API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 28th, 2015
332
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 46.47 KB | None | 0 0
raw download clone embed print report
  1. {:timestamp=>"2015-05-28T16:07:43.878000+0200", :message=>"Using version 0.1.x input plugin 'file'. This plugin isn't well supported by the community and likely has no maintainer.", :level=>:info}
  2. {:timestamp=>"2015-05-28T16:07:43.893000+0200", :message=>"Using version 0.1.x codec plugin 'plain'. This plugin isn't well supported by the community and likely has no maintainer.", :level=>:info}
  3. {:timestamp=>"2015-05-28T16:07:43.909000+0200", :message=>"Using version 0.1.x filter plugin 'mutate'. This plugin isn't well supported by the community and likely has no maintainer.", :level=>:info}
  4. {:timestamp=>"2015-05-28T16:07:43.940000+0200", :message=>"Using version 0.1.x filter plugin 'grok'. This plugin isn't well supported by the community and likely has no maintainer.", :level=>:info}
  5. {:timestamp=>"2015-05-28T16:07:43.987000+0200", :message=>"Using version 0.1.x output plugin 'stdout'. This plugin isn't well supported by the community and likely has no maintainer.", :level=>:info}
  6. {:timestamp=>"2015-05-28T16:07:44.009000+0200", :message=>"Using version 0.1.x codec plugin 'json'. This plugin isn't well supported by the community and likely has no maintainer.", :level=>:info}
  7. {:timestamp=>"2015-05-28T16:07:44.282000+0200", :message=>"Registering file input", :path=>["c:/logs/*"], :level=>:info}
  8. {:timestamp=>"2015-05-28T16:07:44.282000+0200", :message=>"No sincedb_path set, generating one based on the file path", :sincedb_path=>"C:\\Users\\ajh/.sincedb_6546e307e4e7324ce2fae0b6ef7999e4", :path=>["c:/logs/*"], :level=>:info}
  9. {:timestamp=>"2015-05-28T16:07:44.329000+0200", :message=>"Grok patterns path", :patterns_dir=>["C:/tools/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.10/patterns", "C:/tools/logstash-1.5.0/patterns/*"], :level=>:info}
  10. {:timestamp=>"2015-05-28T16:07:44.329000+0200", :message=>"Grok loading patterns from file", :path=>"C:/tools/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.10/patterns/firewalls", :level=>:info}
  11. {:timestamp=>"2015-05-28T16:07:44.329000+0200", :message=>"Grok loading patterns from file", :path=>"C:/tools/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.10/patterns/grok-patterns", :level=>:info}
  12. {:timestamp=>"2015-05-28T16:07:44.329000+0200", :message=>"Grok loading patterns from file", :path=>"C:/tools/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.10/patterns/haproxy", :level=>:info}
  13. {:timestamp=>"2015-05-28T16:07:44.329000+0200", :message=>"Grok loading patterns from file", :path=>"C:/tools/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.10/patterns/java", :level=>:info}
  14. {:timestamp=>"2015-05-28T16:07:44.329000+0200", :message=>"Grok loading patterns from file", :path=>"C:/tools/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.10/patterns/junos", :level=>:info}
  15. {:timestamp=>"2015-05-28T16:07:44.329000+0200", :message=>"Grok loading patterns from file", :path=>"C:/tools/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.10/patterns/linux-syslog", :level=>:info}
  16. {:timestamp=>"2015-05-28T16:07:44.329000+0200", :message=>"Grok loading patterns from file", :path=>"C:/tools/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.10/patterns/mcollective", :level=>:info}
  17. {:timestamp=>"2015-05-28T16:07:44.329000+0200", :message=>"Grok loading patterns from file", :path=>"C:/tools/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.10/patterns/mcollective-patterns", :level=>:info}
  18. {:timestamp=>"2015-05-28T16:07:44.329000+0200", :message=>"Grok loading patterns from file", :path=>"C:/tools/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.10/patterns/mongodb", :level=>:info}
  19. {:timestamp=>"2015-05-28T16:07:44.329000+0200", :message=>"Grok loading patterns from file", :path=>"C:/tools/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.10/patterns/nagios", :level=>:info}
  20. {:timestamp=>"2015-05-28T16:07:44.329000+0200", :message=>"Grok loading patterns from file", :path=>"C:/tools/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.10/patterns/postgresql", :level=>:info}
  21. {:timestamp=>"2015-05-28T16:07:44.329000+0200", :message=>"Grok loading patterns from file", :path=>"C:/tools/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.10/patterns/redis", :level=>:info}
  22. {:timestamp=>"2015-05-28T16:07:44.345000+0200", :message=>"Grok loading patterns from file", :path=>"C:/tools/logstash-1.5.0/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-0.1.10/patterns/ruby", :level=>:info}
  23. {:timestamp=>"2015-05-28T16:07:44.345000+0200", :message=>"Grok loading patterns from file", :path=>"C:/tools/logstash-1.5.0/patterns/nlog", :level=>:info}
  24. {:timestamp=>"2015-05-28T16:07:44.345000+0200", :message=>"Match data", :match=>{"message"=>"%{DATESTAMP} %{LOGLEVEL}"}, :level=>:info}
  25. {:timestamp=>"2015-05-28T16:07:44.345000+0200", :message=>"Grok compile", :field=>"message", :patterns=>["%{DATESTAMP} %{LOGLEVEL}"], :level=>:info}
