fluentd-ui 1.0.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7e4f40390e9ffbca20df06168b4d5591e478641699ed9169df54c2bbf8dd0dec
-  data.tar.gz: 2a3a5aed7e28f5cd816ac8f680a849ba0288749aa89f1a3f004b40890731f9e7
+  metadata.gz: d6d045b90f722b9793cbf8e23abcfc7a9d78b00a898001bbdbd0c3c590a4de9a
+  data.tar.gz: 0dc77c43a23e146587351f375c0aaa976fafbd5cefcf1c10e053f611f1efee42
 SHA512:
-  metadata.gz: '079b369d1b60180012516e425a933fc4a6730f86268066d9fb172198ce57468099b3ec4bdece068c2417cf70cbfe87b43da25bf1ada3ec847e0300de1a14830c'
-  data.tar.gz: 6ddddd16fe8a61df18008eefc8c932e2a9cceffae0888ebdefe9ca1ce8352f4f6d2bf44e211c11a7a88a0bb5cf1bbe2f51c52b257e9b61b68d475eb9439a86a9
+  metadata.gz: f79d69613ea99bc156ba20899c0334b6919238181b5635acde0f31e5119f7c33bd749a2a5aee8195923fe29b0bb9152074ab9e2b2c85eec87e6f30503e73d47d
+  data.tar.gz: 49938a1d5aa8b4704deedc1c0a237b539a11661067a24a0c9fda5ca7e14dce96c504a3374257056d92e39bc13d1c1557b92f1c4aeecf80549a69d57ddb8f81eb

data/ChangeLog.md

@@ -1,3 +1,11 @@
+## Release 1.0.1 - 2018/09/14
+
+* [maintenance] Update rubyzip [#263](https://github.com/fluent/fluentd-ui/pull/263)
+* [fixed] Fix CodeMirror visualization error[#260](https://github.com/fluent/fluentd-ui/pull/260)
+* [improvement] Add note on dashboard [#259](https://github.com/fluent/fluentd-ui/pull/259)
+* [maintenance] Remove unused grok support [#257](https://github.com/fluent/fluentd-ui/pull/257)
+* [improvement] Improve login page [#258](https://github.com/fluent/fluentd-ui/pull/258)
+
 ## Release 1.0.0 - 2018/08/17
 
 * [maintenance] Update recommended plugins [#226](https://github.com/fluent/fluentd-ui/pull/226)

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    fluentd-ui (1.0.0)
+    fluentd-ui (1.0.1)
       addressable
       bootsnap (>= 1.1.0)
       bundler
@@ -174,7 +174,7 @@ GEM
     fluent-plugin-td (1.0.0)
       fluentd (>= 0.14.13, < 2)
       td-client (~> 1.0)
-    fluentd (1.2.4)
+    fluentd (1.2.5)
       cool.io (>= 1.4.5, < 2.0.0)
       dig_rb (~> 1.0.0)
       http_parser.rb (>= 0.5.1, < 0.7.0)
@@ -292,7 +292,7 @@ GEM
     ruby_dep (1.5.0)
     ruby_parser (3.11.0)
       sexp_processor (~> 4.9)
-    rubyzip (1.2.1)
+    rubyzip (1.2.2)
     safe_yaml (1.0.4)
     sass (3.5.7)
       sass-listen (~> 4.0.0)

data/app/assets/stylesheets/common.css.scss

@@ -161,6 +161,16 @@ label {
   resize: both;
 }
 
+.fluentd-note {
+  display: block;
+  padding: 0.5em 1rem;
+  color: #999;
+}
+
+.fluentd-note:hover {
+  color: #495057;
+}
+
 .fluentd-status {
   .running {
     color: #090;
@@ -188,4 +198,3 @@ label {
   border-radius: 3px;
   margin: 10px 0px;
 }
-

data/app/controllers/api_controller.rb

@@ -27,12 +27,6 @@ class ApiController < ApplicationController
     render json: { error: "#{ex.class}: #{ex.message}" }
   end
 
-  def grok_to_regexp
-    grok = GrokConverter.new
-    grok.load_patterns
-    render text: grok.convert_to_regexp(params[:grok_str]).source
-  end
-
   private
 
   def prepare_plugin_config

data/app/controllers/fluentd_controller.rb

@@ -29,7 +29,7 @@ class FluentdController < ApplicationController
     end
     redirect_to daemon_path
   end
-  
+
   def destroy
     @fluentd.agent.stop if @fluentd.agent.running?
     @fluentd.destroy
@@ -51,7 +51,7 @@ class FluentdController < ApplicationController
   private
 
   def fluentd_params
-    params.require(:fluentd).permit(:log_file, :pid_file, :config_file, :variant, :api_endpoint)
+    params.require(:fluentd).permit(:log_file, :pid_file, :config_file, :note, :variant, :api_endpoint)
   end
 
   def check_fluentd_exists

data/app/javascript/packs/codemirror.js

@@ -6,23 +6,23 @@ import "lodash/lodash";
 // See: http://codemirror.net/doc/manual.html#modeapi
 // and sample mode files: https://github.com/codemirror/CodeMirror/tree/master/mode
 
-CodeMirror.defineMode("fluentd", function(){
+CodeMirror.defineMode("fluentd", function() {
   return {
-    startState: function(aa){
+    startState: function(aa) {
       return { "context" : null };
     },
-    token: function(stream, state){
-      if(stream.eatWhile(/[ \t]/)){
+    token: function(stream, state) {
+      if (stream.eatWhile(/[ \t]/)) {
         // ignore indenting spaces
         stream.skipTo(stream.peek());
         return;
       }
-      if(stream.eol()){
+      if (stream.eol()) {
         // reached end of line
         return;
       }
 
-      switch(stream.peek()){
+      switch (stream.peek()) {
       case "#":
         stream.skipToEnd();
         return "comment";
@@ -35,7 +35,7 @@ CodeMirror.defineMode("fluentd", function(){
         state.context = "inner-definition";
         return "keyword";
       default:
-        switch(state.context){
+        switch (state.context) {
         case "inner-bracket":
           stream.eat(/[^#<>]+/);
           return "keyword";
@@ -44,7 +44,15 @@ CodeMirror.defineMode("fluentd", function(){
           state.context =  "inner-definition-keyword-appeared";
           return "variable";
         case "inner-definition-keyword-appeared":
-          stream.eatWhile(/[^#]/);
+          let eatBuiltin = function(stream, state) {
+            stream.eatWhile(/[^#]/);
+            if (stream.current().match(/\\$/)) {
+              stream.next() && eatBuiltin(stream, state);
+            } else {
+              return;
+            }
+          };
+          eatBuiltin(stream, state);
           state.context = "inner-definition";
           return "builtin";
         default:
@@ -66,18 +74,18 @@ function codemirrorify(el) {
 }
 
 $(function(){
-  $(".js-fluentd-config-editor").each(function(_, el){
+  $(".js-fluentd-config-editor").each(function(_, el) {
     codemirrorify(el);
   });
 });
 
