From 9d733541edd27f966c87dd9cbaa4a1ba85f2dc4c Mon Sep 17 00:00:00 2001 From: akbarjimi Date: Tue, 16 Mar 2021 19:35:50 +0330 Subject: [PATCH 1/2] Enable content pack automatic loader --- docker-compose.yml | 5 + liwo.json | 996 ++++++++++++++++++++++++--------------------- 2 files changed, 543 insertions(+), 458 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 36e5eed..338e54e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -132,9 +132,14 @@ services: networks: - hi-user graylog: + user: graylog container_name: "graylog" image: graylog/graylog:4.0.5 + volumes: + - ./liwo.json:/usr/share/graylog/data/contentpacks/liwo.json environment: + GRAYLOG_CONTENT_PACKS_LOADER_ENABLED: "true" + GRAYLOG_CONTENT_PACKS_AUTO_INSTALL: "liwo.json" GRAYLOG_HTTP_EXTERNAL_URI: "http://127.0.0.1:9000/" GRAYLOG_PASSWORD_SECRET: supersecretpassword GRAYLOG_ROOT_PASSWORD_SHA2: "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918" diff --git a/liwo.json b/liwo.json index 706def3..5e9fc6f 100644 --- a/liwo.json +++ b/liwo.json @@ -1,103 +1,49 @@ { "v": 1, - "id": "2aa0878d-6246-4763-a90f-46a91120e87b", + "id": "349bde6e-bc66-427a-8cec-67c717f0c8a0", "rev": 1, "name": "Liwo", "summary": "Liwo", "description": "", - "vendor": "akbarjimi", + "vendor": "Liwo", "url": "", "parameters": [], "entities": [ - { - "v": "1", - "type": { - "name": "grok_pattern", - "version": "1" - }, - "id": "2f1e3986-c53c-424a-a5f4-289a8df7c8f5", - "data": { - "name": "CISCOMAC", - "pattern": "(?:(?:[A-Fa-f0-9]{4}\\.){2}[A-Fa-f0-9]{4})" - }, - "constraints": [ - { - "type": "server-version", - "version": ">=4.0.5+d95b909" - } - ] - }, - { - "v": "1", - "type": { - "name": "grok_pattern", - "version": "1" - }, - "id": "7fed04d3-9f53-4513-9768-ea5cd873ef05", - "data": { - "name": "MONTHNUM", - "pattern": "(?:0?[1-9]|1[0-2])" - }, - "constraints": [ - { - "type": "server-version", - "version": ">=4.0.5+d95b909" - } - ] - }, - { - "v": "1", - "type": { - "name": "grok_pattern", - "version": "1" - }, - "id": "b5b008ad-459a-44c7-bc3c-bc715b21d685", - "data": { - "name": "SYSLOGBASE", - "pattern": "%{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:" - }, - "constraints": [ - { - "type": "server-version", - "version": ">=4.0.5+d95b909" - } - ] - }, { "v": "1", "type": { "name": "sidecar_collector", "version": "1" }, - "id": "e5fdce7e-e209-4bc5-b233-b89d91cfc8e9", + "id": "66ff4ca8-cd50-460e-91dc-9123f678dd43", "data": { "name": { "@type": "string", - "@value": "nxlog" + "@value": "filebeat" }, "service_type": { "@type": "string", - "@value": "svc" + "@value": "exec" }, "node_operating_system": { "@type": "string", - "@value": "windows" + "@value": "linux" }, "executable_path": { "@type": "string", - "@value": "C:\\Program Files (x86)\\nxlog\\nxlog.exe" + "@value": "/usr/share/filebeat/bin/filebeat" }, "execute_parameters": { "@type": "string", - "@value": "-c \"%s\"" + "@value": "-c %s" }, "validation_parameters": { "@type": "string", - "@value": "-v -f -c \"%s\"" + "@value": "test config -c %s" }, "default_template": { "@type": "string", - "@value": "define ROOT C:\\Program Files (x86)\\nxlog\n\nModuledir %ROOT%\\modules\nCacheDir %ROOT%\\data\nPidfile %ROOT%\\data\\nxlog.pid\nSpoolDir %ROOT%\\data\nLogFile %ROOT%\\data\\nxlog.log\nLogLevel INFO\n\n\n Module xm_fileop\n \n When @daily\n Exec file_cycle('%ROOT%\\data\\nxlog.log', 7);\n \n\n\n\n\n Module xm_gelf\n # Avoid truncation of the short_message field to 64 characters.\n ShortMessageLength 65536\n\n\n\n Module im_msvistalog\n PollInterval 1\n SavePos True\n ReadFromLast True\n \n #Channel System\n #\n # \n # \n # \n # \n # \n #\n\n\n\n\n\tModule im_file\n\tFile 'C:\\Windows\\MyLogDir\\\\*.log'\n\tPollInterval 1\n\tSavePos\tTrue\n\tReadFromLast True\n\tRecursive False\n\tRenameCheck False\n\tExec $FileName = file_name(); # Send file name with each message\n\n\n\n\n\tModule om_tcp\n\tHost 192.168.1.1\n\tPort 12201\n\tOutputType GELF_TCP\n\t\n\t # These fields are needed for Graylog\n\t $gl2_source_collector = '${sidecar.nodeId}';\n\t $collector_node_id = '${sidecar.nodeName}';\n\t\n\n\n\n\n Path eventlog => gelf\n\n\n Path file => gelf\n\n\n" + "@value": "# Needed for Graylog\nfields_under_root: true\nfields.collector_node_id: ${sidecar.nodeName}\nfields.gl2_source_collector: ${sidecar.nodeId}\n\nfilebeat.inputs:\n- input_type: log\n paths:\n - /var/log/*.log\n type: log\noutput.logstash:\n hosts: [\"192.168.1.1:5044\"]\npath:\n data: /var/lib/graylog-sidecar/collectors/filebeat/data\n logs: /var/lib/graylog-sidecar/collectors/filebeat/log" } }, "constraints": [ @@ -113,10 +59,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "e3d488c0-7439-404a-a614-b39795b01de1", + "id": "92f767af-fb4f-40cb-90ba-c2f05d8a74ee", "data": { - "name": "GREEDYDATA", - "pattern": ".