From 62e4c68907d8d33709c2c1f92a161dff00b3d5f2 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 15 Apr 2024 22:01:36 +0200 Subject: Adding upstream version 0.11.2. Signed-off-by: Daniel Baumann --- src/formats/sudo_log.json | 48 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 src/formats/sudo_log.json (limited to 'src/formats/sudo_log.json') diff --git a/src/formats/sudo_log.json b/src/formats/sudo_log.json new file mode 100644 index 0000000..d2ee72c --- /dev/null +++ b/src/formats/sudo_log.json @@ -0,0 +1,48 @@ +{ + "$schema": "https://lnav.org/schemas/format-v1.schema.json", + "sudo_log": { + "title": "sudo", + "description": "The sudo privilege management tool.", + "url": "", + "regex": { + "std": { + "module-format": true, + "pattern": "^(?\\S+)\\s*: (?:(?[^;]+);)?\\s*TTY=(?[^;]+)\\s+;\\s*PWD=(?[^;]+)\\s+;\\s*USER=(?[^;]+)\\s+;\\s*COMMAND=(?.*)$" + } + }, + "level-field": "error_msg", + "level": { + "error": ".+" + }, + "value": { + "login": { + "kind": "string", + "identifier": true + }, + "error_msg": { + "kind": "string" + }, + "tty": { + "kind": "string" + }, + "pwd": { + "kind": "string" + }, + "user": { + "kind": "string", + "identifier": true + }, + "command": { + "kind": "string" + } + }, + "sample": [ + { + "line": "stack : 3 incorrect password attempts ; TTY=ttys005 ; PWD=/Users/stack/ClionProjects/lbuild ; USER=root ; COMMAND=/bin/ls" + }, + { + "line": "stack : TTY=ttys005 ; PWD=/Users/stack/ClionProjects/lbuild ; USER=root ; COMMAND=/bin/ls" + } + ] + } +} \ No newline at end of file -- cgit v1.2.3