{
    "$schema": "https://lnav.org/schemas/format-v1.schema.json",
    "sudo_log": {
        "title": "sudo",
        "description": "The sudo privilege management tool.",
        "url": "",
        "regex": {
            "std": {
                "module-format": true,
                "pattern": "^(?<login>\\S+)\\s*: (?:(?<error_msg>[^;]+);)?\\s*TTY=(?<tty>[^;]+)\\s+;\\s*PWD=(?<pwd>[^;]+)\\s+;\\s*USER=(?<user>[^;]+)\\s+;\\s*COMMAND=(?<command>.*)$"
            }
        },
        "level-field": "error_msg",
        "level": {
            "error": ".+"
        },
        "value": {
            "login": {
                "kind": "string",
                "identifier": true
            },
            "error_msg": {
                "kind": "string"
            },
            "tty": {
                "kind": "string"
            },
            "pwd": {
                "kind": "string"
            },
            "user": {
                "kind": "string",
                "identifier": true
            },
            "command": {
                "kind": "string"
            }
        },
        "sample": [
            {
                "line": "stack : 3 incorrect password attempts ; TTY=ttys005 ; PWD=/Users/stack/ClionProjects/lbuild ; USER=root ; COMMAND=/bin/ls"
            },
            {
                "line": "stack : TTY=ttys005 ; PWD=/Users/stack/ClionProjects/lbuild ; USER=root ; COMMAND=/bin/ls"
            }
        ]
    }
}