*" + "name": "SYSLOGTIMESTAMP", + "pattern": "%{MONTH} +%{MONTHDAY} %{TIME}" }, "constraints": [ { @@ -131,7 +77,7 @@ "name": "dashboard", "version": "2" }, - "id": "b00f36f9-201b-476b-b234-07b65bd26541", + "id": "14132da6-1cc2-4ffe-a735-e5c0a174f11e", "data": { "summary": { "@type": "string", @@ -203,11 +149,11 @@ { "type": "values", "field": "source", - "limit": 15 + "limit": 10 } ], "type": "pivot", - "id": "011b2894-49e5-44d8-aab6-8c4d4457a886", + "id": "a964f1c5-e108-4b5e-a907-ffe0b0f0683c", "column_groups": [], "sort": [ { @@ -238,11 +184,11 @@ { "type": "values", "field": "source", - "limit": 10 + "limit": 15 } ], "type": "pivot", - "id": "a964f1c5-e108-4b5e-a907-ffe0b0f0683c", + "id": "011b2894-49e5-44d8-aab6-8c4d4457a886", "column_groups": [], "sort": [ { @@ -321,7 +267,7 @@ } }, { - "id": "6c127c5d-be75-4157-b43f-ac0194ac0586", + "id": "00637e63-d728-4b3e-932b-7c8696b4855d", "type": "aggregation", "filter": null, "timerange": { @@ -331,14 +277,17 @@ "query": null, "streams": [], "config": { - "visualization": "table", + "visualization": "line", "event_annotation": false, "row_pivots": [ { - "field": "source", - "type": "values", + "field": "timestamp", + "type": "time", "config": { - "limit": 15 + "interval": { + "type": "auto", + "scaling": null + } } } ], @@ -354,17 +303,11 @@ "column_pivots": [], "visualization_config": null, "formatting_settings": null, - "sort": [ - { - "type": "series", - "field": "count()", - "direction": "Descending" - } - ] + "sort": [] } }, { - "id": "00637e63-d728-4b3e-932b-7c8696b4855d", + "id": "6c127c5d-be75-4157-b43f-ac0194ac0586", "type": "aggregation", "filter": null, "timerange": { @@ -374,17 +317,14 @@ "query": null, "streams": [], "config": { - "visualization": "line", + "visualization": "table", "event_annotation": false, "row_pivots": [ { - "field": "timestamp", - "type": "time", + "field": "source", + "type": "values", "config": { - "interval": { - "type": "auto", - "scaling": null - } + "limit": 15 } } ], @@ -400,7 +340,13 @@ "column_pivots": [], "visualization_config": null, "formatting_settings": null, - "sort": [] + "sort": [ + { + "type": "series", + "field": "count()", + "direction": "Descending" + } + ] } } ], @@ -468,10 +414,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "1da7f012-0a89-46a5-910c-75c1918289a5", + "id": "00bace8f-a5e8-42e1-88a3-afc34c5887a6", "data": { - "name": "BASE16NUM", - "pattern": "(?(?\"(?>\\\\.|[^\\\\\"]+)+\"|\"\"|(?>'(?>\\\\.|[^\\\\']+)+')|''|(?>`(?>\\\\.|[^\\\\`]+)+`)|``))" }, "constraints": [ { @@ -501,31 +447,39 @@ { "v": "1", "type": { - "name": "grok_pattern", + "name": "sidecar_collector", "version": "1" }, - "id": "497ef367-b27b-42bb-a81c-50bd29f4817c", + "id": "954fdaf3-c6ef-4012-b730-a0fa89645b40", "data": { - "name": "HTTPD20_ERRORLOG", - "pattern": "\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{LOGLEVEL:loglevel}\\] (?:\\[client %{IPORHOST:clientip}\\] ){0,1}%{GREEDYDATA:errormsg}" - }, - "constraints": [ - { - "type": "server-version", - "version": ">=4.0.5+d95b909" + "name": { + "@type": "string", + "@value": "nxlog" + }, + "service_type": { + "@type": "string", + "@value": "svc" + }, + "node_operating_system": { + "@type": "string", + "@value": "windows" + }, + "executable_path": { + "@type": "string", + "@value": "C:\\Program Files (x86)\\nxlog\\nxlog.exe" + }, + "execute_parameters": { + "@type": "string", + "@value": "-c \"%s\"" + }, + "validation_parameters": { + "@type": "string", + "@value": "-v -f -c \"%s\"" + }, + "default_template": { + "@type": "string", + "@value": "define ROOT C:\\Program Files (x86)\\nxlog\n\nModuledir %ROOT%\\modules\nCacheDir %ROOT%\\data\nPidfile %ROOT%\\data\\nxlog.pid\nSpoolDir %ROOT%\\data\nLogFile %ROOT%\\data\\nxlog.log\nLogLevel INFO\n\n\n Module xm_fileop\n \n When @daily\n Exec file_cycle('%ROOT%\\data\\nxlog.log', 7);\n \n\n\n\n\n Module xm_gelf\n # Avoid truncation of the short_message field to 64 characters.\n ShortMessageLength 65536\n\n\n\n Module im_msvistalog\n PollInterval 1\n SavePos True\n ReadFromLast True\n \n #Channel System\n #\n # \n # \n # \n # \n # \n #\n\n\n\n\n\tModule im_file\n\tFile 'C:\\Windows\\MyLogDir\\\\*.log'\n\tPollInterval 1\n\tSavePos\tTrue\n\tReadFromLast True\n\tRecursive False\n\tRenameCheck False\n\tExec $FileName = file_name(); # Send file name with each message\n\n\n\n\n\tModule om_tcp\n\tHost 192.168.1.1\n\tPort 12201\n\tOutputType GELF_TCP\n\t\n\t # These fields are needed for Graylog\n\t $gl2_source_collector = '${sidecar.nodeId}';\n\t $collector_node_id = '${sidecar.nodeName}';\n\t\n\n\n\n\n Path eventlog => gelf\n\n\n Path file => gelf\n\n\n" } - ] - }, - { - "v": "1", - "type": { - "name": "grok_pattern", - "version": "1" - }, - "id": "42fd8b52-5bb5-40a0-9b83-efe71775d4b4", - "data": { - "name": "SECOND", - "pattern": "(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)" }, "constraints": [ { @@ -540,10 +494,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "5c41392a-5c34-4757-8d8d-2d36b95dab67", + "id": "2e477fbe-615c-4cf9-a48e-48ace38d1591", "data": { - "name": "LOGLEVEL", - "pattern": "([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)" + "name": "DAY", + "pattern": "(?