src/formats/esx_syslog_log.json


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

{
    "$schema": "https://lnav.org/schemas/format-v1.schema.json",
    "esx_syslog_log": {
        "title": "ESXi Syslog",
        "description": "Format specific to the ESXi syslog",
        "regex": {
            "std": {
                "pattern": "^(?<timestamp>(?:\\S{3,8}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2}|\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?Z))\\s+(?<level>\\w+)\\((?<syslog_pri>\\d+)\\)(?:\\[\\+\\]|\\+)?(?:(?: (?<log_syslog_tag>(?<log_procname>(?:[^\\[:]+|[^:]+))(?:\\[(?<log_pid>\\d+)\\])?):\\s*(?<body>.*))$|:?(?:(?: ---)? last message repeated \\d+ times?(?: ---)?))"
            },
            "host": {
                "pattern": "^(?<timestamp>(?:\\S{3,8}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2}|\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?Z))\\s+(?<level>\\w+)\\((?<syslog_pri>\\d+)\\)(?:\\[\\+\\]|\\+)?(?:(?: (?<log_syslog_tag>(?:host-(?<log_pid>\\d+))?)\\s+(?<body>.*))$|:?(?:(?: ---)? last message repeated \\d+ times?(?: ---)?))"
            },
            "notime": {
                "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2})\\s+(?<level>\\w+)\\((?<syslog_pri>\\d+)\\)\\s+(?<log_procname>[^\\[]+)\\[(?<log_pid>\\d+)\\]:\\s(?<new_time>\\d{2}:\\d{2}:\\d{2}\\.\\d+)\\s+(?<body>.*)"
            }
        },
        "level": {
            "debug": "^Db$",
            "info": "^In$",
            "notice": "^No$",
            "warning": "^Wa$",
            "error": "^Er$",
            "critical": "^Cr$",
            "fatal": "^(?:Al|Em)$"
        },
        "opid-field": "log_syslog_tag",
        "time-field": "new_time",
        "multiline": false,
        "value": {
            "body": {
                "kind": "string"
            },
            "log_pid": {
                "kind": "string",
                "identifier": true
            },
            "log_procname": {
                "kind": "string",
                "identifier": true
            },
            "log_syslog_tag": {
                "kind": "string"
            },
            "syslog_pri": {
                "kind": "string"
            },
            "timestamp": {
                "kind": "string"
            }
        },
        "sample": [
            {
                "line": "2022-06-02T05:34:56.746Z In(14) ConfigStore[1001430703]: Log for ConfigStore version=1.0 build=build-19833347 option=BETA"
            },
            {
                "line": "2022-06-02T05:34:23Z In(14)[+] hostprofile[1001430319]: {'mode': 'Disabled', 'exceptionUsers': []}"
            },
            {
                "line": "2022-06-02 In(14) hostprofile[1001430319]: 05:34:23.666 {'mode': 'Disabled', 'exceptionUsers': []}"
            },
            {
                "line": "2022-06-01T13:42:40.681Z In(05) host-16250 <analytics> Skip service health check. State STOPPED, Curr request 0"
            }
        ]
    }
}