1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
{
"$schema": "https://lnav.org/schemas/format-v1.schema.json",
"esx_syslog_log": {
"title": "ESXi Syslog",
"description": "Format specific to the ESXi syslog",
"regex": {
"std": {
"pattern": "^(?<timestamp>(?:\\S{3,8}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2}|\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?Z))\\s+(?<level>\\w+)\\((?<syslog_pri>\\d+)\\)(?:\\[\\+\\]|\\+)?(?:(?: (?<log_syslog_tag>(?<log_procname>(?:[^\\[:]+|[^:]+))(?:\\[(?<log_pid>\\d+)\\])?):\\s*(?:\\w+ \\[(?<logger>[^ ]+)(?: op[iI][dD]=(?<opid>[^ \\]]+))?\\]\\s*)?(?<body>.*))$|:?(?:(?: ---)? last message repeated \\d+ times?(?: ---)?))"
},
"host": {
"pattern": "^(?<timestamp>(?:\\S{3,8}\\s+\\d{1,2} \\d{2}:\\d{2}:\\d{2}|\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}(?:\\.\\d{3})?Z))\\s+(?<level>\\w+)\\((?<syslog_pri>\\d+)\\)(?:\\[\\+\\]|\\+)?(?:(?: (?<log_syslog_tag>(?:host-(?<log_pid>\\d+))?)\\s+(?<body>.*))$|:?(?:(?: ---)? last message repeated \\d+ times?(?: ---)?))"
},
"notime": {
"pattern": "^(?<timestamp>\\d{4}-\\d{2}-\\d{2})\\s+(?<level>\\w+)\\((?<syslog_pri>\\d+)\\)\\s+(?<log_procname>[^\\[]+)\\[(?<log_pid>\\d+)\\]:\\s(?<new_time>\\d{2}:\\d{2}:\\d{2}\\.\\d+)\\s+(?<body>.*)"
}
},
"level": {
"debug": "^Db$",
"info": "^In$",
"notice": "^No$",
"warning": "^Wa$",
"error": "^Er$",
"critical": "^Cr$",
"fatal": "^(?:Al|Em)$"
},
"opid-field": "opid",
"opid": {
"subid": "log_syslog_tag",
"description": {
"settingsd": {
"format": [
{
"field": "body",
"extractor": "^Authz::Invoke method: (.+)"
}
]
}
}
},
"time-field": "new_time",
"multiline": false,
"value": {
"body": {
"kind": "string"
},
"log_pid": {
"kind": "string",
"identifier": true
},
"log_procname": {
"kind": "string",
"identifier": true
},
"log_syslog_tag": {
"kind": "string"
},
"opid": {
"kind": "string",
"identifier": true
},
"syslog_pri": {
"kind": "string"
},
"timestamp": {
"kind": "string"
}
},
"sample": [
{
"line": "2022-06-02T05:34:56.746Z In(14) ConfigStore[1001430703]: Log for ConfigStore version=1.0 build=build-19833347 option=BETA"
},
{
"line": "2022-06-02T05:34:23Z In(14)[+] hostprofile[1001430319]: {'mode': 'Disabled', 'exceptionUsers': []}"
},
{
"line": "2022-06-02 In(14) hostprofile[1001430319]: 05:34:23.666 {'mode': 'Disabled', 'exceptionUsers': []}"
},
{
"line": "2022-06-01T13:42:40.681Z In(05) host-16250 <analytics> Skip service health check. State STOPPED, Curr request 0"
},
{
"line": "2023-08-09T14:42:43.094Z In(14) settingsd[263657]: debug [ConfigStore:c5f9ac2700 opId=cabbdb94-0afb-4d23-9203-e901779b9b04] [RunCommand] About to run command /usr/bin/python /usr/lib/vmware/lifecycle/bin/imagemanagerctl.py VIB --list-all"
},
{
"line": "2022-05-17T07:39:38.357Z In(9) watchdog-vobd[1001390409]: Executing '/usr/lib/vmware/vob/bin/vobd ++securitydom=vobdDom'"
},
{
"line": "2023-11-07T19:17:28.030Z In(14) settingsd[2099680]: [Ticket] Deleted ticket /var/run/vmware/tickets/vmtck-31182534-c078-88"
}
]
}
}
|