 Vue.directive("config-editor", {
-  bind: function(el, binding, vnode, oldVnode){
+  bind: function(el, binding, vnode, oldVnode) {
     // NOTE: needed delay for waiting CodeMirror setup
-    _.delay(function(textarea){
+    _.delay(function(textarea) {
       let cm = codemirrorify(textarea);
       // textarea.codemirror = cm; // for test, but doesn't work for now (working on Chrome, but Poltergeist not)
-      cm.on("change", function(code_mirror){
+      cm.on("change", function(code_mirror) {
         // bridge Vue - CodeMirror world
         el.dataset.content = code_mirror.getValue();
       });

data/app/models/fluentd.rb

@@ -10,7 +10,7 @@ class Fluentd
 
   before_validation :expand_paths
 
-  COLUMNS = [:id, :variant, :log_file, :pid_file, :config_file]
+  COLUMNS = [:id, :variant, :log_file, :pid_file, :config_file, :note]
   DEFAULT_CONF = <<-CONF.strip_heredoc
     <source>
       # http://docs.fluentd.org/articles/in_forward

data/app/models/fluentd/setting/in_tail.rb

@@ -30,15 +30,6 @@ class Fluentd
           :regexp
         end
       end
-
-      def grok
-        @grok ||=
-          begin
-            grok = GrokConverter.new
-            grok.load_patterns
-            grok
-          end
-      end
     end
   end
 end

data/app/views/fluentd/_form.html.haml

@@ -28,4 +28,7 @@
         = f.hidden_field :config_file
       - else
         = f.text_field :config_file, class: "form-control"
+    .form-group
+      = f.label :note
+      = f.text_field :note, class: "form-control"
     = f.submit btn, class: "btn btn-primary"

data/app/views/fluentd/show.html.haml

@@ -52,6 +52,9 @@
             %tr
               %th= @fluentd.class.human_attribute_name(:config_file)
               %td= @fluentd.agent.config_file
+            %tr
+              %th= @fluentd.class.human_attribute_name(:note)
+              %td= @fluentd.note
   .row
     .col-xl-12
       = preserve do # partial containing <pre>, so shouldn't break indent

data/app/views/layouts/application.html.erb

@@ -30,6 +30,9 @@
         <%= render partial: "shared/global_nav" %>
         <ul class="navbar-nav ml-auto">
           <%- if @fluentd %>
+            <li class="nav-item fluentd-note">
+              <%= @fluentd.note %>
+            </li>
             <li class="nav-item fluentd-status">
               <a class="nav-link" href="<%= daemon_path %>" data-toggle="tooltip" data-placement="bottom" title="fluentd <%= fluentd_status_message %>">
                 <%= fluentd_status_icon %>

data/app/views/layouts/sign_in.html.erb

@@ -6,13 +6,16 @@
   <meta charset="utf-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
 
-  <title>Fluentd-UI</title>
+  <title><%= fluentd_ui_title %></title>
   <%= stylesheet_link_tag 'application', media: 'all'%>
   <%= javascript_pack_tag 'application' %>
   <%= csrf_meta_tags %>
 </head>
 
-<body class="bg-light">
+<body class="fixed-nav bg-light">
+  <nav class="navbar navbar-expand-lg navbar-light bg-light fixed-top" id="mainNav">
+    <%= link_to fluentd_ui_logo, root_path, class: "navbar-brand fluentd-ui-logo" %>
+  </nav>
   <div class="container">
     <%= yield %>
   </div>

data/app/views/shared/settings/_form.html.haml

@@ -6,10 +6,10 @@
 #plugin-setting
   - # NOTE: plugin_setting_form_action_url is defined at SettingConcern
   = form_with(model: setting, scope: :setting, url: plugin_setting_form_action_url(fluentd), local: true, class: "ignore-rails-error-div", builder: FluentdFormBuilder) do |form|
-    - @setting.common_options.each do |key|
+    - setting.common_options.each do |key|
       = form.field(key)
 
-    - if @setting.have_buffer_section?
+    - if setting.have_buffer_section?
       %owned-plugin-form{"v-bind:id" => "'buffer-section'",
                          "v-bind:options-json" => "'#{Fluent::Plugin::BUFFER_REGISTRY.map.keys.to_json}'",
                          "v-bind:initial-plugin-name" => "'#{setting.buffer_type}'",

data/config/locales/translation_en.yml

@@ -215,42 +215,6 @@ en:
         notice_for_permission: "Please check permission or group setting for %{user} user can read it."
         notice_for_multiline_limit: "Please input Regexp(s) separated by newline. blank lines are ignored. Lines more than 20 are dropped."
         restart_from_first: Restart from first
-        grok_manual: |
-          <p>
-          Grok syntax, for example, <code>%{INT:foo}</code> pattern given then translate to <code>/(?&lt;foo&gt;(?:[+-]?(?:[0-9]+)))/</code> regexp.
-          </p>
-          <p>
-          Available key/value are <a href="http://grokdebug.herokuapp.com/patterns" target="_blank">here</a>.
-          </p>
-
-          <h4>Example</h4>
-
-          <p>
-          <code>Nov 29 17:02:55 MacBook-Pro-2.local UserEventAgent[239] : cannot find fw daemon port 1102</code> the log you have,<br />
-          <code>%{MONTH:month}%{SPACE}%{MONTHDAY:day} %{TIME:time} %{DATA} \[%{INT:pid}\]</code> for matching that, you will gain following result.
-          </p>
-
-          <table class="table">
-          <thead>
-          <tr>
-          <th>Key</th>
-          <th>Value</th>
-          </tr>
-          </thead>
-
-            <tr>
-            <th>month</th><td>Nov</td>
-            </tr>
-            <tr>
-            <th>day</th><td>29</td>
-            </tr>
-            <tr>
-            <th>time</th><td>17:02:55</td>
-            </tr>
-            <tr>
-            <th>pid</th><td>239</td>
-            </tr>
-          </table>
         show:
           page_title: "Choose File Path"
         after_file_choose:
@@ -320,6 +284,7 @@ en:
         log_file: Log file
         pid_file: PID file
         config_file: Config file
+        note: Note
         variant: type
         api_endpoint: API Endpoint
 

data/config/locales/translation_ja.yml

@@ -221,41 +221,6 @@ ja:
         notice_for_multiline_limit: "改行区切りで正規表現を入力してください。空行はカウントされません。21行目以降の入力は無視されます。"
         notice_for_permission: "※%{user}ユーザーが読み込み可能なようにパーミッションやグループの設定をご確認ください。"
         restart_from_first: 最初からやり直す
-        grok_manual: |
-          <p>
-          Grokの記法が使えます。例えば<code>%{INT:foo}</code>とすると、<code>/(?&lt;foo&gt;(?:[+-]?(?:[0-9]+)))/</code>という正規表現に変換されます。
-          </p>
-          <p>
-          使えるキー・値については<a href="http://grokdebug.herokuapp.com/patterns" target="_blank">リファレンス</a>をご確認ください。
-          </p>
-          <p>
-            <h4>例</h4>
-
-            <code>Nov 29 17:02:55 MacBook-Pro-2.local UserEventAgent[239] : cannot find fw daemon port 1102</code>というログに対し、<br />
-            <code>%{MONTH:month}%{SPACE}%{MONTHDAY:day} %{TIME:time} %{DATA} \[%{INT:pid}\]</code>というパターンを適用すると以下の結果が得られます。
-
-            <table class="table">
-            <thead>
-            <tr>
-            <th>キー名</th>
-            <th>値</th>
-            </tr>
-            </thead>
-
-              <tr>
-              <th>month</th><td>Nov</td>
-              </tr>
-              <tr>
-              <th>day</th><td>29</td>
-              </tr>
-              <tr>
-              <th>time</th><td>17:02:55</td>
-              </tr>
-              <tr>
-              <th>pid</th><td>239</td>
-              </tr>
-            </table>
-          </p>
         show:
           page_title: "ファイル読み込み | ファイルの選択"
         after_file_choose:
@@ -325,6 +290,7 @@ ja:
         log_file: ログファイル
         pid_file: PIDファイル
         config_file: 設定ファイル
+        note: ノート
         variant: タイプ
         api_endpoint: APIエンドポイント
 