  26. {:timestamp=>"2015-05-28T16:07:44.345000+0200", :message=>"Adding pattern", "NETSCREENSESSIONLOG"=>"%{SYSLOGTIMESTAMP:date} %{IPORHOST:device} %{IPORHOST}: NetScreen device_id=%{WORD:device_id}%{DATA}: start_time=%{QUOTEDSTRING:start_time} duration=%{INT:duration} policy_id=%{INT:policy_id} service=%{DATA:service} proto=%{INT:proto} src zone=%{WORD:src_zone} dst zone=%{WORD:dst_zone} action=%{WORD:action} sent=%{INT:sent} rcvd=%{INT:rcvd} src=%{IPORHOST:src_ip} dst=%{IPORHOST:dst_ip} src_port=%{INT:src_port} dst_port=%{INT:dst_port} src-xlated ip=%{IPORHOST:src_xlated_ip} port=%{INT:src_xlated_port} dst-xlated ip=%{IPORHOST:dst_xlated_ip} port=%{INT:dst_xlated_port} session_id=%{INT:session_id} reason=%{GREEDYDATA:reason}", :level=>:info}
  27. {:timestamp=>"2015-05-28T16:07:44.345000+0200", :message=>"Adding pattern", "CISCO_TAGGED_SYSLOG"=>"^<%{POSINT:syslog_pri}>%{CISCOTIMESTAMP:timestamp}( %{SYSLOGHOST:sysloghost})?: %%{CISCOTAG:ciscotag}:", :level=>:info}
  28. {:timestamp=>"2015-05-28T16:07:44.345000+0200", :message=>"Adding pattern", "CISCOTIMESTAMP"=>"%{MONTH} +%{MONTHDAY}(?: %{YEAR})? %{TIME}", :level=>:info}
  29. {:timestamp=>"2015-05-28T16:07:44.345000+0200", :message=>"Adding pattern", "CISCOTAG"=>"[A-Z0-9]+-%{INT}-(?:[A-Z0-9_]+)", :level=>:info}
  30. {:timestamp=>"2015-05-28T16:07:44.345000+0200", :message=>"Adding pattern", "CISCO_ACTION"=>"Built|Teardown|Deny|Denied|denied|requested|permitted|denied by ACL|discarded|est-allowed|Dropping|created|deleted", :level=>:info}
  31. {:timestamp=>"2015-05-28T16:07:44.345000+0200", :message=>"Adding pattern", "CISCO_REASON"=>"Duplicate TCP SYN|Failed to locate egress interface|Invalid transport field|No matching connection|DNS Response|DNS Query|(?:%{WORD}\\s*)*", :level=>:info}
  32. {:timestamp=>"2015-05-28T16:07:44.345000+0200", :message=>"Adding pattern", "CISCO_DIRECTION"=>"Inbound|inbound|Outbound|outbound", :level=>:info}
  33. {:timestamp=>"2015-05-28T16:07:44.345000+0200", :message=>"Adding pattern", "CISCO_INTERVAL"=>"first hit|%{INT}-second interval", :level=>:info}
  34. {:timestamp=>"2015-05-28T16:07:44.345000+0200", :message=>"Adding pattern", "CISCO_XLATE_TYPE"=>"static|dynamic", :level=>:info}
  35. {:timestamp=>"2015-05-28T16:07:44.345000+0200", :message=>"Adding pattern", "CISCOFW106001"=>"%{CISCO_DIRECTION:direction} %{WORD:protocol} connection %{CISCO_ACTION:action} from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port} flags %{GREEDYDATA:tcp_flags} on interface %{GREEDYDATA:interface}", :level=>:info}
  36. {:timestamp=>"2015-05-28T16:07:44.345000+0200", :message=>"Adding pattern", "CISCOFW106006_106007_106010"=>"%{CISCO_ACTION:action} %{CISCO_DIRECTION:direction} %{WORD:protocol} (?:from|src) %{IP:src_ip}/%{INT:src_port}(\\(%{DATA:src_fwuser}\\))? (?:to|dst) %{IP:dst_ip}/%{INT:dst_port}(\\(%{DATA:dst_fwuser}\\))? (?:on interface %{DATA:interface}|due to %{CISCO_REASON:reason})", :level=>:info}
  37. {:timestamp=>"2015-05-28T16:07:44.345000+0200", :message=>"Adding pattern", "CISCOFW106014"=>"%{CISCO_ACTION:action} %{CISCO_DIRECTION:direction} %{WORD:protocol} src %{DATA:src_interface}:%{IP:src_ip}(\\(%{DATA:src_fwuser}\\))? dst %{DATA:dst_interface}:%{IP:dst_ip}(\\(%{DATA:dst_fwuser}\\))? \\(type %{INT:icmp_type}, code %{INT:icmp_code}\\)", :level=>:info}
  38. {:timestamp=>"2015-05-28T16:07:44.345000+0200", :message=>"Adding pattern", "CISCOFW106015"=>"%{CISCO_ACTION:action} %{WORD:protocol} \\(%{DATA:policy_id}\\) from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port} flags %{DATA:tcp_flags} on interface %{GREEDYDATA:interface}", :level=>:info}
  39. {:timestamp=>"2015-05-28T16:07:44.345000+0200", :message=>"Adding pattern", "CISCOFW106021"=>"%{CISCO_ACTION:action} %{WORD:protocol} reverse path check from %{IP:src_ip} to %{IP:dst_ip} on interface %{GREEDYDATA:interface}", :level=>:info}
  40. {:timestamp=>"2015-05-28T16:07:44.360000+0200", :message=>"Adding pattern", "CISCOFW106023"=>"%{CISCO_ACTION:action} %{WORD:protocol} src %{DATA:src_interface}:%{IP:src_ip}(/%{INT:src_port})?(\\(%{DATA:src_fwuser}\\))? dst %{DATA:dst_interface}:%{IP:dst_ip}(/%{INT:dst_port})?(\\(%{DATA:dst_fwuser}\\))?( \\(type %{INT:icmp_type}, code %{INT:icmp_code}\\))? by access-group %{DATA:policy_id} \\[%{DATA:hashcode1}, %{DATA:hashcode2}\\]", :level=>:info}
  41. {:timestamp=>"2015-05-28T16:07:44.360000+0200", :message=>"Adding pattern", "CISCOFW106100"=>"access-list %{WORD:policy_id} %{CISCO_ACTION:action} %{WORD:protocol} %{DATA:src_interface}/%{IP:src_ip}\\(%{INT:src_port}\\)(\\(%{DATA:src_fwuser}\\))? -> %{DATA:dst_interface}/%{IP:dst_ip}\\(%{INT:dst_port}\\)(\\(%{DATA:src_fwuser}\\))? hit-cnt %{INT:hit_count} %{CISCO_INTERVAL:interval} \\[%{DATA:hashcode1}, %{DATA:hashcode2}\\]", :level=>:info}
  42. {:timestamp=>"2015-05-28T16:07:44.360000+0200", :message=>"Adding pattern", "CISCOFW110002"=>"%{CISCO_REASON:reason} for %{WORD:protocol} from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port}", :level=>:info}
  43. {:timestamp=>"2015-05-28T16:07:44.360000+0200", :message=>"Adding pattern", "CISCOFW302010"=>"%{INT:connection_count} in use, %{INT:connection_count_max} most used", :level=>:info}
  44. {:timestamp=>"2015-05-28T16:07:44.360000+0200", :message=>"Adding pattern", "CISCOFW302013_302014_302015_302016"=>"%{CISCO_ACTION:action}(?: %{CISCO_DIRECTION:direction})? %{WORD:protocol} connection %{INT:connection_id} for %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port}( \\(%{IP:src_mapped_ip}/%{INT:src_mapped_port}\\))?(\\(%{DATA:src_fwuser}\\))? to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}( \\(%{IP:dst_mapped_ip}/%{INT:dst_mapped_port}\\))?(\\(%{DATA:dst_fwuser}\\))?( duration %{TIME:duration} bytes %{INT:bytes})?(?: %{CISCO_REASON:reason})?( \\(%{DATA:user}\\))?", :level=>:info}
