968][ZdkrB7-GSRGdhGN2heRaGQ][ip-172-31-42-57][inet[/172.31.42.57:9301]]{data=false, client=true},[Maggott][vvOvvPPPTwmEZfHuqEaOkA][ip-172-31-42-57][inet[/172.31.42.57:9300]],}, reason: zen-disco-receive(from master [[Maggott][vvOvvPPPTwmEZfHuqEaOkA][ip-172-31-42-57][inet[/172.31.42.57:9300]]]) | |
Jan 17, 2016 9:20:25 PM org.elasticsearch.node.internal.InternalNode start | |
INFO: [logstash-ip-172-31-42-57-6454-12130] started | |
Logstash startup completed | |
2016-01-17T21:20:20.178Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:42 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-search.png HTTP/1.1" 200 203023 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.179Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:42 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-dashboard3.png HTTP/1.1" 200 171717 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.180Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:44 +0000] "GET /presentations/logstash-monitorama-2013/plugin/highlight/highlight.js HTTP/1.1" 200 26185 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.180Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:44 +0000] "GET /presentations/logstash-monitorama-2013/plugin/zoom-js/zoom.js HTTP/1.1" 200 7697 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.180Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:45 +0000] "GET /presentations/logstash-monitorama-2013/plugin/notes/notes.js HTTP/1.1" 200 2892 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.180Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:42 +0000] "GET /presentations/logstash-monitorama-2013/images/sad-medic.png HTTP/1.1" 200 430406 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.180Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:45 +0000] "GET /presentations/logstash-monitorama-2013/css/fonts/Roboto-Bold.ttf HTTP/1.1" 200 38720 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.194Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:45 +0000] "GET /presentations/logstash-monitorama-2013/css/fonts/Roboto-Regular.ttf HTTP/1.1" 200 41820 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.194Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:45 +0000] "GET /presentations/logstash-monitorama-2013/images/frontend-response-codes.png HTTP/1.1" 200 52878 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.194Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:43 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-dashboard.png HTTP/1.1" 200 321631 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.194Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:46 +0000] "GET /presentations/logstash-monitorama-2013/images/Dreamhost_logo.svg HTTP/1.1" 200 2126 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.194Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:43 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-dashboard2.png HTTP/1.1" 200 394967 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.194Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:46 +0000] "GET /presentations/logstash-monitorama-2013/images/apache-icon.gif HTTP/1.1" 200 8095 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.194Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:46 +0000] "GET /presentations/logstash-monitorama-2013/images/nagios-sms5.png HTTP/1.1" 200 78075 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.194Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:46 +0000] "GET /presentations/logstash-monitorama-2013/images/redis.png HTTP/1.1" 200 25230 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.194Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:47 +0000] "GET /presentations/logstash-monitorama-2013/images/elasticsearch.png HTTP/1.1" 200 8026 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.194Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:47 +0000] "GET /presentations/logstash-monitorama-2013/images/logstashbook.png HTTP/1.1" 200 54662 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.194Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:47 +0000] "GET /presentations/logstash-monitorama-2013/images/github-contributions.png HTTP/1.1" 200 34245 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.194Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:47 +0000] "GET /presentations/logstash-monitorama-2013/css/print/paper.css HTTP/1.1" 200 4254 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.194Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:47 +0000] "GET /presentations/logstash-monitorama-2013/images/1983_delorean_dmc-12-pic-38289.jpeg HTTP/1.1" 200 220562 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.194Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:46 +0000] "GET /presentations/logstash-monitorama-2013/images/simple-inputs-filters-outputs.jpg HTTP/1.1" 200 1168622 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.410Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:46 +0000] "GET /presentations/logstash-monitorama-2013/images/tiered-outputs-to-inputs.jpg HTTP/1.1" 200 1079983 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.441Z ip-172-31-42-57 83.149.9.216 - - [04/Jan/2015:05:13:53 +0000] "GET /favicon.ico HTTP/1.1" 200 3638 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36" | |
2016-01-17T21:20:20.450Z ip-172-31-42-57 24.236.252.67 - - [04/Jan/2015:05:14:10 +0000] "GET /favicon.ico HTTP/1.1" 200 3638 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0" | |
2016-01-17T21:20:20.450Z ip-172-31-42-57 93.114.45.13 - - [04/Jan/2015:05:14:32 +0000] "GET /articles/dynamic-dns-with-dhcp/ HTTP/1.1" 200 18848 "http://www.google.ro/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0CCwQFjAB&url=http%3A%2F%2Fwww.semicomplete.com%2Farticles%2Fdynamic-dns-with-dhcp%2F&ei=W88AU4n9HOq60QXbv4GwBg&usg=AFQjCNEF1X4Rs52UYQyLiySTQxa97ozM4g&bvm=bv.61535280,d.d2k" "Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0" | |
2016-01-17T21:20:20.450Z ip-172-31-42-57 93.114.45.13 - - [04/Jan/2015:05:14:32 +0000] "GET /reset.css HTTP/1.1" 200 1015 "http://www.semicomplete.com/articles/dynamic-dns-with-dhcp/" "Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0" | |
2016-01-17T21:20:20.450Z ip-172-31-42-57 93.114.45.13 - - [04/Jan/2015:05:14:33 +0000] "GET /style2.css HTTP/1.1" 200 4877 "http://www.semicomplete.com/articles/dynamic-dns-with-dhcp/" "Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0" | |
2016-01-17T21:20:20.461Z ip-172-31-42-57 93.114.45.13 - - [04/Jan/2015:05:14:33 +0000] "GET /favicon.ico HTTP/1.1" 200 3638 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0" | |
2016-01-17T21:20:20.464Z ip-172-31-42-57 93.114.45.13 - - [04/Jan/2015:05:14:33 +0000] "GET /images/jordan-80.png HTTP/1.1" 200 6146 "http://www.semicomplete.com/articles/dynamic-dns-with-dhcp/" "Mozill | |
▽ | |
1~NY~sv~20150701~~Zastrow~Peggy~A~~A~2210 Beebe Rd~~Wilson~NY~14172~32~027~Niagara~17 | |
a/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0" | |
2016-01-17T21:20:20.470Z ip-172-31-42-57 93.114.45.13 - - [04/Jan/2015:05:14:33 +0000] "GET /images/web/2009/banner.png HTTP/1.1" 200 52315 "http://www.semicomplete.com/style2.css" "Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0" | |
2016-01-17T21:20:20.475Z ip-172-31-42-57 66.249.73.135 - - [04/Jan/2015:05:15:03 +0000] "GET /blog/tags/ipv6 HTTP/1.1" 200 12251 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5376e Safari/8536.25 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" | |
2016-01-17T21:20:20.477Z ip-172-31-42-57 50.16.19.13 - - [04/Jan/2015:05:15:15 +0000] "GET /blog/tags/puppet?flav=rss20 HTTP/1.1" 200 14872 "http://www.semicomplete.com/blog/tags/puppet?flav=rss20" "Tiny Tiny RSS/1.11 (http://tt-rss.org/)" | |
2016-01-17T21:20:20.478Z ip-172-31-42-57 66.249.73.185 - - [04/Jan/2015:05:15:23 +0000] "GET / HTTP/1.1" 200 37932 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" | |
2016-01-17T21:20:20.482Z ip-172-31-42-57 110.136.166.128 - - [04/Jan/2015:05:16:11 +0000] "GET /projects/xdotool/ HTTP/1.1" 200 12292 "http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=5&cad=rja&sqi=2&ved=0CFYQFjAE&url=http%3A%2F%2Fwww.semicomplete.com%2Fprojects%2Fxdotool%2F&ei=6cwAU_bRHo6urAeI0YD4Ag&usg=AFQjCNE3V_aCf3-gfNcbS924S6jZ6FqffA&bvm=bv.61535280,d.bmk" "Mozilla/5.0 (Windows NT 6.2; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0" | |
