4f7995fe1a
Adds parsing for Cisco NXOS/IOS syslog format, along with the RFC5424 variant some devices can use. Messages which match these patterns are fingerprinted based upon the message and host to de-duplicate them when storing in elasticsearch. Change-Id: I42fd441913d2095997c3493c37515362a5d732fc
13 lines
819 B
Plaintext
13 lines
819 B
Plaintext
APACHE_ERROR_TIMESTAMP %{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}
|
|
NGINX_ERROR_TIMESTAMP %{YEAR}/%{MONTHNUM}/%{MONTHDAY} %{TIME}
|
|
NGINX_TIMESTAMP %{YEAR}/%{MONTHNUM}/%{MONTHDAY}:%{TIME}
|
|
|
|
SWIFTPROXY_DATE %{MONTHDAY}/%{MONTH}/%{YEAR}/%{HOUR}/%{MINUTE}/%{SECOND}
|
|
|
|
SWIFTPROXY_ACCESS %{DATA:clientip} %{DATA:serverip} %{SWIFTPROXY_DATE:timestamp} %{WORD:verb} %{NOTSPACE:request} HTTP/%{NUMBER:httpversion} %{NUMBER:response} %{DATA:referrer} %{DATA:agent} %{DATA:swift_auth_token} %{DATA:swift_request_bytes} %{DATA:swift_response_bytes} %{DATA:swift_etag} %{DATA:swift_txn} %{DATA:swift_logged_headers} %{BASE10NUM:swift_trans_time}
|
|
|
|
KEYSTONE_SUBSECOND_TIMESTAMP %{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}
|
|
STANDARD_TIMESTAMP %{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}
|
|
|
|
CISCOTIMESTAMP_EXTEND (%{YEAR} )?%{CISCOTIMESTAMP}( %{TZ})?
|