data/config/routes.rb

@@ -121,7 +121,6 @@ Rails.application.routes.draw do
     get "tree"
     get "file_preview"
     post "regexp_preview"
-    post "grok_to_regexp"
 
     resources :settings, only: [:index, :show, :update, :destroy], defaults: { format: "json" }
     resources :config_definitions, only: [:index], defaults: { format: "json" }

data/lib/fluentd-ui/version.rb

@@ -1,3 +1,3 @@
 module FluentdUI
-  VERSION = "1.0.0"
+  VERSION = "1.0.1"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fluentd-ui
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Masahiro Nakagawa
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-17 00:00:00.000000000 Z
+date: 2018-09-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd
@@ -662,7 +662,6 @@ files:
 - lib/fluentd-ui.rb
 - lib/fluentd-ui/command.rb
 - lib/fluentd-ui/version.rb
-- lib/grok_converter.rb
 - lib/regexp_preview.rb
 - lib/regexp_preview/multi_line.rb
 - lib/regexp_preview/single_line.rb
@@ -676,9 +675,9 @@ files:
 - public/404.html
 - public/422.html
 - public/500.html
-- public/assets/.sprockets-manifest-9693cd2afe926a5ca7da6b040a9a2e6b.json
-- public/assets/application-db8ee881ff43fff5b8f3a6c96c92c2c62428cc6340162b5fde8d0cbf80c03d2f.css
-- public/assets/application-db8ee881ff43fff5b8f3a6c96c92c2c62428cc6340162b5fde8d0cbf80c03d2f.css.gz
+- public/assets/.sprockets-manifest-dc6484ae589afa885890c520f50eb51b.json
+- public/assets/application-50d6f20589e877580d000fb7c0c720e1316973e08923a16e8f374a6be1ef571f.css
+- public/assets/application-50d6f20589e877580d000fb7c0c720e1316973e08923a16e8f374a6be1ef571f.css.gz
 - public/assets/fontawesome-webfont-2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe.woff2
 - public/assets/fontawesome-webfont-7bfcab6db99d5cfbf1705ca0536ddc78585432cc5fa41bbd7ad0f009033b2979.eot
 - public/assets/fontawesome-webfont-7bfcab6db99d5cfbf1705ca0536ddc78585432cc5fa41bbd7ad0f009033b2979.eot.gz
@@ -699,9 +698,9 @@ files:
 - public/packs/aws_credential-f430abe47eff7a069b97.js
 - public/packs/aws_credential-f430abe47eff7a069b97.js.gz
 - public/packs/aws_credential-f430abe47eff7a069b97.js.map
-- public/packs/codemirror-ee4da72eacbf03f4a8a6.js
-- public/packs/codemirror-ee4da72eacbf03f4a8a6.js.gz
-- public/packs/codemirror-ee4da72eacbf03f4a8a6.js.map
+- public/packs/codemirror-1a4a1c6e408410a4615f.js
+- public/packs/codemirror-1a4a1c6e408410a4615f.js.gz
+- public/packs/codemirror-1a4a1c6e408410a4615f.js.map
 - public/packs/config_field-f5bced5c699aea7c0ab8.js
 - public/packs/config_field-f5bced5c699aea7c0ab8.js.gz
 - public/packs/config_field-f5bced5c699aea7c0ab8.js.map
@@ -805,19 +804,6 @@ files:
 - test/system/source_and_output_test.rb
 - test/test_helper.rb
 - tmp/.gitkeep
-- vendor/patterns/firewalls
-- vendor/patterns/grok-patterns
-- vendor/patterns/haproxy
-- vendor/patterns/java
-- vendor/patterns/junos
-- vendor/patterns/linux-syslog
-- vendor/patterns/mcollective
-- vendor/patterns/mcollective-patterns
-- vendor/patterns/mongodb
-- vendor/patterns/nagios
-- vendor/patterns/postgresql
-- vendor/patterns/redis
-- vendor/patterns/ruby
 - yarn.lock
 homepage: https://github.com/fluent/fluentd-ui
 licenses:

data/lib/grok_converter.rb

@@ -1,39 +0,0 @@
-class GrokConverter
-  def load_patterns(dir = nil)
-    @patterns = {}
-    dir ||= Rails.root.join("vendor/patterns")
-    Dir.glob("#{dir}/*").each do |file|
-      File.read(file).split("\n").each do |line|
-        line.strip!
-        next if line == ""
-        next if line.start_with?("#")
-        name, pattern = line.split(/\s+/, 2)
-        next unless pattern
-        @patterns[name] = pattern
-      end
-    end
-  end
-
-  def convert_to_regexp(pattern)
-    limit = 100
-    expanded = pattern.dup
-    while m = expanded.match(/%{(.*?)(?::(.*?))?}/) # %{key:name} or #{key}
-      all, key, name = *m
-      if name
-        expanded = expanded.gsub(all, "(?<#{name}>#{@patterns[key]})")
-      else
-        expanded = expanded.gsub(all, @patterns[key])
-      end
-      limit -= 1
-      break if limit == 0
-    end
-    Regexp.new expanded
-  end
-end
-
-=begin
-  g = GrokConverter.new
-  g.load_patterns("vendor/patterns")
-  p g.convert_to_regexp("%{USERNAME:user} %{NOT_EXISTS:foo} %{USER} aaaa")
-  # => /(?<user>[a-zA-Z0-9._-]+) (?<foo>) [a-zA-Z0-9._-]+ aaaa/
-=end