2016-01-17T21:20:20.483Z ip-172-31-42-57 46.105.14.53 - - [04/Jan/2015:05:16:17 +0000] "GET /blog/tags/puppet?flav=rss20 HTTP/1.1" 200 14872 "-" "UniversalFeedParser/4.2-pre-314-svn +http://feedparser.o | |
▽ | |
rg/" | |
2016-01-17T21:20:20.484Z ip-172-31-42-57 110.136.166.128 - - [04/Jan/2015:05:16:22 +0000] "GET /reset.css HTTP/1.1" 200 1015 "http://www.semicomplete.com/projects/xdotool/" "Mozilla/5.0 (Windows NT 6.2; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0" | |
2016-01-17T21:20:20.485Z ip-172-31-42-57 110.136.166.128 - - [04/Jan/2015:05:16:22 +0000] "GET /style2.css HTTP/1.1" 200 4877 "http://www.semicomplete.com/projects/xdotool/" "Mozilla/5.0 (Windows NT 6.2; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0" | |
2016-01-17T21:20:20.486Z ip-172-31-42-57 110.136.166.128 - - [04/Jan/2015:05:16:22 +0000] "GET /favicon.ico HTTP/1.1" 200 3638 "-" "Mozilla/5.0 (Windows NT 6.2; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0" | |
2016-01-17T21:20:20.490Z ip-172-31-42-57 110.136.166.128 - - [04/Jan/2015:05:16:22 +0000] "GET /images/jordan-80.png HTTP/1.1" 200 6146 "http://www.semicomplete.com/projects/xdotool/" "Mozilla/5.0 (Windows NT 6.2; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0" | |
2016-01-17T21:20:20.491Z ip-172-31-42-57 123.125.71.35 - - [04/Jan/2015:05:16:31 +0000] "GET /blog/tags/release HTTP/1.1" 200 40693 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" | |
Received shutdown signal, but pipeline is still waiting for in-flight events | |
to be processed. Sending another ^C will force quit Logstash, but this may cause | |
data loss. {:level=>:warn} | |
["INFLIGHT_EVENTS_REPORT", "2016-01-17T21:20:26+00:00", {"input_to_filter"=>1, "filter_to_output"=>0, "outputs"=>[]}] {:level=>:warn} | |
Logstash shutdown completed | |
ubuntu@ip-172-31-42-57:/opt/logstash$ vi /tmp/NYfile.txt | |
ubuntu@ip-172-31-42-57:/opt/logstash$ sudo service logstash restartKilling logstash (pid 6252) with SIGTERM | |
Waiting logstash (pid 6252) to die... | |
Waiting logstash (pid 6252) to die... | |
logstash stopped. | |
logstash started. | |
ubuntu@ip-172-31-42-57:/opt/logstash$ cat /tmp/logstash-tutorial.logasdasdasdas sdf | bin/logstash -e 'input { stdin { } } filter { grok { match => { "message" => "%{COMBINEDAPACHELOG}"} } geoip { source => "clientip" } } output { elasticsearch {index => "asim"} stdout {} }' | |
cat: /tmp/logstash-tutorial.logasdasdasdas: No such file or directory | |
cat: sdf: No such file or directory | |
^Cubuntu@ip-172-31-42-57:/opt/logstashsudo service logstash restartKilling logstash (pid 6562) with SIGTERM | |
Waiting logstash (pid 6562) to die... | |
Waiting logstash (pid 6562) to die... | |
logstash stopped. | |
logstash started. | |
ubuntu@ip-172-31-42-57:/opt/logstash$ vi /etc/log | |
logcheck/ login.defs logrotate.conf logrotate.d/ logstash/ | |
ubuntu@ip-172-31-42-57:/opt/logstash$ vi /etc/logstash/conf.d/first-pipline.conf | |
ubuntu@ip-172-31-42-57:/opt/logstash$ bin/logstash -vf /etc/logstash/conf.d/first-pipline.conf Registering file input {:path=>["/tmp/logstash-tutorial-dataset"], :level=>:info} | |
Grok patterns path {:patterns_dir=>["/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.4.0/patterns", "/opt/logstash/patterns/*"], :level=>:info} | |
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.4.0/patterns/junos", :level=>:info} | |
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.4.0/patterns/redis", :level=>:info} | |
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.4.0/patterns/postgresql", :level=>:info} | |
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.4.0/patterns/bro", :level=>:info} | |
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.4.0/patterns/rails", :level=>:info} | |
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.4.0/patterns/mcollective-patterns", :level=>:info} | |
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.4.0/patterns/grok-patterns", :level=>:info} | |
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.4.0/patterns/java", :level=>:info} | |
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.4.0/patterns/bacula", :level=>:info} | |
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.4.0/patterns/mongodb", :level=>:info} | |
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.4.0/patterns/firewalls", :level=>:info} | |
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.4.0/patterns/ruby", :level=>:info} | |
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.4.0/patterns/aws", :level=>:info} | |
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.4.0/patterns/exim", :level=>:info} | |
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.4.0/patterns/mcollective", :level=>:info} | |
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.4.0/patterns/nagios", :level=>:info} | |
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.4.0/patterns/linux-syslog", :level=>:info} | |
Grok loading patterns from file {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.4.0/patterns/haproxy", :level=>:info} | |
Match data {:match=>{"message"=>"%{COMBINEDAPACHELOG}"}, :level=>:info} | |
Grok compile {:field=>"message", :patterns=>["%{COMBINEDAPACHELOG}"], :level=>:info} | |
Adding pattern {"RT_FLOW_EVENT"=>"(RT_FLOW_SESSION_CREATE|RT_FLOW_SESSION_CLOSE|RT_FLOW_SESSION_DENY)", :level=>:info} | |
Adding pattern {"RT_FLOW1"=>"%{RT_FLOW_EVENT:event}: %{GREEDYDATA:close-reason}: %{IP:src-ip}/%{INT:src-port}->%{IP:dst-ip}/%{INT:dst-port} %{DATA:service} %{IP:nat-src-ip}/%{INT:nat-src-port}->%{IP:nat-dst-ip}/%{INT:nat-dst-port} %{DATA:src-nat-rule-name} %{DATA:dst-nat-rule-name} %{INT:protocol-id} %{DATA:policy-name} %{DATA:from-zone} %{DATA:to-zone} %{INT:session-id} \\d+\\(%{DATA:sent}\\) \\d+\\(%{DATA:received}\\) %{INT:elapsed-time} .*", :level=>:info} | |
Adding pattern {"RT_FLOW2"=>"%{RT_FLOW_EVENT:event}: session created %{IP:src-ip}/%{INT:src-port}->%{IP:dst-ip}/%{INT:dst-port} %{DATA:service} %{IP:nat-src-ip}/%{INT:nat-src-port}->%{IP:nat-dst-ip}/%{INT:nat-dst-port} %{DATA:src-nat-rule-name} %{DATA:dst-nat-rule-name} %{INT:protocol-id} %{DATA:policy-name} %{DATA:from-zone} %{DATA:to-zone} %{INT:session-id} .*", :level=>:info} | |
Adding pattern {"RT_FLOW3"=>"%{RT_FLOW_EVENT:event}: session denied %{IP:src-ip}/%{INT:src-port}->%{IP:dst-ip}/%{INT:dst-port} %{DATA:service} %{INT:protocol-id}\\(\\d\\) %{DATA:policy-name} %{DATA:from-zone} %{DATA:to-zone} .*", :level=>:info} | |
Adding pattern {"REDISTIMESTAMP"=>"%{MONTHDAY} %{MONTH} %{TIME}", :level=>:info} | |
Adding pattern {"REDISLOG"=>"\\[%{POSINT:pid}\\] %{REDISTIMESTAMP:timestamp} \\* ", :level=>:info} | |
Adding pattern {"POSTGRESQL"=>"%{DATESTAMP:timestamp} %{TZ} %{DATA:user_id} %{GREEDYDATA:connection_id} %{POSINT:pid}", :level=>:info} | |
Adding pattern {"BRO_HTTP"=>"%{NUMBER:ts}\\t%{NOTSPACE:uid}\\t%{IP:orig_h}\\t%{INT:orig_p}\\t%{IP:resp_h}\\t%{INT:resp_p}\\t%{INT:trans_depth}\\t%{GREEDYDATA:method}\\t%{GREEDYDATA:domain}\\t%{GREEDYDATA:uri}\\t%{GREEDYDATA:referrer}\\t%{GREEDYDATA:user_agent}\\t%{NUMBER:request_body_len}\\t%{NUMBER:response_body_len}\\t%{GREEDYDATA:status_code}\\t%{GREEDYDATA:status_msg}\\t%{GREEDYDATA:info_code}\\t%{GREEDYDATA:info_msg}\\t%{GREEDYDATA:filename}\\t%{GREEDYDATA:bro_tags}\\t%{GREEDYDATA:username}\\t%{GREEDYDATA:password}\\t%{GREEDYDATA:proxied}\\t%{GREEDYDATA:orig_fuids}\\t%{GREEDYDATA:orig_mime_types}\\t%{GREEDYDATA:resp_fuids}\\t%{GREEDYDATA:resp_mime_types}", :level=>:info} | |
Adding pattern {"BRO_DNS"=>"%{NUMBER:ts}\\t%{NOTSPACE:uid}\\t%{IP:orig_h}\\t%{INT:orig_p}\\t%{IP:resp_h}\\t%{INT:resp_p}\\t%{WORD:proto}\\t%{INT:trans_id}\\t%{GREEDYDATA:query}\\t%{GREEDYDATA:qclass}\\t%{GREEDYDATA:qclass_name}\\t%{GREEDYDATA:qtype}\\t%{GREEDYDATA:qtype_name}\\t%{GREEDYDATA:rcode}\\t%{GREEDYDATA:rcode_name}\\t%{GREEDYDATA:AA}\\t%{GREEDYDATA:TC}\\t%{GREEDYDATA:RD}\\t%{GREEDYDATA:RA}\\t%{GREEDYDATA:Z}\\t%{GREEDYDATA:answers}\\t%{GREEDYDATA:TTLs}\\t%{GREEDYDATA:rejected}", :level=>:info} | |
