diff options
Diffstat (limited to '')
| -rw-r--r-- | src/formats/access_log.json | 3 | ||||
| -rw-r--r-- | src/formats/block_log.json | 2 | ||||
| -rw-r--r-- | src/formats/bunyan_log.json | 2 | ||||
| -rw-r--r-- | src/formats/cloudvm_ram_log.json | 2 | ||||
| -rw-r--r-- | src/formats/esx_syslog_log.json | 30 | ||||
| -rw-r--r-- | src/formats/formats.am | 5 | ||||
| -rw-r--r-- | src/formats/github_events_log.json | 194 | ||||
| -rw-r--r-- | src/formats/java_log.json | 39 | ||||
| -rw-r--r-- | src/formats/nextcloud_log.json | 79 | ||||
| -rw-r--r-- | src/formats/nextflow_log.json | 33 | ||||
| -rw-r--r-- | src/formats/pcap_log.json | 14 | ||||
| -rw-r--r-- | src/formats/procstate_log.json | 4 | ||||
| -rw-r--r-- | src/formats/redis_log.json | 59 | ||||
| -rw-r--r-- | src/formats/sssd_log.json | 42 | ||||
| -rw-r--r-- | src/formats/strace_log.json | 5 | ||||
| -rw-r--r-- | src/formats/vmk_log.json | 19 | ||||
| -rw-r--r-- | src/formats/vmw_log.json | 126 | ||||
| -rw-r--r-- | src/formats/vmw_py_log.json | 5 | ||||
| -rw-r--r-- | src/formats/vmw_vc_svc_log.json | 50 | ||||
| -rw-r--r-- | src/formats/vpostgres_log.json | 51 |
20 files changed, 731 insertions, 33 deletions
diff --git a/src/formats/access_log.json b/src/formats/access_log.json index 6a5b020..b71d210 100644 --- a/src/formats/access_log.json +++ b/src/formats/access_log.json @@ -111,6 +111,9 @@ { "line": "10.112.2.3 - - [16/Sep/2022:00:53:14 +0200] \"POST /api/v4/jobs/request HTTP/1.1\" 204 0 \"\" \"gitlab-runner 15.3.0 (15-3-stable; go1.19; linux/amd64)\" -", "level": "info" + }, + { + "line": "172.18.0.1 - - [29/Aug/2023 22:02:58] \"GET / HTTP/1.1\" 200 -" } ] } diff --git a/src/formats/block_log.json b/src/formats/block_log.json index aaba6d8..3450d8a 100644 --- a/src/formats/block_log.json +++ b/src/formats/block_log.json @@ -8,7 +8,7 @@ "pattern": "^(?<timestamp>\\S{3,8} \\w{3}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2} \\w+ \\d{4})\\s*(?<body>.*)$" }, "sq-brackets": { - "pattern": "^\\[(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3,6})?)Z?\\]\\s*(?<body>.*)$" + "pattern": "^\\[(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3,6})?(?:Z|[-+]\\d{2}:?\\d{2})?)\\]\\s*(?<body>.*)$" } }, "sample": [ diff --git a/src/formats/bunyan_log.json b/src/formats/bunyan_log.json index 4902d19..92bd7b3 100644 --- a/src/formats/bunyan_log.json +++ b/src/formats/bunyan_log.json @@ -1,6 +1,6 @@ { "$schema": "https://lnav.org/schemas/format-v1.schema.json", - "bunyan": { + "bunyan_log": { "title": "Bunyan log", "url": "https://github.com/trentm/node-bunyan", "description": "Bunyan JSON logging library for node.js", diff --git a/src/formats/cloudvm_ram_log.json b/src/formats/cloudvm_ram_log.json index 723cdaa..e129344 100644 --- a/src/formats/cloudvm_ram_log.json +++ b/src/formats/cloudvm_ram_log.json @@ -5,7 +5,7 @@ "description": "Periodic dumps of ram sizes", "regex": { "std": { - "pattern": "========== Start of cloudvm ram size dump at (?<timestamp>[^=]+)==========(?<body>.*)" + "pattern": "========== Start of cloudvm ram size dump at (?<timestamp>[^=]+) ==========(?<body>.*)" } }, "sample": [ diff --git a/src/formats/esx_syslog_log.json b/src/formats/esx_syslog_log.json index 85fa881..e92612a 100644 --- a/src/formats/esx_syslog_log.json +++ b/src/formats/esx_syslog_log.json @@ -5,7 +5,7 @@ "description": "Format specific to the ESXi syslog", "regex": { "std": { - "pattern": "^(?<timestamp>(?:\\S{3,8}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2}|\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?Z))\\s+(?<level>\\w+)\\((?<syslog_pri>\\d+)\\)(?:\\[\\+\\]|\\+)?(?:(?: (?<log_syslog_tag>(?<log_procname>(?:[^\\[:]+|[^:]+))(?:\\[(?<log_pid>\\d+)\\])?):\\s*(?<body>.*))$|:?(?:(?: ---)? last message repeated \\d+ times?(?: ---)?))" + "pattern": "^(?<timestamp>(?:\\S{3,8}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2}|\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?Z))\\s+(?<level>\\w+)\\((?<syslog_pri>\\d+)\\)(?:\\[\\+\\]|\\+)?(?:(?: (?<log_syslog_tag>(?<log_procname>(?:[^\\[:]+|[^:]+))(?:\\[(?<log_pid>\\d+)\\])?):\\s*(?:\\w+ \\[(?<logger>[^ ]+)(?: op[iI][dD]=(?<opid>[^ \\]]+))?\\]\\s*)?(?<body>.*))$|:?(?:(?: ---)? last message repeated \\d+ times?(?: ---)?))" }, "host": { "pattern": "^(?<timestamp>(?:\\S{3,8}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2}|\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?Z))\\s+(?<level>\\w+)\\((?<syslog_pri>\\d+)\\)(?:\\[\\+\\]|\\+)?(?:(?: (?<log_syslog_tag>(?:host-(?<log_pid>\\d+))?)\\s+(?<body>.*))$|:?(?:(?: ---)? last message repeated \\d+ times?(?: ---)?))" @@ -23,7 +23,20 @@ "critical": "^Cr$", "fatal": "^(?:Al|Em)$" }, - "opid-field": "log_syslog_tag", + "opid-field": "opid", + "opid": { + "subid": "log_syslog_tag", + "description": { + "settingsd": { + "format": [ + { + "field": "body", + "extractor": "^Authz::Invoke method: (.