bitbucket.org/Aishee/synsec@v0.0.0-20210414005726-236fc01a153d/synsec-/config/patterns/linux-syslog

bitbucket.org/Aishee/synsec@v0.0.0-20210414005726-236fc01a153d/synsec-/config/patterns/linux-syslog (about)

     1  SYSLOG5424PRINTASCII [!-~]+
     2  
     3  SYSLOGBASE2 (?:%{SYSLOGTIMESTAMP:timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource}+(?: %{SYSLOGPROG}:|)
     4  SYSLOGPAMSESSION %{SYSLOGBASE} %{GREEDYDATA:message}%{WORD:pam_module}\(%{DATA:pam_caller}\): session %{WORD:pam_session_state} for user %{USERNAME:username}(?: by %{GREEDYDATA:pam_by})?
     5  
     6  CRON_ACTION [A-Z ]+
     7  CRONLOG %{SYSLOGBASE} \(%{USER:user}\) %{CRON_ACTION:action} \(%{DATA:message}\)
     8  
     9  SYSLOGLINE %{SYSLOGBASE2} %{GREEDYDATA:message}
    10  
    11  # IETF 5424 syslog(8) format (see http://www.rfc-editor.org/info/rfc5424)
    12  SYSLOG5424PRI <%{NONNEGINT:syslog5424_pri}>
    13  SYSLOG5424SD \[%{DATA}\]+
    14  SYSLOG5424BASE %{SYSLOG5424PRI}%{NONNEGINT:syslog5424_ver} +(?:%{TIMESTAMP_ISO8601:syslog5424_ts}|-) +(?:%{HOSTNAME:syslog5424_host}|-) +(-|%{SYSLOG5424PRINTASCII:syslog5424_app}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_proc}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_msgid}) +(?:%{SYSLOG5424SD:syslog5424_sd}|-|)
    15  
    16  SYSLOG5424LINE %{SYSLOG5424BASE} +%{GREEDYDATA:syslog5424_msg}