Adding pattern {"BRO_CONN"=>"%{NUMBER:ts}\\t%{NOTSPACE:uid}\\t%{IP:orig_h}\\t%{INT:orig_p}\\t%{IP:resp_h}\\t%{INT:resp_p}\\t%{WORD:proto}\\t%{GREEDYDATA:service}\\t%{NUMBER:duration}\\t%{NUMBER:orig_bytes}\\t%{NUMBER:resp_bytes}\\t%{GREEDYDATA:conn_state}\\t%{GREEDYDATA:local_orig}\\t%{GREEDYDATA:missed_bytes}\\t%{GREEDYDATA:history}\\t%{GREEDYDATA:orig_pkts}\\t%{GREEDYDATA:orig_ip_bytes}\\t%{GREEDYDATA:resp_pkts}\\t%{GREEDYDATA:resp_ip_bytes}\\t%{GREEDYDATA:tunnel_parents}", :level=>:info} | |
Adding pattern {"BRO_FILES"=>"%{NUMBER:ts}\\t%{NOTSPACE:fuid}\\t%{IP:tx_hosts}\\t%{IP:rx_hosts}\\t%{NOTSPACE:conn_uids}\\t%{GREEDYDATA:source}\\t%{GREEDYDATA:depth}\\t%{GREEDYDATA:analyzers}\\t%{GREEDYDATA:mime_type}\\t%{GREEDYDATA:filename}\\t%{GREEDYDATA:duration}\\t%{GREEDYDATA:local_orig}\\t%{GREEDYDATA:is_orig}\\t%{GREEDYDATA:seen_bytes}\\t%{GREEDYDATA:total_bytes}\\t%{GREEDYDATA:missing_bytes}\\t%{GREEDYDATA:overflow_bytes}\\t%{GREEDYDATA:timedout}\\t%{GREEDYDATA:parent_fuid}\\t%{GREEDYDATA:md5}\\t%{GREEDYDATA:sha1}\\t%{GREEDYDATA:sha256}\\t%{GREEDYDATA:extracted}", :level=>:info} | |
Adding pattern {"RUUID"=>"\\h{32}", :level=>:info} | |
Adding pattern {"RCONTROLLER"=>"(?<controller>[^#]+)#(?<action>\\w+)", :level=>:info} | |
Adding pattern {"RAILS3HEAD"=>"(?m)Started %{WORD:verb} \"%{URIPATHPARAM:request}\" for %{IPORHOST:clientip} at (?<timestamp>%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{HOUR}:%{MINUTE}:%{SECOND} %{ISO8601_TIMEZONE})", :level=>:info} | |
Adding pattern {"RPROCESSING"=>"\\W*Processing by %{RCONTROLLER} as (?<format>\\S+)(?:\\W*Parameters: {%{DATA:params}}\\W*)?", :level=>:info} | |
Adding pattern {"RAILS3FOOT"=>"Completed %{NUMBER:response}%{DATA} in %{NUMBER:totalms}ms %{RAILS3PROFILE}%{GREEDYDATA}", :level=>:info} | |
Adding pattern {"RAILS3PROFILE"=>"(?:\\(Views: %{NUMBER:viewms}ms \\| ActiveRecord: %{NUMBER:activerecordms}ms|\\(ActiveRecord: %{NUMBER:activerecordms}ms)?", :level=>:info} | |
Adding pattern {"RAILS3"=>"%{RAILS3HEAD}(?:%{RPROCESSING})?(?<context>(?:%{DATA}\\n)*)(?:%{RAILS3FOOT})?", :level=>:info} | |
Adding pattern {"MCOLLECTIVE"=>"., \\[%{TIMESTAMP_ISO8601:timestamp} #%{POSINT:pid}\\]%{SPACE}%{LOGLEVEL:event_level}", :level=>:info} | |
Adding pattern {"MCOLLECTIVEAUDIT"=>"%{TIMESTAMP_ISO8601:timestamp}:", :level=>:info} | |
Adding pattern {"USERNAME"=>"[a-zA-Z0-9._-]+", :level=>:info} | |
Adding pattern {"USER"=>"%{USERNAME}", :level=>:info} | |
Adding pattern {"INT"=>"(?:[+-]?(?:[0-9]+))", :level=>:info} | |
Adding pattern {"BASE10NUM"=>"(?<![0-9.+-])(?>[+-]?(?:(?:[0-9]+(?:\\.[0-9]+)?)|(?:\\.[0-9]+)))", :level=>:info} | |
Adding pattern {"NUMBER"=>"(?:%{BASE10NUM})", :level=>:info} | |
Adding pattern {"BASE16NUM"=>"(?<![0-9A-Fa-f])(?:[+-]?(?:0x)?(?:[0-9A-Fa-f]+))", :level=>:info} | |
Adding pattern {"BASE16FLOAT"=>"\\b(?<![0-9A-Fa-f.])(?:[+-]?(?:0x)?(?:(?:[0-9A-Fa-f]+(?:\\.[0-9A-Fa-f]*)?)|(?:\\.[0-9A-Fa-f]+)))\\b", :level=>:info} | |
Adding pattern {"POSINT"=>"\\b(?:[1-9][0-9]*)\\b", :level=>:info} | |
Adding pattern {"NONNEGINT"=>"\\b(?:[0-9]+)\\b", :level=>:info} | |
Adding pattern {"WORD"=>"\\b\\w+\\b", :level=>:info} | |
Adding pattern {"NOTSPACE"=>"\\S+", :level=>:info} | |
Adding pattern {"SPACE"=>"\\s*", :level=>:info} | |
Adding pattern {"DATA"=>".*?", :level=>:info} | |
Adding pattern {"GREEDYDATA"=>".*", :level=>:info} | |
Adding pattern {"QUOTEDSTRING"=>"(?>(?<!\\\\)(?>\"(?>\\\\.|[^\\\\\"]+)+\"|\"\"|(?>'(?>\\\\.|[^\\\\']+)+')|''|(?>`(?>\\\\.|[^\\\\`]+)+`)|``))", :level=>:info} | |
Adding pattern {"UUID"=>"[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}", :level=>:info} | |
Adding pattern {"MAC"=>"(?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})", :level=>:info} | |
Adding pattern {"CISCOMAC"=>"(?:(?:[A-Fa-f0-9]{4}\\.){2}[A-Fa-f0-9]{4})", :level=>:info} | |
Adding pattern {"WINDOWSMAC"=>"(?:(?:[A-Fa-f0-9]{2}-){5}[A-Fa-f0-9]{2})", :level=>:info} | |
Adding pattern {"COMMONMAC"=>"(?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})", :level=>:info} | |
Adding pattern {"IPV6"=>"((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?", :level=>:info} | |
Adding pattern {"IPV4"=>"(?<![0-9])(?:(?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]))(?![0-9])", :level=>:info} | |
Adding pattern {"IP"=>"(?:%{IPV6}|%{IPV4})", :level=>:info} | |
Adding pattern {"HOSTNAME"=>"\\b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\\.?|\\b)", :level=>:info} | |
Adding pattern {"IPORHOST"=>"(?:%{IP}|%{HOSTNAME})", :level=>:info} | |
Adding pattern {"HOSTPORT"=>"%{IPORHOST}:%{POSINT}", :level=>:info} | |
Adding pattern {"PATH"=>"(?:%{UNIXPATH}|%{WINPATH})", :level=>:info} | |
Adding pattern {"UNIXPATH"=>"(/([\\w_%!$@:.,~-]+|\\\\.)*)+", :level=>:info} | |
Adding pattern {"TTY"=>"(?:/dev/(pts|tty([pq])?)(\\w+)?/?(?:[0-9]+))", :level=>:info} | |
Adding pattern {"WINPATH"=>"(?>[A-Za-z]+:|\\\\)(?:\\\\[^\\\\?*]*)+", :level=>:info} | |
Adding pattern {"URIPROTO"=>"[A-Za-z]+(\\+[A-Za-z+]+)?", :level=>:info} | |
Adding pattern {"URIHOST"=>"%{IPORHOST}(?::%{POSINT:port})?", :level=>:info} | |
Adding pattern {"URIPATH"=>"(?:/[A-Za-z0-9$.+!*'(){},~:;=@#%_\\-]*)+", :level=>:info} | |
Adding pattern {"URIPARAM"=>"\\?[A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\\-\\[\\]<>]*", :level=>:info} | |
Adding pattern {"URIPATHPARAM"=>"%{URIPATH}(?:%{URIPARAM})?", :level=>:info} | |
Adding pattern {"URI"=>"%{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?", :level=>:info} | |
Adding pattern {"MONTH"=>"\\b(?:Jan(?:uary|uar)?|Feb(?:ruary|ruar)?|M(?:a|ä)?r(?:ch|z)?|Apr(?:il)?|Ma(?:y|i)?|Jun(?:e|i)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|O(?:c|k)?t(?:ober)?|Nov(?:ember)?|De(?:c|z)(?:ember)?)\\b", :level=>:info} | |
Adding pattern {"MONTHNUM"=>"(?:0?[1-9]|1[0-2])", :level=>:info} | |
Adding pattern {"MONTHNUM2"=>"(?:0[1-9]|1[0-2])", :level=>:info} | |
Adding pattern {"MONTHDAY"=>"(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])", :level=>:info} | |
Adding pattern {"DAY"=>"(?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)", :level=>:info} | |
Adding pattern {"YEAR"=>"(?>\\d\\d){1,2}", :level=>:info} | |
Adding pattern {"HOUR"=>"(?:2[0123]|[01]?[0-9])", :level=>:info} | |
Adding pattern {"MINUTE"=>"(?:[0-5][0-9])", :level=>:info} | |
Adding pattern {"SECOND"=>"(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)", :level=>:info} | |
Adding pattern {"TIME"=>"(?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![0-9])", :level=>:info} | |
Adding pattern {"DATE_US"=>"%{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}", :level=>:info} | |
Adding pattern {"DATE_EU"=>"%{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}", :level=>:info} | |
Adding pattern {"ISO8601_TIMEZONE"=>"(?:Z|[+-]%{HOUR}(?::?%{MINUTE}))", :level=>:info} | |
Adding pattern {"ISO8601_SECOND"=>"(?:%{SECOND}|60)", :level=>:info} | |
Adding pattern {"TIMESTAMP_ISO8601"=>"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?", :level=>:info} | |
Adding pattern {"DATE"=>"%{DATE_US}|%{DATE_EU}", :level=>:info} | |
Adding pattern {"DATESTAMP"=>"%{DATE}[- ]%{TIME}", :level=>:info} | |
Adding pattern {"TZ"=>"(?:[PMCE][SD]T|UTC)", :level=>:info} | |
Adding pattern {"DATESTAMP_RFC822"=>"%{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}", :level=>:info} | |
Adding pattern {"DATESTAMP_RFC2822"=>"%{DAY}, %{MONTHDAY} %{MONTH} %{YEAR} %{TIME} %{ISO8601_TIMEZONE}", :level=>:info} | |
Adding pattern {"DATESTAMP_OTHER"=>"%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR}", :level=>:info} | |
Adding pattern {"DATESTAMP_EVENTLOG"=>"%{YEAR}%{MONTHNUM2}%{MONTHDAY}%{HOUR}%{MINUTE}%{SECOND}", :level=>:info} | |
Adding pattern {"HTTPDERROR_DATE"=>"%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}", :level=>:info} | |
Adding pattern {"SYSLOGTIMESTAMP"=>"%{MONTH} +%{MONTHDAY} %{TIME}", :level=>:info} | |
Adding pattern {"PROG"=>"[\\x21-\\x5a\\x5c\\x5e-\\x7e]+", :level=>:info} | |
Adding pattern {"SYSLOGPROG"=>"%{PROG:program}(?:\\[%{POSINT:pid}\\])?", :level=>:info} | |
Adding pattern {"SYSLOGHOST"=>"%{IPORHOST}", :level=>:info} | |
Adding pattern {"SYSLOGFACILITY"=>"<%{NONNEGINT:facility}.%{NONNEGINT:priority}>", :level=>:info} | |