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)" }, "constraints": [ { @@ -558,10 +512,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "94f1ae77-2e19-43fc-98dd-0b1ecfdb6076", + "id": "53f544b2-0323-4d77-8df0-29461b916318", "data": { - "name": "MINUTE", - "pattern": "(?:[0-5][0-9])" + "name": "DATESTAMP_OTHER", + "pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR}" }, "constraints": [ { @@ -576,10 +530,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "31102730-a557-4714-92bd-379b6838baab", + "id": "8caea7c6-e2ea-461b-81d4-04c2e17fb490", "data": { - "name": "HTTPDUSER", - "pattern": "%{EMAILADDRESS}|%{USER}" + "name": "CISCOMAC", + "pattern": "(?:(?:[A-Fa-f0-9]{4}\\.){2}[A-Fa-f0-9]{4})" }, "constraints": [ { @@ -594,10 +548,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "297f4106-f19d-44f5-a860-111f0cec7f55", + "id": "b15ec78c-5fed-497b-8bac-b85d74c6052b", "data": { - "name": "YEAR", - "pattern": "(?>\\d\\d){1,2}" + "name": "SECOND", + "pattern": "(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)" }, "constraints": [ { @@ -609,47 +563,13 @@ { "v": "1", "type": { - "name": "input", + "name": "grok_pattern", "version": "1" }, - "id": "77e24609-e2ec-46cf-ab7a-12cde3fe92ca", + "id": "5929b910-f97b-4131-92e9-c4a2031518fc", "data": { - "title": { - "@type": "string", - "@value": "Laravel" - }, - "configuration": { - "recv_buffer_size": { - "@type": "integer", - "@value": 1048576 - }, - "port": { - "@type": "integer", - "@value": 12201 - }, - "number_worker_threads": { - "@type": "integer", - "@value": 4 - }, - "bind_address": { - "@type": "string", - "@value": "0.0.0.0" - }, - "decompress_size_limit": { - "@type": "integer", - "@value": 8388608 - } - }, - "static_fields": {}, - "type": { - "@type": "string", - "@value": "org.graylog2.inputs.gelf.udp.GELFUDPInput" - }, - "global": { - "@type": "boolean", - "@value": false - }, - "extractors": [] + "name": "BASE16NUM", + "pattern": "(?[A-Za-z]+:|\\\\)(?:\\\\[^\\\\?*]*)+" + "name": "DATE", + "pattern": "%{DATE_US}|%{DATE_EU}" }, "constraints": [ { @@ -682,10 +602,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "b25b9489-5cb4-4123-acc3-a6c38ecfccd4", + "id": "bab21710-64f1-4c56-b4b6-7bb9c876e924", "data": { - "name": "USERNAME", - "pattern": "[a-zA-Z0-9._-]+" + "name": "URIPATHPARAM", + "pattern": "%{URIPATH}(?:%{URIPARAM})?" }, "constraints": [ { @@ -700,10 +620,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "ec5722cc-23e8-4f46-81ce-4ff942607c6b", + "id": "35a6765b-4635-4b2e-b7a9-02e829316d8d", "data": { - "name": "SYSLOGTIMESTAMP", - "pattern": "%{MONTH} +%{MONTHDAY} %{TIME}" + "name": "LOGLEVEL", + "pattern": "([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)" }, "constraints": [ { @@ -718,10 +638,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "457ff006-5b18-4775-bf59-4d66bd402018", + "id": "c03e91d3-a36a-4e2a-9c05-b4cabd93f39e", "data": { - "name": "URIPROTO", - "pattern": "[A-Za-z]+(\\+[A-Za-z+]+)?" + "name": "INT", + "pattern": "(?:[+-]?(?:[0-9]+))" }, "constraints": [ { @@ -736,10 +656,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "1059e583-9144-43da-ae9a-ca44c3f8ea09", + "id": "4f2a8bb0-da94-4d11-a9d2-c3807b8f7445", "data": { - "name": "HTTPD24_ERRORLOG", - "pattern": "\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{WORD:module}:%{LOGLEVEL:loglevel}\\] \\[pid %{POSINT:pid}:tid %{NUMBER:tid}\\]( \\(%{POSINT:proxy_errorcode}\\)%{DATA:proxy_errormessage}:)?( \\[client %{IPORHOST:client}:%{POSINT:clientport}\\])? %{DATA:errorcode}: %{GREEDYDATA:message}" + "name": "COMMONMAC", + "pattern": "(?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})" }, "constraints": [ { @@ -754,10 +674,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "49c06919-2c80-426d-abad-34ab7f9acc07", + "id": "55b315e3-d7e6-41f2-a6ba-090b67b1ae5a", "data": { - "name": "COMBINEDAPACHELOG", - "pattern": "%{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}" + "name": "PATH", + "pattern": "(?:%{UNIXPATH}|%{WINPATH})" }, "constraints": [ { @@ -769,13 +689,75 @@ { "v": "1", "type": { - "name": "grok_pattern", + "name": "input", "version": "1" }, - "id": "9cc6556b-3bf4-4a1f-b03f-86653daba4d9", + "id": "95a5657f-0ed4-419c-b4cf-8c4357683d69", "data": { - "name": "COMMONAPACHELOG", - "pattern": "%{IPORHOST:clientip} %{HTTPDUSER:ident} %{USER:auth} \\[%{HTTPDATE:timestamp;date;dd/MMM/yyyy:HH:mm:ss