+)" + } + ] + } + } + }, "time-field": "new_time", "multiline": false, "value": { @@ -41,6 +54,10 @@ "log_syslog_tag": { "kind": "string" }, + "opid": { + "kind": "string", + "identifier": true + }, "syslog_pri": { "kind": "string" }, @@ -60,6 +77,15 @@ }, { "line": "2022-06-01T13:42:40.681Z In(05) host-16250 <analytics> Skip service health check. State STOPPED, Curr request 0" + }, + { + "line": "2023-08-09T14:42:43.094Z In(14) settingsd[263657]: debug [ConfigStore:c5f9ac2700 opId=cabbdb94-0afb-4d23-9203-e901779b9b04] [RunCommand] About to run command /usr/bin/python /usr/lib/vmware/lifecycle/bin/imagemanagerctl.py VIB --list-all" + }, + { + "line": "2022-05-17T07:39:38.357Z In(9) watchdog-vobd[1001390409]: Executing '/usr/lib/vmware/vob/bin/vobd ++securitydom=vobdDom'" + }, + { + "line": "2023-11-07T19:17:28.030Z In(14) settingsd[2099680]: [Ticket] Deleted ticket /var/run/vmware/tickets/vmtck-31182534-c078-88" } ] } diff --git a/src/formats/formats.am b/src/formats/formats.am index 9b3d8a9..7896364 100644 --- a/src/formats/formats.am +++ b/src/formats/formats.am @@ -15,11 +15,14 @@ FORMAT_FILES = \ $(srcdir)/%reldir%/error_log.json \ $(srcdir)/%reldir%/esx_syslog_log.json \ $(srcdir)/%reldir%/fsck_hfs_log.json \ + $(srcdir)/%reldir%/github_events_log.json \ $(srcdir)/%reldir%/glog_log.json \ $(srcdir)/%reldir%/haproxy_log.json \ $(srcdir)/%reldir%/java_log.json \ $(srcdir)/%reldir%/journald_json_log.json \ $(srcdir)/%reldir%/katello_log.json \ + $(srcdir)/%reldir%/nextcloud_log.json \ + $(srcdir)/%reldir%/nextflow_log.json \ $(srcdir)/%reldir%/openam_log.json \ $(srcdir)/%reldir%/openamdb_log.json \ $(srcdir)/%reldir%/openstack_log.json \ @@ -27,6 +30,7 @@ FORMAT_FILES = \ $(srcdir)/%reldir%/papertrail_log.json \ $(srcdir)/%reldir%/pcap_log.json \ $(srcdir)/%reldir%/procstate_log.json \ + $(srcdir)/%reldir%/redis_log.json \ $(srcdir)/%reldir%/snaplogic_log.json \ $(srcdir)/%reldir%/sssd_log.json \ $(srcdir)/%reldir%/strace_log.json \ @@ -42,5 +46,6 @@ FORMAT_FILES = \ $(srcdir)/%reldir%/vmw_log.json \ $(srcdir)/%reldir%/vmw_vc_svc_log.json \ $(srcdir)/%reldir%/vmw_py_log.json \ + $(srcdir)/%reldir%/vpostgres_log.json \ $(srcdir)/%reldir%/xmlrpc_log.json \ $() diff --git a/src/formats/github_events_log.json b/src/formats/github_events_log.json new file mode 100644 index 0000000..a68e9bd --- /dev/null +++ b/src/formats/github_events_log.json @@ -0,0 +1,194 @@ +{ + "$schema": "https://lnav.org/schemas/format-v1.schema.json", + "github_events_log": { + "title": "GitHub Events Log", + "description": "Format for the public GitHub timeline from gharchive.org", + "url": "https://gharchive.org", + "file-type": "json", + "timestamp-field": "created_at", + "opid-field": "actor/display_login", + "line-format": [ + { + "field": "__timestamp__" + }, + { + "prefix": " ", + "field": "type" + }, + { + "prefix": " ", + "field": "actor/display_login" + }, + { + "prefix": " ", + "field": "payload/action", + "default-value": "" + }, + { + "prefix": " ", + "field": "payload/member/login", + "suffix": " to", + "default-value": "" + }, + { + "prefix": " committed \u201c", + "field": "payload/commits#/message", + "suffix": "\u201d to", + "default-value": "" + }, + { + "prefix": " forked ", + "field": "payload/forkee/full_name", + "suffix": " from", + "default-value": "" + }, + { + "prefix": " review ", + "field": "payload/review/id", + "suffix": " for", + "default-value": "" + }, + { + "prefix": " pull-request #", + "field": "payload/pull_request/number", + "default-value": "" + }, + { + "prefix": " \u201c", + "field": "payload/pull_request/title", + "suffix": "\u201d in", + "default-value": "" + }, + { + "prefix": " issue #", + "field": "payload/issue/number", + "default-value": "" + }, + { + "prefix": " \u201c", + "field": "payload/issue/title", + "suffix": "\u201d in", + "default-value": "" + }, + { + "prefix": " ", + "field": "payload/ref_type", + "default-value": "" + }, + { + "prefix": " off ", + "field": "payload/master_branch", + "suffix": " in", + "default-value": "" + }, + { + "prefix": " ", + "field": "payload/pages#/action", + "default-value": "" + }, + { + "prefix": " page ", + "field": "payload/pages#/title", + "suffix": " in", + "default-value": "" + }, + { + "prefix": " ", + "field": "payload/release/name", + "suffix": " in", + "default-value": "" + }, + { + "prefix": " ", + "field": "repo/name", + "default-value": "" + } + ], + "value": { + "id": { + "kind": "string", + "identifier": true, + "hidden": true + }, + "type": { + "kind": "string", + "identifier": true + }, + "actor": { + "kind": "json", + "hidden": true + }, + "actor/display_login": { + "kind": "string", + "identifier": true + }, + "org": { + "kind": "json", + "hidden": true + }, + "payload": { + "kind": "json", + "hidden": true + }, + "payload/action": { + "kind": "string" + }, + "payload/commits#/message": { + "kind": "string" + }, + "payload/forkee/full_name": { + "kind": "string" + }, + "payload/master_branch": { + "kind": "string", + "identifier": true + }, + "payload/member/login": { + "kind": "string", + "identifier": true + }, + "payload/pull_request/number": { + "kind": "integer", + "identifier": true + }, + "payload/pull_request/title": { + "kind": "string" + }, + "payload/issue/number": { + "kind": "integer", + "identifier": true + }, + "payload/issue/title": { + "kind": "string" + }, + "payload/pages#/action": { + "kind": "string" + }, + "payload/pages#/title": { + "kind": "string" + }, + "payload/ref_type": { + "kind": "string" + }, + "payload/release/name": { + "kind": "string" + }, + "payload/review/id": { + "kind": "integer", + "identifier": true + }, + "public": { + "kind": "boolean", + "hidden": true + }, + "repo": { + "kind": "json", + "hidden": true + }, + "repo/name": { + "kind": "string", + "identifier": true + } + } + } +}
\ No newline at end of file diff --git a/src/formats/java_log.json b/src/formats/java_log.json index 0d6297a..d9c036a 100644 --- a/src/formats/java_log.json +++ b/src/formats/java_log.json @@ -12,40 +12,53 @@ "pattern": "^(?<level>\\w+)\\s+\\|\\s+jvm (?<jvm_no>\\d+)\\s+\\|\\s(?<timestamp>\\d{4}/\\d{2}/\\d{2} \\d{2}:\\d{2}:\\d{2})\\s+\\| JVMDUMP\\w+\\s(?<body>.*)$" }, "tasko": { - "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}( |T)\\d{2}:\\d{2}:\\d{2}(,|\\.)\\d{3}Z?)\\s+\\[(?<thread>[\\w\\-\\.]+)\\]\\s+(?<level>ERROR|WARN|INFO|DEBUG)\\s+(?<class>[\\w.]+)\\s+(-\\s+)?(?<body>.*)$" + "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}( |T)\\d{2}:\\d{2}:\\d{2}(,|\\.)\\d{3}(?:Z|[-+]\\d{2}:?\\d{2})?)\\s+\\[(?<thread>[\\w\\-\\.]+)\\]\\s+(?<level>ERROR|WARN|INFO|DEBUG|TRACE)\\s+(?<class>[\\w.]+)\\s+(-\\s+)?(?<body>.*)$" }, "prefix-brackets": { - "pattern": "^\\[(?<timestamp>\\d{4}-\\d{2}-\\d{2}( |T)\\d{2}:\\d{2}:\\d{2}(,|\\.)\\d{3}Z?)\\s+(?<thread>[\\w\\-\\.]+)\\s+(?<level>ERROR|WARN|INFO|DEBUG)\\s+(?<class>[\\w.]+)(?:\\s+opId=(?<opid>[^\\]]*))?\\]\\s*(-\\s+)?(?<body>.*)$" + "pattern": "^\\[(?<timestamp>\\d{4}-\\d{2}-\\d{2}( |T)\\d{2}:\\d{2}:\\d{2}(,|\\.)\\d{3}(?:Z|[-+]\\d{2}:?\\d{2})?)\\s+(?<thread>[\\w\\-\\.]+)\\s+(?<level>ERROR|WARN|INFO|DEBUG|TRACE)\\s+(?<class>[\\w.]+)(?:\\s+opId=(?<opid>[^\\]]*))?\\]\\s*(-\\s+)?(?<body>.*)$" }, "in-brackets": { - "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}( |T)\\d{2}:\\d{2}:\\d{2}(,|\\.)\\d{3}Z?)\\s+\\[(?<thread>[\\w\\-\\.]+)(?:\\s+(?:\\[\\]|null))?\\s+(?<level>ERROR|WARN|INFO|DEBUG)\\s+(?<class>[\\w.]+)(?:\\s+opId=(?<opid>[^\\]]*))?\\]\\s*(-\\s+)?(?<body>.*)$" + "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}( |T)\\d{2}:\\d{2}:\\d{2}(,|\\.)\\d{3}(?:Z|[-+]\\d{2}:?\\d{2})?)\\s+\\[(?<thread>[\\w\\-\\.]+)(?:\\s+(?:\\[\\]|null))?\\s+(?<level>ERROR|WARN|INFO|DEBUG|TRACE)\\s+(?<class>[\\w.]+)(?:\\s+opId=(?<opid>[^\\]]*))?\\]\\s*(-\\s+)?(?<body>.*)$" }, "nobrackets": { - "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}( |T)\\d{2}:\\d{2}:\\d{2}(,|\\.)\\d{3}Z?)\\s+(?<thread>[\\w\\-\\.]+)\\s+(?<level>ERROR|WARN|INFO|DEBUG)\\s+(?<class>[\\w.]+)\\s+(-\\s+)?(?<body>.*)$" + "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}( |T)\\d{2}:\\d{2}:\\d{2}(,|\\.)\\d{3}(?:Z|[-+]\\d{2}:?\\d{2})?)\\s+(?<thread>[\\w\\-\\.]+) (?:operationID=(?<opid>\\S+))?\\s+(?<level>ERROR|WARN|INFO|DEBUG|TRACE)\\s+(?<class>[\\w.]+)\\s+(-\\s+)?(?<body>.*)$" }, "vmw1": { - "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}( |T)\\d{2}:\\d{2}:\\d{2}(,|\\.)\\d{3}Z?)\\s*\\|\\s*(?<level>ERROR|WARN|INFO|DEBUG)\\s*\\|\\s*(?<thread>[^\\|]+)\\s*\\|\\s*(?<srcfile>[^\\|]+)\\s*\\|\\s*(?<srcline>\\d+)\\s*\\|\\s*(?<body>.*)$" + "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}( |T)\\d{2}:\\d{2}:\\d{2}(,|\\.)\\d{3}(?:Z|[-+]\\d{2}:?\\d{2})?)\\s*\\|\\s*(?<level>ERROR|WARN|INFO|DEBUG|TRACE)\\s*\\|\\s*(?<thread>[^\\|]+)\\s*\\|\\s*(?<srcfile>[^\\|]+)\\s*\\|\\s*(?<srcline>\\d+)\\s*\\|\\s*(?<body>.*)$" }, "vmw2": { - "pattern": "^\\[(?<timestamp>\\d{4}-\\d{2}-\\d{2}( |T)\\d{2}:\\d{2}:\\d{2}(,|\\.)\\d{3}Z?)\\]\\s*(?<level>ERROR|WARN|INFO|DEBUG)\\s*\\d+\\[(?<thread>[^\\]]+)\\]\\s+-\\s+(?<class>[^\\(]+)\\.(?<method>\\w+)\\((?<srcfile>[^:]+):(?<srcline>\\d+)\\)\\s+-\\s+(?<body>.*)$" + "pattern": "^\\[(?<timestamp>\\d{4}-\\d{2}-\\d{2}( |T)\\d{2}:\\d{2}:\\d{2}(,|\\.)\\d{3}(?:Z|[-+]\\d{2}:?\\d{2})?)\\]\\s*(?<level>ERROR|WARN|INFO|DEBUG|TRACE)\\s*\\d+\\[(?<thread>[^\\]]+)\\]\\s+-\\s+(?<class>[^\\(]+)\\.(?<method>\\w+)\\((?<srcfile>[^:]+):(?<srcline>\\d+)\\)\\s+-\\s+(?<body>.*)$" }, "vmw3": { - "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}( |T)\\d{2}:\\d{2}:\\d{2}(,|\\.)\\d{3}Z?)\\s*\\|\\s*(?<level>ERROR|WARN|INFO|DEBUG)\\s*\\|\\s*(?<thread>[^\\|]+)\\s*\\|\\s*(?<class>[^\\|]+)\\s*\\|\\s+(?!\\d+\\s*\\|)(?<body>.*)$" + "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}( |T)\\d{2}:\\d{2}:\\d{2}(,|\\.)\\d{3}(?:Z|[-+]\\d{2}:?\\d{2})?)\\s*\\|\\s*(?<level>ERROR|WARN|INFO|DEBUG|TRACE)\\s*\\|\\s*(?