data/vendor/patterns/firewalls

@@ -1,60 +0,0 @@
-# NetScreen firewall logs
-NETSCREENSESSIONLOG %{SYSLOGTIMESTAMP:date} %{IPORHOST:device} %{IPORHOST}: NetScreen device_id=%{WORD:device_id}%{DATA}: start_time=%{QUOTEDSTRING:start_time} duration=%{INT:duration} policy_id=%{INT:policy_id} service=%{DATA:service} proto=%{INT:proto} src zone=%{WORD:src_zone} dst zone=%{WORD:dst_zone} action=%{WORD:action} sent=%{INT:sent} rcvd=%{INT:rcvd} src=%{IPORHOST:src_ip} dst=%{IPORHOST:dst_ip} src_port=%{INT:src_port} dst_port=%{INT:dst_port} src-xlated ip=%{IPORHOST:src_xlated_ip} port=%{INT:src_xlated_port} dst-xlated ip=%{IPORHOST:dst_xlated_ip} port=%{INT:dst_xlated_port} session_id=%{INT:session_id} reason=%{GREEDYDATA:reason}
-
-#== Cisco ASA ==
-CISCO_TAGGED_SYSLOG ^<%{POSINT:syslog_pri}>%{CISCOTIMESTAMP:timestamp}( %{SYSLOGHOST:sysloghost})?: %%{CISCOTAG:ciscotag}:
-CISCOTIMESTAMP %{MONTH} +%{MONTHDAY}(?: %{YEAR})? %{TIME}
-CISCOTAG [A-Z0-9]+-%{INT}-(?:[A-Z0-9_]+)
-# Common Particles
-CISCO_ACTION Built|Teardown|Deny|Denied|denied|requested|permitted|denied by ACL|discarded|est-allowed|Dropping|created|deleted
-CISCO_REASON Duplicate TCP SYN|Failed to locate egress interface|Invalid transport field|No matching connection|DNS Response|DNS Query|(?:%{WORD}\s*)*
-CISCO_DIRECTION Inbound|inbound|Outbound|outbound
-CISCO_INTERVAL first hit|%{INT}-second interval
-CISCO_XLATE_TYPE static|dynamic
-# ASA-2-106001
-CISCOFW106001 %{CISCO_DIRECTION:direction} %{WORD:protocol} connection %{CISCO_ACTION:action} from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port} flags %{GREEDYDATA:tcp_flags} on interface %{GREEDYDATA:interface}
-# ASA-2-106006, ASA-2-106007, ASA-2-106010
-CISCOFW106006_106007_106010 %{CISCO_ACTION:action} %{CISCO_DIRECTION:direction} %{WORD:protocol} (?:from|src) %{IP:src_ip}/%{INT:src_port}(\(%{DATA:src_fwuser}\))? (?:to|dst) %{IP:dst_ip}/%{INT:dst_port}(\(%{DATA:dst_fwuser}\))? (?:on interface %{DATA:interface}|due to %{CISCO_REASON:reason})
-# ASA-3-106014
-CISCOFW106014 %{CISCO_ACTION:action} %{CISCO_DIRECTION:direction} %{WORD:protocol} src %{DATA:src_interface}:%{IP:src_ip}(\(%{DATA:src_fwuser}\))? dst %{DATA:dst_interface}:%{IP:dst_ip}(\(%{DATA:dst_fwuser}\))? \(type %{INT:icmp_type}, code %{INT:icmp_code}\)
-# ASA-6-106015
-CISCOFW106015 %{CISCO_ACTION:action} %{WORD:protocol} \(%{DATA:policy_id}\) from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port} flags %{DATA:tcp_flags}  on interface %{GREEDYDATA:interface}
-# ASA-1-106021
-CISCOFW106021 %{CISCO_ACTION:action} %{WORD:protocol} reverse path check from %{IP:src_ip} to %{IP:dst_ip} on interface %{GREEDYDATA:interface}
-# ASA-4-106023
-CISCOFW106023 %{CISCO_ACTION:action} %{WORD:protocol} src %{DATA:src_interface}:%{IP:src_ip}(/%{INT:src_port})?(\(%{DATA:src_fwuser}\))? dst %{DATA:dst_interface}:%{IP:dst_ip}(/%{INT:dst_port})?(\(%{DATA:dst_fwuser}\))?( \(type %{INT:icmp_type}, code %{INT:icmp_code}\))? by access-group %{DATA:policy_id} \[%{DATA:hashcode1}, %{DATA:hashcode2}\]
-# ASA-5-106100
-CISCOFW106100 access-list %{WORD:policy_id} %{CISCO_ACTION:action} %{WORD:protocol} %{DATA:src_interface}/%{IP:src_ip}\(%{INT:src_port}\)(\(%{DATA:src_fwuser}\))? -> %{DATA:dst_interface}/%{IP:dst_ip}\(%{INT:dst_port}\)(\(%{DATA:src_fwuser}\))? hit-cnt %{INT:hit_count} %{CISCO_INTERVAL:interval} \[%{DATA:hashcode1}, %{DATA:hashcode2}\]
-# ASA-6-110002
-CISCOFW110002 %{CISCO_REASON:reason} for %{WORD:protocol} from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port}
-# ASA-6-302010
-CISCOFW302010 %{INT:connection_count} in use, %{INT:connection_count_max} most used
-# ASA-6-302013, ASA-6-302014, ASA-6-302015, ASA-6-302016
-CISCOFW302013_302014_302015_302016 %{CISCO_ACTION:action}(?: %{CISCO_DIRECTION:direction})? %{WORD:protocol} connection %{INT:connection_id} for %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port}( \(%{IP:src_mapped_ip}/%{INT:src_mapped_port}\))?(\(%{DATA:src_fwuser}\))? to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}( \(%{IP:dst_mapped_ip}/%{INT:dst_mapped_port}\))?(\(%{DATA:dst_fwuser}\))?( duration %{TIME:duration} bytes %{INT:bytes})?(?: %{CISCO_REASON:reason})?( \(%{DATA:user}\))?
-# ASA-6-302020, ASA-6-302021
-CISCOFW302020_302021 %{CISCO_ACTION:action}(?: %{CISCO_DIRECTION:direction})? %{WORD:protocol} connection for faddr %{IP:dst_ip}/%{INT:icmp_seq_num}(?:\(%{DATA:fwuser}\))? gaddr %{IP:src_xlated_ip}/%{INT:icmp_code_xlated} laddr %{IP:src_ip}/%{INT:icmp_code}( \(%{DATA:user}\))?
-# ASA-6-305011
-CISCOFW305011 %{CISCO_ACTION:action} %{CISCO_XLATE_TYPE:xlate_type} %{WORD:protocol} translation from %{DATA:src_interface}:%{IP:src_ip}(/%{INT:src_port})?(\(%{DATA:src_fwuser}\))? to %{DATA:src_xlated_interface}:%{IP:src_xlated_ip}/%{DATA:src_xlated_port}
-# ASA-3-313001, ASA-3-313004, ASA-3-313008
-CISCOFW313001_313004_313008 %{CISCO_ACTION:action} %{WORD:protocol} type=%{INT:icmp_type}, code=%{INT:icmp_code} from %{IP:src_ip} on interface %{DATA:interface}( to %{IP:dst_ip})?
-# ASA-4-313005
-CISCOFW313005 %{CISCO_REASON:reason} for %{WORD:protocol} error message: %{WORD:err_protocol} src %{DATA:err_src_interface}:%{IP:err_src_ip}(\(%{DATA:err_src_fwuser}\))? dst %{DATA:err_dst_interface}:%{IP:err_dst_ip}(\(%{DATA:err_dst_fwuser}\))? \(type %{INT:err_icmp_type}, code %{INT:err_icmp_code}\) on %{DATA:interface} interface\.  Original IP payload: %{WORD:protocol} src %{IP:orig_src_ip}/%{INT:orig_src_port}(\(%{DATA:orig_src_fwuser}\))? dst %{IP:orig_dst_ip}/%{INT:orig_dst_port}(\(%{DATA:orig_dst_fwuser}\))?
-# ASA-4-402117
-CISCOFW402117 %{WORD:protocol}: Received a non-IPSec packet \(protocol= %{WORD:orig_protocol}\) from %{IP:src_ip} to %{IP:dst_ip}
-# ASA-4-402119
-CISCOFW402119 %{WORD:protocol}: Received an %{WORD:orig_protocol} packet \(SPI= %{DATA:spi}, sequence number= %{DATA:seq_num}\) from %{IP:src_ip} \(user= %{DATA:user}\) to %{IP:dst_ip} that failed anti-replay checking
-# ASA-4-419001
-CISCOFW419001 %{CISCO_ACTION:action} %{WORD:protocol} packet from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}, reason: %{GREEDYDATA:reason}
-# ASA-4-419002
-CISCOFW419002 %{CISCO_REASON:reason} from %{DATA:src_interface}:%{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port} with different initial sequence number
-# ASA-4-500004
-CISCOFW500004 %{CISCO_REASON:reason} for protocol=%{WORD:protocol}, from %{IP:src_ip}/%{INT:src_port} to %{IP:dst_ip}/%{INT:dst_port}
-# ASA-6-602303, ASA-6-602304
-CISCOFW602303_602304 %{WORD:protocol}: An %{CISCO_DIRECTION:direction} %{GREEDYDATA:tunnel_type} SA \(SPI= %{DATA:spi}\) between %{IP:src_ip} and %{IP:dst_ip} \(user= %{DATA:user}\) has been %{CISCO_ACTION:action}
-# ASA-7-710001, ASA-7-710002, ASA-7-710003, ASA-7-710005, ASA-7-710006
-CISCOFW710001_710002_710003_710005_710006 %{WORD:protocol} (?:request|access) %{CISCO_ACTION:action} from %{IP:src_ip}/%{INT:src_port} to %{DATA:dst_interface}:%{IP:dst_ip}/%{INT:dst_port}
-# ASA-6-713172
-CISCOFW713172 Group = %{GREEDYDATA:group}, IP = %{IP:src_ip}, Automatic NAT Detection Status:\s+Remote end\s*%{DATA:is_remote_natted}\s*behind a NAT device\s+This\s+end\s*%{DATA:is_local_natted}\s*behind a NAT device
-# ASA-4-733100
-CISCOFW733100 \[\s*%{DATA:drop_type}\s*\] drop %{DATA:drop_rate_id} exceeded. Current burst rate is %{INT:drop_rate_current_burst} per second, max configured rate is %{INT:drop_rate_max_burst}; Current average rate is %{INT:drop_rate_current_avg} per second, max configured rate is %{INT:drop_rate_max_avg}; Cumulative total count is %{INT:drop_total_count}
-#== End Cisco ASA ==