Z}\\] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response} (?:%{NUMBER:bytes}|-)" + "title": { + "@type": "string", + "@value": "MySQL" + }, + "configuration": { + "tls_key_file": { + "@type": "string", + "@value": "" + }, + "port": { + "@type": "integer", + "@value": 5044 + }, + "tls_enable": { + "@type": "boolean", + "@value": false + }, + "recv_buffer_size": { + "@type": "integer", + "@value": 1048576 + }, + "tcp_keepalive": { + "@type": "boolean", + "@value": false + }, + "tls_client_auth_cert_file": { + "@type": "string", + "@value": "" + }, + "bind_address": { + "@type": "string", + "@value": "0.0.0.0" + }, + "no_beats_prefix": { + "@type": "boolean", + "@value": false + }, + "tls_cert_file": { + "@type": "string", + "@value": "" + }, + "tls_client_auth": { + "@type": "string", + "@value": "disabled" + }, + "number_worker_threads": { + "@type": "integer", + "@value": 4 + }, + "tls_key_password": { + "@type": "string", + "@value": "" + } + }, + "static_fields": {}, + "type": { + "@type": "string", + "@value": "org.graylog.plugins.beats.Beats2Input" + }, + "global": { + "@type": "boolean", + "@value": true + }, + "extractors": [] }, "constraints": [ { @@ -790,10 +772,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "e3ff9ecc-341a-4ffa-899b-561245ba32c4", + "id": "089c28a7-a3e6-455e-9224-ec34212726d1", "data": { - "name": "HTTPD_ERRORLOG", - "pattern": "%{HTTPD20_ERRORLOG}|%{HTTPD24_ERRORLOG}" + "name": "ISO8601_SECOND", + "pattern": "(?:%{SECOND}|60)" }, "constraints": [ { @@ -808,10 +790,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "90231790-9904-4a76-a811-4d921005cf5d", + "id": "37b422ec-e226-4f3c-8461-929df9e3b570", "data": { - "name": "MONTHNUM2", - "pattern": "(?:0[1-9]|1[0-2])" + "name": "GREEDYDATA", + "pattern": ".*" }, "constraints": [ { @@ -823,39 +805,13 @@ { "v": "1", "type": { - "name": "sidecar_collector", + "name": "grok_pattern", "version": "1" }, - "id": "73c5dff8-330d-41ca-bd05-100d85008ee2", + "id": "b4d59466-6610-40f6-bc86-d0ad835e3e59", "data": { - "name": { - "@type": "string", - "@value": "filebeat" - }, - "service_type": { - "@type": "string", - "@value": "svc" - }, - "node_operating_system": { - "@type": "string", - "@value": "windows" - }, - "executable_path": { - "@type": "string", - "@value": "C:\\Program Files\\Graylog\\sidecar\\filebeat.exe" - }, - "execute_parameters": { - "@type": "string", - "@value": "-c \"%s\"" - }, - "validation_parameters": { - "@type": "string", - "@value": "test config -c \"%s\"" - }, - "default_template": { - "@type": "string", - "@value": "# Needed for Graylog\nfields_under_root: true\nfields.collector_node_id: ${sidecar.nodeName}\nfields.gl2_source_collector: ${sidecar.nodeId}\n\noutput.logstash:\n hosts: [\"192.168.1.1:5044\"]\npath:\n data: C:\\Program Files\\Graylog\\sidecar\\cache\\filebeat\\data\n logs: C:\\Program Files\\Graylog\\sidecar\\logs\ntags:\n - windows\nfilebeat.inputs:\n- type: log\n enabled: true\n paths:\n - C:\\logs\\log.log\n" - } + "name": "MONTHDAY", + "pattern": "(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])" }, "constraints": [ { @@ -870,10 +826,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "ba9ab685-0de5-4846-809e-c184a9062374", + "id": "075b3e85-593e-471d-ab8c-82ac71542728", "data": { - "name": "IP", - "pattern": "(?:%{IPV6}|%{IPV4})" + "name": "TIME", + "pattern": "(?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![0-9])" }, "constraints": [ { @@ -888,10 +844,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "27288d6a-5ba3-4ee4-8413-7648f63424a1", + "id": "0f2c231d-6a0c-46bb-8ae8-a7c53bca776e", "data": { - "name": "DATE_US", - "pattern": "%{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}" + "name": "TZ", + "pattern": "(?:[PMCE][SD]T|UTC)" }, "constraints": [ { @@ -903,39 +859,13 @@ { "v": "1", "type": { - "name": "sidecar_collector", + "name": "grok_pattern", "version": "1" }, - "id": "b710a7b4-062d-4f4d-ac6e-594735d78b45", + "id": "d18cdb90-fe4c-4b26-904b-9ba148fccc37", "data": { - "name": { - "@type": "string", - "@value": "winlogbeat" - }, - "service_type": { - "@type": "string", - "@value": "svc" - }, - "node_operating_system": { - "@type": "string", - "@value": "windows" - }, - "executable_path": { - "@type": "string", - "@value": "C:\\Program Files\\Graylog\\sidecar\\winlogbeat.exe" - }, - "execute_parameters": { - "@type": "string", - "@value": "-c \"%s\"" - }, - "validation_parameters": { - "@type": "string", - "@value": "test config -c \"%s\"" - }, - "default_template": { - "@type": "string", - "@value": "# Needed for Graylog\nfields_under_root: true\nfields.collector_node_id: ${sidecar.nodeName}\nfields.gl2_source_collector: ${sidecar.nodeId}\n\noutput.logstash:\n hosts: [\"192.168.1.1:5044\"]\npath:\n data: C:\\Program Files\\Graylog\\sidecar\\cache\\winlogbeat\\data\n logs: C:\\Program Files\\Graylog\\sidecar\\logs\ntags:\n - windows\nwinlogbeat:\n event_logs:\n - name: Application\n - name: System\n - name: Security" - } + "name": "HTTPDERROR_DATE", + "pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}" }, "constraints": [ { @@ -950,10 +880,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "921e7b58-1d38-4b0c-80e5-a04415b3ef58", + "id": "926552e4-c6e6-42d2-a2af-177a6e5ca3c3", "data": { - "name": "INT", - "pattern": "(?:[+-]?