Adding pattern {"HTTPDATE"=>"%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT}", :level=>:info} | |
Adding pattern {"QS"=>"%{QUOTEDSTRING}", :level=>:info} | |
Adding pattern {"SYSLOGBASE"=>"%{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:", :level=>:info} | |
Adding pattern {"COMMONAPACHELOG"=>"%{IPORHOST:clientip} %{USER:ident} %{USER:auth} \\[%{HTTPDATE:timestamp}\\] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response} (?:%{NUMBER:bytes}|-)", :level=>:info} | |
Adding pattern {"COMBINEDAPACHELOG"=>"%{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}", :level=>:info} | |
Adding pattern {"HTTPD20_ERRORLOG"=>"\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{LOGLEVEL:loglevel}\\] (?:\\[client %{IPORHOST:clientip}\\] ){0,1}%{GREEDYDATA:errormsg}", :level=>:info} | |
Adding pattern {"HTTPD24_ERRORLOG"=>"\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{WORD:module}:%{LOGLEVEL:loglevel}\\] \\[pid %{POSINT:pid}:tid %{NUMBER:tid}\\]( \\(%{POSINT:proxy_errorcode}\\)%{DATA:proxy_errormessage}:)?( \\[client %{IPORHOST:client}:%{POSINT:clientport}\\])? %{DATA:errorcode}: %{GREEDYDATA:message}", :level=>:info} | |
Adding pattern {"HTTPD_ERRORLOG"=>"%{HTTPD20_ERRORLOG}|%{HTTPD24_ERRORLOG}", :level=>:info} | |
Adding pattern {"LOGLEVEL"=>"([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)", :level=>:info} | |
Adding pattern {"JAVACLASS"=>"(?:[a-zA-Z$_][a-zA-Z$_0-9]*\\.)*[a-zA-Z$_][a-zA-Z$_0-9]*", :level=>:info} | |
Adding pattern {"JAVAFILE"=>"(?:[A-Za-z0-9_. -]+)", :level=>:info} | |
Adding pattern {"JAVAMETHOD"=>"(?:(<init>)|[a-zA-Z$_][a-zA-Z$_0-9]*)", :level=>:info} | |
Adding pattern {"JAVASTACKTRACEPART"=>"%{SPACE}at %{JAVACLASS:class}\\.%{JAVAMETHOD:method}\\(%{JAVAFILE:file}(?::%{NUMBER:line})?\\)", :level=>:info} | |
Adding pattern {"JAVATHREAD"=>"(?:[A-Z]{2}-Processor[\\d]+)", :level=>:info} | |
Adding pattern {"JAVACLASS"=>"(?:[a-zA-Z0-9-]+\\.)+[A-Za-z0-9$]+", :level=>:info} | |
Adding pattern {"JAVAFILE"=>"(?:[A-Za-z0-9_.-]+)", :level=>:info} | |
Adding pattern {"JAVASTACKTRACEPART"=>"at %{JAVACLASS:class}\\.%{WORD:method}\\(%{JAVAFILE:file}:%{NUMBER:line}\\)", :level=>:info} | |
Adding pattern {"JAVALOGMESSAGE"=>"(.*)", :level=>:info} | |
Adding pattern {"CATALINA_DATESTAMP"=>"%{MONTH} %{MONTHDAY}, 20%{YEAR} %{HOUR}:?%{MINUTE}(?::?%{SECOND}) (?:AM|PM)", :level=>:info} | |
Adding pattern {"TOMCAT_DATESTAMP"=>"20%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{HOUR}:?%{MINUTE}(?::?%{SECOND}) %{ISO8601_TIMEZONE}", :level=>:info} | |
Adding pattern {"CATALINALOG"=>"%{CATALINA_DATESTAMP:timestamp} %{JAVACLASS:class} %{JAVALOGMESSAGE:logmessage}", :level=>:info} | |
Adding pattern {"TOMCATLOG"=>"%{TOMCAT_DATESTAMP:timestamp} \\| %{LOGLEVEL:level} \\| %{JAVACLASS:class} - %{JAVALOGMESSAGE:logmessage}", :level=>:info} | |
Adding pattern {"BACULA_TIMESTAMP"=>"%{MONTHDAY}-%{MONTH} %{HOUR}:%{MINUTE}", :level=>:info} | |
Adding pattern {"BACULA_HOST"=>"[a-zA-Z0-9-]+", :level=>:info} | |
Adding pattern {"BACULA_VOLUME"=>"%{USER}", :level=>:info} | |
Adding pattern {"BACULA_DEVICE"=>"%{USER}", :level=>:info} | |
Adding pattern {"BACULA_DEVICEPATH"=>"%{UNIXPATH}", :level=>:info} | |
Adding pattern {"BACULA_CAPACITY"=>"%{INT}{1,3}(,%{INT}{3})*", :level=>:info} | |
Adding pattern {"BACULA_VERSION"=>"%{USER}", :level=>:info} | |
Adding pattern {"BACULA_JOB"=>"%{USER}", :level=>:info} | |
Adding pattern {"BACULA_LOG_MAX_CAPACITY"=>"User defined maximum volume capacity %{BACULA_CAPACITY} exceeded on device \\\"%{BACULA_DEVICE:device}\\\" \\(%{BACULA_DEVICEPATH}\\)", :level=>:info} | |
Adding pattern {"BACULA_LOG_END_VOLUME"=>"End of medium on Volume \\\"%{BACULA_VOLUME:volume}\\\" Bytes=%{BACULA_CAPACITY} Blocks=%{BACULA_CAPACITY} at %{MONTHDAY}-%{MONTH}-%{YEAR} %{HOUR}:%{MINUTE}.", :level=>:info} | |
Adding pattern {"BACULA_LOG_NEW_VOLUME"=>"Created new Volume \\\"%{BACULA_VOLUME:volume}\\\" in catalog.", :level=>:info} | |
Adding pattern {"BACULA_LOG_NEW_LABEL"=>"Labeled new Volume \\\"%{BACULA_VOLUME:volume}\\\" on device \\\"%{BACULA_DEVICE:device}\\\" \\(%{BACULA_DEVICEPATH}\\).", :level=>:info} | |
Adding pattern {"BACULA_LOG_WROTE_LABEL"=>"Wrote label to prelabeled Volume \\\"%{BACULA_VOLUME:volume}\\\" on device \\\"%{BACULA_DEVICE}\\\" \\(%{BACULA_DEVICEPATH}\\)", :level=>:info} | |
Adding pattern {"BACULA_LOG_NEW_MOUNT"=>"New volume \\\"%{BACULA_VOLUME:volume}\\\" mounted on device \\\"%{BACULA_DEVICE:device}\\\" \\(%{BACULA_DEVICEPATH}\\) at %{MONTHDAY}-%{MONTH}-%{YEAR} %{HOUR}:%{MINUTE}.", :level=>:info} | |
Adding pattern {"BACULA_LOG_NOOPEN"=>"\\s+Cannot open %{DATA}: ERR=%{GREEDYDATA:berror}", :level=>:info} | |
Adding pattern {"BACULA_LOG_NOOPENDIR"=>"\\s+Could not open directory %{DATA}: ERR=%{GREEDYDATA:berror}", :level=>:info} | |
Adding pattern {"BACULA_LOG_NOSTAT"=>"\\s+Could not stat %{DATA}: ERR=%{GREEDYDATA:berror}", :level=>:info} | |
Adding pattern {"BACULA_LOG_NOJOBS"=>"There are no more Jobs associated with Volume \\\"%{BACULA_VOLUME:volume}\\\". Marking it purged.", :level=>:info} | |
Adding pattern {"BACULA_LOG_ALL_RECORDS_PRUNED"=>"All records pruned from Volume \\\"%{BACULA_VOLUME:volume}\\\"; marking it \\\"Purged\\\"", :level=>:info} | |
Adding pattern {"BACULA_LOG_BEGIN_PRUNE_JOBS"=>"Begin pruning Jobs older than %{INT} month %{INT} days .", :level=>:info} | |
Adding pattern {"BACULA_LOG_BEGIN_PRUNE_FILES"=>"Begin pruning Files.", :level=>:info} | |
Adding pattern {"BACULA_LOG_PRUNED_JOBS"=>"Pruned %{INT} Jobs* for client %{BACULA_HOST:client} from catalog.", :level=>:info} | |
Adding pattern {"BACULA_LOG_PRUNED_FILES"=>"Pruned Files from %{INT} Jobs* for client %{BACULA_HOST:client} from catalog.", :level=>:info} | |
Adding pattern {"BACULA_LOG_ENDPRUNE"=>"End auto prune.", :level=>:info} | |
Adding pattern {"BACULA_LOG_STARTJOB"=>"Start Backup JobId %{INT}, Job=%{BACULA_JOB:job}", :level=>:info} | |
Adding pattern {"BACULA_LOG_STARTRESTORE"=>"Start Restore Job %{BACULA_JOB:job}", :level=>:info} | |
Adding pattern {"BACULA_LOG_USEDEVICE"=>"Using Device \\\"%{BACULA_DEVICE:device}\\\"", :level=>:info} | |
Adding pattern {"BACULA_LOG_DIFF_FS"=>"\\s+%{UNIXPATH} is a different filesystem. Will not descend from %{UNIXPATH} into it.", :level=>:info} | |
Adding pattern {"BACULA_LOG_JOBEND"=>"Job write elapsed time = %{DATA:elapsed}, Transfer rate = %{NUMBER} (K|M|G)? Bytes/second", :level=>:info} | |
Adding pattern {"BACULA_LOG_NOPRUNE_JOBS"=>"No Jobs found to prune.", :level=>:info} | |
Adding pattern {"BACULA_LOG_NOPRUNE_FILES"=>"No Files found to prune.", :level=>:info} | |
Adding pattern {"BACULA_LOG_VOLUME_PREVWRITTEN"=>"Volume \\\"%{BACULA_VOLUME:volume}\\\" previously written, moving to end of data.", :level=>:info} | |
Adding pattern {"BACULA_LOG_READYAPPEND"=>"Ready to append to end of Volume \\\"%{BACULA_VOLUME:volume}\\\" size=%{INT}", :level=>:info} | |
Adding pattern {"BACULA_LOG_CANCELLING"=>"Cancelling duplicate JobId=%{INT}.", :level=>:info} | |
Adding pattern {"BACULA_LOG_MARKCANCEL"=>"JobId %{INT}, Job %{BACULA_JOB:job} marked to be canceled.", :level=>:info} | |
Adding pattern {"BACULA_LOG_CLIENT_RBJ"=>"shell command: run ClientRunBeforeJob \\\"%{GREEDYDATA:runjob}\\\"", :level=>:info} | |
Adding pattern {"BACULA_LOG_VSS"=>"(Generate )?VSS (Writer)?", :level=>:info} | |
Adding pattern {"BACULA_LOG_MAXSTART"=>"Fatal error: Job canceled because max start delay time exceeded.", :level=>:info} | |
Adding pattern {"BACULA_LOG_DUPLICATE"=>"Fatal error: JobId %{INT:duplicate} already running. Duplicate job not allowed.", :level=>:info} | |
Adding pattern {"BACULA_LOG_NOJOBSTAT"=>"Fatal error: No Job status returned from FD.", :level=>:info} | |
Adding pattern {"BACULA_LOG_FATAL_CONN"=>"Fatal error: bsock.c:133 Unable to connect to (Client: %{BACULA_HOST:client}|Storage daemon) on %{HOSTNAME}:%{POSINT}. ERR=(?<berror>%{GREEDYDATA})", :level=>:info} | |
Adding pattern {"BACULA_LOG_NO_CONNECT"=>"Warning: bsock.c:127 Could not connect to (Client: %{BACULA_HOST:client}|Storage daemon) on %{HOSTNAME}:%{POSINT}. ERR=(?<berror>%{GREEDYDATA})", :level=>:info} | |
