Merging upstream version 1.45.3+dfsg.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 172 insertions, 0 deletions

diff --git a/src/fluent-bit/conf/parsers_extra.conf b/src/fluent-bit/conf/parsers_extra.conf
new file mode 100644
index 000000000..afe48c1ae
--- /dev/null
+++ b/src/fluent-bit/conf/parsers_extra.conf
@@ -0,0 +1,172 @@
+# Extra set of common parsers
+
+[PARSER]
+    # http://rubular.com/r/cCVd1HLCAO
+    Name crowbar
+    Format regex
+    Regex ^.*\[(?<log_time>[^ ][-.\d\+:]+T[:\d]*)([^\]])*?\]\s+?(?<severity>[^ ]\w+)([\s-]*):?\s+(?<message>.*)
+    Time_Format %Y-%m-%dT%H:%M:%S
+    Time_Keep Off
+    Time_Key log_time
+
+[PARSER]
+    # http://rubular.com/r/frDgnElXW9 
+    Name chefclient
+    Format regex
+    Regex ^\[(?<log_time>[^ ][-.\d\+:]+T[:\d]*)([^\]])*?\]\s+(?<severity>[^ ]\w+):\s+(?<message>.*)$
+    Time_Format %Y-%m-%dT%H:%M:%S
+    Time_Keep Off
+    Time_Key log_time
+
+[PARSER]
+    Name mysql_error
+    Format regex
+    #Regex ^(?<log_time>[^ +][ -:0-9TZ]+|[[:upper:]][[:lower:]]{2})(\+\d+:\d+[TZ]*){0,1}\s*(?<myid>[^ ]\d+)\s+\[(?<severity>[^ ]\w+)\](\s+(?<subsystem>[^ ]\w+):){0,1}\s+(?<message>.*)$
+    Regex ^(?<log_time>[^ +][-\d]+[\ T]*[:\dZ]+)\s*(?<myid>[^ ]\d+)\s+\[(?<severity>[^ ]\w+)\](\s+(?<subsystem>[^ ]\w+):){0,1}\s+(?<message>.*)$
+    Time_Format %Y-%m-%d %H:%M:%S
+    Time_Keep   Off
+    Time_Key log_time
+
+[PARSER]
+    Name mysql_slow
+    Format regex
+    Regex ^# User\@Host:\s+(?<user>[^\@][\w\[\]]+)[@\s]+(?<dbhost>[^ ][-.\w]+)\s+(\[(?<dbhost_address>[.\d]+)\]){0,1}\s+(?<message>.*)$
+
+[PARSER]
+    Name pacemaker
+    Format regex
+    Regex ^\s*(?<log_time>[^ ]* {1,2}[^ ]* [^ ]*) \[(?<pid>\d+)\] (?<node>[\-\w]*)\s*(?<component>\w*):\s+(?<severity>\w+):\s+(?<message>.*)$
+    #Time_Format %Y-%m-%dT%H:%M:%S
+    Time_Format %b %d %H:%M:%S
+    Time_Keep   Off
+    Time_Key log_time
+    #Types pid:integer
+
+[PARSER]
+    Name rabbitmq
+    Format regex
+    Regex ^=(?<severity>[^ ]\w+)\s+REPORT[=\s]*(?<log_time>[^ =][-:.\d\w]+)[\s=]+(?<message>.*)$
+    Time_Format %d-%b-%Y::%H:%M:%S
+    Time_Keep   Off
+    Time_Key log_time
+
+[PARSER]
+    Name http_statement
+    Format regex
+    Regex ^.*((?<req_method>GET|POST|PUT|DELETE|CONNECT|OPTIONS|HEAD[^ ]\w+)\s*(?<req_path>[^ ][-._?=%&\/[:alnum:]]*)\s*(?<req_protocol>[^ ][.\/\dHTFSP]+){0,1})(['"\s]*){0,1}((\s*status:\s*(?<req_status>[^ ]\d+)){0,1}(\s*len:\ (?<req_len>[^ ]\d+)){0,1}(\s*time:\s*(?<req_log_time>[^ ][.\d]+)){0,1}(\s*microversion:\s*(?<req_mver>[^ ][.\d]+)){0,1}){0,1}$
+
+[PARSER]
+    Name universal
+    Format regex
+    Regex ^(?<message>.*)$
+
+[PARSER]
+    Name uuid
+    Format regex
+    Regex (?<uuid>[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})
+#UUID v1 :
+#/^[0-9A-F]{8}-[0-9A-F]{4}-[1][0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$/i
+#UUID v2 :
+#/^[0-9A-F]{8}-[0-9A-F]{4}-[2][0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$/i
+#UUID v3 :
+#/^[0-9A-F]{8}-[0-9A-F]{4}-[3][0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$/i
+#UUID v4 :
+#/^[0-9A-F]{8}-[0-9A-F]{4}-[4][0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$/i
+#UUID v5 :
+#/^[0-9A-F]{8}-[0-9A-F]{4}-[5][0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$/i
+
+# Parse IP Tables rules - this one regex should capture pretty much any IP Tables rule and split it into the various fields
+[PARSER]
+    Name iptables
+    Format regex
+    Regex \[(?<rule_chain>\w*)-(?<rule_name>\w*)-(?<accept_or_drop>\w*)\]IN=(?<in_interface>[\w.]+)? OUT=(?<out_interface>[\w.]+)? MAC=(?<mac_address>[\w:]+)? SRC=(?<source>(?:[0-9]{1,3}\.){3}[0-9]{1,3}) DST=(?<dest>(?:[0-9]{1,3}\.){3}[0-9]{1,3}) LEN=(?<pkt_len>\d+) TOS=(?<pkt_tos>[\w\d]+) PREC=(?<pkt_prec>[\w\d]+) TTL=(?<pkt_ttl>\d+) ID=(?<pkt_id>\d+)\s?(?<pkg_frg>[A-Z\s].?)\s?PROTO=(?<protocol>[\w\d]+) (SPT=(?<source_port>.*) DPT=(?<dest_port>.*) (LEN=(?<proto_pkt_len>\w+)?)?(WINDOW=(?<proto_window_size>\d+) RES=(?<pkt_res>\w+)? (?<pkt_type>\w+)\s((?<pkt_flag>\w+)?)\s?URGP=(?<pkg_urgency>\d))? )?(TYPE=(?<pkt_icmp_type>\d+) CODE=(?<pkt_icmp_code>\d+) ID=(?<pkt_icmp_id>\d+) SEQ=(?<pkt_icmp_seq>\d+) )?$