(?:[0-9]+))" + "name": "NUMBER", + "pattern": "(?:%{BASE10NUM})" }, "constraints": [ { @@ -968,10 +898,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "ff2b8a70-59fd-4af2-a493-ca8b1d2585a9", + "id": "2a77197a-385e-41fe-a8b5-70c9c376466f", "data": { - "name": "PATH", - "pattern": "(?:%{UNIXPATH}|%{WINPATH})" + "name": "QS", + "pattern": "%{QUOTEDSTRING}" }, "constraints": [ { @@ -986,10 +916,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "1c771f5f-b716-4312-a302-b1fb300117e3", + "id": "f9169aaa-825b-4e85-86f6-da5e057c388f", "data": { - "name": "NONNEGINT", - "pattern": "\\b(?:[0-9]+)\\b" + "name": "DATA", + "pattern": ".*?" }, "constraints": [ { @@ -1004,10 +934,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "a8acf205-e1de-4039-bc41-a08024424409", + "id": "247a2f23-3bb6-4dc4-beb1-57234162f0e5", "data": { - "name": "SPACE", - "pattern": "\\s*" + "name": "DATESTAMP", + "pattern": "%{DATE}[- ]%{TIME}" }, "constraints": [ { @@ -1022,10 +952,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "d97c0288-6e96-48e3-948e-88da47d5fecf", + "id": "f821d762-92a8-4fc2-8d77-4b25a2a173d1", "data": { - "name": "DATESTAMP_RFC822", - "pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}" + "name": "MONTHNUM", + "pattern": "(?:0?[1-9]|1[0-2])" }, "constraints": [ { @@ -1040,10 +970,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "43df0cda-b6e9-4e40-8f67-84e8ef3f85c6", + "id": "33b8be09-37f2-4d14-9edf-6881bf54743d", "data": { - "name": "URIPARAM", - "pattern": "\\?[A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\\-\\[\\]<>]*" + "name": "WORD", + "pattern": "\\b\\w+\\b" }, "constraints": [ { @@ -1058,10 +988,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "1f2a717b-2847-4a80-aeca-fd20c8253cf5", + "id": "89af4964-6026-44fb-81ea-d6a390ca8903", "data": { - "name": "DATESTAMP", - "pattern": "%{DATE}[- ]%{TIME}" + "name": "IP", + "pattern": "(?:%{IPV6}|%{IPV4})" }, "constraints": [ { @@ -1076,10 +1006,62 @@ "name": "grok_pattern", "version": "1" }, - "id": "20b5dabc-dca7-47b2-890d-732e1fcffef7", + "id": "492d4c0f-ee79-4129-bf4b-ab8d7a933a3b", "data": { - "name": "WORD", - "pattern": "\\b\\w+\\b" + "name": "WINPATH", + "pattern": "(?>[A-Za-z]+:|\\\\)(?:\\\\[^\\\\?*]*)+" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "input", + "version": "1" + }, + "id": "2399a894-fd4a-4c3b-8e2f-30970a7aa8d3", + "data": { + "title": { + "@type": "string", + "@value": "Laravel" + }, + "configuration": { + "recv_buffer_size": { + "@type": "integer", + "@value": 262144 + }, + "port": { + "@type": "integer", + "@value": 12201 + }, + "number_worker_threads": { + "@type": "integer", + "@value": 4 + }, + "bind_address": { + "@type": "string", + "@value": "0.0.0.0" + }, + "decompress_size_limit": { + "@type": "integer", + "@value": 8388608 + } + }, + "static_fields": {}, + "type": { + "@type": "string", + "@value": "org.graylog2.inputs.gelf.udp.GELFUDPInput" + }, + "global": { + "@type": "boolean", + "@value": true + }, + "extractors": [] }, "constraints": [ { @@ -1094,10 +1076,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "e7903224-2b7b-4c32-b36f-b2925d1abbb8", + "id": "ba6885ed-9583-4898-a4ff-ee231e5b3fba", "data": { - "name": "URI", - "pattern": "%{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?" + "name": "IPV4", + "pattern": "(?=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "4d5a33f8-83f7-4a4e-9be9-0bf62c2bc533", + "data": { + "name": "DATE_US", + "pattern": "%{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "5cb8080d-ef7c-48f7-bc8b-e284a114a5ec", + "data": { + "name": "HOUR", + "pattern": "(?:2[0123]|[01]?[0-9])" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "e54f322e-ac39-49bf-b7c5-b53c70a561a0", "data": { - "name": "QUOTEDSTRING", - "pattern": "(?>(?\"(?>\\\\.|[^\\\\\"]+)+\"|\"\"|(?>'(?>\\\\.|[^\\\\']+)+')|''|(?>`(?>\\\\.|[^\\\\`]+)+`)|``))" + "name": "HTTPD24_ERRORLOG", + "pattern": "\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{WORD:module}:%{LOGLEVEL:loglevel}\\] \\[pid %{POSINT:pid}:tid %{NUMBER:tid}\\]( \\(%{POSINT:proxy_errorcode}\\)%{DATA:proxy_errormessage}:)?( \\[client %{IPORHOST:client}:%{POSINT:clientport}\\])? %{DATA:errorcode}: %{GREEDYDATA:message}" }, "constraints": [ { @@ -1282,10 +1318,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "ff210553-4c85-4fe5-b227-24bb2e2834c0", + "id": "73ed17b1-3992-4783-aee0-47f31e506a00", "data": { - "name": "URIPATHPARAM", - "pattern": "%{URIPATH}(?:%{URIPARAM})?" + "name": "POSINT", + "pattern": "\\b(?:[1-9][0-9]*)\\b" }, "constraints": [ { @@ -1300,10 +1336,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "4532a4e6-ef98-4792-abf8-5087e151357b", + "id": "1ba2d36b-bbff-4337-9e13-acd9e1674285", "data": { - "name": "BASE10NUM", - "pattern": "(?