data/vendor/patterns/grok-patterns

@@ -1,94 +0,0 @@
-USERNAME [a-zA-Z0-9._-]+
-USER %{USERNAME}
-INT (?:[+-]?(?:[0-9]+))
-BASE10NUM (?<![0-9.+-])(?>[+-]?(?:(?:[0-9]+(?:\.[0-9]+)?)|(?:\.[0-9]+)))
-NUMBER (?:%{BASE10NUM})
-BASE16NUM (?<![0-9A-Fa-f])(?:[+-]?(?:0x)?(?:[0-9A-Fa-f]+))
-BASE16FLOAT \b(?<![0-9A-Fa-f.])(?:[+-]?(?:0x)?(?:(?:[0-9A-Fa-f]+(?:\.[0-9A-Fa-f]*)?)|(?:\.[0-9A-Fa-f]+)))\b
-
-POSINT \b(?:[1-9][0-9]*)\b
-NONNEGINT \b(?:[0-9]+)\b
-WORD \b\w+\b
-NOTSPACE \S+
-SPACE \s*
-DATA .*?
-GREEDYDATA .*
-QUOTEDSTRING (?>(?<!\\)(?>"(?>\\.|[^\\"]+)+"|""|(?>'(?>\\.|[^\\']+)+')|''|(?>`(?>\\.|[^\\`]+)+`)|``))
-UUID [A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}
-
-# Networking
-MAC (?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})
-CISCOMAC (?:(?:[A-Fa-f0-9]{4}\.){2}[A-Fa-f0-9]{4})
-WINDOWSMAC (?:(?:[A-Fa-f0-9]{2}-){5}[A-Fa-f0-9]{2})
-COMMONMAC (?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})
-IPV6 ((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?
-IPV4 (?<![0-9])(?:(?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2}))(?![0-9])
-IP (?:%{IPV6}|%{IPV4})
-HOSTNAME \b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\.?|\b)
-HOST %{HOSTNAME}
-IPORHOST (?:%{HOSTNAME}|%{IP})
-HOSTPORT %{IPORHOST}:%{POSINT}
-
-# paths
-PATH (?:%{UNIXPATH}|%{WINPATH})
-UNIXPATH (?>/(?>[\w_%!$@:.,-]+|\\.)*)+
-TTY (?:/dev/(pts|tty([pq])?)(\w+)?/?(?:[0-9]+))
-WINPATH (?>[A-Za-z]+:|\\)(?:\\[^\\?*]*)+
-URIPROTO [A-Za-z]+(\+[A-Za-z+]+)?
-URIHOST %{IPORHOST}(?::%{POSINT:port})?
-# uripath comes loosely from RFC1738, but mostly from what Firefox
-# doesn't turn into %XX
-URIPATH (?:/[A-Za-z0-9$.+!*'(){},~:;=@#%_\-]*)+
-#URIPARAM \?(?:[A-Za-z0-9]+(?:=(?:[^&]*))?(?:&(?:[A-Za-z0-9]+(?:=(?:[^&]*))?)?)*)?
-URIPARAM \?[A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\-\[\]]*
-URIPATHPARAM %{URIPATH}(?:%{URIPARAM})?
-URI %{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?
-
-# Months: January, Feb, 3, 03, 12, December
-MONTH \b(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|Jun(?:e)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?)\b
-MONTHNUM (?:0?[1-9]|1[0-2])
-MONTHNUM2 (?:0[1-9]|1[0-2])
-MONTHDAY (?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])
-
-# Days: Monday, Tue, Thu, etc...
-DAY (?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)
-
-# Years?
-YEAR (?>\d\d){1,2}
-HOUR (?:2[0123]|[01]?[0-9])
-MINUTE (?:[0-5][0-9])
-# '60' is a leap second in most time standards and thus is valid.
-SECOND (?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)
-TIME (?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![0-9])
-# datestamp is YYYY/MM/DD-HH:MM:SS.UUUU (or something like it)
-DATE_US %{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}
-DATE_EU %{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}
-ISO8601_TIMEZONE (?:Z|[+-]%{HOUR}(?::?%{MINUTE}))
-ISO8601_SECOND (?:%{SECOND}|60)
-TIMESTAMP_ISO8601 %{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?
-DATE %{DATE_US}|%{DATE_EU}
-DATESTAMP %{DATE}[- ]%{TIME}
-TZ (?:[PMCE][SD]T|UTC)
-DATESTAMP_RFC822 %{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}
-DATESTAMP_RFC2822 %{DAY}, %{MONTHDAY} %{MONTH} %{YEAR} %{TIME} %{ISO8601_TIMEZONE}
-DATESTAMP_OTHER %{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR}
-DATESTAMP_EVENTLOG %{YEAR}%{MONTHNUM2}%{MONTHDAY}%{HOUR}%{MINUTE}%{SECOND}
-
-# Syslog Dates: Month Day HH:MM:SS
-SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME}
-PROG (?:[\w._/%-]+)
-SYSLOGPROG %{PROG:program}(?:\[%{POSINT:pid}\])?
-SYSLOGHOST %{IPORHOST}
-SYSLOGFACILITY <%{NONNEGINT:facility}.%{NONNEGINT:priority}>
-HTTPDATE %{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT}
-
-# Shortcuts
-QS %{QUOTEDSTRING}
-
-# Log formats
-SYSLOGBASE %{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:
-COMMONAPACHELOG %{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" %{NUMBER:response} (?:%{NUMBER:bytes}|-)
-COMBINEDAPACHELOG %{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}
-
-# Log Levels
-LOGLEVEL ([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)