  45. {:timestamp=>"2015-05-28T16:07:44.360000+0200", :message=>"Adding pattern", "CISCOFW302020_302021"=>"%{CISCO_ACTION:action}(?: %{CISCO_DIRECTION:direction})? %{WORD:protocol} connection for faddr %{IP:dst_ip}/%{INT:icmp_seq_num}(?:\\(%{DATA:fwuser}\\))? gaddr %{IP:src_xlated_ip}/%{INT:icmp_code_xlated} laddr %{IP:src_ip}/%{INT:icmp_code}( \\(%{DATA:user}\\))?", :level=>:info}
  46. {:timestamp=>"2015-05-28T16:07:44.360000+0200", :message=>"Adding pattern", "CISCOFW305011"=>"%{CISCO_ACTION:action} %{CISCO_XLATE_TYPE:xlate_type} %{WORD:protocol} translation from %{DATA:src_interface}:%{IP:src_ip}(/%{INT:src_port})?(\\(%{DATA:src_fwuser}\\))? to %{DATA:src_xlated_interface}:%{IP:src_xlated_ip}/%{DATA:src_xlated_port}", :level=>:info}
  47. {:timestamp=>"2015-05-28T16:07:44.360000+0200", :message=>"Adding pattern", "CISCOFW313001_313004_313008"=>"%{CISCO_ACTION:action} %{WORD:protocol} type=%{INT:icmp_type}, code=%{INT:icmp_code} from %{IP:src_ip} on interface %{DATA:interface}( to %{IP:dst_ip})?", :level=>:info}
  48. {:timestamp=>"2015-05-28T16:07:44.360000+0200", :message=>"Adding pattern", "CISCOFW313005"=>"%{CISCO_REASON:reason} for %{WORD:protocol} error message: %{WORD:err_protocol} src %{DATA:err_src_interface}:%{IP:err_src_ip}(\\(%{DATA:err_src_fwuser}\\))? dst %{DATA:err_dst_interface}:%{IP:err_dst_ip}(\\(%{DATA:err_dst_fwuser}\\))? \\(type %{INT:err_icmp_type}, code %{INT:err_icmp_code}\\) on %{DATA:interface} interface\\. Original IP payload: %{WORD:protocol} src %{IP:orig_src_ip}/%{INT:orig_src_port}(\\(%{DATA:orig_src_fwuser}\\))? dst %{IP:orig_dst_ip}/%{INT:orig_dst_port}(\\(%{DATA:orig_dst_fwuser}\\))?", :level=>:info}
  49. {:timestamp=>"2015-05-28T16:07:44.360000+0200", :message=>"Adding pattern", "CISCOFW402117"=>"%{WORD:protocol}: Received a non-IPSec packet \\(protocol= %{WORD:orig_protocol}\\) from %{IP:src_ip} to %{IP:dst_ip}", :level=>:info}
  50. {:timestamp=>"2015-05-28T16:07:44.360000+0200", :message=>"Adding pattern", "CISCOFW402119"=>"%{WORD:protocol}: Received an %{WORD:orig_protocol} packet \\(SPI= %{DATA:spi}, sequence number= %{DATA:seq_num}\\) from %{IP:src_ip} \\(user= %{DATA:user}\\) to %{IP:dst_ip} that failed anti-replay checking", :level=>:info}
  51. {:timestamp=>"2015-05-28T16:07:44.360000+0200", :message=>"Adding pattern", "CISCOFW419001"=>"%{CISCO_ACTION:action} %{WORD:protocol} packet from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}, reason: %{GREEDYDATA:reason}", :level=>:info}
  52. {:timestamp=>"2015-05-28T16:07:44.360000+0200", :message=>"Adding pattern", "CISCOFW419002"=>"%{CISCO_REASON:reason} from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port} with different initial sequence number", :level=>:info}
  53. {:timestamp=>"2015-05-28T16:07:44.360000+0200", :message=>"Adding pattern", "CISCOFW500004"=>"%{CISCO_REASON:reason} for protocol=%{WORD:protocol}, from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port}", :level=>:info}
  54. {:timestamp=>"2015-05-28T16:07:44.360000+0200", :message=>"Adding pattern", "CISCOFW602303_602304"=>"%{WORD:protocol}: An %{CISCO_DIRECTION:direction} %{GREEDYDATA:tunnel_type} SA \\(SPI= %{DATA:spi}\\) between %{IP:src_ip} and %{IP:dst_ip} \\(user= %{DATA:user}\\) has been %{CISCO_ACTION:action}", :level=>:info}
  55. {:timestamp=>"2015-05-28T16:07:44.360000+0200", :message=>"Adding pattern", "CISCOFW710001_710002_710003_710005_710006"=>"%{WORD:protocol} (?:request|access) %{CISCO_ACTION:action} from %{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}", :level=>:info}
  56. {:timestamp=>"2015-05-28T16:07:44.360000+0200", :message=>"Adding pattern", "CISCOFW713172"=>"Group = %{GREEDYDATA:group}, IP = %{IP:src_ip}, Automatic NAT Detection Status:\\s+Remote end\\s*%{DATA:is_remote_natted}\\s*behind a NAT device\\s+This\\s+end\\s*%{DATA:is_local_natted}\\s*behind a NAT device", :level=>:info}
  57. {:timestamp=>"2015-05-28T16:07:44.360000+0200", :message=>"Adding pattern", "CISCOFW733100"=>"\\[\\s*%{DATA:drop_type}\\s*\\] drop %{DATA:drop_rate_id} exceeded. Current burst rate is %{INT:drop_rate_current_burst} per second, max configured rate is %{INT:drop_rate_max_burst}; Current average rate is %{INT:drop_rate_current_avg} per second, max configured rate is %{INT:drop_rate_max_avg}; Cumulative total count is %{INT:drop_total_count}", :level=>:info}
  58. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "USERNAME"=>"[a-zA-Z0-9._-]+", :level=>:info}
  59. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "USER"=>"%{USERNAME}", :level=>:info}
  60. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "INT"=>"(?:[+-]?(?:[0-9]+))", :level=>:info}
  61. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "BASE10NUM"=>"(?<![0-9.+-])(?>[+-]?(?:(?:[0-9]+(?:\\.[0-9]+)?)|(?:\\.[0-9]+)))", :level=>:info}
  62. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "NUMBER"=>"(?:%{BASE10NUM})", :level=>:info}
  63. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "BASE16NUM"=>"(?<![0-9A-Fa-f])(?:[+-]?(?:0x)?(?:[0-9A-Fa-f]+))", :level=>:info}