Adding pattern {"BACULA_LOG_NO_AUTH"=>"Fatal error: Unable to authenticate with File daemon at %{HOSTNAME}. Possible causes:", :level=>:info} | |
Adding pattern {"BACULA_LOG_NOSUIT"=>"No prior or suitable Full backup found in catalog. Doing FULL backup.", :level=>:info} | |
Adding pattern {"BACULA_LOG_NOPRIOR"=>"No prior Full backup Job record found.", :level=>:info} | |
Adding pattern {"BACULA_LOG_JOB"=>"(Error: )?Bacula %{BACULA_HOST} %{BACULA_VERSION} \\(%{BACULA_VERSION}\\):", :level=>:info} | |
Adding pattern {"BACULA_LOGLINE"=>"%{BACULA_TIMESTAMP:bts} %{BACULA_HOST:hostname} JobId %{INT:jobid}: (%{BACULA_LOG_MAX_CAPACITY}|%{BACULA_LOG_END_VOLUME}|%{BACULA_LOG_NEW_VOLUME}|%{BACULA_LOG_NEW_LABEL}|%{BACULA_LOG_WROTE_LABEL}|%{BACULA_LOG_NEW_MOUNT}|%{BACULA_LOG_NOOPEN}|%{BACULA_LOG_NOOPENDIR}|%{BACULA_LOG_NOSTAT}|%{BACULA_LOG_NOJOBS}|%{BACULA_LOG_ALL_RECORDS_PRUNED}|%{BACULA_LOG_BEGIN_PRUNE_JOBS}|%{BACULA_LOG_BEGIN_PRUNE_FILES}|%{BACULA_LOG_PRUNED_JOBS}|%{BACULA_LOG_PRUNED_FILES}|%{BACULA_LOG_ENDPRUNE}|%{BACULA_LOG_STARTJOB}|%{BACULA_LOG_STARTRESTORE}|%{BACULA_LOG_USEDEVICE}|%{BACULA_LOG_DIFF_FS}|%{BACULA_LOG_JOBEND}|%{BACULA_LOG_NOPRUNE_JOBS}|%{BACULA_LOG_NOPRUNE_FILES}|%{BACULA_LOG_VOLUME_PREVWRITTEN}|%{BACULA_LOG_READYAPPEND}|%{BACULA_LOG_CANCELLING}|%{BACULA_LOG_MARKCANCEL}|%{BACULA_LOG_CLIENT_RBJ}|%{BACULA_LOG_VSS}|%{BACULA_LOG_MAXSTART}|%{BACULA_LOG_DUPLICATE}|%{BACULA_LOG_NOJOBSTAT}|%{BACULA_LOG_FATAL_CONN}|%{BACULA_LOG_NO_CONNECT}|%{BACULA_LOG_NO_AUTH}|%{BACULA_LOG_NOSUIT}|%{BACULA_LOG_JOB}|%{BACULA_LOG_NOPRIOR})", :level=>:info} | |
Adding pattern {"MONGO_LOG"=>"%{SYSLOGTIMESTAMP:timestamp} \\[%{WORD:component}\\] %{GREEDYDATA:message}", :level=>:info} | |
Adding pattern {"MONGO_QUERY"=>"\\{ (?<={ ).*(?= } ntoreturn:) \\}", :level=>:info} | |
Adding pattern {"MONGO_SLOWQUERY"=>"%{WORD} %{MONGO_WORDDASH:database}\\.%{MONGO_WORDDASH:collection} %{WORD}: %{MONGO_QUERY:query} %{WORD}:%{NONNEGINT:ntoreturn} %{WORD}:%{NONNEGINT:ntoskip} %{WORD}:%{NONNEGINT:nscanned}.*nreturned:%{NONNEGINT:nreturned}..+ (?<duration>[0-9]+)ms", :level=>:info} | |
Adding pattern {"MONGO_WORDDASH"=>"\\b[\\w-]+\\b", :level=>:info} | |
Adding pattern {"MONGO3_SEVERITY"=>"\\w", :level=>:info} | |
Adding pattern {"MONGO3_COMPONENT"=>"%{WORD}|-", :level=>:info} | |
Adding pattern {"MONGO3_LOG"=>"%{TIMESTAMP_ISO8601:timestamp} %{MONGO3_SEVERITY:severity} %{MONGO3_COMPONENT:component}%{SPACE}(?:\\[%{DATA:context}\\])? %{GREEDYDATA:message}", :level=>:info} | |
Adding pattern {"NETSCREENSESSIONLOG"=>"%{SYSLOGTIMESTAMP:date} %{IPORHOST:device} %{IPORHOST}: NetScreen device_id=%{WORD:device_id}%{DATA}: start_time=%{QUOTEDSTRING:start_time} duration=%{INT:duration} policy_id=%{INT:policy_id} service=%{DATA:service} proto=%{INT:proto} src zone=%{WORD:src_zone} dst zone=%{WORD:dst_zone} action=%{WORD:action} sent=%{INT:sent} rcvd=%{INT:rcvd} src=%{IPORHOST:src_ip} dst=%{IPORHOST:dst_ip} src_port=%{INT:src_port} dst_port=%{INT:dst_port} src-xlated ip=%{IPORHOST:src_xlated_ip} port=%{INT:src_xlated_port} dst-xlated ip=%{IPORHOST:dst_xlated_ip} port=%{INT:dst_xlated_port} session_id=%{INT:session_id} reason=%{GREEDYDATA:reason}", :level=>:info} | |
Adding pattern {"CISCO_TAGGED_SYSLOG"=>"^<%{POSINT:syslog_pri}>%{CISCOTIMESTAMP:timestamp}( %{SYSLOGHOST:sysloghost})? ?: %%{CISCOTAG:ciscotag}:", :level=>:info} | |
Adding pattern {"CISCOTIMESTAMP"=>"%{MONTH} +%{MONTHDAY}(?: %{YEAR})? %{TIME}", :level=>:info} | |
Adding pattern {"CISCOTAG"=>"[A-Z0-9]+-%{INT}-(?:[A-Z0-9_]+)", :level=>:info} | |
Adding pattern {"CISCO_ACTION"=>"Built|Teardown|Deny|Denied|denied|requested|permitted|denied by ACL|discarded|est-allowed|Dropping|created|deleted", :level=>:info} | |
Adding pattern {"CISCO_REASON"=>"Duplicate TCP SYN|Failed to locate egress interface|Invalid transport field|No matching connection|DNS Response|DNS Query|(?:%{WORD}\\s*)*", :level=>:info} | |
Adding pattern {"CISCO_DIRECTION"=>"Inbound|inbound|Outbound|outbound", :level=>:info} | |
Adding pattern {"CISCO_INTERVAL"=>"first hit|%{INT}-second interval", :level=>:info} | |
Adding pattern {"CISCO_XLATE_TYPE"=>"static|dynamic", :level=>:info} | |
Adding pattern {"CISCOFW104001"=>"\\((?:Primary|Secondary)\\) Switching to ACTIVE - %{GREEDYDATA:switch_reason}", :level=>:info} | |
Adding pattern {"CISCOFW104002"=>"\\((?:Primary|Secondary)\\) Switching to STANDBY - %{GREEDYDATA:switch_reason}", :level=>:info} | |
Adding pattern {"CISCOFW104003"=>"\\((?:Primary|Secondary)\\) Switching to FAILED\\.", :level=>:info} | |
Adding pattern {"CISCOFW104004"=>"\\((?:Primary|Secondary)\\) Switching to OK\\.", :level=>:info} | |
Adding pattern {"CISCOFW105003"=>"\\((?:Primary|Secondary)\\) Monitoring on [Ii]nterface %{GREEDYDATA:interface_name} waiting", :level=>:info} | |
Adding pattern {"CISCOFW105004"=>"\\((?:Primary|Secondary)\\) Monitoring on [Ii]nterface %{GREEDYDATA:interface_name} normal", :level=>:info} | |
Adding pattern {"CISCOFW105005"=>"\\((?:Primary|Secondary)\\) Lost Failover communications with mate on [Ii]nterface %{GREEDYDATA:interface_name}", :level=>:info} | |
Adding pattern {"CISCOFW105008"=>"\\((?:Primary|Secondary)\\) Testing [Ii]nterface %{GREEDYDATA:interface_name}", :level=>:info} | |
Adding pattern {"CISCOFW105009"=>"\\((?:Primary|Secondary)\\) Testing on [Ii]nterface %{GREEDYDATA:interface_name} (?:Passed|Failed)", :level=>:info} | |
Adding pattern {"CISCOFW106001"=>"%{CISCO_DIRECTION:direction} %{WORD:protocol} connection %{CISCO_ACTION:action} from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port} flags %{GREEDYDATA:tcp_flags} on interface %{GREEDYDATA:interface}", :level=>:info} | |
Adding pattern {"CISCOFW106006_106007_106010"=>"%{CISCO_ACTION:action} %{CISCO_DIRECTION:direction} %{WORD:protocol} (?:from|src) %{IP:src_ip}/%{INT:src_port}(\\(%{DATA:src_fwuser}\\))? (?:to|dst) %{IP:dst_ip}/%{INT:dst_port}(\\(%{DATA:dst_fwuser}\\))? (?:on interface %{DATA:interface}|due to %{CISCO_REASON:reason})", :level=>:info} | |
Adding pattern {"CISCOFW106014"=>"%{CISCO_ACTION:action} %{CISCO_DIRECTION:direction} %{WORD:protocol} src %{DATA:src_interface}:%{IP:src_ip}(\\(%{DATA:src_fwuser}\\))? dst %{DATA:dst_interface}:%{IP:dst_ip}(\\(%{DATA:dst_fwuser}\\))? \\(type %{INT:icmp_type}, code %{INT:icmp_code}\\)", :level=>:info} | |
Adding pattern {"CISCOFW106015"=>"%{CISCO_ACTION:action} %{WORD:protocol} \\(%{DATA:policy_id}\\) from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port} flags %{DATA:tcp_flags} on interface %{GREEDYDATA:interface}", :level=>:info} | |
Adding pattern {"CISCOFW106021"=>"%{CISCO_ACTION:action} %{WORD:protocol} reverse path check from %{IP:src_ip} to %{IP:dst_ip} on interface %{GREEDYDATA:interface}", :level=>:info} | |
Adding pattern {"CISCOFW106023"=>"%{CISCO_ACTION:action}( protocol)? %{WORD:protocol} src %{DATA:src_interface}:%{DATA:src_ip}(/%{INT:src_port})?(\\(%{DATA:src_fwuser}\\))? dst %{DATA:dst_interface}:%{DATA:dst_ip}(/%{INT:dst_port})?(\\(%{DATA:dst_fwuser}\\))?( \\(type %{INT:icmp_type}, code %{INT:icmp_code}\\))? by access-group \"?%{DATA:policy_id}\"? \\[%{DATA:hashcode1}, %{DATA:hashcode2}\\]", :level=>:info} | |
Adding pattern {"CISCOFW106100_2_3"=>"access-list %{NOTSPACE:policy_id} %{CISCO_ACTION:action} %{WORD:protocol} for user '%{DATA:src_fwuser}' %{DATA:src_interface}/%{IP:src_ip}\\(%{INT:src_port}\\) -> %{DATA:dst_interface}/%{IP:dst_ip}\\(%{INT:dst_port}\\) hit-cnt %{INT:hit_count} %{CISCO_INTERVAL:interval} \\[%{DATA:hashcode1}, %{DATA:hashcode2}\\]", :level=>:info} | |
Adding pattern {"CISCOFW106100"=>"access-list %{NOTSPACE:policy_id} %{CISCO_ACTION:action} %{WORD:protocol} %{DATA:src_interface}/%{IP:src_ip}\\(%{INT:src_port}\\)(\\(%{DATA:src_fwuser}\\))? -> %{DATA:dst_interface}/%{IP:dst_ip}\\(%{INT:dst_port}\\)(\\(%{DATA:src_fwuser}\\))? hit-cnt %{INT:hit_count} %{CISCO_INTERVAL:interval} \\[%{DATA:hashcode1}, %{DATA:hashcode2}\\]", :level=>:info} | |
Adding pattern {"CISCOFW110002"=>"%{CISCO_REASON:reason} for %{WORD:protocol} from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port}", :level=>:info} | |
Adding pattern {"CISCOFW302010"=>"%{INT:connection_count} in use, %{INT:connection_count_max} most used", :level=>:info} | |