data/vendor/patterns/haproxy

@@ -1,37 +0,0 @@
-## These patterns were tested w/ haproxy-1.4.15
-
-## Documentation of the haproxy log formats can be found at the following links:
-## http://code.google.com/p/haproxy-docs/wiki/HTTPLogFormat
-## http://code.google.com/p/haproxy-docs/wiki/TCPLogFormat
-
-HAPROXYTIME (?!<[0-9])%{HOUR:haproxy_hour}:%{MINUTE:haproxy_minute}(?::%{SECOND:haproxy_second})(?![0-9])
-HAPROXYDATE %{MONTHDAY:haproxy_monthday}/%{MONTH:haproxy_month}/%{YEAR:haproxy_year}:%{HAPROXYTIME:haproxy_time}.%{INT:haproxy_milliseconds}
-
-# Override these default patterns to parse out what is captured in your haproxy.cfg
-HAPROXYCAPTUREDREQUESTHEADERS %{DATA:captured_request_headers}
-HAPROXYCAPTUREDRESPONSEHEADERS %{DATA:captured_response_headers}
-
-# Example:
-#  These haproxy config lines will add data to the logs that are captured
-#  by the patterns below. Place them in your custom patterns directory to 
-#  override the defaults.  
-#
-#  capture request header Host len 40
-#  capture request header X-Forwarded-For len 50
-#  capture request header Accept-Language len 50
-#  capture request header Referer len 200
-#  capture request header User-Agent len 200
-#
-#  capture response header Content-Type len 30
-#  capture response header Content-Encoding len 10
-#  capture response header Cache-Control len 200
-#  capture response header Last-Modified len 200
-# 
-# HAPROXYCAPTUREDREQUESTHEADERS %{DATA:request_header_host}\|%{DATA:request_header_x_forwarded_for}\|%{DATA:request_header_accept_language}\|%{DATA:request_header_referer}\|%{DATA:request_header_user_agent}
-# HAPROXYCAPTUREDRESPONSEHEADERS %{DATA:response_header_content_type}\|%{DATA:response_header_content_encoding}\|%{DATA:response_header_cache_control}\|%{DATA:response_header_last_modified}
-
-# parse a haproxy 'httplog' line 
-HAPROXYHTTP %{SYSLOGTIMESTAMP:syslog_timestamp} %{IPORHOST:syslog_server} %{SYSLOGPROG}: %{IP:client_ip}:%{INT:client_port} \[%{HAPROXYDATE:accept_date}\] %{NOTSPACE:frontend_name} %{NOTSPACE:backend_name}/%{NOTSPACE:server_name} %{INT:time_request}/%{INT:time_queue}/%{INT:time_backend_connect}/%{INT:time_backend_response}/%{NOTSPACE:time_duration} %{INT:http_status_code} %{NOTSPACE:bytes_read} %{DATA:captured_request_cookie} %{DATA:captured_response_cookie} %{NOTSPACE:termination_state} %{INT:actconn}/%{INT:feconn}/%{INT:beconn}/%{INT:srvconn}/%{NOTSPACE:retries} %{INT:srv_queue}/%{INT:backend_queue} (\{%{HAPROXYCAPTUREDREQUESTHEADERS}\})?( )?(\{%{HAPROXYCAPTUREDRESPONSEHEADERS}\})?( )?"(<BADREQ>|(%{WORD:http_verb} (%{URIPROTO:http_proto}://)?(?:%{USER:http_user}(?::[^@]*)?@)?(?:%{URIHOST:http_host})?(?:%{URIPATHPARAM:http_request})?( HTTP/%{NUMBER:http_version})?))?"
-
-# parse a haproxy 'tcplog' line
-HAPROXYTCP %{SYSLOGTIMESTAMP:syslog_timestamp} %{IPORHOST:syslog_server} %{SYSLOGPROG}: %{IP:client_ip}:%{INT:client_port} \[%{HAPROXYDATE:accept_date}\] %{NOTSPACE:frontend_name} %{NOTSPACE:backend_name}/%{NOTSPACE:server_name} %{INT:time_queue}/%{INT:time_backend_connect}/%{NOTSPACE:time_duration} %{NOTSPACE:bytes_read} %{NOTSPACE:termination_state} %{INT:actconn}/%{INT:feconn}/%{INT:beconn}/%{INT:srvconn}/%{NOTSPACE:retries} %{INT:srv_queue}/%{INT:backend_queue}

data/vendor/patterns/java

@@ -1,3 +0,0 @@
-JAVACLASS (?:[a-zA-Z0-9-]+\.)+[A-Za-z0-9$_]+
-JAVAFILE (?:[A-Za-z0-9_. -]+)
-JAVASTACKTRACEPART at %{JAVACLASS:class}\.%{WORD:method}\(%{JAVAFILE:file}:%{NUMBER:line}\)

data/vendor/patterns/junos

@@ -1,9 +0,0 @@
-# JUNOS 11.4 RT_FLOW patterns
-RT_FLOW_EVENT (RT_FLOW_SESSION_CREATE|RT_FLOW_SESSION_CLOSE|RT_FLOW_SESSION_DENY)
-
-RT_FLOW1 %{RT_FLOW_EVENT:event}: %{GREEDYDATA:close-reason}: %{IP:src-ip}/%{DATA:src-port}->%{IP:dst-ip}/%{DATA:dst-port} %{DATA:service} %{IP:nat-src-ip}/%{DATA:nat-src-port}->%{IP:nat-dst-ip}/%{DATA:nat-dst-port} %{DATA:src-nat-rule-name} %{DATA:dst-nat-rule-name} %{INT:protocol-id} %{DATA:policy-name} %{DATA:from-zone} %{DATA:to-zone} %{INT:session-id} \d+\(%{DATA:sent}\) \d+\(%{DATA:received}\) %{INT:elapsed-time} .*
-
-RT_FLOW2 %{RT_FLOW_EVENT:event}: session created %{IP:src-ip}/%{DATA:src-port}->%{IP:dst-ip}/%{DATA:dst-port} %{DATA:service} %{IP:nat-src-ip}/%{DATA:nat-src-port}->%{IP:nat-dst-ip}/%{DATA:nat-dst-port} %{DATA:src-nat-rule-name} %{DATA:dst-nat-rule-name} %{INT:protocol-id} %{DATA:policy-name} %{DATA:from-zone} %{DATA:to-zone} %{INT:session-id} .*
-
-RT_FLOW3 %{RT_FLOW_EVENT:event}: session denied %{IP:src-ip}/%{DATA:src-port}->%{IP:dst-ip}/%{DATA:dst-port} %{DATA:service} %{INT:protocol-id}\(\d\) %{DATA:policy-name} %{DATA:from-zone} %{DATA:to-zone} .*
-

