diff options
Diffstat (limited to 'src/formats/sudo_log.json')
| -rw-r--r-- | src/formats/sudo_log.json | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/src/formats/sudo_log.json b/src/formats/sudo_log.json new file mode 100644 index 0000000..d2ee72c --- /dev/null +++ b/src/formats/sudo_log.json @@ -0,0 +1,48 @@ +{ + "$schema": "https://lnav.org/schemas/format-v1.schema.json", + "sudo_log": { + "title": "sudo", + "description": "The sudo privilege management tool.", + "url": "", + "regex": { + "std": { + "module-format": true, + "pattern": "^(?<login>\\S+)\\s*: (?:(?<error_msg>[^;]+);)?\\s*TTY=(?<tty>[^;]+)\\s+;\\s*PWD=(?<pwd>[^;]+)\\s+;\\s*USER=(?<user>[^;]+)\\s+;\\s*COMMAND=(?<command>.*)$" + } + }, + "level-field": "error_msg", + "level": { + "error": ".+" + }, + "value": { + "login": { + "kind": "string", + "identifier": true + }, + "error_msg": { + "kind": "string" + }, + "tty": { + "kind": "string" + }, + "pwd": { + "kind": "string" + }, + "user": { + "kind": "string", + "identifier": true + }, + "command": { + "kind": "string" + } + }, + "sample": [ + { + "line": "stack : 3 incorrect password attempts ; TTY=ttys005 ; PWD=/Users/stack/ClionProjects/lbuild ; USER=root ; COMMAND=/bin/ls" + }, + { + "line": "stack : TTY=ttys005 ; PWD=/Users/stack/ClionProjects/lbuild ; USER=root ; COMMAND=/bin/ls" + } + ] + } +}
\ No newline at end of file |