[+-]?(?:(?:[0-9]+(?:\\.[0-9]+)?)|(?:\\.[0-9]+)))" + "name": "URIPARAM", + "pattern": "\\?[A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\\-\\[\\]<>]*" }, "constraints": [ { @@ -1318,10 +1354,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "a3b4d934-b4c9-4195-8917-977b541fe59b", + "id": "007a7e1b-b888-4d34-870c-66a3b7f91b97", "data": { - "name": "DATESTAMP_OTHER", - "pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR}" + "name": "EMAILLOCALPART", + "pattern": "[a-zA-Z][a-zA-Z0-9_.+-=:]+" }, "constraints": [ { @@ -1336,10 +1372,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "e8b3bbfd-e4c4-4977-ad2b-958f3f19beca", + "id": "984cce84-823c-45c9-8d53-9bbd61ff4685", "data": { - "name": "DATESTAMP_RFC2822", - "pattern": "%{DAY}, %{MONTHDAY} %{MONTH} %{YEAR} %{TIME} %{ISO8601_TIMEZONE}" + "name": "EMAILADDRESS", + "pattern": "%{EMAILLOCALPART}@%{HOSTNAME}" }, "constraints": [ { @@ -1354,10 +1390,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "d15f93b3-32b4-4f00-9070-517df931739e", + "id": "858f1b4a-4a7b-483b-bfa2-5e0bae6ec03a", "data": { - "name": "QS", - "pattern": "%{QUOTEDSTRING}" + "name": "TTY", + "pattern": "(?:/dev/(pts|tty([pq])?)(\\w+)?/?(?:[0-9]+))" }, "constraints": [ { @@ -1372,10 +1408,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "368729d0-d26a-4f49-aee2-9fc6341610b1", + "id": "67be690a-928f-48cc-93d1-c9e06b09582e", "data": { - "name": "DATE_EU", - "pattern": "%{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}" + "name": "DATESTAMP_RFC822", + "pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}" }, "constraints": [ { @@ -1390,10 +1426,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "c939b28d-53f1-4103-97c1-808d370f3477", + "id": "6faa1684-62f9-45a8-b5d1-ea4aa49d15d6", "data": { - "name": "ISO8601_SECOND", - "pattern": "(?:%{SECOND}|60)" + "name": "URIHOST", + "pattern": "%{IPORHOST}(?::%{POSINT:port})?" }, "constraints": [ { @@ -1408,10 +1444,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "d923db54-9d8c-4156-b4bd-9abf3fc0eb36", + "id": "1ccb050a-8430-48dc-8ec9-d2fc754c483b", "data": { - "name": "EMAILLOCALPART", - "pattern": "[a-zA-Z][a-zA-Z0-9_.+-=:]+" + "name": "HTTPDATE", + "pattern": "%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT}" }, "constraints": [ { @@ -1426,10 +1462,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "a4a81def-c227-4ed0-b957-27b5521080d2", + "id": "35f9f5a9-6b44-4dc1-853c-f3ffa2504c03", "data": { - "name": "URIPATH", - "pattern": "(?:/[A-Za-z0-9$.+!*'(){},~:;=@#%_\\-]*)+" + "name": "SYSLOGPROG", + "pattern": "%{PROG:program}(?:\\[%{POSINT:pid}\\])?" }, "constraints": [ { @@ -1444,10 +1480,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "c46e2be4-5618-426c-add9-e639a43ddec7", + "id": "22ccfac1-ba47-4c9c-9349-04f6fdca1748", "data": { - "name": "NUMBER", - "pattern": "(?:%{BASE10NUM})" + "name": "WINDOWSMAC", + "pattern": "(?:(?:[A-Fa-f0-9]{2}-){5}[A-Fa-f0-9]{2})" }, "constraints": [ { @@ -1462,10 +1498,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "47ccb32f-27b7-4e56-8b25-d053886e977b", + "id": "fdb9dee3-a9bf-4132-aa21-7c8d987481b9", "data": { - "name": "SYSLOGPROG", - "pattern": "%{PROG:program}(?:\\[%{POSINT:pid}\\])?" + "name": "TIMESTAMP_ISO8601", + "pattern": "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?" }, "constraints": [ { @@ -1477,13 +1513,39 @@ { "v": "1", "type": { - "name": "grok_pattern", + "name": "sidecar_collector", "version": "1" }, - "id": "0439144b-5882-412d-9402-7b96a339a9c4", + "id": "f30d09f1-90c2-4375-9ecb-89ce13e20915", "data": { - "name": "BASE16FLOAT", - "pattern": "\\b(?[+-]?(?:(?:[0-9]+(?:\\.[0-9]+)?)|(?:\\.[0-9]+)))" }, "constraints": [ { @@ -1516,10 +1578,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "b95ed6d7-ebce-4480-bd07-7dab74acaf1c", + "id": "d008f6e1-1c14-447e-bacc-8e86accde5f7", "data": { - "name": "TTY", - "pattern": "(?:/dev/(pts|tty([pq])?)(\\w+)?/?(?:[0-9]+))" + "name": "HTTPD20_ERRORLOG", + "pattern": "\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{LOGLEVEL:loglevel}\\] (?:\\[client %{IPORHOST:clientip}\\] ){0,1}%{GREEDYDATA:errormsg}" }, "constraints": [ { @@ -1534,10 +1596,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "876c0e77-0dc7-4c84-9faa-4eecd4ad2461", + "id": "dceff2d8-677f-406e-bf4f-1973aee060a5", "data": { - "name": "TIME", - "pattern": "(?