+    Types source_port:integer,dest_port:integer,pkt_ttl:integer,pkt_tos:integer,pkt_len:integer
+
+# Various parsers for Couchbase Server logs
+
+[PARSER]
+    Name         couchbase_json_log_nanoseconds
+    Format       json
+    Time_Key     timestamp
+    Time_Format  %Y-%m-%dT%H:%M:%S.%L
+    Time_Keep    On 
+    # Do not remove the time field from the output we ship
+
+[PARSER]
+    Name         couchbase_rebalance_report
+    Format       json
+    Time_Key     timestamp
+    Time_Format  %Y-%m-%dT%H:%M:%SZ
+    Time_Keep    On 
+
+# The level may have optional brackets around it
+[PARSER]
+    Name         couchbase_simple_log
+    Format       regex
+    Regex        ^(?<timestamp>\d+-\d+-\d+T\d+:\d+:\d+\.\d+(\+|-)\d+:\d+)\s+\[(?<level>\w+)\](?<message>.*)$
+    Time_Key     timestamp
+    Time_Format  %Y-%m-%dT%H:%M:%S.%L%z
+    Time_Keep    On
+
+[PARSER]
+    Name         couchbase_simple_log_space_separated
+    Format       regex
+    Regex        ^(?<timestamp>\d+-\d+-\d+T\d+:\d+:\d+\.\d+(\+|-)\d+:\d+)\s+(?<level>\w+)\s+(?<message>.*)$
+    Time_Key     timestamp
+    Time_Format  %Y-%m-%dT%H:%M:%S.%L%z
+    Time_Keep    On
+
+# Slight change in time format to use Z at end instead of offset:
+# 2021-03-09T17:32:02.136Z INFO ...
+# https://rubular.com/r/EpG3M1dHb5AnTC
+[PARSER]
+    Name         couchbase_simple_log_utc
+    Format       regex
+    Regex        ^(?<timestamp>\d+-\d+-\d+T\d+:\d+:\d+\.\d+Z)\s+(?<level>\w+)(?<message>.*)$
+    Time_Key     timestamp
+    Time_Format  %Y-%m-%dT%H:%M:%S.%LZ
+    Time_Keep    On
+
+# Cope with two different log formats, e.g.:
+# 2021/03/09 17:32:15 cbauth: ...
+# 2021-03-09T17:32:15.303+00:00 [INFO] ...
+# https://rubular.com/r/XUt7xQqEJnrF2M
+[PARSER]
+    Name         couchbase_simple_log_mixed
+    Format       regex
+    Regex        ^(?<timestamp>\d+(-|/)\d+(-|/)\d+(T|\s+)\d+:\d+:\d+(\.\d+(\+|-)\d+:\d+|))\s+((\[)?(?<level>\w+)(\]|:))(?<message>.*)$
+    Time_Key     timestamp
+    Time_Keep    On
+# We cannot parse the time as different formats directly, it could be done downstream and/or left as current time
+
+[PARSER]
+    Name         couchbase_erlang_multiline
+    Format       regex
+    # For some reason this cannot parse an ending close bracket ] followed by a new line immediately
+    #Regex        \[(?<logger>\w+):(?<level>\w+),(?<timestamp>\d+-\d+-\d+T\d+:\d+:\d+.\d+Z),.*\](?<message>.*)$
+    Regex        \[(?<logger>\w+):(?<level>\w+),(?<timestamp>\d+-\d+-\d+T\d+:\d+:\d+.\d+Z),(?<message>.*)$
+    Time_Key     timestamp
+    Time_Format  %Y-%m-%dT%H:%M:%S.%L   
+    Time_Keep    On
+
+# 2021-03-09T17:32:25.339+00:00 INFO CBAS.bootstrap.AnalyticsNCApplication [main] ...
+# https://rubular.com/r/9jh1oKtXBN5GEV
+# Can include an exception stack trace or a thread dump as well but ignoring these for now
+[PARSER]
+    Name         couchbase_java_multiline
+    Format       regex
+    Regex        ^(?<timestamp>\d+-\d+-\d+T\d+:\d+:\d+\.\d+(\+|-)\d+:\d+)\s+(?<level>\w+)\s+(?<class>.*)\s+\[(?<thread>.*)\]\s+(?<message>.*)$
+    Time_Key     timestamp
+    Time_Format  %Y-%m-%dT%H:%M:%S.%L%z
+    Time_Keep    On
+
+# A slight modification of the usual Apache/Apache2 parsers
+[PARSER]
+    Name         couchbase_http
+    Format       regex
+    Regex        ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<timestamp>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*) - (?<client>.*)$
+    Time_Key     timestamp
+    Time_Format %d/%b/%Y:%H:%M:%S %z
+    Time_Keep    On
+
+# End of Couchbase Server parsers