<thread>[^\\|]+)\\s*\\|\\s*(?<class>[a-zA-Z_\\.][^\\|]+)\\s*\\|\\s+(?!\\d+\\s*\\|)(?<body>.*)$" }, "vmw-sso": { - "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}( |T)\\d{2}:\\d{2}:\\d{2}(,|\\.)\\d{3}Z?)\\s+(?<level>ERROR|WARN|INFO|DEBUG)\\s+[\\w\\-]+\\[\\d+:(?<thread>[^\\]]+)\\]\\s+\\[CorId=(?<corid>[^\\s\\]]*)(?:\\s+OpId=(?<opid>[^\\]]*))?\\]\\s+\\[(?<class>[^\\]]+)\\]\\s+(?<body>.*)$" + "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}( |T)\\d{2}:\\d{2}:\\d{2}(,|\\.)\\d{3}(?:Z|[-+]\\d{2}:?\\d{2})?)\\s+(?<level>ERROR|WARN|INFO|DEBUG|TRACE)\\s+[\\w\\-]+\\[\\d+:(?<thread>[^\\]]+)\\]\\s+\\[CorId=(?<corid>[^\\s\\]]*)(?:\\s+OpId=(?<opid>[^\\]]*))?\\]\\s+\\[(?<class>[^\\]]+)\\]\\s+(?<body>.*)$" }, "vmw-sps": { - "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}( |T)\\d{2}:\\d{2}:\\d{2}(,|\\.)\\d{3}Z?)\\s+\\[(?<thread>[^\\]]+)\\]\\s+(?<level>ERROR|WARN|INFO|DEBUG)\\s+opId=(?<opid>\\S*)\\s+(?<class>\\S+)\\s+-\\s+(?<body>.*)$" + "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}( |T)\\d{2}:\\d{2}:\\d{2}(,|\\.)\\d{3}(?:Z|[-+]\\d{2}:?\\d{2})?)\\s+\\[(?<thread>[^\\]]+)\\]\\s+(?<level>ERROR|WARN|INFO|DEBUG|TRACE)\\s+opId=(?<opid>\\S*)\\s+(?<class>\\S+)\\s+-\\s+(?<body>.*)$" } }, "level-field": "level", "opid-field": "opid", + "opid": { + "description": { + "license": { + "format": [ + { + "field": "body", + "extractor": "Invoking (.+)" + } + ] + } + } + }, "level": { "error": "ERROR", "warning": "WARN", "debug": "DEBUG", - "info": "INFO" + "info": "INFO", + "trace": "TRACE" }, "value": { "function": { @@ -141,6 +154,12 @@ }, { "line": "2022-06-01T13:42:32.742Z INFO sts-default[23:localhost-startStop-1] [CorId= OpId=] [com.vmware.identity.idm.server.provider.PooledLdapConnectionFactory] New connection created in pool PooledLdapConnectionIdentity [tenantName=null, username=vc.vlcm.com@vsphere.local, authType=SRP, useGCPort=false, connectionString=ldap://vc.vlcm.com:389]" + }, + { + "line": "2023-07-18T20:10:41.345-0700 | DEBUG | opId-229b032d-ed17-4675-b01d-4868ea35d1b9 | cls-background-executor-4 | SessionManagerImpl | Invalidated 0 expired sessions." + }, + { + "line": "2023-07-19T03:05:51.879Z invocation-vmomi-executor-1 operationID=4e543097-1a DEBUG vim.vmomi.server.impl.InvocationTask Invoking com.vmware.vim.binding.vim.LicenseManager.getEvaluation" } ] } diff --git a/src/formats/nextcloud_log.json b/src/formats/nextcloud_log.json new file mode 100644 index 0000000..9806ee0 --- /dev/null +++ b/src/formats/nextcloud_log.json @@ -0,0 +1,79 @@ +{ + "$schema": "https://lnav.org/schemas/format-v1.schema.json", + "nextcloud": { + "title": "Nextcloud server logs", + "description": "Nextcloud JSON server logs audit.log, flow.log, and nextcloud.log", + "url": "https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/logging_configuration.html?highlight=logging#log-field-breakdown", + "json": true, + "opid-field": "reqId", + "level-field": "level", + "body-field": "message", + "hide-extra": true, + "level": { + "debug": 0, + "info": 1, + "warning": 2, + "error": 3, + "fatal": 4 + }, + "timestamp-field": "time", + "convert-to-local-time": true, + "multiline": false, + "value": { + "exception": { + "kind": "json" + }, + "app": { + "kind": "string", + "identifier": true + }, + "reqId": { + "kind": "string", + "identifier": true + }, + "remoteAddr": { + "kind": "string", + "identifier": true + }, + "url": { + "kind": "string" + }, + "method": { + "kind": "string" + }, + "user": { + "kind": "string", + "identifier": true + } + }, + "line-format": [ + { + "field": "__timestamp__" + }, + " ", + { + "field": "reqId", + "max-width": 3, + "overflow": "truncate" + }, + " ", + { + "field": "remoteAddr", + "min-width": 15 + }, + " ", + { + "field": "__level__", + "text-transform": "uppercase" + }, + " ", + { + "field": "app" + }, + " ", + { + "field": "message" + } + ] + } +} diff --git a/src/formats/nextflow_log.json b/src/formats/nextflow_log.json new file mode 100644 index 0000000..c4dc39c --- /dev/null +++ b/src/formats/nextflow_log.json @@ -0,0 +1,33 @@ +{ + "$schema": "https://lnav.org/schemas/format-v1.schema.json", + "nextflow_log": { + "title": "Nextflow log format", + "description": "Format file for nextflow.io logs", + "url": [ + "https://nextflow.io/docs/latest/cli.html#execution-logs" + ], + "regex": { + "std": { + "pattern": "(?<timestamp>\\w{3}-\\d{2} \\d{2}:\\d{2}:\\d{2}\\.\\d{3}) \\[(?<thread>[^\\]]+)\\] (?<level>[^ ]+)\\s+(?<module>[^ ]+) - (?<body>.*)" + } + }, + "timestamp-format": [ + "%b-%d %H:%M:%S" + ], + "value": { + "module": { + "kind": "string", + "identifier": true + }, + "thread": { + "kind": "string", + "identifier": true + } + }, + "sample": [ + { + "line": "Mar-18 21:41:15.684 [main] DEBUG nextflow.cli.Launcher - $> nextflow run nf-core/rnaseq -profile test,docker --outdir results" + } + ] + } +} diff --git a/src/formats/pcap_log.json b/src/formats/pcap_log.json index 8ae73e2..a9e86ef 100644 --- a/src/formats/pcap_log.json +++ b/src/formats/pcap_log.json @@ -4,11 +4,17 @@ "json": true, "title": "Packet Capture", "description": "Internal format for pcap files", - "mime-types": [ - "application/vnd.tcpdump.pcap" - ], - "multiline": false, "convert-to-local-time": true, + "converter": { + "header": { + "expr": { + "pcapng": ":header REGEXP '^0a0d0d0a.