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![0-9])" + "name": "COMBINEDAPACHELOG", + "pattern": "%{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}" }, "constraints": [ { @@ -1552,10 +1614,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "c12a7dff-d565-47c2-83c2-066f4ef1ecce", + "id": "ec726ca4-ac9d-4917-8c2a-da8e2499e85a", "data": { - "name": "HOSTNAME", - "pattern": "\\b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\\.?|\\b)" + "name": "DATESTAMP_RFC2822", + "pattern": "%{DAY}, %{MONTHDAY} %{MONTH} %{YEAR} %{TIME} %{ISO8601_TIMEZONE}" }, "constraints": [ { @@ -1570,10 +1632,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "24b268d0-7532-4e72-ac39-01328c8b37ae", + "id": "9bdc4061-bee8-4902-bde2-5eb17759c36c", "data": { - "name": "IPORHOST", - "pattern": "(?:%{IP}|%{HOSTNAME})" + "name": "ISO8601_TIMEZONE", + "pattern": "(?:Z|[+-]%{HOUR}(?::?%{MINUTE}))" }, "constraints": [ { @@ -1588,10 +1650,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "6cfc22e7-cf55-422f-804c-dc2784f2a174", + "id": "0be7b9d1-f719-4ef7-a8aa-32906922122f", "data": { - "name": "IPV6", - "pattern": "((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?" + "name": "UNIXPATH", + "pattern": "(/([\\w_%!$@:.,~-]+|\\\\.)*)+" }, "constraints": [ { @@ -1606,10 +1668,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "33490e99-1310-44ea-9478-54d9701b95d0", + "id": "22dc7fae-412c-4026-adad-0b71bfa2cba5", "data": { - "name": "MONTH", - "pattern": "\\b(?:Jan(?:uary|uar)?|Feb(?:ruary|ruar)?|M(?:a|ä)?r(?:ch|z)?|Apr(?:il)?|Ma(?:y|i)?|Jun(?:e|i)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|O(?:c|k)?t(?:ober)?|Nov(?:ember)?|De(?:c|z)(?:ember)?)\\b" + "name": "UUID", + "pattern": "[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}" }, "constraints": [ { @@ -1621,39 +1683,31 @@ { "v": "1", "type": { - "name": "sidecar_collector", + "name": "grok_pattern", "version": "1" }, - "id": "1870a97f-b5bb-4131-b6f9-fc3dee54610e", + "id": "14bb404e-afae-4119-9b18-96e0e1df3355", "data": { - "name": { - "@type": "string", - "@value": "nxlog" - }, - "service_type": { - "@type": "string", - "@value": "exec" - }, - "node_operating_system": { - "@type": "string", - "@value": "linux" - }, - "executable_path": { - "@type": "string", - "@value": "/usr/bin/nxlog" - }, - "execute_parameters": { - "@type": "string", - "@value": "-f -c %s" - }, - "validation_parameters": { - "@type": "string", - "@value": "-v -c %s" - }, - "default_template": { - "@type": "string", - "@value": "define ROOT /usr/bin\n\n\n Module xm_gelf\n # Avoid truncation of the short_message field to 64 characters.\n ShortMessageLength 65536\n\n\n\n Module xm_syslog\n\n\nUser nxlog\nGroup nxlog\n\nModuledir /usr/lib/nxlog/modules\nCacheDir /var/spool/nxlog/data\nPidFile /var/run/nxlog/nxlog.pid\nLogFile /var/log/nxlog/nxlog.log\nLogLevel INFO\n\n\n\n\tModule im_file\n\tFile '/var/log/*.log'\n\tPollInterval 1\n\tSavePos\tTrue\n\tReadFromLast True\n\tRecursive False\n\tRenameCheck False\n\tExec $FileName = file_name(); # Send file name with each message\n\n\n#\n#\tModule im_udp\n#\tHost 127.0.0.1\n#\tPort 514\n#\tExec parse_syslog_bsd();\n#\n\n\n\tModule om_tcp\n\tHost 192.168.1.1\n\tPort 12201\n\tOutputType GELF_TCP\n\t\n\t # These fields are needed for Graylog\n\t $gl2_source_collector = '${sidecar.nodeId}';\n\t $collector_node_id = '${sidecar.nodeName}';\n\t\n\n\n\n\n Path file => gelf\n\n#\n# Path syslog-udp => gelf\n#\n\n\n" + "name": "SPACE", + "pattern": "\\s*" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "3d93cd19-e88b-4487-b542-e1bdf9075473", + "data": { + "name": "USERNAME", + "pattern": "[a-zA-Z0-9._-]+" }, "constraints": [ { @@ -1668,10 +1722,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "d10a122f-7400-4b7f-ab53-da77e2f2680d", + "id": "53b67c38-ba8a-4844-8e16-ec73be53e53f", "data": { - "name": "HOSTPORT", - "pattern": "%{IPORHOST}:%{POSINT}" + "name": "BASE16FLOAT", + "pattern": "\\b(?\\d\\d){1,2}" }, "constraints": [ { @@ -1848,10 +1902,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "b46b9b9d-433f-4e58-afb1-c110f6f4a0f2", + "id": "cf0c76bf-4af8-4df5-9d1f-180153aac612", "data": { - "name": "EMAILADDRESS", - "pattern": "%{EMAILLOCALPART}@%{HOSTNAME}" + "name": "IPV6", + "pattern": "((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?" }, "constraints": [ { @@ -1866,10 +1920,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "285fde1c-3afb-4138-bf2e-91b7ecdb0056", + "id": "ce76d569-9056-4612-b066-ae4a8cd5fe10", "data": { - "name": "UUID", - "pattern": "[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}" + "name": "SYSLOGHOST", + "pattern": "%{IPORHOST}" }, "constraints": [ { @@ -1881,13 +1935,39 @@ { "v": "1", "type": { - "name": "grok_pattern", + "name": "sidecar_collector", "version": "1" }, - "id": "d4edab73-7392-45a8-be01-ba1130455055", + "id": "30a4bf82-5c63-40ee-a947-19551aabdadd", "data": { - "name": "DATA", - "pattern": ".