data/vendor/patterns/linux-syslog

@@ -1,16 +0,0 @@
-SYSLOG5424PRINTASCII [!-~]+
-
-SYSLOGBASE2 (?:%{SYSLOGTIMESTAMP:timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:
-SYSLOGPAMSESSION %{SYSLOGBASE} (?=%{GREEDYDATA:message})%{WORD:pam_module}\(%{DATA:pam_caller}\): session %{WORD:pam_session_state} for user %{USERNAME:username}(?: by %{GREEDYDATA:pam_by})?
-
-CRON_ACTION [A-Z ]+
-CRONLOG %{SYSLOGBASE} \(%{USER:user}\) %{CRON_ACTION:action} \(%{DATA:message}\)
-
-SYSLOGLINE %{SYSLOGBASE2} %{GREEDYDATA:message}
-
-# IETF 5424 syslog(8) format (see http://www.rfc-editor.org/info/rfc5424)
-SYSLOG5424PRI <%{NONNEGINT:syslog5424_pri}>
-SYSLOG5424SD \[%{DATA}\]+
-SYSLOG5424BASE %{SYSLOG5424PRI}%{NONNEGINT:syslog5424_ver} +(?:%{TIMESTAMP_ISO8601:syslog5424_ts}|-) +(?:%{HOSTNAME:syslog5424_host}|-) +(-|%{SYSLOG5424PRINTASCII:syslog5424_app}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_proc}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_msgid}) +(?:%{SYSLOG5424SD:syslog5424_sd}|-|)
-
-SYSLOG5424LINE %{SYSLOG5424BASE} +%{GREEDYDATA:syslog5424_msg}

data/vendor/patterns/mcollective

@@ -1 +0,0 @@
-MCOLLECTIVEAUDIT %{TIMESTAMP_ISO8601:timestamp}:

data/vendor/patterns/mcollective-patterns

@@ -1,4 +0,0 @@
-# Remember, these can be multi-line events.
-MCOLLECTIVE ., \[%{TIMESTAMP_ISO8601:timestamp} #%{POSINT:pid}\]%{SPACE}%{LOGLEVEL:event_level}
-
-MCOLLECTIVEAUDIT %{TIMESTAMP_ISO8601:timestamp}:

data/vendor/patterns/mongodb

@@ -1,4 +0,0 @@
-MONGO_LOG %{SYSLOGTIMESTAMP:timestamp} \[%{WORD:component}\] %{GREEDYDATA:message}
-MONGO_QUERY \{ (?<={ ).*(?= } ntoreturn:) \}
-MONGO_SLOWQUERY %{WORD} %{MONGO_WORDDASH:database}\.%{MONGO_WORDDASH:collection} %{WORD}: %{MONGO_QUERY:query} %{WORD}:%{NONNEGINT:ntoreturn} %{WORD}:%{NONNEGINT:ntoskip} %{WORD}:%{NONNEGINT:nscanned}.*nreturned:%{NONNEGINT:nreturned}..+ (?<duration>[0-9]+)ms
-MONGO_WORDDASH \b[\w-]+\b