{8}(?:1a2b3c4d|4d3c2b1a).*'", + "pcap": ":header REGEXP '^(?:a1b2c3d4|d4c3b2a1|a1b23c4d|4d3cb2a1).*'" + }, + "size": 24 + }, + "command": "pcap_log-converter.sh" + }, "line-format": [ { "field": "time" diff --git a/src/formats/procstate_log.json b/src/formats/procstate_log.json index 74332dd..c6fe727 100644 --- a/src/formats/procstate_log.json +++ b/src/formats/procstate_log.json @@ -5,7 +5,7 @@ "description": "Periodic dumps of process state", "regex": { "std": { - "pattern": "========== Start of system state dump at (?<timestamp>[^=]+)==========(?<body>.*)" + "pattern": "========== Start of system state dump at (?<timestamp>[^=]+) ==========(?<body>.*)" } }, "sample": [ @@ -15,7 +15,7 @@ ], "search-table": { "procstate_procs": { - "pattern": "^(?<user>\\S+)\\s+(?<pid>\\d+)\\s+(?<cpu_pct>\\d+(?:\\.\\d+)?)\\s+(?<mem_pct>\\d+(?:\\.\\d+)?)\\s+(?<vsz>\\d+)\\s+(?<rss>\\d+)\\s(?<tty>\\S+)\\s+(?<stat>\\S+)\\s+(?<start_time>\\S+)\\s+(?<cpu_time>\\S+)\\s+(?<cmd>(?<cmd_name>[^ \\n]+)(?: (?<cmd_args>[^\\n]+))?)$" + "pattern": "^(?<user>\\S+)\\s+(?:(?<ppid>\\d+)\\s+)?(?<pid>\\d+)\\s+(?<cpu_pct>\\d+(?:\\.\\d+)?)\\s+(?<mem_pct>\\d+(?:\\.\\d+)?)\\s+(?<vsz>\\d+)\\s+(?<rss>\\d+)\\s(?<tty>\\S+)\\s+(?<stat>\\S+)\\s+(?<start_time>\\S+)\\s+(?<cpu_time>\\S+)(?:\\s+(?<maj_flt>\\d+)\\s+(?<min_flt>\\d+))?\\s+(?<cmd>(?<cmd_name>[^ \\n]+)(?: (?<cmd_args>[^\\n]+))?)$" } } } diff --git a/src/formats/redis_log.json b/src/formats/redis_log.json new file mode 100644 index 0000000..faf9a5b --- /dev/null +++ b/src/formats/redis_log.json @@ -0,0 +1,59 @@ +{ + "$schema": "https://lnav.org/schemas/format-v1.schema.json", + "redis_log": { + "title": "Redis", + "url": [ + "https://redis.com", + "https://build47.com/redis-log-format-levels/" + ], + "description": "The Redis database", + "regex": { + "v2.x": { + "pattern": "\\[(?<pid>\\d+)\\]\\s+(?<timestamp>\\d{1,2} [a-zA-Z]{3} \\d{2}:\\d{2}:\\d{2}\\.\\d{3})\\s+(?<level>[\\.\\-\\*\\#])\\s+(?<body>.*)" + }, + "v3.x": { + "pattern": "(?<pid>\\d+):(?<role>[XCSM])\\s+(?<timestamp>\\d{1,2} [a-zA-Z]{3} \\d{4} \\d{2}:\\d{2}:\\d{2}\\.\\d{3})\\s+(?<level>[\\.\\*\\#\\-])\\s+(?<body>.*)" + }, + "sig": { + "pattern": "(?<pid>\\d+):(?<role>signal-handler) \\((?<timestamp>\\d+)\\) (?<body>.*)" + } + }, + "timestamp-format": [ + "%s", + "%d %b %Y %H:%M:%S.%L", + "%d %b %H:%M:%S.%L" + ], + "level": { + "debug": "^\\.$", + "trace": "^-$", + "notice": "^\\*$", + "warning": "^#$" + }, + "value": { + "level": { + "kind": "string" + }, + "pid": { + "kind": "string", + "identifier": true + }, + "role": { + "kind": "string" + }, + "timestamp": { + "kind": "string" + } + }, + "sample": [ + { + "line": "1:M 29 Aug 2023 13:47:38.984 * monotonic clock: POSIX clock_gettime" + }, + { + "line": "1:signal-handler (1693279182) Received SIGTERM scheduling shutdown..." + }, + { + "line": "[3574] 13 Apr 12:52:30.731 # Sentinel runid is 2e3b1eed9e95d760e1853e047a33bf4f8ac16c59" + } + ] + } +} diff --git a/src/formats/sssd_log.json b/src/formats/sssd_log.json index 04f3a77..9728285 100644 --- a/src/formats/sssd_log.json +++ b/src/formats/sssd_log.json @@ -6,18 +6,39 @@ "url": "http://fedorahosted.org/sssd", "regex": { "core": { - "pattern": "^\\((?<timestamp>\\S{3,8} \\S{3,8} ( \\d|\\d{2}) \\d{2}:\\d{2}:\\d{2} \\d{4})\\) \\[sssd\\] \\[(?<function>\\w+)\\] \\((?<debug_level>0x[0-9a-fA-F]{4})\\): (?<body>.*)$" + "pattern": "^\\((?<timestamp>\\S{3,8} \\S{3,8} ( \\d|\\d{2}) \\d{2}:\\d{2}:\\d{2}(?:(?:\\.|:)\\d{6})? \\d{4})\\) \\[(?<service>\\w+)\\] \\[(?<function>\\w+)\\] \\((?<debug_level>0x[0-9a-fA-F]{4})\\): (?<body>.*)$" }, "module": { - "pattern": "^\\((?<timestamp>\\S{3,8} \\S{3,8} ( \\d|\\d{2}) \\d{2}:\\d{2}:\\d{2} \\d{4})\\) \\[sssd(?<module>\\[.*?\\])\\] \\[(?<function>\\w+)\\] \\((?<debug_level>0x[0-9a-fA-F]{4})\\): (?<body>.*)$" + "pattern": "^\\((?<timestamp>\\S{3,8} \\S{3,8} ( \\d|\\d{2}) \\d{2}:\\d{2}:\\d{2}(?:(?:\\.|:)\\d{6})? \\d{4})\\) \\[(?<service>\\w+)(?<module>\\[.*?\\])\\] \\[(?<function>\\w+)\\] \\((?<debug_level>0x[0-9a-fA-F]{4})\\): (?<body>.*)$" + }, + "new-ts": { + "pattern": "^\\((?<timestamp>\\d{4}-\\d{2}-\\d{2} [ 0-9]{2}:\\d{2}:\\d{2}(?:(?:\\.|:)\\d{6})?)\\): \\[(?<service>\\w+)(?<module>\\[.*?\\])?\\] \\[(?<function>\\w+)\\] \\((?<debug_level>0x[0-9a-fA-F]{4})\\): (?<body>.