*?" + "name": { + "@type": "string", + "@value": "nxlog" + }, + "service_type": { + "@type": "string", + "@value": "exec" + }, + "node_operating_system": { + "@type": "string", + "@value": "linux" + }, + "executable_path": { + "@type": "string", + "@value": "/usr/bin/nxlog" + }, + "execute_parameters": { + "@type": "string", + "@value": "-f -c %s" + }, + "validation_parameters": { + "@type": "string", + "@value": "-v -c %s" + }, + "default_template": { + "@type": "string", + "@value": "define ROOT /usr/bin\n\n\n Module xm_gelf\n # Avoid truncation of the short_message field to 64 characters.\n ShortMessageLength 65536\n\n\n\n Module xm_syslog\n\n\nUser nxlog\nGroup nxlog\n\nModuledir /usr/lib/nxlog/modules\nCacheDir /var/spool/nxlog/data\nPidFile /var/run/nxlog/nxlog.pid\nLogFile /var/log/nxlog/nxlog.log\nLogLevel INFO\n\n\n\n\tModule im_file\n\tFile '/var/log/*.log'\n\tPollInterval 1\n\tSavePos\tTrue\n\tReadFromLast True\n\tRecursive False\n\tRenameCheck False\n\tExec $FileName = file_name(); # Send file name with each message\n\n\n#\n#\tModule im_udp\n#\tHost 127.0.0.1\n#\tPort 514\n#\tExec parse_syslog_bsd();\n#\n\n\n\tModule om_tcp\n\tHost 192.168.1.1\n\tPort 12201\n\tOutputType GELF_TCP\n\t\n\t # These fields are needed for Graylog\n\t $gl2_source_collector = '${sidecar.nodeId}';\n\t $collector_node_id = '${sidecar.nodeName}';\n\t\n\n\n\n\n Path file => gelf\n\n#\n# Path syslog-udp => gelf\n#\n\n\n" + } }, "constraints": [ { @@ -1902,10 +1982,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "8e1db82b-161e-4f09-9fdc-bb3f42dafbd8", + "id": "9084046b-5fdb-492b-ae8c-194dc2600739", "data": { - "name": "HTTPDERROR_DATE", - "pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}" + "name": "DATE_EU", + "pattern": "%{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}" }, "constraints": [ { @@ -1920,10 +2000,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "091038b0-d328-4eea-a20a-6dd638c07b52", + "id": "68ab0925-f0bb-4620-8982-7cb93c544e84", "data": { - "name": "MAC", - "pattern": "(?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})" + "name": "HOSTPORT", + "pattern": "%{IPORHOST}:%{POSINT}" }, "constraints": [ { @@ -1938,10 +2018,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "e8c5f48b-5f11-4a88-920c-2517a0b75c24", + "id": "a142e740-27a9-49a0-906b-764b6807734c", "data": { - "name": "TIMESTAMP_ISO8601", - "pattern": "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?" + "name": "MINUTE", + "pattern": "(?:[0-5][0-9])" }, "constraints": [ { @@ -1956,7 +2036,7 @@ "name": "grok_pattern", "version": "1" }, - "id": "640e251f-bf9e-4fea-abbc-49c933d3f8f4", + "id": "f3b69a79-7052-4aa5-83d6-64b855997034", "data": { "name": "SYSLOGFACILITY", "pattern": "<%{NONNEGINT:facility}.%{NONNEGINT:priority}>" @@ -1974,10 +2054,10 @@ "name": "grok_pattern", "version": "1" }, - "id": "9f56b9b6-a7c7-4caa-be72-68571a917d52", + "id": "7f128254-bc48-4047-baca-c034e257cd94", "data": { - "name": "NOTSPACE", - "pattern": "\\S+" + "name": "URIPROTO", + "pattern": "[A-Za-z]+(\\+[A-Za-z+]+)?" }, "constraints": [ { From 2909004bc30a2def067130944eb6e0f30c0e1d3e Mon Sep 17 00:00:00 2001 From: akbarjimi Date: Wed, 17 Mar 2021 15:01:01 +0330 Subject: [PATCH 2/2] When you're reading this, i'm on my way home...Happy New Year --- filebeat.yml | 7 +++++-- my.cnf | 2 +- run.sh | 9 +++++++++ 3 files changed, 15 insertions(+), 3 deletions(-) create mode 100755 run.sh diff --git a/filebeat.yml b/filebeat.yml index 3f890cb..e319c29 100755 --- a/filebeat.yml +++ b/filebeat.yml @@ -6,7 +6,7 @@ filebeat.config: processors: - add_cloud_metadata: ~ - add_docker_metadata: ~ - + filebeat.inputs: #------------------------------ Log input -------------------------------- - type: log @@ -129,7 +129,10 @@ filebeat.inputs: # for Java Stack Traces or C-Line Continuation # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [ - # multiline.pattern: ^\[ + multiline.pattern: '^\#[[:space:]]Time' + multiline.negate: true + multiline.match: after + # Defines if the pattern set under pattern should be negated or not. Default is false. #multiline.negate: false diff --git a/my.cnf b/my.cnf index 2638c57..498c4cf 100644 --- a/my.cnf +++ b/my.cnf @@ -15,5 +15,5 @@ innodb_write_io_threads = 16 innodb_flush_neighbors = 0 innodb_flushing_avg_loops = 100 innodb_page_cleaners = 8 -long_query_time = 0.2 +long_query_time = 0.0 slow_query_log = ON diff --git a/run.sh b/run.sh new file mode 100755 index 0000000..b3942f7 --- /dev/null +++ b/run.sh @@ -0,0 +1,9 @@ +/home/akbarjimi/Projects/Liwo/vendor/bin/sail down; +sudo rm -rf /home/akbarjimi/Projects/Liwo/storage/logs/mysql; +docker container prune; docker image prune; docker network prune; docker volume prune; +docker network create hi; +/home/akbarjimi/Projects/Liwo/vendor/bin/sail up --build; +sleep 10; +/home/akbarjimi/Projects/Liwo/vendor/bin/sail artisan migrate:fresh --seed; + +