  64. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "BASE16FLOAT"=>"\\b(?<![0-9A-Fa-f.])(?:[+-]?(?:0x)?(?:(?:[0-9A-Fa-f]+(?:\\.[0-9A-Fa-f]*)?)|(?:\\.[0-9A-Fa-f]+)))\\b", :level=>:info}
  65. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "POSINT"=>"\\b(?:[1-9][0-9]*)\\b", :level=>:info}
  66. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "NONNEGINT"=>"\\b(?:[0-9]+)\\b", :level=>:info}
  67. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "WORD"=>"\\b\\w+\\b", :level=>:info}
  68. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "NOTSPACE"=>"\\S+", :level=>:info}
  69. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "SPACE"=>"\\s*", :level=>:info}
  70. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "DATA"=>".*?", :level=>:info}
  71. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "GREEDYDATA"=>".*", :level=>:info}
  72. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "QUOTEDSTRING"=>"(?>(?<!\\\\)(?>\"(?>\\\\.|[^\\\\\"]+)+\"|\"\"|(?>'(?>\\\\.|[^\\\\']+)+')|''|(?>`(?>\\\\.|[^\\\\`]+)+`)|``))", :level=>:info}
  73. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "UUID"=>"[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}", :level=>:info}
  74. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "MAC"=>"(?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})", :level=>:info}
  75. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "CISCOMAC"=>"(?:(?:[A-Fa-f0-9]{4}\\.){2}[A-Fa-f0-9]{4})", :level=>:info}
  76. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "WINDOWSMAC"=>"(?:(?:[A-Fa-f0-9]{2}-){5}[A-Fa-f0-9]{2})", :level=>:info}
  77. {:timestamp=>"2015-05-28T16:07:44.376000+0200", :message=>"Adding pattern", "COMMONMAC"=>"(?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})", :level=>:info}
  78. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "IPV6"=>"((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?", :level=>:info}
  79. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "IPV4"=>"(?<![0-9])(?:(?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2}))(?![0-9])", :level=>:info}
  80. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "IP"=>"(?:%{IPV6}|%{IPV4})", :level=>:info}
  81. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "HOSTNAME"=>"\\b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\\.?|\\b)", :level=>:info}
  82. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "HOST"=>"%{HOSTNAME}", :level=>:info}
  83. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "IPORHOST"=>"(?:%{HOSTNAME}|%{IP})", :level=>:info}
  84. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "HOSTPORT"=>"%{IPORHOST}:%{POSINT}", :level=>:info}
  85. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "PATH"=>"(?:%{UNIXPATH}|%{WINPATH})", :level=>:info}
  86. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "UNIXPATH"=>"(?>/(?>[\\w_%!$@:.,~-]+|\\\\.)*)+", :level=>:info}
  87. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "TTY"=>"(?:/dev/(pts|tty([pq])?)(\\w+)?/?(?:[0-9]+))", :level=>:info}
  88. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "WINPATH"=>"(?>[A-Za-z]+:|\\\\)(?:\\\\[^\\\\?*]*)+", :level=>:info}
  89. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "URIPROTO"=>"[A-Za-z]+(\\+[A-Za-z+]+)?", :level=>:info}
  90. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "URIHOST"=>"%{IPORHOST}(?::%{POSINT:port})?", :level=>:info}
  91. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "URIPATH"=>"(?:/[A-Za-z0-9$.+!*'(){},~:;=@#%_\\-]*)+", :level=>:info}
  92. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "URIPARAM"=>"\\?[A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\\-\\[\\]]*", :level=>:info}
  93. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "URIPATHPARAM"=>"%{URIPATH}(?:%{URIPARAM})?", :level=>:info}
  94. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "URI"=>"%{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?", :level=>:info}
  95. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "MONTH"=>"\\b(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|Jun(?:e)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?)\\b", :level=>:info}
  96. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "MONTHNUM"=>"(?:0?[1-9]|1[0-2])", :level=>:info}
  97. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "MONTHNUM2"=>"(?:0[1-9]|1[0-2])", :level=>:info}
  98. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "MONTHDAY"=>"(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])", :level=>:info}
  99. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "DAY"=>"(?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)", :level=>:info}
  100. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "YEAR"=>"(?>\\d\\d){1,2}", :level=>:info}
  101. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "HOUR"=>"(?:2[0123]|[01]?[0-9])", :level=>:info}
  102. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "MINUTE"=>"(?:[0-5][0-9])", :level=>:info}
  103. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "SECOND"=>"(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)", :level=>:info}
  104. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "TIME"=>"(?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![0-9])", :level=>:info}
  105. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "DATE_US"=>"%{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}", :level=>:info}