*)$" } }, + "level-field": "debug_level", + "level": { + "fatal": "0x0010", + "critical": "0x0020", + "error": "0x0040", + "warning": "0x0080", + "debug": "0x0200", + "debug2": "0x0400", + "debug3": "0x1000", + "debug4": "0x2000", + "trace": "0x4000" + }, "value": { + "service": { + "kind": "string", + "identifier": true + }, "module": { - "kind": "string" + "kind": "string", + "identifier": true }, "function": { - "kind": "string" + "kind": "string", + "identifier": true }, "debug_level": { "kind": "string" @@ -32,6 +53,19 @@ }, { "line": "(Tue Mar 31 05:58:38 2015) [sssd] [start_service] (0x0100): Queueing service LDAP for startup" + }, + { + "line": "(Tue Jul 14 11:01:17:259149 2020) [sssd] [sss_ini_call_validators] (0x0020): [rule/allowed_sections]: Section [prompting/password] is not allowed. Check for typos." + }, + { + "line": "(2022-06-08 8:52:40): [be[ipa.example.com]] [sysdb_add_user] (0x0040): [RID#3] Group named aduser@example.com already exists in an MPG domain <-----", + "level": "error" + }, + { + "line": "(2022-06-14 0:31:43): [pam] [sss_process_init] (0x0010): fatal error setting up backend connector" + }, + { + "line": "(2022-06-14 0:31:47): [nss] [sbus_reconnect_attempt] (0x0020): Unable to connect to D-Bus" } ] } diff --git a/src/formats/strace_log.json b/src/formats/strace_log.json index 46c3a44..4f8f0bf 100644 --- a/src/formats/strace_log.json +++ b/src/formats/strace_log.json @@ -7,7 +7,7 @@ "multiline": false, "regex": { "std": { - "pattern": "^(?<timestamp>\\d{2}:\\d{2}:\\d{2}\\.\\d{6}) (?<syscall>\\w+)\\((?<body>.*)\\)\\s+=\\s+(?<rc>[-\\w]+)(?: (?<errno>\\w+) \\([^\\)]+\\))?(?: <(?<duration>\\d+\\.\\d+)>)?$" + "pattern": "^(?<timestamp>\\d{2}:\\d{2}:\\d{2}\\.\\d{6}|\\d+\\.\\d{6}) (?<syscall>\\w+)\\((?<body>.*)\\)\\s+=\\s+(?<rc>[-\\w]+)(?: (?<errno>\\w+) \\([^\\)]+\\))?(?: <(?<duration>\\d+\\.\\d+)>)?$" } }, "level-field": "errno", @@ -38,6 +38,9 @@ }, { "line": "08:09:33.815943 access(\"/etc/ld.so.nohwcap\", F_OK) = -1 ENOENT (No such file or directory) <0.000019>" + }, + { + "line": "1695668091.895450 execve(\"/tmp/lnav\", [\"/tmp/lnav\"], [/* 21 vars */]) = 0" } ] } diff --git a/src/formats/vmk_log.json b/src/formats/vmk_log.json index 5d93def..962575e 100644 --- a/src/formats/vmk_log.json +++ b/src/formats/vmk_log.json @@ -7,12 +7,21 @@ "regex": { "std": { "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z) cpu(?<cpu>\\d+):(?<world_id>\\d+)(?: opID=(?<opid>[^\\)]+))?\\)((?:(?<level>WARNING|ALERT)|(?<subsystem>[^:]+)): )?(?<body>.*)" + }, + "syslog": { + "pattern": "^(?<timestamp>(?:\\S{3,8}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2}|\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?Z))\\s+(?<level>\\w+)\\((?<syslog_pri>\\d+)\\)(?:\\[\\+\\]|\\+)? (?:vmkernel|vmkwarning):\\s* (?:cpu(?<cpu>\\d+):(?<world_id>\\d+)(?: opID=(?<opid>[^\\)]+))?\\))?((?:(?:WARNING|ALERT)|(?<subsystem>[^:]+)): )?(?<body>.*)" } }, + "ordered-by-time": false, "level-field": "level", "level": { - "error": "ALERT", - "warning": "WARNING" + "debug": "^Db$", + "info": "^In$", + "notice": "^No$", + "warning": "^(?:Wa|WARNING)$", + "error": "^(?:Er|ALERT)$", + "critical": "^Cr$", + "fatal": "^(?:Al|Em)$" }, "max-unrecognized-lines": 15000, "opid-field": "opid", @@ -45,6 +54,12 @@ }, { "line": "2022-06-02T02:16:57.414Z cpu31:1001392590 opID=827cfaf)<unk>: UWVMKSyscall: ForkExec:2408: hostd-worker: Found params <group=hostd-tmp,mem=10>" + }, + { + "line": "2023-08-08T15:08:36.834Z Wa(180) vmkwarning: cpu0:263421 opID=a03fc439)WARNING: Sched: vm 265285: 6404: could not create container group, status: Admission check failed for memory resource" + }, + { + "line": "2023-08-08T14:13:55Z In(182) vmkernel: VMB: 65: Reserved 4 MPNs starting @ 0x4c1" } ] } diff --git a/src/formats/vmw_log.json b/src/formats/vmw_log.json index c5c5f7b..4f4299f 100644 --- a/src/formats/vmw_log.json +++ b/src/formats/vmw_log.json @@ -6,13 +6,13 @@ "url": "https://kb.vmware.com/kb/2004201", "regex": { "6.0+": { - "pattern": "^(?:\\[#\\d+\\] )?(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}(?:Z|[-+]\\d{2}:\\d{2})) (?<level>\\w+)(?:\\(\\d+\\)+)? (?<prc>[\\w\\-]+)\\[(?<tid>\\w+)\\]:? (?:\\w+ -\\[\\d+\\] )?\\[(?<src>\\w+@\\d+)(?:\\s+sub=(?<sub>.*?(?!\\w+=)))?(?:\\s+item=(?<item>[\\w\\.\\-@/:]+))?(?: req=(?<req>[^ \\]]+))?(?: opI(?:D|d)=(?<opid>(?:req=)?[\\w@ \\-\\.:]+?(?!\\w+=)))?(?: sid=(?<sid>[^ \\]]+))?(?: user=(?<user>[^ \\]<]+(?:<[^>]+>)?))?(?: update=(?<vpxa_update>\\d+))?(?:\\s+reason=(?<reason>[^\\]]+))?\\]\\s+(?<body>.*)$" + "pattern": "^(?:\\[#\\d+\\] )?(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}(?:Z|[-+]\\d{2}:\\d{2})) (?<level>\\w+)(?:\\(\\d+\\)+)? (?<prc>[\\w\\-]+)\\[(?<tid>\\w+)\\]:? (?:\\w+ -\\[\\d+\\] )?\\[(?<src>[a-zA-Z][\\w:]*(?:@\\d+)?)(?:\\s+sub=(?<sub>.*?(?!\\w+=)))?(?:\\s+item=(?<item>[\\w\\.\\-@/:]+))?(?: req=(?<req>[^ \\]]+))?(?: opI(?:D|d)=(?<opid>(?:req=)?[\\w@ \\-\\.:]+?(?!\\w+=)))?(?: sid=(?<sid>[^ \\]]+))?(?: user=(?<user>[^ \\]<]+(?:<[^>]+>)?))?(?: update=(?<vpxa_update>\\d+))?(?:\\s+reason=(?<reason>[^\\]]+))?\\]\\s+(?:\\[(?<file>[^ ]+)\\s+(?<line>\\d+)\\]\\s+)?(?<body>.*)$" }, "6.0+-nosrc": { "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}(?:Z|[-+]\\d{2}:\\d{2})) (?