data/vendor/patterns/nagios

@@ -1,108 +0,0 @@
-##################################################################################
-##################################################################################
-# Chop Nagios log files to smithereens!
-#
-# A set of GROK filters to process logfiles generated by Nagios.
-# While it does not, this set intends to cover all possible Nagios logs.
-#
-# Some more work needs to be done to cover all External Commands:
-#	http://old.nagios.org/developerinfo/externalcommands/commandlist.php
-#
-# If you need some support on these rules please contact:
-#	Jelle Smet http://smetj.net
-#
-#################################################################################
-#################################################################################
-
-NAGIOSTIME \[%{NUMBER:nagios_epoch}\]
-
-###############################################
-######## Begin nagios log types
-###############################################
-NAGIOS_TYPE_CURRENT_SERVICE_STATE CURRENT SERVICE STATE
-NAGIOS_TYPE_CURRENT_HOST_STATE CURRENT HOST STATE
-
-NAGIOS_TYPE_SERVICE_NOTIFICATION SERVICE NOTIFICATION
-NAGIOS_TYPE_HOST_NOTIFICATION HOST NOTIFICATION
-
-NAGIOS_TYPE_SERVICE_ALERT SERVICE ALERT
-NAGIOS_TYPE_HOST_ALERT HOST ALERT
-
-NAGIOS_TYPE_SERVICE_FLAPPING_ALERT SERVICE FLAPPING ALERT
-NAGIOS_TYPE_HOST_FLAPPING_ALERT HOST FLAPPING ALERT
-
-NAGIOS_TYPE_SERVICE_DOWNTIME_ALERT SERVICE DOWNTIME ALERT
-NAGIOS_TYPE_HOST_DOWNTIME_ALERT HOST DOWNTIME ALERT
-
-NAGIOS_TYPE_PASSIVE_SERVICE_CHECK PASSIVE SERVICE CHECK
-NAGIOS_TYPE_PASSIVE_HOST_CHECK PASSIVE HOST CHECK
-
-NAGIOS_TYPE_SERVICE_EVENT_HANDLER SERVICE EVENT HANDLER
-NAGIOS_TYPE_HOST_EVENT_HANDLER HOST EVENT HANDLER
-
-NAGIOS_TYPE_EXTERNAL_COMMAND EXTERNAL COMMAND
-NAGIOS_TYPE_TIMEPERIOD_TRANSITION TIMEPERIOD TRANSITION
-###############################################
-######## End nagios log types
-###############################################
-
-###############################################
-######## Begin external check types
-###############################################
-NAGIOS_EC_DISABLE_SVC_CHECK DISABLE_SVC_CHECK
-NAGIOS_EC_ENABLE_SVC_CHECK ENABLE_SVC_CHECK
-NAGIOS_EC_DISABLE_HOST_CHECK DISABLE_HOST_CHECK
-NAGIOS_EC_ENABLE_HOST_CHECK ENABLE_HOST_CHECK
-NAGIOS_EC_PROCESS_SERVICE_CHECK_RESULT PROCESS_SERVICE_CHECK_RESULT
-NAGIOS_EC_PROCESS_HOST_CHECK_RESULT PROCESS_HOST_CHECK_RESULT
-NAGIOS_EC_SCHEDULE_SERVICE_DOWNTIME SCHEDULE_SERVICE_DOWNTIME
-NAGIOS_EC_SCHEDULE_HOST_DOWNTIME SCHEDULE_HOST_DOWNTIME
-###############################################
-######## End external check types
-###############################################
-NAGIOS_WARNING Warning:%{SPACE}%{GREEDYDATA:nagios_message}
-
-NAGIOS_CURRENT_SERVICE_STATE %{NAGIOS_TYPE_CURRENT_SERVICE_STATE:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statetype};%{DATA:nagios_statecode};%{GREEDYDATA:nagios_message}
-NAGIOS_CURRENT_HOST_STATE %{NAGIOS_TYPE_CURRENT_HOST_STATE:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statetype};%{DATA:nagios_statecode};%{GREEDYDATA:nagios_message}
-
-NAGIOS_SERVICE_NOTIFICATION %{NAGIOS_TYPE_SERVICE_NOTIFICATION:nagios_type}: %{DATA:nagios_notifyname};%{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_contact};%{GREEDYDATA:nagios_message}
-NAGIOS_HOST_NOTIFICATION %{NAGIOS_TYPE_HOST_NOTIFICATION}: %{DATA:nagios_notifyname};%{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_contact};%{GREEDYDATA:nagios_message}
-
-NAGIOS_SERVICE_ALERT %{NAGIOS_TYPE_SERVICE_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{NUMBER:nagios_attempt};%{GREEDYDATA:nagios_message}
-NAGIOS_HOST_ALERT %{NAGIOS_TYPE_HOST_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{NUMBER:nagios_attempt};%{GREEDYDATA:nagios_message}
-
-NAGIOS_SERVICE_FLAPPING_ALERT %{NAGIOS_TYPE_SERVICE_FLAPPING_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_message}
-NAGIOS_HOST_FLAPPING_ALERT %{NAGIOS_TYPE_HOST_FLAPPING_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_message}
-
-NAGIOS_SERVICE_DOWNTIME_ALERT %{NAGIOS_TYPE_SERVICE_DOWNTIME_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}
-NAGIOS_HOST_DOWNTIME_ALERT %{NAGIOS_TYPE_HOST_DOWNTIME_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}
-
-NAGIOS_PASSIVE_SERVICE_CHECK %{NAGIOS_TYPE_PASSIVE_SERVICE_CHECK:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}
-NAGIOS_PASSIVE_HOST_CHECK %{NAGIOS_TYPE_PASSIVE_HOST_CHECK:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_comment}
-
-NAGIOS_SERVICE_EVENT_HANDLER %{NAGIOS_TYPE_SERVICE_EVENT_HANDLER:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{DATA:nagios_event_handler_name}
-NAGIOS_HOST_EVENT_HANDLER %{NAGIOS_TYPE_HOST_EVENT_HANDLER:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{DATA:nagios_event_handler_name}
-
-NAGIOS_TIMEPERIOD_TRANSITION %{NAGIOS_TYPE_TIMEPERIOD_TRANSITION:nagios_type}: %{DATA:nagios_service};%{DATA:nagios_unknown1};%{DATA:nagios_unknown2};
-
-####################
-#### External checks
-####################
-
-#Disable host & service check
-NAGIOS_EC_LINE_DISABLE_SVC_CHECK %{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_DISABLE_SVC_CHECK:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_service}
-NAGIOS_EC_LINE_DISABLE_HOST_CHECK %{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_DISABLE_HOST_CHECK:nagios_command};%{DATA:nagios_hostname}
-
-#Enable host & service check
-NAGIOS_EC_LINE_ENABLE_SVC_CHECK %{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_ENABLE_SVC_CHECK:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_service}
-NAGIOS_EC_LINE_ENABLE_HOST_CHECK %{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_ENABLE_HOST_CHECK:nagios_command};%{DATA:nagios_hostname}
-
-#Process host & service check
-NAGIOS_EC_LINE_PROCESS_SERVICE_CHECK_RESULT %{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_PROCESS_SERVICE_CHECK_RESULT:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{GREEDYDATA:nagios_check_result}
-NAGIOS_EC_LINE_PROCESS_HOST_CHECK_RESULT %{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_PROCESS_HOST_CHECK_RESULT:nagios_command};%{DATA:nagios_hostname};%{DATA:nagios_state};%{GREEDYDATA:nagios_check_result}
-
-#Schedule host & service downtime
-NAGIOS_EC_LINE_SCHEDULE_HOST_DOWNTIME %{NAGIOS_TYPE_EXTERNAL_COMMAND:nagios_type}: %{NAGIOS_EC_SCHEDULE_HOST_DOWNTIME:nagios_command};%{DATA:nagios_hostname};%{NUMBER:nagios_start_time};%{NUMBER:nagios_end_time};%{NUMBER:nagios_fixed};%{NUMBER:nagios_trigger_id};%{NUMBER:nagios_duration};%{DATA:author};%{DATA:comment}
-
-#End matching line
-NAGIOSLOGLINE %{NAGIOSTIME} (?:%{NAGIOS_WARNING}|%{NAGIOS_CURRENT_SERVICE_STATE}|%{NAGIOS_CURRENT_HOST_STATE}|%{NAGIOS_SERVICE_NOTIFICATION}|%{NAGIOS_HOST_NOTIFICATION}|%{NAGIOS_SERVICE_ALERT}|%{NAGIOS_HOST_ALERT}|%{NAGIOS_SERVICE_FLAPPING_ALERT}|%{NAGIOS_HOST_FLAPPING_ALERT}|%{NAGIOS_SERVICE_DOWNTIME_ALERT}|%{NAGIOS_HOST_DOWNTIME_ALERT}|%{NAGIOS_PASSIVE_SERVICE_CHECK}|%{NAGIOS_PASSIVE_HOST_CHECK}|%{NAGIOS_SERVICE_EVENT_HANDLER}|%{NAGIOS_HOST_EVENT_HANDLER}|%{NAGIOS_TIMEPERIOD_TRANSITION}|%{NAGIOS_EC_LINE_DISABLE_SVC_CHECK}|%{NAGIOS_EC_LINE_ENABLE_SVC_CHECK}|%{NAGIOS_EC_LINE_DISABLE_HOST_CHECK|%{NAGIOS_EC_LINE_ENABLE_HOST_CHECK}|%{NAGIOS_EC_LINE_PROCESS_HOST_CHECK_RESULT}|%{NAGIOS_EC_LINE_PROCESS_SERVICE_CHECK_RESULT}|%{NAGIOS_EC_LINE_SCHEDULE_HOST_DOWNTIME})

data/vendor/patterns/postgresql

@@ -1,3 +0,0 @@
-# Default postgresql pg_log format pattern
-POSTGRESQL %{DATESTAMP:timestamp} %{TZ} %{DATA:user_id} %{GREEDYDATA:connection_id} %{POSINT:pid}
-

data/vendor/patterns/redis

@@ -1,3 +0,0 @@
-REDISTIMESTAMP %{MONTHDAY} %{MONTH} %{TIME}
-REDISLOG \[%{POSINT:pid}\] %{REDISTIMESTAMP:timestamp} \* 
-

data/vendor/patterns/ruby

@@ -1,2 +0,0 @@
-RUBY_LOGLEVEL (?:DEBUG|FATAL|ERROR|WARN|INFO)
-RUBY_LOGGER [DFEWI], \[%{TIMESTAMP_ISO8601:timestamp} #%{POSINT:pid}\] *%{RUBY_LOGLEVEL:loglevel} -- +%{DATA:progname}: %{GREEDYDATA:message}