src/formats/openam_log.json


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

{
    "$schema": "https://lnav.org/schemas/format-v1.schema.json",
    "openam_log": {
        "title": "OpenAM Log",
        "description": "The OpenAM identity provider.",
        "url": "http://openam.forgerock.org",
        "level-field": "level",
        "level": {
            "error": "ERROR",
            "warning": "WARNING",
            "info": "INFO",
            "critical": "SEVERE",
            "trace": "FINE|FINEST"
        },
        "multiline": false,
        "regex": {
            "std": {
                "pattern": "^\"(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2})\"\\s+(?<data>[^ \"]+|\"(?:[^\"]*|\"\")*\")\\s+(?<loginid>[^ \"]+|\"(?:[^\"]*|\"\")*\")\\s+(?<contextid>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<ipaddr>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<level>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<domain>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<loggedby>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<messageid>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<modulename>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<nameid>[^ \"]+|\"(?:[^\"]|\"\")*\")\\s+(?<hostname>[^ \"]+|\"(?:[^\"]|\"\")*\")(?<body>.*)$"
            }
        },
        "value": {
            "data": {
                "kind": "quoted"
            },
            "loginid": {
                "kind": "quoted",
                "identifier": true
            },
            "contextid": {
                "kind": "quoted",
                "identifier": true
            },
            "ipaddr": {
                "kind": "quoted",
                "identifier": true,
                "collate": "ipaddress"
            },
            "domain": {
                "kind": "quoted",
                "identifier": true
            },
            "loggedby": {
                "kind": "quoted",
                "identifier": true
            },
            "messageid": {
                "kind": "quoted",
                "identifier": true
            },
            "modulename": {
                "kind": "quoted",
                "identifier": true
            },
            "nameid": {
                "kind": "quoted",
                "identifier": true
            },
            "hostname": {
                "kind": "quoted",
                "identifier": true,
                "collate": "ipaddress"
            }
        },
        "sample": [
            {
                "line": "\"2014-06-14 17:08:39\" \"http://localhost:8086|/|<samlp:AuthnRequest ID=\"\"139a40bba4d340108d91022750c2a3a8\"\" Version=\"\"2.0\"\" IssueInstant=\"\"2014-06-14T17:09:04Z\"\" ProtocolBinding=\"\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\" AssertionConsumerServiceURL=\"\"http://localhost:8086/api/1/rest/admin/org/530e42ccd6f45fd16d0d0717/saml/consume\"\">\\n<saml:Issuer>http://localhost:8086</saml:Issuer>\\n<samlp:NameIDPolicy  Format=\"\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\"\" AllowCreate=\"\"true\"\"></samlp:NameIDPolicy>\\n<samlp:RequestedAuthnContext Comparison=\"\"exact\"\"><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></samlp:RequestedAuthnContext>\\n</samlp:AuthnRequest>\"  \"cn=dsameuser,ou=DSAME Users,dc=openam\" 8fc43a8f6a8c14101   \"Not Available\" INFO    dc=openam   \"cn=dsameuser,ou=DSAME Users,dc=openam\" SAML2-36    SAML2.access    \"Not Available\" 127.0.1.1"
            },
            {
                "line": "\"2014-06-09 14:49:56\" /etc/openam/openam/log/ \"cn=dsameuser,ou=DSAME Users,dc=openam\" 3d956febb91fed31    \"Not Available\" INFO    dc=openam   \"cn=dsameuser,ou=DSAME Users,dc=openam\" LOG-1   amPolicy.access \"Not Available\" 127.0.1.1"
            }
        ]
    }
}