<level>\\w+)(?:\\(\\d+\\)+)? (?<prc>[\\w\\-]+)\\[(?<tid>\\w+)\\]:? \\[(?:opI(?:D|d)=(?<opid>[^\\]]+))\\]\\s*(?<body>.*)$" }, "section": { - "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}(?:Z|[-+]\\d{2}:\\d{2})) (?:- last log rotation time, \\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}(?:Z|[-+]\\d{2}:\\d{2}))?\\s*(ESX KMX Agent started.|(?:- time the service was last started(?: \\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}.\\d{3}Z)?, )?Section for (?:[^,]+), pid=(?<tid>\\w+).*)" + "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}(?:Z|[-+]\\d{2}:\\d{2})) (?:- last log rotation time, \\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}(?:Z|[-+]\\d{2}:\\d{2}))?\\s*(ESX KMX Agent started.|(?:- time the service was last started(?: \\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}.\\d{3}(?:Z|[-+]\\d{2}:\\d{2}))?, )?Section for (?:[^,]+), pid=(?<tid>\\w+).*)" }, "esx-section": { "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}(?:Z|[-+]\\d{2}:\\d{2})) (?<level>\\w+)(?:\\(\\d+\\)+) (?<prc>[\\w\\-]+)\\[(?<tid>\\w+)\\]: (?:Logs rotated. \\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}(?:Z|[-+]\\d{2}:\\d{2}))?(?:- last log rotation time, \\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}(?:Z|[-+]\\d{2}:\\d{2}))?\\s*(ESX KMX Agent started.|(?:- time the service was last started(?: \\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}.\\d{3}Z)?, )?Section for (?:[^,]+), pid=(?:\\w+).*)" @@ -29,6 +29,9 @@ "hdr-ftr": { "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}(T| )\\d{2}:\\d{2}:\\d{2}(?:.|,)\\d{3}(?:Z|[-+]\\d{2}:\\d{2})) \\[(?<prc>[^\\[]+)\\[(?<tid>\\w+)\\]:\\s+(?<body>.*)\\]$" }, + "is-log": { + "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}(T| )\\d{2}:\\d{2}:\\d{2}(?:.|,)\\d{3}(?:Z|[-+]\\d{2}:\\d{2})?) (?<level>\\w+) (?<prc>[^\\[]+)\\[(?<tid>\\d+)\\]\\s+\\[(?<file>[^ ]+) (?<line>\\d+)\\]\\s+(?<body>.*)" + }, "pylog": { "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?(?:Z|[-+]\\d{2}:\\d{2})) (?<prc>[^:]+):\\s+(?<tid>\\d+):\\s+(?<comp>[^:]+):(?<line>\\d+)?\\s+(?<level>\\w+):?\\s+(?<body>.*)(?:\\n.*)?$" }, @@ -53,6 +56,102 @@ "fatal": "^(?i)(?:alert|fatal|panic|Al|Em)$" }, "opid-field": "opid", + "opid": { + "subid": "tid", + "sub-description": { + "vum": { + "format": [ + { + "field": "sub", + "extractor": "^(?!VumVapi::Utils).*$" + } + ] + } + }, + "description": { + "vum": { + "format": [ + { + "field": "body", + "extractor": "RequireAdminUserAuthz::Invoke Method is (.*)", + "suffix": "(" + }, + { + "prefix": "", + "field": "body", + "extractor": "PrivCheck: Resource:((?!com)[^,]+)|Entity Priv Result:()" + }, + { + "prefix": ") - ", + "field": "body", + "extractor": "PrivCheck: Resource:(?:com[^,]+), User:([^,]+)" + }, + { + "prefix": "", + "field": "body", + "extractor": "()Invoking method com\\..*" + } + ] + }, + "esxtokend": { + "format": [ + { + "field": "body", + "extractor": "Invoke-MethodId: (.*)" + } + ] + }, + "hostd": { + "format": [ + { + "field": "body", + "extractor": "New request: target='([^']+)'" + }, + { + "prefix": ".", + "field": "body", + "extractor": "New request: target='[^']+', method='([^']+)'" + } + ] + }, + "vpxd-invoking": { + "format": [ + { + "field": "body", + "extractor": "Invoking; <<[^,]+, <[^>]+>, <[^>]+>>, [^,]+, ([^,]+)," + } + ] + }, + "vpxd-lro": { + "format": [ + { + "field": "body", + "extractor": "\\[VpxLRO\\] -- BEGIN (?:[^ ]+) -- (?:[^ ]*) -- ([^ ]+)" + } + ] + }, + "vpxd-item": { + "format": [ + { + "field": "item" + } + ] + }, + "vsan": { + "format": [ + { + "field": "body", + "extractor": "Invoking '[^']+' on '([^']+)'" + }, + { + "prefix": ".", + "field": "body", + "extractor": "Invoking '([^']+)' on '[^']+'" + } + ] + } + } + }, "value": { "prc": { "kind": "string", @@ -64,7 +163,8 @@ }, "src": { "kind": "string", - "identifier": true + "identifier": true, + "hidden": true }, "comp": { "kind": "string", @@ -141,6 +241,17 @@ "pattern": "^Expected equality of these values:" } }, + "partitions": { + "test-partition": { + "description": "Partition for gtest sections", + "paths": [ + { + "glob": "*/test.log" + } + ], + "pattern": "^\\[ RUN \\] ([^\\n]+)" + } + }, "sample": [ { "line": "2021-05-24T20:31:05.671Z - last log rotation time, 2021-05-24T09:30:02.683Z - time the service was last started, Section for VMware ESX, pid=1000080910, version=7.0.3, build=0, option=DEBUG" @@ -235,6 +346,15 @@ }, { "line": "2022-06-02T03:20:05.107Z Db(167) Hostd[1001392035]: [Originator@6876 sub=AdapterServer opID=531c52d7-9d8a sid=52806149 user=vpxuser:<no user>] New request: target='vim.HostSystem:ha-host', method='retrieveInternalCapability', session='52806149-fe15-f6ff-7685-353ae5d93dcc'" + }, + { + "line": "2022-06-02T11:49:41.274Z INFO vsan-mgmt[51740] [VsanVcObjectHelper::wrapper opID=SWI-2230eb26-8c37] Ready to get single executor result for the key ['_QuerySpaceUsage', 'vsan-cluster-space-report-system', 'domain-c115', '', 'False'] in timeout 600\n2022-06-02T12:23:46.807Z [pool-2-thread-18] INFO opId= com.vmware.vim.storage.common.task.CustomThreadPoolExecutor - [VLSI-client] Request took 4 millis to execute.