Adding pattern {"CISCOFW302013_302014_302015_302016"=>"%{CISCO_ACTION:action}(?: %{CISCO_DIRECTION:direction})? %{WORD:protocol} connection %{INT:connection_id} for %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port}( \\(%{IP:src_mapped_ip}/%{INT:src_mapped_port}\\))?(\\(%{DATA:src_fwuser}\\))? to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}( \\(%{IP:dst_mapped_ip}/%{INT:dst_mapped_port}\\))?(\\(%{DATA:dst_fwuser}\\))?( duration %{TIME:duration} bytes %{INT:bytes})?(?: %{CISCO_REASON:reason})?( \\(%{DATA:user}\\))?", :level=>:info} | |
Adding pattern {"CISCOFW302020_302021"=>"%{CISCO_ACTION:action}(?: %{CISCO_DIRECTION:direction})? %{WORD:protocol} connection for faddr %{IP:dst_ip}/%{INT:icmp_seq_num}(?:\\(%{DATA:fwuser}\\))? gaddr %{IP:src_xlated_ip}/%{INT:icmp_code_xlated} laddr %{IP:src_ip}/%{INT:icmp_code}( \\(%{DATA:user}\\))?", :level=>:info} | |
Adding pattern {"CISCOFW305011"=>"%{CISCO_ACTION:action} %{CISCO_XLATE_TYPE:xlate_type} %{WORD:protocol} translation from %{DATA:src_interface}:%{IP:src_ip}(/%{INT:src_port})?(\\(%{DATA:src_fwuser}\\))? to %{DATA:src_xlated_interface}:%{IP:src_xlated_ip}/%{DATA:src_xlated_port}", :level=>:info} | |
Adding pattern {"CISCOFW313001_313004_313008"=>"%{CISCO_ACTION:action} %{WORD:protocol} type=%{INT:icmp_type}, code=%{INT:icmp_code} from %{IP:src_ip} on interface %{DATA:interface}( to %{IP:dst_ip})?", :level=>:info} | |
Adding pattern {"CISCOFW313005"=>"%{CISCO_REASON:reason} for %{WORD:protocol} error message: %{WORD:err_protocol} src %{DATA:err_src_interface}:%{IP:err_src_ip}(\\(%{DATA:err_src_fwuser}\\))? dst %{DATA:err_dst_interface}:%{IP:err_dst_ip}(\\(%{DATA:err_dst_fwuser}\\))? \\(type %{INT:err_icmp_type}, code %{INT:err_icmp_code}\\) on %{DATA:interface} interface\\. Original IP payload: %{WORD:protocol} src %{IP:orig_src_ip}/%{INT:orig_src_port}(\\(%{DATA:orig_src_fwuser}\\))? dst %{IP:orig_dst_ip}/%{INT:orig_dst_port}(\\(%{DATA:orig_dst_fwuser}\\))?", :level=>:info} | |
Adding pattern {"CISCOFW321001"=>"Resource '%{WORD:resource_name}' limit of %{POSINT:resource_limit} reached for system", :level=>:info} | |
Adding pattern {"CISCOFW402117"=>"%{WORD:protocol}: Received a non-IPSec packet \\(protocol= %{WORD:orig_protocol}\\) from %{IP:src_ip} to %{IP:dst_ip}", :level=>:info} | |
Adding pattern {"CISCOFW402119"=>"%{WORD:protocol}: Received an %{WORD:orig_protocol} packet \\(SPI= %{DATA:spi}, sequence number= %{DATA:seq_num}\\) from %{IP:src_ip} \\(user= %{DATA:user}\\) to %{IP:dst_ip} that failed anti-replay checking", :level=>:info} | |
Adding pattern {"CISCOFW419001"=>"%{CISCO_ACTION:action} %{WORD:protocol} packet from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}, reason: %{GREEDYDATA:reason}", :level=>:info} | |
Adding pattern {"CISCOFW419002"=>"%{CISCO_REASON:reason} from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port} with different initial sequence number", :level=>:info} | |
Adding pattern {"CISCOFW500004"=>"%{CISCO_REASON:reason} for protocol=%{WORD:protocol}, from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port}", :level=>:info} | |
Adding pattern {"CISCOFW602303_602304"=>"%{WORD:protocol}: An %{CISCO_DIRECTION:direction} %{GREEDYDATA:tunnel_type} SA \\(SPI= %{DATA:spi}\\) between %{IP:src_ip} and %{IP:dst_ip} \\(user= %{DATA:user}\\) has been %{CISCO_ACTION:action}", :level=>:info} | |
Adding pattern {"CISCOFW710001_710002_710003_710005_710006"=>"%{WORD:protocol} (?:request|access) %{CISCO_ACTION:action} from %{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}", :level=>:info} | |
Adding pattern {"CISCOFW713172"=>"Group = %{GREEDYDATA:group}, IP = %{IP:src_ip}, Automatic NAT Detection Status:\\s+Remote end\\s*%{DATA:is_remote_natted}\\s*behind a NAT device\\s+This\\s+end\\s*%{DATA:is_local_natted}\\s*behind a NAT device", :level=>:info} | |
Adding pattern {"CISCOFW733100"=>"\\[\\s*%{DATA:drop_type}\\s*\\] drop %{DATA:drop_rate_id} exceeded. Current burst rate is %{INT:drop_rate_current_burst} per second, max configured rate is %{INT:drop_rate_max_burst}; Current average rate is %{INT:drop_rate_current_avg} per second, max configured rate is %{INT:drop_rate_max_avg}; Cumulative total count is %{INT:drop_total_count}", :level=>:info} | |
Adding pattern {"SHOREWALL"=>"(%{SYSLOGTIMESTAMP:timestamp}) (%{WORD:nf_host}) kernel:.*Shorewall:(%{WORD:nf_action1})?:(%{WORD:nf_action2})?.*IN=(%{USERNAME:nf_in_interface})?.*(OUT= *MAC=(%{COMMONMAC:nf_dst_mac}):(%{COMMONMAC:nf_src_mac})?|OUT=%{USERNAME:nf_out_interface}).*SRC=(%{IPV4:nf_src_ip}).*DST=(%{IPV4:nf_dst_ip}).*LEN=(%{WORD:nf_len}).?*TOS=(%{WORD:nf_tos}).?*PREC=(%{WORD:nf_prec}).?*TTL=(%{INT:nf_ttl}).?*ID=(%{INT:nf_id}).?*PROTO=(%{WORD:nf_protocol}).?*SPT=(%{INT:nf_src_port}?.*DPT=%{INT:nf_dst_port}?.*)", :level=>:info} | |
Adding pattern {"RUBY_LOGLEVEL"=>"(?:DEBUG|FATAL|ERROR|WARN|INFO)", :level=>:info} | |
Adding pattern {"RUBY_LOGGER"=>"[DFEWI], \\[%{TIMESTAMP_ISO8601:timestamp} #%{POSINT:pid}\\] *%{RUBY_LOGLEVEL:loglevel} -- +%{DATA:progname}: %{GREEDYDATA:message}", :level=>:info} | |
Adding pattern {"S3_REQUEST_LINE"=>"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})", :level=>:info} | |
Adding pattern {"S3_ACCESS_LOG"=>"%{WORD:owner} %{NOTSPACE:bucket} \\[%{HTTPDATE:timestamp}\\] %{IP:clientip} %{NOTSPACE:requester} %{NOTSPACE:request_id} %{NOTSPACE:operation} %{NOTSPACE:key} (?:\"%{S3_REQUEST_LINE}\"|-) (?:%{INT:response:int}|-) (?:-|%{NOTSPACE:error_code}) (?:%{INT:bytes:int}|-) (?:%{INT:object_size:int}|-) (?:%{INT:request_time_ms:int}|-) (?:%{INT:turnaround_time_ms:int}|-) (?:%{QS:referrer}|-) (?:\"?%{QS:agent}\"?|-) (?:-|%{NOTSPACE:version_id})", :level=>:info} | |
Adding pattern {"ELB_URIPATHPARAM"=>"%{URIPATH:path}(?:%{URIPARAM:params})?", :level=>:info} | |
Adding pattern {"ELB_URI"=>"%{URIPROTO:proto}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST:urihost})?(?:%{ELB_URIPATHPARAM})?", :level=>:info} | |
Adding pattern {"ELB_REQUEST_LINE"=>"(?:%{WORD:verb} %{ELB_URI:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})", :level=>:info} | |
Adding pattern {"ELB_ACCESS_LOG"=>"%{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE:elb} %{IP:clientip}:%{INT:clientport:int} (?:(%{IP:backendip}:?:%{INT:backendport:int})|-) %{NUMBER:request_processing_time:float} %{NUMBER:backend_processing_time:float} %{NUMBER:response_processing_time:float} %{INT:response:int} %{INT:backend_response:int} %{INT:received_bytes:int} %{INT:bytes:int} \"%{ELB_REQUEST_LINE}\"", :level=>:info} | |
Adding pattern {"EXIM_MSGID"=>"[0-9A-Za-z]{6}-[0-9A-Za-z]{6}-[0-9A-Za-z]{2}", :level=>:info} | |
Adding pattern {"EXIM_FLAGS"=>"(<=|[-=>*]>|[*]{2}|==)", :level=>:info} | |
Adding pattern {"EXIM_DATE"=>"%{YEAR:exim_year}-%{MONTHNUM:exim_month}-%{MONTHDAY:exim_day} %{TIME:exim_time}", :level=>:info} | |
Adding pattern {"EXIM_PID"=>"\\[%{POSINT}\\]", :level=>:info} | |
Adding pattern {"EXIM_QT"=>"((\\d+y)?(\\d+w)?(\\d+d)?(\\d+h)?(\\d+m)?(\\d+s)?)", :level=>:info} | |
Adding pattern {"EXIM_EXCLUDE_TERMS"=>"(Message is frozen|(Start|End) queue run| Warning: | retry time not reached | no (IP address|host name) found for (IP address|host) | unexpected disconnection while reading SMTP command | no immediate delivery: |another process is handling this message)", :level=>:info} | |
Adding pattern {"EXIM_REMOTE_HOST"=>"(H=(%{NOTSPACE:remote_hostname} )?(\\(%{NOTSPACE:remote_heloname}\\) )?\\[%{IP:remote_host}\\])", :level=>:info} | |
Adding pattern {"EXIM_INTERFACE"=>"(I=\\[%{IP:exim_interface}\\](:%{NUMBER:exim_interface_port}))", :level=>:info} | |
Adding pattern {"EXIM_PROTOCOL"=>"(P=%{NOTSPACE:protocol})", :level=>:info} | |
Adding pattern {"EXIM_MSG_SIZE"=>"(S=%{NUMBER:exim_msg_size})", :level=>:info} | |
Adding pattern {"EXIM_HEADER_ID"=>"(id=%{NOTSPACE:exim_header_id})", :level=>:info} | |
Adding pattern {"EXIM_SUBJECT"=>"(T=%{QS:exim_subject})", :level=>:info} | |
Adding pattern {"MCOLLECTIVEAUDIT"=>"%{TIMESTAMP_ISO8601:timestamp}:", :level=>:info} | |
Adding pattern {"NAGIOSTIME"=>"\\[%{NUMBER:nagios_epoch}\\]", :level=>:info} | |
Adding pattern {"NAGIOS_TYPE_CURRENT_SERVICE_STATE"=>"CURRENT SERVICE STATE", :level=>:info} | |
Adding pattern {"NAGIOS_TYPE_CURRENT_HOST_STATE"=>"CURRENT HOST STATE", :level=>:info} | |