  106. {:timestamp=>"2015-05-28T16:07:44.392000+0200", :message=>"Adding pattern", "DATE_EU"=>"%{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}", :level=>:info}
  107. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "ISO8601_TIMEZONE"=>"(?:Z|[+-]%{HOUR}(?::?%{MINUTE}))", :level=>:info}
  108. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "ISO8601_SECOND"=>"(?:%{SECOND}|60)", :level=>:info}
  109. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "TIMESTAMP_ISO8601"=>"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?", :level=>:info}
  110. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "DATE"=>"%{DATE_US}|%{DATE_EU}", :level=>:info}
  111. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "DATESTAMP"=>"%{DATE}[- ]%{TIME}", :level=>:info}
  112. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "TZ"=>"(?:[PMCE][SD]T|UTC)", :level=>:info}
  113. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "DATESTAMP_RFC822"=>"%{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}", :level=>:info}
  114. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "DATESTAMP_RFC2822"=>"%{DAY}, %{MONTHDAY} %{MONTH} %{YEAR} %{TIME} %{ISO8601_TIMEZONE}", :level=>:info}
  115. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "DATESTAMP_OTHER"=>"%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR}", :level=>:info}
  116. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "DATESTAMP_EVENTLOG"=>"%{YEAR}%{MONTHNUM2}%{MONTHDAY}%{HOUR}%{MINUTE}%{SECOND}", :level=>:info}
  117. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "SYSLOGTIMESTAMP"=>"%{MONTH} +%{MONTHDAY} %{TIME}", :level=>:info}
  118. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "PROG"=>"(?:[\\w._/%-]+)", :level=>:info}
  119. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "SYSLOGPROG"=>"%{PROG:program}(?:\\[%{POSINT:pid}\\])?", :level=>:info}
  120. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "SYSLOGHOST"=>"%{IPORHOST}", :level=>:info}
  121. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "SYSLOGFACILITY"=>"<%{NONNEGINT:facility}.%{NONNEGINT:priority}>", :level=>:info}
  122. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "HTTPDATE"=>"%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT}", :level=>:info}
  123. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "QS"=>"%{QUOTEDSTRING}", :level=>:info}
  124. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "SYSLOGBASE"=>"%{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:", :level=>:info}
  125. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "COMMONAPACHELOG"=>"%{IPORHOST:clientip} %{USER:ident} %{USER:auth} \\[%{HTTPDATE:timestamp}\\] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response} (?:%{NUMBER:bytes}|-)", :level=>:info}
  126. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "COMBINEDAPACHELOG"=>"%{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}", :level=>:info}
  127. {:timestamp=>"2015-05-28T16:07:44.407000+0200", :message=>"Adding pattern", "LOGLEVEL"=>"([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)", :level=>:info}
  128. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "HAPROXYTIME"=>"(?!<[0-9])%{HOUR:haproxy_hour}:%{MINUTE:haproxy_minute}(?::%{SECOND:haproxy_second})(?![0-9])", :level=>:info}
  129. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "HAPROXYDATE"=>"%{MONTHDAY:haproxy_monthday}/%{MONTH:haproxy_month}/%{YEAR:haproxy_year}:%{HAPROXYTIME:haproxy_time}.%{INT:haproxy_milliseconds}", :level=>:info}
  130. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "HAPROXYCAPTUREDREQUESTHEADERS"=>"%{DATA:captured_request_headers}", :level=>:info}
  131. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "HAPROXYCAPTUREDRESPONSEHEADERS"=>"%{DATA:captured_response_headers}", :level=>:info}
  132. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "HAPROXYHTTP"=>"%{SYSLOGTIMESTAMP:syslog_timestamp} %{IPORHOST:syslog_server} %{SYSLOGPROG}: %{IP:client_ip}:%{INT:client_port} \\[%{HAPROXYDATE:accept_date}\\] %{NOTSPACE:frontend_name} %{NOTSPACE:backend_name}/%{NOTSPACE:server_name} %{INT:time_request}/%{INT:time_queue}/%{INT:time_backend_connect}/%{INT:time_backend_response}/%{NOTSPACE:time_duration} %{INT:http_status_code} %{NOTSPACE:bytes_read} %{DATA:captured_request_cookie} %{DATA:captured_response_cookie} %{NOTSPACE:termination_state} %{INT:actconn}/%{INT:feconn}/%{INT:beconn}/%{INT:srvconn}/%{NOTSPACE:retries} %{INT:srv_queue}/%{INT:backend_queue} (\\{%{HAPROXYCAPTUREDREQUESTHEADERS}\\})?( )?(\\{%{HAPROXYCAPTUREDRESPONSEHEADERS}\\})?( )?\"(<BADREQ>|(%{WORD:http_verb} (%{URIPROTO:http_proto}://)?(?:%{USER:http_user}(?::[^@]*)?@)?(?:%{URIHOST:http_host})?(?:%{URIPATHPARAM:http_request})?( HTTP/%{NUMBER:http_version})?))?\"", :level=>:info}
  133. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "HAPROXYTCP"=>"%{SYSLOGTIMESTAMP:syslog_timestamp} %{IPORHOST:syslog_server} %{SYSLOGPROG}: %{IP:client_ip}:%{INT:client_port} \\[%{HAPROXYDATE:accept_date}\\] %{NOTSPACE:frontend_name} %{NOTSPACE:backend_name}/%{NOTSPACE:server_name} %{INT:time_queue}/%{INT:time_backend_connect}/%{NOTSPACE:time_duration} %{NOTSPACE:bytes_read} %{NOTSPACE:termination_state} %{INT:actconn}/%{INT:feconn}/%{INT:beconn}/%{INT:srvconn}/%{NOTSPACE:retries} %{INT:srv_queue}/%{INT:backend_queue}", :level=>:info}