\n2022-06-02T12:26:24.319Z INFO vsan-mgmt[16622] [VsanVcPerformanceManagerImpl::QueryClusterHealth opID=21fcddd1] CMMDS primary exists but no stats primary, check node information again.\n2022-06-02T12:26:27.109Z info vsanvcmgmtd[38723] [vSAN@6876 sub=CnsSync] Sync ds:///vmfs/volumes/5f65bf61-0e36b15d-fbd6-005056a00b50/: startVClock = 0, fullSync = true" + }, + { + "line": "2023-08-04T11:01:42.873-07:00 info vmware-vum-server[192680] [Originator@6876 sub=Libs] lib/ssl: OpenSSL using FIPS provider" + }, + { + "line": "2023-10-28 02:56:46,013 INFO imageService[139745105131968] [imageService 1092] Image service is initialized" } ] } diff --git a/src/formats/vmw_py_log.json b/src/formats/vmw_py_log.json index 0ce5ed4..d4cfe5d 100644 --- a/src/formats/vmw_py_log.json +++ b/src/formats/vmw_py_log.json @@ -38,7 +38,10 @@ "line": "2022-06-01T13:23:25.515 [2376]DEBUG:vmware.vherd.base.detwist:method = com.vmware.appliance.version1.networking.interfaces.list, args = ()" }, { - "line": "2022-06-01T13:23:25.31 [2376]DEBUG:com.vmware.vherd.base.detwist:method = com.vmware.appliance.version1.system.version.get, args = ()" + "line": "2022-06-01T13:23:25.310 [2376]DEBUG:com.vmware.vherd.base.detwist:method = com.vmware.appliance.version1.system.version.get, args = ()" + }, + { + "line": "2023-07-19T02:47:11 AM UTC [1670]DEBUG:firewall-reload:Processing system service 'sshd' firewall rules." } ] } diff --git a/src/formats/vmw_vc_svc_log.json b/src/formats/vmw_vc_svc_log.json index ed507f7..430152e 100644 --- a/src/formats/vmw_vc_svc_log.json +++ b/src/formats/vmw_vc_svc_log.json @@ -6,10 +6,54 @@ "url": "https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-2A989D79-463C-4EC8-A5F2-CDC3A2C827FB.html", "regex": { "std": { - "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z)\\s+(?<level>\\w+)\\s+(?<module>\\w+)\\s\\[(?<srcfile>[^:]+):(?<srcline>\\d+)\\](\\s+\\[opID=(?<opid>[^\\]]+)\\])?\\s+(?<body>.*)" + "pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{1,3}Z)\\s+(?<level>\\w+)\\s+(?<module>\\w+)\\s\\[(?<srcfile>[^:]+):(?<srcline>\\d+)\\](\\s+\\[opID=(?<opid>[^\\]]+)\\])?\\s+(?<body>.*)" } }, "opid-field": "opid", + "opid": { + "description": { + "get-changes": { + "format": [ + { + "field": "body", + "extractor": "(GetChanges for sequence token: \\d+)" + } + ] + }, + "resource-model-query": { + "format": [ + { + "field": "body", + "extractor": "ResourceModel query" + } + ] + }, + "create-session": { + "format": [ + { + "field": "body", + "extractor": "(Created session for .*)" + } + ] + }, + "delete-session": { + "format": [ + { + "field": "body", + "extractor": "Deleting session for .*" + } + ] + }, + "vlcm-download": { + "format": [ + { + "field": "body", + "extractor": "Validating the URL: .*(/[^/]+)" + } + ] + } + } + }, "value": { "body": { "kind": "string" @@ -42,6 +86,10 @@ { "line": "2022-06-02T08:35:17.031Z info vlcm [logger/teelogger.go:47] [opID=vapi] Loading Introspection Services", "level": "info" + }, + { + "line": "2023-07-19T03:05:15.97Z info vlcm [serviceconfig/config.go:377] Getting timeout properties for deployment type: tiny", + "level": "info" } ] } diff --git a/src/formats/vpostgres_log.json b/src/formats/vpostgres_log.json new file mode 100644 index 0000000..9a7132b --- /dev/null +++ b/src/formats/vpostgres_log.json @@ -0,0 +1,51 @@ +{ + "$schema": "https://lnav.org/schemas/format-v1.schema.json", + "vpostgres_log": { + "title": "VMWare PostgreSQL", + "description": "Format for vpostgresql log files with format '%m %c %x %d %u %r %p %l'", + "url": [ + "https://www.postgresql.org/docs/current/runtime-config-logging.html#GUC-LOG-LINE-PREFIX" + ], + "regex": { + "std": { + "pattern": "(?<timestamp>\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}\\.\\d{3} \\S+) (?<session_id>[^ ]*) (?<transaction_id>[^ ]*) (?<db_name>[^ ]*) (?<user>[^ ]*) (?<remote_pair>[^ ]*) (?<pid>[^ ]+) (?<num_line>\\d+)(?<level>[^:]+):\\s+(?<body>.*)" + } + }, + "opid-field": "session_id", + "value": { + "db_name": { + "kind": "string", + "identifier": true + }, + "pid": { + "kind": "string", + "identifier": true + }, + "remote_pair": { + "kind": "string", + "identifier": true + }, + "session_id": { + "kind": "string", + "identifier": true + }, + "transaction_id": { + "kind": "string", + "identifier": true + }, + "user": { + "kind": "string", + "identifier": true + }, + "num_line": { + "kind": "integer", + "foreign-key": true + } + }, + "sample": [ + { + "line": "2023-07-25 02:14:09.790 UTC 64bf2ff1.21fc1e 0 VCDB vumuser [local] 2227230 5LOG: disconnection: session time: 0:00:00.012 user=vumuser database=VCDB host=[local]" + } + ] + } +} |