summaryrefslogtreecommitdiffstats
path: root/src/formats/sudo_log.json
blob: d2ee72c5c6f51645734c88b1c5021e0dc78d0172 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

{
    "$schema": "https://lnav.org/schemas/format-v1.schema.json",
    "sudo_log": {
        "title": "sudo",
        "description": "The sudo privilege management tool.",
        "url": "",
        "regex": {
            "std": {
                "module-format": true,
                "pattern": "^(?<login>\\S+)\\s*: (?:(?<error_msg>[^;]+);)?\\s*TTY=(?<tty>[^;]+)\\s+;\\s*PWD=(?<pwd>[^;]+)\\s+;\\s*USER=(?<user>[^;]+)\\s+;\\s*COMMAND=(?<command>.*)$"
            }
        },
        "level-field": "error_msg",
        "level": {
            "error": ".+"
        },
        "value": {
            "login": {
                "kind": "string",
                "identifier": true
            },
            "error_msg": {
                "kind": "string"
            },
            "tty": {
                "kind": "string"
            },
            "pwd": {
                "kind": "string"
            },
            "user": {
                "kind": "string",
                "identifier": true
            },
            "command": {
                "kind": "string"
            }
        },
        "sample": [
            {
                "line": "stack : 3 incorrect password attempts ; TTY=ttys005 ; PWD=/Users/stack/ClionProjects/lbuild ; USER=root ; COMMAND=/bin/ls"
            },
            {
                "line": "stack : TTY=ttys005 ; PWD=/Users/stack/ClionProjects/lbuild ; USER=root ; COMMAND=/bin/ls"
            }
        ]
    }
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-24 15:40:45 +0000