  134. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "JAVACLASS"=>"(?:[a-zA-Z$_][a-zA-Z$_0-9]*\\.)*[a-zA-Z$_][a-zA-Z$_0-9]*", :level=>:info}
  135. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "JAVAFILE"=>"(?:[A-Za-z0-9_. -]+)", :level=>:info}
  136. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "JAVAMETHOD"=>"(?:(<init>)|[a-zA-Z$_][a-zA-Z$_0-9]*)", :level=>:info}
  137. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "JAVASTACKTRACEPART"=>"%{SPACE}at %{JAVACLASS:class}\\.%{JAVAMETHOD:method}\\(%{JAVAFILE:file}(?::%{NUMBER:line})?\\)", :level=>:info}
  138. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "RT_FLOW_EVENT"=>"(RT_FLOW_SESSION_CREATE|RT_FLOW_SESSION_CLOSE|RT_FLOW_SESSION_DENY)", :level=>:info}
  139. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "RT_FLOW1"=>"%{RT_FLOW_EVENT:event}: %{GREEDYDATA:close-reason}: %{IP:src-ip}/%{DATA:src-port}->%{IP:dst-ip}/%{DATA:dst-port} %{DATA:service} %{IP:nat-src-ip}/%{DATA:nat-src-port}->%{IP:nat-dst-ip}/%{DATA:nat-dst-port} %{DATA:src-nat-rule-name} %{DATA:dst-nat-rule-name} %{INT:protocol-id} %{DATA:policy-name} %{DATA:from-zone} %{DATA:to-zone} %{INT:session-id} \\d+\\(%{DATA:sent}\\) \\d+\\(%{DATA:received}\\) %{INT:elapsed-time} .*", :level=>:info}
  140. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "RT_FLOW2"=>"%{RT_FLOW_EVENT:event}: session created %{IP:src-ip}/%{DATA:src-port}->%{IP:dst-ip}/%{DATA:dst-port} %{DATA:service} %{IP:nat-src-ip}/%{DATA:nat-src-port}->%{IP:nat-dst-ip}/%{DATA:nat-dst-port} %{DATA:src-nat-rule-name} %{DATA:dst-nat-rule-name} %{INT:protocol-id} %{DATA:policy-name} %{DATA:from-zone} %{DATA:to-zone} %{INT:session-id} .*", :level=>:info}
  141. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "RT_FLOW3"=>"%{RT_FLOW_EVENT:event}: session denied %{IP:src-ip}/%{DATA:src-port}->%{IP:dst-ip}/%{DATA:dst-port} %{DATA:service} %{INT:protocol-id}\\(\\d\\) %{DATA:policy-name} %{DATA:from-zone} %{DATA:to-zone} .*", :level=>:info}
  142. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "SYSLOG5424PRINTASCII"=>"[!-~]+", :level=>:info}
  143. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "SYSLOGBASE2"=>"(?:%{SYSLOGTIMESTAMP:timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:", :level=>:info}
  144. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "SYSLOGPAMSESSION"=>"%{SYSLOGBASE} (?=%{GREEDYDATA:message})%{WORD:pam_module}\\(%{DATA:pam_caller}\\): session %{WORD:pam_session_state} for user %{USERNAME:username}(?: by %{GREEDYDATA:pam_by})?", :level=>:info}
  145. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "CRON_ACTION"=>"[A-Z ]+", :level=>:info}
  146. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "CRONLOG"=>"%{SYSLOGBASE} \\(%{USER:user}\\) %{CRON_ACTION:action} \\(%{DATA:message}\\)", :level=>:info}
  147. {:timestamp=>"2015-05-28T16:07:44.423000+0200", :message=>"Adding pattern", "SYSLOGLINE"=>"%{SYSLOGBASE2} %{GREEDYDATA:message}", :level=>:info}
  148. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "SYSLOG5424PRI"=>"<%{NONNEGINT:syslog5424_pri}>", :level=>:info}
  149. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "SYSLOG5424SD"=>"\\[%{DATA}\\]+", :level=>:info}
  150. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "SYSLOG5424BASE"=>"%{SYSLOG5424PRI}%{NONNEGINT:syslog5424_ver} +(?:%{TIMESTAMP_ISO8601:syslog5424_ts}|-) +(?:%{HOSTNAME:syslog5424_host}|-) +(-|%{SYSLOG5424PRINTASCII:syslog5424_app}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_proc}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_msgid}) +(?:%{SYSLOG5424SD:syslog5424_sd}|-|)", :level=>:info}
  151. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "SYSLOG5424LINE"=>"%{SYSLOG5424BASE} +%{GREEDYDATA:syslog5424_msg}", :level=>:info}
  152. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "MCOLLECTIVEAUDIT"=>"%{TIMESTAMP_ISO8601:timestamp}:", :level=>:info}
  153. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "MCOLLECTIVE"=>"., \\[%{TIMESTAMP_ISO8601:timestamp} #%{POSINT:pid}\\]%{SPACE}%{LOGLEVEL:event_level}", :level=>:info}
  154. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "MCOLLECTIVEAUDIT"=>"%{TIMESTAMP_ISO8601:timestamp}:", :level=>:info}
  155. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "MONGO_LOG"=>"%{SYSLOGTIMESTAMP:timestamp} \\[%{WORD:component}\\] %{GREEDYDATA:message}", :level=>:info}
  156. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "MONGO_QUERY"=>"\\{ (?<={ ).*(?= } ntoreturn:) \\}", :level=>:info}
  157. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "MONGO_SLOWQUERY"=>"%{WORD} %{MONGO_WORDDASH:database}\\.%{MONGO_WORDDASH:collection} %{WORD}: %{MONGO_QUERY:query} %{WORD}:%{NONNEGINT:ntoreturn} %{WORD}:%{NONNEGINT:ntoskip} %{WORD}:%{NONNEGINT:nscanned}.*nreturned:%{NONNEGINT:nreturned}..+ (?<duration>[0-9]+)ms", :level=>:info}
  158. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "MONGO_WORDDASH"=>"\\b[\\w-]+\\b", :level=>:info}
  159. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "MONGO3_SEVERITY"=>"\\w", :level=>:info}
  160. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "MONGO3_COMPONENT"=>"%{WORD}|-", :level=>:info}
  161. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "MONGO3_LOG"=>"%{TIMESTAMP_ISO8601:timestamp} %{MONGO3_SEVERITY:severity} %{MONGO3_COMPONENT:component}%{SPACE}(?:\\[%{DATA:context}\\])? %{GREEDYDATA:message}", :level=>:info}
