# Generic configuration items (to be used as interpolations) in other # filters or actions configurations # [INCLUDES] # Load customizations if any available after = common.local [DEFAULT] # Type of log-file resp. log-format (file, short, journal, rfc542): logtype = file # Daemon definition is to be specialized (if needed) in .conf file _daemon = \S* # # Shortcuts for easier comprehension of the failregex # # PID. # EXAMPLES: [123] __pid_re = (?:\[\d+\]) # Daemon name (with optional source_file:line or whatever) # EXAMPLES: pam_rhosts_auth, [sshd], pop(pam_unix) __daemon_re = [\[\(]?%(_daemon)s(?:\(\S+\))?[\]\)]?:? # extra daemon info # EXAMPLE: [ID 800047 auth.info] __daemon_extra_re = \[ID \d+ \S+\] # Combinations of daemon name and PID # EXAMPLES: sshd[31607], pop(pam_unix)[4920] __daemon_combs_re = (?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:?) # Some messages have a kernel prefix with a timestamp # EXAMPLES: kernel: [769570.846956] __kernel_prefix = kernel:\s?\[ *\d+\.\d+\]:? __hostname = \S+ # A MD5 hex # EXAMPLES: 07:06:27:55:b0:e3:0c:3c:5a:28:2d:7c:7e:4c:77:5f __md5hex = (?:[\da-f]{2}:){15}[\da-f]{2} # bsdverbose is where syslogd is started with -v or -vv and results in <4.3> or # appearing before the host as per testcases/files/logs/bsd/*. __bsd_syslog_verbose = <[^.]+\.[^.]+> __vserver = @vserver_\S+ __date_ambit = (?:\[\]) # Common line prefixes (beginnings) which could be used in filters # # [bsdverbose]? [hostname] [vserver tag] daemon_id spaces # # This can be optional (for instance if we match named native log files) __prefix_line = /__prefix_line> # PAM authentication mechanism check for failures, e.g.: pam_unix, pam_sss, # pam_ldap __pam_auth = pam_unix # standardly all formats using prefix have line-begin anchored date: datepattern = /datepattern> [lt_file] # Common line prefixes for logtype "file": __prefix_line = %(__date_ambit)s?\s*(?:%(__bsd_syslog_verbose)s\s+)?(?:%(__hostname)s\s+)?(?:%(__kernel_prefix)s\s+)?(?:%(__vserver)s\s+)?(?:%(__daemon_combs_re)s\s+)?(?:%(__daemon_extra_re)s\s+)? datepattern = {^LN-BEG} [lt_short] # Common (short) line prefix for logtype "journal" (corresponds output of formatJournalEntry): __prefix_line = \s*(?:%(__hostname)s\s+)?(?:%(_daemon)s%(__pid_re)s?:?\s+)?(?:%(__kernel_prefix)s\s+)? datepattern = %(lt_file/datepattern)s [lt_journal] __prefix_line = %(lt_short/__prefix_line)s datepattern = %(lt_short/datepattern)s [lt_rfc5424] # RFC 5424 log-format, see gh-2309: #__prefix_line = \s*<__hostname> <__daemon_re> \d+ \S+ \S+\s+ __prefix_line = \s*<__hostname> <__daemon_re> \d+ \S+ (?:[^\[\]\s]+|(?:\[(?:[^\]"]*|"[^"]*")*\])+)\s+ datepattern = ^<\d+>\d+\s+{DATE} # Author: Yaroslav Halchenko, Sergey G. Brester (aka sebres)