Adding pattern {"NAGIOS_TYPE_SERVICE_NOTIFICATION"=>"SERVICE NOTIFICATION", :level=>:info} | |
Adding pattern {"NAGIOS_TYPE_HOST_NOTIFICATION"=>"HOST NOTIFICATION", :level=>:info} | |
Adding pattern {"NAGIOS_TYPE_SERVICE_ALERT"=>"SERVICE ALERT", :level=>:info} | |
Adding pattern {"NAGIOS_TYPE_HOST_ALERT"=>"HOST ALERT", :level=>:info} | |
Adding pattern {"NAGIOS_TYPE_SERVICE_FLAPPING_ALERT"=>"SERVICE FLAPPING ALERT", :level=>:info} | |
Adding pattern {"NAGIOS_TYPE_HOST_FLAPPING_ALERT"=>"HOST FLAPPING ALERT", :level=>:info} | |
Adding pattern {"NAGIOS_TYPE_SERVICE_DOWNTIME_ALERT"=>"SERVICE DOWNTIME ALERT", :level=>:info} | |
Adding pattern {"NAGIOS_TYPE_HOST_DOWNTIME_ALERT"=>"HOST DOWNTIME ALERT", :level=>:info} | |
Adding pattern {"NAGIOS_TYPE_PASSIVE_SERVICE_CHECK"=>"PASSIVE SERVICE CHECK", :level=>:info} | |
Adding pattern {"NAGIOS_TYPE_PASSIVE_HOST_CHECK"=>"PASSIVE HOST CHECK", :level=>:info} | |
Adding pattern {"NAGIOS_TYPE_SERVICE_EVENT_HANDLER"=>"SERVICE EVENT HANDLER", :level=>:info} | |
Adding pattern {"NAGIOS_TYPE_HOST_EVENT_HANDLER"=>"HOST EVENT HANDLER", :level=>:info} | |
Adding pattern {"NAGIOS_TYPE_EXTERNAL_COMMAND"=>"EXTERNAL COMMAND", :level=>:info} | |
Adding pattern {"NAGIOS_TYPE_TIMEPERIOD_TRANSITION"=>"TIMEPERIOD TRANSITION", :level=>:info} | |
Adding pattern {"NAGIOS_EC_DISABLE_SVC_CHECK"=>"DISABLE_SVC_CHECK", :level=>:info} | |
Adding pattern {"NAGIOS_EC_ENABLE_SVC_CHECK"=>"ENABLE_SVC_CHECK", :level=>:info} | |
Adding pattern {"NAGIOS_EC_DISABLE_HOST_CHECK"=>"DISABLE_HOST_CHECK", :level=>:info} | |
Adding pattern {"NAGIOS_EC_ENABLE_HOST_CHECK"=>"ENABLE_HOST_CHECK", :level=>:info} | |
Adding pattern {"NAGIOS_EC_PROCESS_SERVICE_CHECK_RESULT"=>"PROCESS_SERVICE_CHECK_RESULT", :level=>:info} | |
Adding pattern {"NAGIOS_EC_PROCESS_HOST_CHECK_RESULT"=>"PROCESS_HOST_CHECK_RESULT", :level=>:info} | |
Adding pattern {"NAGIOS_EC_SCHEDULE_SERVICE_DOWNTIME"=>"SCHEDULE_SERVICE_DOWNTIME", :level=>:info} | |
Adding pattern {"NAGIOS_EC_SCHEDULE_HOST_DOWNTIME"=>"SCHEDULE_HOST_DOWNTIME", :level=>:info} | |
Adding pattern {"NAGIOS_EC_DISABLE_HOST_SVC_NOTIFICATIONS"=>"DISABLE_HOST_SVC_NOTIFICATIONS", :level=>:info} | |
Adding pattern {"NAGIOS_EC_ENABLE_HOST_SVC_NOTIFICATIONS"=>"ENABLE_HOST_SVC_NOTIFICATIONS", :level=>:info} | |
Adding pattern {"NAGIOS_EC_DISABLE_HOST_NOTIFICATIONS"=>"DISABLE_HOST_NOTIFICATIONS", :level=>:info} | |
Adding pattern {"NAGIOS_EC_ENABLE_HOST_NOTIFICATIONS"=>"ENABLE_HOST_NOTIFICATIONS", :level=>:info} | |
Adding pattern {"NAGIOS_EC_DISABLE_SVC_NOTIFICATIONS"=>"DISABLE_SVC_NOTIFICATIONS", :level=>:info} | |
Adding pattern {"NAGIOS_EC_ENABLE_SVC_NOTIFICATIONS"=>"ENABLE_SVC_NOTIFICATIONS", :level=>:info} | |
Adding pattern {"NAGIOS_WARNING"=>"Warning:%{SPACE}%{GREEDYDATA:nagios_message}", :level=>:info} | |
Adding pattern {"NAGIOS_CURRENT_SERVICE_STATE"=>"%{NAGIOS_TYPE_CURRENT_SERVICE_STATE:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statetype};%{DATA:nagios_statecode};%{GREEDYDATA:nagios_message}", :level=>:info} | |
Adding pattern {"NAGIOS_CURRENT_HOST_STATE"=>"%{NAGIOS_TYPE_CURRENT_HOST_STATE:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statetype};%{DATA:nagios_statecode};%{GREEDYDATA:nagios_message}", :level=>:info} | |
Adding pattern {"NAGIOS_SERVICE_NOTIFICATION"=>"%{NAGIOS_TYPE_SERVICE_NOTIFICATION:nagios_type}: %{DATA:nagios_notifyname};%{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_contact};%{GREEDYDATA:nagios_message}", :level=>:info} | |
Adding pattern {"NAGIOS_HOST_NOTIFICATION"=>"%{NAGIOS_TYPE_HOST_NOTIFICATION:nagios_type}: %{DATA:nagios_notifyname};%{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_contact};%{GREEDYDATA:nagios_message}", :level=>:info} | |
Adding pattern {"NAGIOS_SERVICE_ALERT"=>"%{NAGIOS_TYPE_SERVICE_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{NUMBER:nagios_attempt};%{GREEDYDATA:nagios_message}", :level=>:info} | |
Adding pattern {"NAGIOS_HOST_ALERT"=>"%{NAGIOS_TYPE_HOST_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{NUMBER:nagios_attempt};%{GREEDYDATA:nagios_message}", :level=>:info} | |
Adding pattern {"NAGIOS_SERVICE_FLAPPING_ALERT"=>"%{NAGIOS_TYPE_SERVICE_FLAPPING_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_message}", :level=>:info} | |
Adding pattern {"NAGIOS_HOST_FLAPPING_ALERT"=>"%{NAGIOS_TYPE_HOST_FLAPPING_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_message}", :level=>:info} | |
Adding pattern {"NAGIOS_SERVICE_DOWNTIME_ALERT"=>"%{NAGIOS_TYPE_SERVICE_DOWNTIME_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}", :level=>:info} | |
Adding pattern {"NAGIOS_HOST_DOWNTIME_ALERT"=>"%{NAGIOS_TYPE_HOST_DOWNTIME_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}", :level=>:info} | |
Adding pattern {"NAGIOS_PASSIVE_SERVICE_CHECK"=>"%{NAGIOS_TYPE_PASSIVE_SERVICE_CHECK:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}", :level=>:info} | |
Adding pattern {"NAGIOS_PASSIVE_HOST_CHECK"=>"%{NAGIOS_TYPE_PASSIVE_HOST_CHECK:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}", :level=>:info} | |
Adding pattern {"NAGIOS_SERVICE_EVENT_HANDLER"=>"%{NAGIOS_TYPE_SERVICE_EVENT_HANDLER:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{DATA:nagios_event_handler_name}", :level=>:info} | |
Adding pattern {"NAGIOS_HOST_EVENT_HANDLER"=>"%{NAGIOS_TYPE_HOST_EVENT_HANDLER:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{DATA:nagios_event_handler_name}", :level=>:info} | |
Adding pattern {"NAGIOS_TIMEPERIOD_TRANSITION"=>"%{NAGIOS_TYPE_TIMEPERIOD_TRANSITION:nagios_type}: %{DATA:nagios_service};%{DATA:nagios_unknown1};%{DATA:nagios_unknown2}", :level=>:info} | |
Adding pattern {"NAGIOS_EC_LINE_DISABLE_SVC_CHECK"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_DISABLE_SVC_CHECK:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_service}", :level=>:info} | |
Adding pattern {"NAGIOS_EC_LINE_DISABLE_HOST_CHECK"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_DISABLE_HOST_CHECK:nagios_command};%{DATA:nagios_hostname}", :level=>:info} | |
Adding pattern {"NAGIOS_EC_LINE_ENABLE_SVC_CHECK"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_ENABLE_SVC_CHECK:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_service}", :level=>:info} | |
Adding pattern {"NAGIOS_EC_LINE_ENABLE_HOST_CHECK"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_ENABLE_HOST_CHECK:nagios_command};%{DATA:nagios_hostname}", :level=>:info} | |
Adding pattern {"NAGIOS_EC_LINE_PROCESS_SERVICE_CHECK_RESULT"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_PROCESS_SERVICE_CHECK_RESULT:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_check_result}", :level=>:info} | |
Adding pattern {"NAGIOS_EC_LINE_PROCESS_HOST_CHECK_RESULT"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_PROCESS_HOST_CHECK_RESULT:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_check_result}", :level=>:info} | |
Adding pattern {"NAGIOS_EC_LINE_DISABLE_HOST_SVC_NOTIFICATIONS"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_DISABLE_HOST_SVC_NOTIFICATIONS:nagios_command};%{GREEDYDATA:nagios_hostname}", :level=>:info} | |
Adding pattern {"NAGIOS_EC_LINE_DISABLE_HOST_NOTIFICATIONS"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_DISABLE_HOST_NOTIFICATIONS:nagios_command};%{GREEDYDATA:nagios_hostname}", :level=>:info} | |
Adding pattern {"NAGIOS_EC_LINE_DISABLE_SVC_NOTIFICATIONS"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_DISABLE_SVC_NOTIFICATIONS:nagios_command};%{DATA:nagios_hostname};%{GREEDYDATA:nagios_service}", :level=>:info} | |
Adding pattern {"NAGIOS_EC_LINE_ENABLE_HOST_SVC_NOTIFICATIONS"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_ENABLE_HOST_SVC_NOTIFICATIONS:nagios_command};%{GREEDYDATA:nagios_hostname}", :level=>:info} | |
Adding pattern {"NAGIOS_EC_LINE_ENABLE_HOST_NOTIFICATIONS"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_ENABLE_HOST_NOTIFICATIONS:nagios_command};%{GREEDYDATA:nagios_hostname}", :level=>:info} | |
Adding pattern {"NAGIOS_EC_LINE_ENABLE_SVC_NOTIFICATIONS"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_ENABLE_SVC_NOTIFICATIONS:nagios_command};%{DATA:nagios_hostname};%{GREEDYDATA:nagios_service}", :level=>:info} | |