  162. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "NAGIOSTIME"=>"\\[%{NUMBER:nagios_epoch}\\]", :level=>:info}
  163. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "NAGIOS_TYPE_CURRENT_SERVICE_STATE"=>"CURRENT SERVICE STATE", :level=>:info}
  164. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "NAGIOS_TYPE_CURRENT_HOST_STATE"=>"CURRENT HOST STATE", :level=>:info}
  165. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "NAGIOS_TYPE_SERVICE_NOTIFICATION"=>"SERVICE NOTIFICATION", :level=>:info}
  166. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "NAGIOS_TYPE_HOST_NOTIFICATION"=>"HOST NOTIFICATION", :level=>:info}
  167. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "NAGIOS_TYPE_SERVICE_ALERT"=>"SERVICE ALERT", :level=>:info}
  168. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "NAGIOS_TYPE_HOST_ALERT"=>"HOST ALERT", :level=>:info}
  169. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "NAGIOS_TYPE_SERVICE_FLAPPING_ALERT"=>"SERVICE FLAPPING ALERT", :level=>:info}
  170. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "NAGIOS_TYPE_HOST_FLAPPING_ALERT"=>"HOST FLAPPING ALERT", :level=>:info}
  171. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "NAGIOS_TYPE_SERVICE_DOWNTIME_ALERT"=>"SERVICE DOWNTIME ALERT", :level=>:info}
  172. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "NAGIOS_TYPE_HOST_DOWNTIME_ALERT"=>"HOST DOWNTIME ALERT", :level=>:info}
  173. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "NAGIOS_TYPE_PASSIVE_SERVICE_CHECK"=>"PASSIVE SERVICE CHECK", :level=>:info}
  174. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "NAGIOS_TYPE_PASSIVE_HOST_CHECK"=>"PASSIVE HOST CHECK", :level=>:info}
  175. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "NAGIOS_TYPE_SERVICE_EVENT_HANDLER"=>"SERVICE EVENT HANDLER", :level=>:info}
  176. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "NAGIOS_TYPE_HOST_EVENT_HANDLER"=>"HOST EVENT HANDLER", :level=>:info}
  177. {:timestamp=>"2015-05-28T16:07:44.439000+0200", :message=>"Adding pattern", "NAGIOS_TYPE_EXTERNAL_COMMAND"=>"EXTERNAL COMMAND", :level=>:info}
  178. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_TYPE_TIMEPERIOD_TRANSITION"=>"TIMEPERIOD TRANSITION", :level=>:info}
  179. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_EC_DISABLE_SVC_CHECK"=>"DISABLE_SVC_CHECK", :level=>:info}
  180. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_EC_ENABLE_SVC_CHECK"=>"ENABLE_SVC_CHECK", :level=>:info}
  181. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_EC_DISABLE_HOST_CHECK"=>"DISABLE_HOST_CHECK", :level=>:info}
  182. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_EC_ENABLE_HOST_CHECK"=>"ENABLE_HOST_CHECK", :level=>:info}
  183. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_EC_PROCESS_SERVICE_CHECK_RESULT"=>"PROCESS_SERVICE_CHECK_RESULT", :level=>:info}
  184. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_EC_PROCESS_HOST_CHECK_RESULT"=>"PROCESS_HOST_CHECK_RESULT", :level=>:info}
  185. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_EC_SCHEDULE_SERVICE_DOWNTIME"=>"SCHEDULE_SERVICE_DOWNTIME", :level=>:info}
  186. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_EC_SCHEDULE_HOST_DOWNTIME"=>"SCHEDULE_HOST_DOWNTIME", :level=>:info}
  187. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_WARNING"=>"Warning:%{SPACE}%{GREEDYDATA:nagios_message}", :level=>:info}
  188. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_CURRENT_SERVICE_STATE"=>"%{NAGIOS_TYPE_CURRENT_SERVICE_STATE:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statetype};%{DATA:nagios_statecode};%{GREEDYDATA:nagios_message}", :level=>:info}
  189. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_CURRENT_HOST_STATE"=>"%{NAGIOS_TYPE_CURRENT_HOST_STATE:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statetype};%{DATA:nagios_statecode};%{GREEDYDATA:nagios_message}", :level=>:info}
  190. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_SERVICE_NOTIFICATION"=>"%{NAGIOS_TYPE_SERVICE_NOTIFICATION:nagios_type}: %{DATA:nagios_notifyname};%{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_contact};%{GREEDYDATA:nagios_message}", :level=>:info}
  191. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_HOST_NOTIFICATION"=>"%{NAGIOS_TYPE_HOST_NOTIFICATION:nagios_type}: %{DATA:nagios_notifyname};%{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_contact};%{GREEDYDATA:nagios_message}", :level=>:info}
  192. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_SERVICE_ALERT"=>"%{NAGIOS_TYPE_SERVICE_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{NUMBER:nagios_attempt};%{GREEDYDATA:nagios_message}", :level=>:info}
  193. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_HOST_ALERT"=>"%{NAGIOS_TYPE_HOST_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{NUMBER:nagios_attempt};%{GREEDYDATA:nagios_message}", :level=>:info}
  194. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_SERVICE_FLAPPING_ALERT"=>"%{NAGIOS_TYPE_SERVICE_FLAPPING_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_message}", :level=>:info}
  195. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_HOST_FLAPPING_ALERT"=>"%{NAGIOS_TYPE_HOST_FLAPPING_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_message}", :level=>:info}
  196. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_SERVICE_DOWNTIME_ALERT"=>"%{NAGIOS_TYPE_SERVICE_DOWNTIME_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}", :level=>:info}
  197. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_HOST_DOWNTIME_ALERT"=>"%{NAGIOS_TYPE_HOST_DOWNTIME_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}", :level=>:info}
  198. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_PASSIVE_SERVICE_CHECK"=>"%{NAGIOS_TYPE_PASSIVE_SERVICE_CHECK:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}", :level=>:info}
  199. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_PASSIVE_HOST_CHECK"=>"%{NAGIOS_TYPE_PASSIVE_HOST_CHECK:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}", :level=>:info}
  200. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_SERVICE_EVENT_HANDLER"=>"%{NAGIOS_TYPE_SERVICE_EVENT_HANDLER:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{DATA:nagios_event_handler_name}", :level=>:info}
  201. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_HOST_EVENT_HANDLER"=>"%{NAGIOS_TYPE_HOST_EVENT_HANDLER:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{DATA:nagios_event_handler_name}", :level=>:info}
  202. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_TIMEPERIOD_TRANSITION"=>"%{NAGIOS_TYPE_TIMEPERIOD_TRANSITION:nagios_type}: %{DATA:nagios_service};%{DATA:nagios_unknown1};%{DATA:nagios_unknown2}", :level=>:info}
  203. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_EC_LINE_DISABLE_SVC_CHECK"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_DISABLE_SVC_CHECK:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_service}", :level=>:info}
  204. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_EC_LINE_DISABLE_HOST_CHECK"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_DISABLE_HOST_CHECK:nagios_command};%{DATA:nagios_hostname}", :level=>:info}
  205. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_EC_LINE_ENABLE_SVC_CHECK"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_ENABLE_SVC_CHECK:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_service}", :level=>:info}
  206. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_EC_LINE_ENABLE_HOST_CHECK"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_ENABLE_HOST_CHECK:nagios_command};%{DATA:nagios_hostname}", :level=>:info}
  207. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_EC_LINE_PROCESS_SERVICE_CHECK_RESULT"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_PROCESS_SERVICE_CHECK_RESULT:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_check_result}", :level=>:info}
  208. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_EC_LINE_PROCESS_HOST_CHECK_RESULT"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_PROCESS_HOST_CHECK_RESULT:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_check_result}", :level=>:info}
  209. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOS_EC_LINE_SCHEDULE_HOST_DOWNTIME"=>"%{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_SCHEDULE_HOST_DOWNTIME:nagios_command};%{DATA:nagios_hostname};%{NUMBER:nagios_start_time};%{NUMBER:nagios_end_time};%{NUMBER:nagios_fixed};%{NUMBER:nagios_trigger_id};%{NUMBER:nagios_duration};%{DATA:author};%{DATA:comment}", :level=>:info}
  210. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "NAGIOSLOGLINE"=>"%{NAGIOSTIME} (?:%{NAGIOS_WARNING}|%{NAGIOS_CURRENT_SERVICE_STATE}|%{NAGIOS_CURRENT_HOST_STATE}|%{NAGIOS_SERVICE_NOTIFICATION}|%{NAGIOS_HOST_NOTIFICATION}|%{NAGIOS_SERVICE_ALERT}|%{NAGIOS_HOST_ALERT}|%{NAGIOS_SERVICE_FLAPPING_ALERT}|%{NAGIOS_HOST_FLAPPING_ALERT}|%{NAGIOS_SERVICE_DOWNTIME_ALERT}|%{NAGIOS_HOST_DOWNTIME_ALERT}|%{NAGIOS_PASSIVE_SERVICE_CHECK}|%{NAGIOS_PASSIVE_HOST_CHECK}|%{NAGIOS_SERVICE_EVENT_HANDLER}|%{NAGIOS_HOST_EVENT_HANDLER}|%{NAGIOS_TIMEPERIOD_TRANSITION}|%{NAGIOS_EC_LINE_DISABLE_SVC_CHECK}|%{NAGIOS_EC_LINE_ENABLE_SVC_CHECK}|%{NAGIOS_EC_LINE_DISABLE_HOST_CHECK}|%{NAGIOS_EC_LINE_ENABLE_HOST_CHECK}|%{NAGIOS_EC_LINE_PROCESS_HOST_CHECK_RESULT}|%{NAGIOS_EC_LINE_PROCESS_SERVICE_CHECK_RESULT}|%{NAGIOS_EC_LINE_SCHEDULE_HOST_DOWNTIME})", :level=>:info}
  211. {:timestamp=>"2015-05-28T16:07:44.454000+0200", :message=>"Adding pattern", "POSTGRESQL"=>"%{DATESTAMP:timestamp} %{TZ} %{DATA:user_id} %{GREEDYDATA:connection_id} %{POSINT:pid}", :level=>:info}
  212. {:timestamp=>"2015-05-28T16:07:44.470000+0200", :message=>"Adding pattern", "REDISTIMESTAMP"=>"%{MONTHDAY} %{MONTH} %{TIME}", :level=>:info}
  213. {:timestamp=>"2015-05-28T16:07:44.470000+0200", :message=>"Adding pattern", "REDISLOG"=>"\\[%{POSINT:pid}\\] %{REDISTIMESTAMP:timestamp} \\* ", :level=>:info}
  214. {:timestamp=>"2015-05-28T16:07:44.470000+0200", :message=>"Adding pattern", "RUBY_LOGLEVEL"=>"(?:DEBUG|FATAL|ERROR|WARN|INFO)", :level=>:info}
  215. {:timestamp=>"2015-05-28T16:07:44.470000+0200", :message=>"Adding pattern", "RUBY_LOGGER"=>"[DFEWI], \\[%{TIMESTAMP_ISO8601:timestamp} #%{POSINT:pid}\\] *%{RUBY_LOGLEVEL:loglevel} -- +%{DATA:progname}: %{GREEDYDATA:message}", :level=>:info}
  216. The error reported is:
  217. invalid byte sequence in UTF-8
  218. {:timestamp=>"2015-05-28T16:07:44.487000+0200", :message=>"A plugin had an unrecoverable error. Will restart this plugin.\n Plugin: <LogStash::Inputs::File path=>[\"c:/logs/*\"], exclude=>[\"*.zip\", \"*.svc\"], start_position=>\"end\", delimiter=>\"\\n\">\n Error: Bad file descriptor - Bad file descriptor", :level=>:error}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!