Adding pattern {"NAGIOS_EC_LINE_SCHEDULE_HOST_DOWNTIME"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_SCHEDULE_HOST_DOWNTIME:nagios_command};%{DATA:nagios_hostname};%{NUMBER:nagios_start_time};%{NUMBER:nagios_end_time};%{NUMBER:nagios_fixed};%{NUMBER:nagios_trigger_id};%{NUMBER:nagios_duration};%{DATA:author};%{DATA:comment}", :level=>:info} | |
Adding pattern {"NAGIOSLOGLINE"=>"%{NAGIOSTIME} (?:%{NAGIOS_WARNING}|%{NAGIOS_CURRENT_SERVICE_STATE}|%{NAGIOS_CURRENT_HOST_STATE}|%{NAGIOS_SERVICE_NOTIFICATION}|%{NAGIOS_HOST_NOTIFICATION}|%{NAGIOS_SERVICE_ALERT}|%{NAGIOS_HOST_ALERT}|%{NAGIOS_SERVICE_FLAPPING_ALERT}|%{NAGIOS_HOST_FLAPPING_ALERT}|%{NAGIOS_SERVICE_DOWNTIME_ALERT}|%{NAGIOS_HOST_DOWNTIME_ALERT}|%{NAGIOS_PASSIVE_SERVICE_CHECK}|%{NAGIOS_PASSIVE_HOST_CHECK}|%{NAGIOS_SERVICE_EVENT_HANDLER}|%{NAGIOS_HOST_EVENT_HANDLER}|%{NAGIOS_TIMEPERIOD_TRANSITION}|%{NAGIOS_EC_LINE_DISABLE_SVC_CHECK}|%{NAGIOS_EC_LINE_ENABLE_SVC_CHECK}|%{NAGIOS_EC_LINE_DISABLE_HOST_CHECK}|%{NAGIOS_EC_LINE_ENABLE_HOST_CHECK}|%{NAGIOS_EC_LINE_PROCESS_HOST_CHECK_RESULT}|%{NAGIOS_EC_LINE_PROCESS_SERVICE_CHECK_RESULT}|%{NAGIOS_EC_LINE_SCHEDULE_HOST_DOWNTIME}|%{NAGIOS_EC_LINE_DISABLE_HOST_SVC_NOTIFICATIONS}|%{NAGIOS_EC_LINE_ENABLE_HOST_SVC_NOTIFICATIONS}|%{NAGIOS_EC_LINE_DISABLE_HOST_NOTIFICATIONS}|%{NAGIOS_EC_LINE_ENABLE_HOST_NOTIFICATIONS}|%{NAGIOS_EC_LINE_DISABLE_SVC_NOTIFICATIONS}|%{NAGIOS_EC_LINE_ENABLE_SVC_NOTIFICATIONS})", :level=>:info} | |
Adding pattern {"SYSLOG5424PRINTASCII"=>"[!-~]+", :level=>:info} | |
Adding pattern {"SYSLOGBASE2"=>"(?:%{SYSLOGTIMESTAMP:timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource}+(?: %{SYSLOGPROG}:|)", :level=>:info} | |
Adding pattern {"SYSLOGPAMSESSION"=>"%{SYSLOGBASE} (?=%{GREEDYDATA:message})%{WORD:pam_module}\\(%{DATA:pam_caller}\\): session %{WORD:pam_session_state} for user %{USERNAME:username}(?: by %{GREEDYDATA:pam_by})?", :level=>:info} | |
Adding pattern {"CRON_ACTION"=>"[A-Z ]+", :level=>:info} | |
Adding pattern {"CRONLOG"=>"%{SYSLOGBASE} \\(%{USER:user}\\) %{CRON_ACTION:action} \\(%{DATA:message}\\)", :level=>:info} | |
Adding pattern {"SYSLOGLINE"=>"%{SYSLOGBASE2} %{GREEDYDATA:message}", :level=>:info} | |
Adding pattern {"SYSLOG5424PRI"=>"<%{NONNEGINT:syslog5424_pri}>", :level=>:info} | |
Adding pattern {"SYSLOG5424SD"=>"\\[%{DATA}\\]+", :level=>:info} | |
Adding pattern {"SYSLOG5424BASE"=>"%{SYSLOG5424PRI}%{NONNEGINT:syslog5424_ver} +(?:%{TIMESTAMP_ISO8601:syslog5424_ts}|-) +(?:%{HOSTNAME:syslog5424_host}|-) +(-|%{SYSLOG5424PRINTASCII:syslog5424_app}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_proc}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_msgid}) +(?:%{SYSLOG5424SD:syslog5424_sd}|-|)", :level=>:info} | |
Adding pattern {"SYSLOG5424LINE"=>"%{SYSLOG5424BASE} +%{GREEDYDATA:syslog5424_msg}", :level=>:info} | |
Adding pattern {"HAPROXYTIME"=>"(?!<[0-9])%{HOUR:haproxy_hour}:%{MINUTE:haproxy_minute}(?::%{SECOND:haproxy_second})(?![0-9])", :level=>:info} | |
Adding pattern {"HAPROXYDATE"=>"%{MONTHDAY:haproxy_monthday}/%{MONTH:haproxy_month}/%{YEAR:haproxy_year}:%{HAPROXYTIME:haproxy_time}.%{INT:haproxy_milliseconds}", :level=>:info} | |
Adding pattern {"HAPROXYCAPTUREDREQUESTHEADERS"=>"%{DATA:captured_request_headers}", :level=>:info} | |
Adding pattern {"HAPROXYCAPTUREDRESPONSEHEADERS"=>"%{DATA:captured_response_headers}", :level=>:info} | |
Adding pattern {"HAPROXYHTTPBASE"=>"%{IP:client_ip}:%{INT:client_port} \\[%{HAPROXYDATE:accept_date}\\] %{NOTSPACE:frontend_name} %{NOTSPACE:backend_name}/%{NOTSPACE:server_name} %{INT:time_request}/%{INT:time_queue}/%{INT:time_backend_connect}/%{INT:time_backend_response}/%{NOTSPACE:time_duration} %{INT:http_status_code} %{NOTSPACE:bytes_read} %{DATA:captured_request_cookie} %{DATA:captured_response_cookie} %{NOTSPACE:termination_state} %{INT:actconn}/%{INT:feconn}/%{INT:beconn}/%{INT:srvconn}/%{NOTSPACE:retries} %{INT:srv_queue}/%{INT:backend_queue} (\\{%{HAPROXYCAPTUREDREQUESTHEADERS}\\})?( )?(\\{%{HAPROXYCAPTUREDRESPONSEHEADERS}\\})?( )?\"(<BADREQ>|(%{WORD:http_verb} (%{URIPROTO:http_proto}://)?(?:%{USER:http_user}(?::[^@]*)?@)?(?:%{URIHOST:http_host})?(?:%{URIPATHPARAM:http_request})?( HTTP/%{NUMBER:http_version})?))?\"", :level=>:info} | |
Adding pattern {"HAPROXYHTTP"=>"(?:%{SYSLOGTIMESTAMP:syslog_timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) %{IPORHOST:syslog_server} %{SYSLOGPROG}: %{HAPROXYHTTPBASE}", :level=>:info} | |
Adding pattern {"HAPROXYTCP"=>"(?:%{SYSLOGTIMESTAMP:syslog_timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) %{IPORHOST:syslog_server} %{SYSLOGPROG}: %{IP:client_ip}:%{INT:client_port} \\[%{HAPROXYDATE:accept_date}\\] %{NOTSPACE:frontend_name} %{NOTSPACE:backend_name}/%{NOTSPACE:server_name} %{INT:time_queue}/%{INT:time_backend_connect}/%{NOTSPACE:time_duration} %{NOTSPACE:bytes_read} %{NOTSPACE:termination_state} %{INT:actconn}/%{INT:feconn}/%{INT:beconn}/%{INT:srvconn}/%{NOTSPACE:retries} %{INT:srv_queue}/%{INT:backend_queue}", :level=>:info} | |
Using geoip database {:path=>"/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-geoip-1.1.2/vendor/GeoLiteCity-2013-01-18.dat", :level=>:info} | |
Jan 17, 2016 9:37:50 PM org.elasticsearch.node.internal.InternalNode <init> | |
INFO: [logstash-ip-172-31-42-57-6773-13968] version[1.7.0], pid[6773], build[929b973/2015-07-16T14:31:07Z] | |
Jan 17, 2016 9:37:50 PM org.elasticsearch.node.internal.InternalNode <init> | |
INFO: [logstash-ip-172-31-42-57-6773-13968] initializing ... | |
Jan 17, 2016 9:37:50 PM org.elasticsearch.plugins.PluginsService <init> | |
INFO: [logstash-ip-172-31-42-57-6773-13968] loaded [], sites [] | |
Jan 17, 2016 9:37:51 PM org.elasticsearch.bootstrap.Natives <clinit> | |
WARNING: JNA not found. native methods will be disabled. | |
Jan 17, 2016 9:37:51 PM org.elasticsearch.node.internal.InternalNode <init> | |
INFO: [logstash-ip-172-31-42-57-6773-13968] initialized | |
Jan 17, 2016 9:37:51 PM org.elasticsearch.node.internal.InternalNode start | |
INFO: [logstash-ip-172-31-42-57-6773-13968] starting ... | |
Jan 17, 2016 9:37:51 PM org.elasticsearch.transport.TransportService doStart | |
INFO: [logstash-ip-172-31-42-57-6773-13968] bound_address {inet[/0:0:0:0:0:0:0:0:9302]}, publish_address {inet[/172.31.42.57:9302]} | |
Jan 17, 2016 9:37:52 PM org.elasticsearch.discovery.DiscoveryService doStart | |
INFO: [logstash-ip-172-31-42-57-6773-13968] elasticsearch/zSYCpfYoT1Ww-ocMtAxEVg | |
Jan 17, 2016 9:37:55 PM org.elasticsearch.cluster.service.InternalClusterService$UpdateTask run | |
INFO: [logstash-ip-172-31-42-57-6773-13968] detected_master [Maggott][vvOvvPPPTwmEZfHuqEaOkA][ip-172-31-42-57][inet[/172.31.42.57:9300]], added {[logstash-ip-172-31-42-57-6674-13968][d7WFarxDQvO6yZ5-8we_Rw][ip-172-31-42-57][inet[/172.31.42.57:9301]]{data=false, client=true},[Maggott][vvOvvPPPTwmEZfHuqEaOkA][ip-172-31-42-57][inet[/172.31.42.57:9300]],}, reason: zen-disco-receive(from master [[Maggott][vvOvvPPPTwmEZfHuqEaOkA][ip-172-31-42-57][inet[/172.31.42.57:9300]]]) | |
Jan 17, 2016 9:37:55 PM org.elasticsearch.node.internal.InternalNode start | |
INFO: [logstash-ip-172-31-42-57-6773-13968] started | |
Automatic template management enabled {:manage_template=>"true", :level=>:info} | |
Using mapping template {:template=>{"template"=>"logstash-*", "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"_all"=>{"enabled"=>true, "omit_norms"=>true}, "dynamic_templates"=>[{"message_field"=>{"match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"string", "index"=>"analyzed", "omit_norms"=>true}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"string", "index"=>"analyzed", "omit_norms"=>true, "fields"=>{"raw"=>{"type"=>"string", "index"=>"not_analyzed", "ignore_above"=>256}}}}}], "properties"=>{"@version"=>{"type"=>"string", "index"=>"not_analyzed"}, "geoip"=>{"type"=>"object", "dynamic"=>true, "properties"=>{"location"=>{"type"=>"geo_point"}}}}}}}, :level=>:info} | |
New Elasticsearch output {:cluster=>nil, :host=>nil, :port=>"9300-9305", :embedded=>false, :protocol=>"node", :level=>:info} | |
Pipeline started {:level=>:info} | |
Logstash startup completed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment