From cd7ed35c753e12fe018fb4e7b3b048f17a9553ff Mon Sep 17 00:00:00 2001 From: akbarjimi Date: Sun, 14 Mar 2021 16:17:07 +0330 Subject: [PATCH] This is a basic implementation of graylog that works. --- .env.example | 2 +- composer.json | 3 +- config/logging.php | 63 ++ docker-compose.yml | 39 +- liwo.json | 1990 ++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 2094 insertions(+), 3 deletions(-) create mode 100644 liwo.json diff --git a/.env.example b/.env.example index fde9c84..4ce509d 100644 --- a/.env.example +++ b/.env.example @@ -7,7 +7,7 @@ APP_DEBUG=true APP_URL=http://localhost APP_TIMEZONE="Asia/Tehran" -LOG_CHANNEL=stack +LOG_CHANNEL=gelf LOG_LEVEL=debug DB_CONNECTION=mysql diff --git a/composer.json b/composer.json index 0564090..4b4ba1a 100644 --- a/composer.json +++ b/composer.json @@ -25,7 +25,8 @@ "spatie/image": "^1.0", "spatie/laravel-medialibrary": "^9.0", "spatie/laravel-query-builder": "^3.3", - "torann/geoip": "^3.0" + "torann/geoip": "^3.0", + "hedii/laravel-gelf-logger": "^6.0" }, "require-dev": { "facade/ignition": "^2.5", diff --git a/config/logging.php b/config/logging.php index c6f3fe5..3c5fdce 100644 --- a/config/logging.php +++ b/config/logging.php @@ -40,5 +40,68 @@ return [ 'level' => 'debug', 'days' => 14, ], + + 'gelf' => [ + 'driver' => 'custom', + + + 'via' => \Hedii\LaravelGelfLogger\GelfLoggerFactory::class, + + // This optional option determines the processors that should be + // pushed to the handler. This option is useful to modify a field + // in the log context (see NullStringProcessor), or to add extra + // data. Each processor must be a callable or an object with an + // __invoke method: see monolog documentation about processors. + // Default is an empty array. + 'processors' => [ + \Hedii\LaravelGelfLogger\Processors\NullStringProcessor::class, + // another processor... + ], + + // This optional option determines the minimum "level" a message + // must be in order to be logged by the channel. Default is 'debug' + 'level' => 'debug', + + // This optional option determines the channel name sent with the + // message in the 'facility' field. Default is equal to app.env + // configuration value + 'name' => 'my-custom-name', + + // This optional option determines the system name sent with the + // message in the 'source' field. When forgotten or set to null, + // the current hostname is used. + 'system_name' => null, + + // This optional option determines if you want the UDP, TCP or HTTP + // transport for the gelf log messages. Default is UDP + 'transport' => 'udp', + + // This optional option determines the host that will receive the + // gelf log messages. Default is 127.0.0.1 + 'host' => 'graylog', + + // This optional option determines the port on which the gelf + // receiver host is listening. Default is 12201 + 'port' => 12201, + + // This optional option determines the path used for the HTTP + // transport. When forgotten or set to null, default path '/gelf' + // is used. + 'path' => null, + + // This optional option determines the maximum length per message + // field. When forgotten or set to null, the default value of + // \Monolog\Formatter\GelfMessageFormatter::DEFAULT_MAX_LENGTH is + // used (currently this value is 32766) + 'max_length' => null, + + // This optional option determines the prefix for 'context' fields + // from the Monolog record. Default is null (no context prefix) + 'context_prefix' => null, + + // This optional option determines the prefix for 'extra' fields + // from the Monolog record. Default is null (no extra prefix) + 'extra_prefix' => null, + ], ], ]; diff --git a/docker-compose.yml b/docker-compose.yml index e582e38..f61a25e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -21,7 +21,7 @@ services: image: minio/minio command: server /data ports: - - 9000:9000 + - 9005:9000 environment: MINIO_ACCESS_KEY: root MINIO_SECRET_KEY: minioroot @@ -109,9 +109,46 @@ services: - 8025:8025 # web ui networks: - hi-user + mongo: + container_name: "mongo" + image: mongo:latest + networks: + - hi-user + elasticsearch: + image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2 + environment: + - http.host=0.0.0.0 + - transport.host=localhost + - network.host=0.0.0.0 + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" + ulimits: + memlock: + soft: 512 + hard: 1024 + networks: + - hi-user + graylog: + container_name: "graylog" + image: graylog/graylog:4.0.5 + environment: + GRAYLOG_HTTP_EXTERNAL_URI: "http://127.0.0.1:9000/" + GRAYLOG_PASSWORD_SECRET: supersecretpassword + GRAYLOG_ROOT_PASSWORD_SHA2: "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918" + GRAYLOG_ELASTICSEARCH_VERSION: 7 + restart: always + depends_on: + - mongo + - elasticsearch + ports: + - 9000:9000 + - 12201:12201 + - 1514:1514 + networks: + - hi-user networks: hi-user: external: false + driver: bridge hi: external: true volumes: diff --git a/liwo.json b/liwo.json new file mode 100644 index 0000000..706def3 --- /dev/null +++ b/liwo.json @@ -0,0 +1,1990 @@ +{ + "v": 1, + "id": "2aa0878d-6246-4763-a90f-46a91120e87b", + "rev": 1, + "name": "Liwo", + "summary": "Liwo", + "description": "", + "vendor": "akbarjimi", + "url": "", + "parameters": [], + "entities": [ + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "2f1e3986-c53c-424a-a5f4-289a8df7c8f5", + "data": { + "name": "CISCOMAC", + "pattern": "(?:(?:[A-Fa-f0-9]{4}\\.){2}[A-Fa-f0-9]{4})" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "7fed04d3-9f53-4513-9768-ea5cd873ef05", + "data": { + "name": "MONTHNUM", + "pattern": "(?:0?[1-9]|1[0-2])" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "b5b008ad-459a-44c7-bc3c-bc715b21d685", + "data": { + "name": "SYSLOGBASE", + "pattern": "%{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "sidecar_collector", + "version": "1" + }, + "id": "e5fdce7e-e209-4bc5-b233-b89d91cfc8e9", + "data": { + "name": { + "@type": "string", + "@value": "nxlog" + }, + "service_type": { + "@type": "string", + "@value": "svc" + }, + "node_operating_system": { + "@type": "string", + "@value": "windows" + }, + "executable_path": { + "@type": "string", + "@value": "C:\\Program Files (x86)\\nxlog\\nxlog.exe" + }, + "execute_parameters": { + "@type": "string", + "@value": "-c \"%s\"" + }, + "validation_parameters": { + "@type": "string", + "@value": "-v -f -c \"%s\"" + }, + "default_template": { + "@type": "string", + "@value": "define ROOT C:\\Program Files (x86)\\nxlog\n\nModuledir %ROOT%\\modules\nCacheDir %ROOT%\\data\nPidfile %ROOT%\\data\\nxlog.pid\nSpoolDir %ROOT%\\data\nLogFile %ROOT%\\data\\nxlog.log\nLogLevel INFO\n\n\n Module xm_fileop\n \n When @daily\n Exec file_cycle('%ROOT%\\data\\nxlog.log', 7);\n \n\n\n\n\n Module xm_gelf\n # Avoid truncation of the short_message field to 64 characters.\n ShortMessageLength 65536\n\n\n\n Module im_msvistalog\n PollInterval 1\n SavePos True\n ReadFromLast True\n \n #Channel System\n #\n # \n # \n # \n # \n # \n #\n\n\n\n\n\tModule im_file\n\tFile 'C:\\Windows\\MyLogDir\\\\*.log'\n\tPollInterval 1\n\tSavePos\tTrue\n\tReadFromLast True\n\tRecursive False\n\tRenameCheck False\n\tExec $FileName = file_name(); # Send file name with each message\n\n\n\n\n\tModule om_tcp\n\tHost 192.168.1.1\n\tPort 12201\n\tOutputType GELF_TCP\n\t\n\t # These fields are needed for Graylog\n\t $gl2_source_collector = '${sidecar.nodeId}';\n\t $collector_node_id = '${sidecar.nodeName}';\n\t\n\n\n\n\n Path eventlog => gelf\n\n\n Path file => gelf\n\n\n" + } + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "e3d488c0-7439-404a-a614-b39795b01de1", + "data": { + "name": "GREEDYDATA", + "pattern": ".*" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "dashboard", + "version": "2" + }, + "id": "b00f36f9-201b-476b-b234-07b65bd26541", + "data": { + "summary": { + "@type": "string", + "@value": "This is a list of all sources that sent in messages to Graylog." + }, + "search": { + "queries": [ + { + "id": "a1647eb6-a064-4fe6-b459-1e4267d3f659", + "timerange": { + "type": "relative", + "range": 300 + }, + "query": { + "type": "elasticsearch", + "query_string": "" + }, + "search_types": [ + { + "query": null, + "name": "chart", + "timerange": { + "type": "relative", + "range": 300 + }, + "streams": [], + "series": [ + { + "type": "count", + "id": "Message count", + "field": null + } + ], + "filter": null, + "rollup": true, + "row_groups": [ + { + "type": "time", + "field": "timestamp", + "interval": { + "type": "auto", + "scaling": 1 + } + } + ], + "type": "pivot", + "id": "481de18f-938e-40d5-8ab2-6eaf6a28f091", + "column_groups": [], + "sort": [] + }, + { + "query": null, + "name": "chart", + "timerange": { + "type": "relative", + "range": 300 + }, + "streams": [], + "series": [ + { + "type": "count", + "id": "Message count", + "field": null + } + ], + "filter": null, + "rollup": true, + "row_groups": [ + { + "type": "values", + "field": "source", + "limit": 15 + } + ], + "type": "pivot", + "id": "011b2894-49e5-44d8-aab6-8c4d4457a886", + "column_groups": [], + "sort": [ + { + "type": "series", + "field": "count()", + "direction": "Descending" + } + ] + }, + { + "query": null, + "name": "chart", + "timerange": { + "type": "relative", + "range": 300 + }, + "streams": [], + "series": [ + { + "type": "count", + "id": "Message count", + "field": null + } + ], + "filter": null, + "rollup": true, + "row_groups": [ + { + "type": "values", + "field": "source", + "limit": 10 + } + ], + "type": "pivot", + "id": "a964f1c5-e108-4b5e-a907-ffe0b0f0683c", + "column_groups": [], + "sort": [ + { + "type": "series", + "field": "count()", + "direction": "Descending" + } + ] + } + ] + } + ], + "parameters": [], + "requires": {}, + "owner": "admin", + "created_at": "2019-11-22T10:58:47.255Z" + }, + "created_at": "2019-11-22T10:54:50.950Z", + "requires": {}, + "state": { + "a1647eb6-a064-4fe6-b459-1e4267d3f659": { + "selected_fields": null, + "static_message_list_id": null, + "titles": { + "tab": { + "title": "Sources Overview" + }, + "widget": { + "6c127c5d-be75-4157-b43f-ac0194ac0586": "Selected sources", + "92d63811-e4dd-47db-bd3b-db03c8a9bd53": "Messages per Source", + "00637e63-d728-4b3e-932b-7c8696b4855d": "Messages over time" + } + }, + "widgets": [ + { + "id": "92d63811-e4dd-47db-bd3b-db03c8a9bd53", + "type": "aggregation", + "filter": null, + "timerange": { + "type": "relative", + "range": 300 + }, + "query": null, + "streams": [], + "config": { + "visualization": "pie", + "event_annotation": false, + "row_pivots": [ + { + "field": "source", + "type": "values", + "config": { + "limit": 10 + } + } + ], + "series": [ + { + "config": { + "name": "Message count" + }, + "function": "count()" + } + ], + "rollup": true, + "column_pivots": [], + "visualization_config": null, + "formatting_settings": null, + "sort": [ + { + "type": "series", + "field": "count()", + "direction": "Descending" + } + ] + } + }, + { + "id": "6c127c5d-be75-4157-b43f-ac0194ac0586", + "type": "aggregation", + "filter": null, + "timerange": { + "type": "relative", + "range": 300 + }, + "query": null, + "streams": [], + "config": { + "visualization": "table", + "event_annotation": false, + "row_pivots": [ + { + "field": "source", + "type": "values", + "config": { + "limit": 15 + } + } + ], + "series": [ + { + "config": { + "name": "Message count" + }, + "function": "count()" + } + ], + "rollup": true, + "column_pivots": [], + "visualization_config": null, + "formatting_settings": null, + "sort": [ + { + "type": "series", + "field": "count()", + "direction": "Descending" + } + ] + } + }, + { + "id": "00637e63-d728-4b3e-932b-7c8696b4855d", + "type": "aggregation", + "filter": null, + "timerange": { + "type": "relative", + "range": 300 + }, + "query": null, + "streams": [], + "config": { + "visualization": "line", + "event_annotation": false, + "row_pivots": [ + { + "field": "timestamp", + "type": "time", + "config": { + "interval": { + "type": "auto", + "scaling": null + } + } + } + ], + "series": [ + { + "config": { + "name": "Message count" + }, + "function": "count()" + } + ], + "rollup": true, + "column_pivots": [], + "visualization_config": null, + "formatting_settings": null, + "sort": [] + } + } + ], + "widget_mapping": { + "6c127c5d-be75-4157-b43f-ac0194ac0586": [ + "011b2894-49e5-44d8-aab6-8c4d4457a886" + ], + "92d63811-e4dd-47db-bd3b-db03c8a9bd53": [ + "a964f1c5-e108-4b5e-a907-ffe0b0f0683c" + ], + "00637e63-d728-4b3e-932b-7c8696b4855d": [ + "481de18f-938e-40d5-8ab2-6eaf6a28f091" + ] + }, + "positions": { + "6c127c5d-be75-4157-b43f-ac0194ac0586": { + "col": 1, + "row": 5, + "height": 4, + "width": 6 + }, + "92d63811-e4dd-47db-bd3b-db03c8a9bd53": { + "col": 7, + "row": 5, + "height": 4, + "width": 6 + }, + "00637e63-d728-4b3e-932b-7c8696b4855d": { + "col": 1, + "row": 1, + "height": 4, + "width": "Infinity" + } + }, + "formatting": { + "highlighting": [] + }, + "display_mode_settings": { + "positions": {} + } + } + }, + "properties": [], + "owner": "admin", + "title": { + "@type": "string", + "@value": "Sources" + }, + "type": "DASHBOARD", + "description": { + "@type": "string", + "@value": "This is a list of all sources that sent in messages to Graylog. You can narrow the timerange by zooming in on the message histogram, or you can increase the time range by specifying a broader one in the controls at the top. You can also specify filters to limit the results you are seeing. You can also add additional widgets to this dashboard, or adapt the appearance of existing widgets to suit your needs." + } + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "1da7f012-0a89-46a5-910c-75c1918289a5", + "data": { + "name": "BASE16NUM", + "pattern": "(?=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "1c0bba53-ee9d-4cf7-bf1f-02d21955401f", + "data": { + "name": "USER", + "pattern": "%{USERNAME}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "497ef367-b27b-42bb-a81c-50bd29f4817c", + "data": { + "name": "HTTPD20_ERRORLOG", + "pattern": "\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{LOGLEVEL:loglevel}\\] (?:\\[client %{IPORHOST:clientip}\\] ){0,1}%{GREEDYDATA:errormsg}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "42fd8b52-5bb5-40a0-9b83-efe71775d4b4", + "data": { + "name": "SECOND", + "pattern": "(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "5c41392a-5c34-4757-8d8d-2d36b95dab67", + "data": { + "name": "LOGLEVEL", + "pattern": "([Aa]lert|ALERT|[Tt]race|TRACE|[Dd]ebug|DEBUG|[Nn]otice|NOTICE|[Ii]nfo|INFO|[Ww]arn?(?:ing)?|WARN?(?:ING)?|[Ee]rr?(?:or)?|ERR?(?:OR)?|[Cc]rit?(?:ical)?|CRIT?(?:ICAL)?|[Ff]atal|FATAL|[Ss]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "94f1ae77-2e19-43fc-98dd-0b1ecfdb6076", + "data": { + "name": "MINUTE", + "pattern": "(?:[0-5][0-9])" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "31102730-a557-4714-92bd-379b6838baab", + "data": { + "name": "HTTPDUSER", + "pattern": "%{EMAILADDRESS}|%{USER}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "297f4106-f19d-44f5-a860-111f0cec7f55", + "data": { + "name": "YEAR", + "pattern": "(?>\\d\\d){1,2}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "input", + "version": "1" + }, + "id": "77e24609-e2ec-46cf-ab7a-12cde3fe92ca", + "data": { + "title": { + "@type": "string", + "@value": "Laravel" + }, + "configuration": { + "recv_buffer_size": { + "@type": "integer", + "@value": 1048576 + }, + "port": { + "@type": "integer", + "@value": 12201 + }, + "number_worker_threads": { + "@type": "integer", + "@value": 4 + }, + "bind_address": { + "@type": "string", + "@value": "0.0.0.0" + }, + "decompress_size_limit": { + "@type": "integer", + "@value": 8388608 + } + }, + "static_fields": {}, + "type": { + "@type": "string", + "@value": "org.graylog2.inputs.gelf.udp.GELFUDPInput" + }, + "global": { + "@type": "boolean", + "@value": false + }, + "extractors": [] + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "108013a3-5ae7-406c-8b57-3438e36bfd1d", + "data": { + "name": "WINPATH", + "pattern": "(?>[A-Za-z]+:|\\\\)(?:\\\\[^\\\\?*]*)+" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "b25b9489-5cb4-4123-acc3-a6c38ecfccd4", + "data": { + "name": "USERNAME", + "pattern": "[a-zA-Z0-9._-]+" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "ec5722cc-23e8-4f46-81ce-4ff942607c6b", + "data": { + "name": "SYSLOGTIMESTAMP", + "pattern": "%{MONTH} +%{MONTHDAY} %{TIME}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "457ff006-5b18-4775-bf59-4d66bd402018", + "data": { + "name": "URIPROTO", + "pattern": "[A-Za-z]+(\\+[A-Za-z+]+)?" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "1059e583-9144-43da-ae9a-ca44c3f8ea09", + "data": { + "name": "HTTPD24_ERRORLOG", + "pattern": "\\[%{HTTPDERROR_DATE:timestamp}\\] \\[%{WORD:module}:%{LOGLEVEL:loglevel}\\] \\[pid %{POSINT:pid}:tid %{NUMBER:tid}\\]( \\(%{POSINT:proxy_errorcode}\\)%{DATA:proxy_errormessage}:)?( \\[client %{IPORHOST:client}:%{POSINT:clientport}\\])? %{DATA:errorcode}: %{GREEDYDATA:message}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "49c06919-2c80-426d-abad-34ab7f9acc07", + "data": { + "name": "COMBINEDAPACHELOG", + "pattern": "%{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "9cc6556b-3bf4-4a1f-b03f-86653daba4d9", + "data": { + "name": "COMMONAPACHELOG", + "pattern": "%{IPORHOST:clientip} %{HTTPDUSER:ident} %{USER:auth} \\[%{HTTPDATE:timestamp;date;dd/MMM/yyyy:HH:mm:ss Z}\\] \"(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response} (?:%{NUMBER:bytes}|-)" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "e3ff9ecc-341a-4ffa-899b-561245ba32c4", + "data": { + "name": "HTTPD_ERRORLOG", + "pattern": "%{HTTPD20_ERRORLOG}|%{HTTPD24_ERRORLOG}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "90231790-9904-4a76-a811-4d921005cf5d", + "data": { + "name": "MONTHNUM2", + "pattern": "(?:0[1-9]|1[0-2])" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "sidecar_collector", + "version": "1" + }, + "id": "73c5dff8-330d-41ca-bd05-100d85008ee2", + "data": { + "name": { + "@type": "string", + "@value": "filebeat" + }, + "service_type": { + "@type": "string", + "@value": "svc" + }, + "node_operating_system": { + "@type": "string", + "@value": "windows" + }, + "executable_path": { + "@type": "string", + "@value": "C:\\Program Files\\Graylog\\sidecar\\filebeat.exe" + }, + "execute_parameters": { + "@type": "string", + "@value": "-c \"%s\"" + }, + "validation_parameters": { + "@type": "string", + "@value": "test config -c \"%s\"" + }, + "default_template": { + "@type": "string", + "@value": "# Needed for Graylog\nfields_under_root: true\nfields.collector_node_id: ${sidecar.nodeName}\nfields.gl2_source_collector: ${sidecar.nodeId}\n\noutput.logstash:\n hosts: [\"192.168.1.1:5044\"]\npath:\n data: C:\\Program Files\\Graylog\\sidecar\\cache\\filebeat\\data\n logs: C:\\Program Files\\Graylog\\sidecar\\logs\ntags:\n - windows\nfilebeat.inputs:\n- type: log\n enabled: true\n paths:\n - C:\\logs\\log.log\n" + } + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "ba9ab685-0de5-4846-809e-c184a9062374", + "data": { + "name": "IP", + "pattern": "(?:%{IPV6}|%{IPV4})" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "27288d6a-5ba3-4ee4-8413-7648f63424a1", + "data": { + "name": "DATE_US", + "pattern": "%{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "sidecar_collector", + "version": "1" + }, + "id": "b710a7b4-062d-4f4d-ac6e-594735d78b45", + "data": { + "name": { + "@type": "string", + "@value": "winlogbeat" + }, + "service_type": { + "@type": "string", + "@value": "svc" + }, + "node_operating_system": { + "@type": "string", + "@value": "windows" + }, + "executable_path": { + "@type": "string", + "@value": "C:\\Program Files\\Graylog\\sidecar\\winlogbeat.exe" + }, + "execute_parameters": { + "@type": "string", + "@value": "-c \"%s\"" + }, + "validation_parameters": { + "@type": "string", + "@value": "test config -c \"%s\"" + }, + "default_template": { + "@type": "string", + "@value": "# Needed for Graylog\nfields_under_root: true\nfields.collector_node_id: ${sidecar.nodeName}\nfields.gl2_source_collector: ${sidecar.nodeId}\n\noutput.logstash:\n hosts: [\"192.168.1.1:5044\"]\npath:\n data: C:\\Program Files\\Graylog\\sidecar\\cache\\winlogbeat\\data\n logs: C:\\Program Files\\Graylog\\sidecar\\logs\ntags:\n - windows\nwinlogbeat:\n event_logs:\n - name: Application\n - name: System\n - name: Security" + } + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "921e7b58-1d38-4b0c-80e5-a04415b3ef58", + "data": { + "name": "INT", + "pattern": "(?:[+-]?(?:[0-9]+))" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "ff2b8a70-59fd-4af2-a493-ca8b1d2585a9", + "data": { + "name": "PATH", + "pattern": "(?:%{UNIXPATH}|%{WINPATH})" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "1c771f5f-b716-4312-a302-b1fb300117e3", + "data": { + "name": "NONNEGINT", + "pattern": "\\b(?:[0-9]+)\\b" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "a8acf205-e1de-4039-bc41-a08024424409", + "data": { + "name": "SPACE", + "pattern": "\\s*" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "d97c0288-6e96-48e3-948e-88da47d5fecf", + "data": { + "name": "DATESTAMP_RFC822", + "pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "43df0cda-b6e9-4e40-8f67-84e8ef3f85c6", + "data": { + "name": "URIPARAM", + "pattern": "\\?[A-Za-z0-9$.+!*'|(){},~@#%&/=:;_?\\-\\[\\]<>]*" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "1f2a717b-2847-4a80-aeca-fd20c8253cf5", + "data": { + "name": "DATESTAMP", + "pattern": "%{DATE}[- ]%{TIME}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "20b5dabc-dca7-47b2-890d-732e1fcffef7", + "data": { + "name": "WORD", + "pattern": "\\b\\w+\\b" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "e7903224-2b7b-4c32-b36f-b2925d1abbb8", + "data": { + "name": "URI", + "pattern": "%{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "1faa4b48-edee-40a4-9f3d-fd96cfa8034f", + "data": { + "name": "HOUR", + "pattern": "(?:2[0123]|[01]?[0-9])" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "4249fead-f4e4-40cb-a259-f9a8cfe84c51", + "data": { + "name": "SYSLOGHOST", + "pattern": "%{IPORHOST}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "c6845ec4-a6b9-434b-a853-e5e13984cd60", + "data": { + "name": "IPV4", + "pattern": "(?=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "901d80a0-3066-488f-a273-b1a6bbb2c367", + "data": { + "name": "UNIXPATH", + "pattern": "(/([\\w_%!$@:.,~-]+|\\\\.)*)+" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "a55410e6-2cb9-4ba3-b053-af92f0d93fb9", + "data": { + "name": "POSINT", + "pattern": "\\b(?:[1-9][0-9]*)\\b" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "c6336f43-ced0-4996-a130-d3829868851c", + "data": { + "name": "HTTPDATE", + "pattern": "%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "sidecar_collector", + "version": "1" + }, + "id": "8c39c0e1-db3e-4098-bcf2-264ff511f38c", + "data": { + "name": { + "@type": "string", + "@value": "filebeat" + }, + "service_type": { + "@type": "string", + "@value": "exec" + }, + "node_operating_system": { + "@type": "string", + "@value": "linux" + }, + "executable_path": { + "@type": "string", + "@value": "/usr/share/filebeat/bin/filebeat" + }, + "execute_parameters": { + "@type": "string", + "@value": "-c %s" + }, + "validation_parameters": { + "@type": "string", + "@value": "test config -c %s" + }, + "default_template": { + "@type": "string", + "@value": "# Needed for Graylog\nfields_under_root: true\nfields.collector_node_id: ${sidecar.nodeName}\nfields.gl2_source_collector: ${sidecar.nodeId}\n\nfilebeat.inputs:\n- input_type: log\n paths:\n - /var/log/*.log\n type: log\noutput.logstash:\n hosts: [\"192.168.1.1:5044\"]\npath:\n data: /var/lib/graylog-sidecar/collectors/filebeat/data\n logs: /var/lib/graylog-sidecar/collectors/filebeat/log" + } + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "3873a640-d4f9-494e-afe4-f4d6cbcd2dd6", + "data": { + "name": "QUOTEDSTRING", + "pattern": "(?>(?\"(?>\\\\.|[^\\\\\"]+)+\"|\"\"|(?>'(?>\\\\.|[^\\\\']+)+')|''|(?>`(?>\\\\.|[^\\\\`]+)+`)|``))" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "ff210553-4c85-4fe5-b227-24bb2e2834c0", + "data": { + "name": "URIPATHPARAM", + "pattern": "%{URIPATH}(?:%{URIPARAM})?" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "4532a4e6-ef98-4792-abf8-5087e151357b", + "data": { + "name": "BASE10NUM", + "pattern": "(?[+-]?(?:(?:[0-9]+(?:\\.[0-9]+)?)|(?:\\.[0-9]+)))" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "a3b4d934-b4c9-4195-8917-977b541fe59b", + "data": { + "name": "DATESTAMP_OTHER", + "pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "e8b3bbfd-e4c4-4977-ad2b-958f3f19beca", + "data": { + "name": "DATESTAMP_RFC2822", + "pattern": "%{DAY}, %{MONTHDAY} %{MONTH} %{YEAR} %{TIME} %{ISO8601_TIMEZONE}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "d15f93b3-32b4-4f00-9070-517df931739e", + "data": { + "name": "QS", + "pattern": "%{QUOTEDSTRING}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "368729d0-d26a-4f49-aee2-9fc6341610b1", + "data": { + "name": "DATE_EU", + "pattern": "%{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "c939b28d-53f1-4103-97c1-808d370f3477", + "data": { + "name": "ISO8601_SECOND", + "pattern": "(?:%{SECOND}|60)" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "d923db54-9d8c-4156-b4bd-9abf3fc0eb36", + "data": { + "name": "EMAILLOCALPART", + "pattern": "[a-zA-Z][a-zA-Z0-9_.+-=:]+" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "a4a81def-c227-4ed0-b957-27b5521080d2", + "data": { + "name": "URIPATH", + "pattern": "(?:/[A-Za-z0-9$.+!*'(){},~:;=@#%_\\-]*)+" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "c46e2be4-5618-426c-add9-e639a43ddec7", + "data": { + "name": "NUMBER", + "pattern": "(?:%{BASE10NUM})" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "47ccb32f-27b7-4e56-8b25-d053886e977b", + "data": { + "name": "SYSLOGPROG", + "pattern": "%{PROG:program}(?:\\[%{POSINT:pid}\\])?" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "0439144b-5882-412d-9402-7b96a339a9c4", + "data": { + "name": "BASE16FLOAT", + "pattern": "\\b(?=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "4305f22c-6497-4a29-8e3b-8fa5bb9071d8", + "data": { + "name": "DATE", + "pattern": "%{DATE_US}|%{DATE_EU}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "b95ed6d7-ebce-4480-bd07-7dab74acaf1c", + "data": { + "name": "TTY", + "pattern": "(?:/dev/(pts|tty([pq])?)(\\w+)?/?(?:[0-9]+))" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "876c0e77-0dc7-4c84-9faa-4eecd4ad2461", + "data": { + "name": "TIME", + "pattern": "(?!<[0-9])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![0-9])" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "c12a7dff-d565-47c2-83c2-066f4ef1ecce", + "data": { + "name": "HOSTNAME", + "pattern": "\\b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\\.?|\\b)" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "24b268d0-7532-4e72-ac39-01328c8b37ae", + "data": { + "name": "IPORHOST", + "pattern": "(?:%{IP}|%{HOSTNAME})" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "6cfc22e7-cf55-422f-804c-dc2784f2a174", + "data": { + "name": "IPV6", + "pattern": "((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "33490e99-1310-44ea-9478-54d9701b95d0", + "data": { + "name": "MONTH", + "pattern": "\\b(?:Jan(?:uary|uar)?|Feb(?:ruary|ruar)?|M(?:a|รค)?r(?:ch|z)?|Apr(?:il)?|Ma(?:y|i)?|Jun(?:e|i)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|O(?:c|k)?t(?:ober)?|Nov(?:ember)?|De(?:c|z)(?:ember)?)\\b" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "sidecar_collector", + "version": "1" + }, + "id": "1870a97f-b5bb-4131-b6f9-fc3dee54610e", + "data": { + "name": { + "@type": "string", + "@value": "nxlog" + }, + "service_type": { + "@type": "string", + "@value": "exec" + }, + "node_operating_system": { + "@type": "string", + "@value": "linux" + }, + "executable_path": { + "@type": "string", + "@value": "/usr/bin/nxlog" + }, + "execute_parameters": { + "@type": "string", + "@value": "-f -c %s" + }, + "validation_parameters": { + "@type": "string", + "@value": "-v -c %s" + }, + "default_template": { + "@type": "string", + "@value": "define ROOT /usr/bin\n\n\n Module xm_gelf\n # Avoid truncation of the short_message field to 64 characters.\n ShortMessageLength 65536\n\n\n\n Module xm_syslog\n\n\nUser nxlog\nGroup nxlog\n\nModuledir /usr/lib/nxlog/modules\nCacheDir /var/spool/nxlog/data\nPidFile /var/run/nxlog/nxlog.pid\nLogFile /var/log/nxlog/nxlog.log\nLogLevel INFO\n\n\n\n\tModule im_file\n\tFile '/var/log/*.log'\n\tPollInterval 1\n\tSavePos\tTrue\n\tReadFromLast True\n\tRecursive False\n\tRenameCheck False\n\tExec $FileName = file_name(); # Send file name with each message\n\n\n#\n#\tModule im_udp\n#\tHost 127.0.0.1\n#\tPort 514\n#\tExec parse_syslog_bsd();\n#\n\n\n\tModule om_tcp\n\tHost 192.168.1.1\n\tPort 12201\n\tOutputType GELF_TCP\n\t\n\t # These fields are needed for Graylog\n\t $gl2_source_collector = '${sidecar.nodeId}';\n\t $collector_node_id = '${sidecar.nodeName}';\n\t\n\n\n\n\n Path file => gelf\n\n#\n# Path syslog-udp => gelf\n#\n\n\n" + } + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "d10a122f-7400-4b7f-ab53-da77e2f2680d", + "data": { + "name": "HOSTPORT", + "pattern": "%{IPORHOST}:%{POSINT}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "e2a64161-bddb-4cad-92b0-12aeff55a97d", + "data": { + "name": "COMMONMAC", + "pattern": "(?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "64478ff4-a531-428f-8d58-c258d28e6534", + "data": { + "name": "URIHOST", + "pattern": "%{IPORHOST}(?::%{POSINT:port})?" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "36dad036-c900-4447-a24c-9e02201014f5", + "data": { + "name": "DATESTAMP_EVENTLOG", + "pattern": "%{YEAR}%{MONTHNUM2}%{MONTHDAY}%{HOUR}%{MINUTE}%{SECOND}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "a3edd0da-5f3e-483f-b84e-5e4e62efa061", + "data": { + "name": "MONTHDAY", + "pattern": "(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "a30635e9-a888-42ab-9a3d-407392f2c95d", + "data": { + "name": "DAY", + "pattern": "(?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "d38921ef-5635-46bc-8e0e-07ade347b6e8", + "data": { + "name": "PROG", + "pattern": "[\\x21-\\x5a\\x5c\\x5e-\\x7e]+" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "ad53591c-32d2-4c91-886e-39e31d4a80a9", + "data": { + "name": "WINDOWSMAC", + "pattern": "(?:(?:[A-Fa-f0-9]{2}-){5}[A-Fa-f0-9]{2})" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "6c60a9cb-7098-4d13-8197-03551a64aab4", + "data": { + "name": "ISO8601_TIMEZONE", + "pattern": "(?:Z|[+-]%{HOUR}(?::?%{MINUTE}))" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "7fa32594-0c1c-452a-a909-5e714e5912b2", + "data": { + "name": "TZ", + "pattern": "(?:[PMCE][SD]T|UTC)" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "b46b9b9d-433f-4e58-afb1-c110f6f4a0f2", + "data": { + "name": "EMAILADDRESS", + "pattern": "%{EMAILLOCALPART}@%{HOSTNAME}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "285fde1c-3afb-4138-bf2e-91b7ecdb0056", + "data": { + "name": "UUID", + "pattern": "[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{12}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "d4edab73-7392-45a8-be01-ba1130455055", + "data": { + "name": "DATA", + "pattern": ".*?" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "8e1db82b-161e-4f09-9fdc-bb3f42dafbd8", + "data": { + "name": "HTTPDERROR_DATE", + "pattern": "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "091038b0-d328-4eea-a20a-6dd638c07b52", + "data": { + "name": "MAC", + "pattern": "(?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "e8c5f48b-5f11-4a88-920c-2517a0b75c24", + "data": { + "name": "TIMESTAMP_ISO8601", + "pattern": "%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "640e251f-bf9e-4fea-abbc-49c933d3f8f4", + "data": { + "name": "SYSLOGFACILITY", + "pattern": "<%{NONNEGINT:facility}.%{NONNEGINT:priority}>" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + }, + { + "v": "1", + "type": { + "name": "grok_pattern", + "version": "1" + }, + "id": "9f56b9b6-a7c7-4caa-be72-68571a917d52", + "data": { + "name": "NOTSPACE", + "pattern": "\\S+" + }, + "constraints": [ + { + "type": "server-version", + "version": ">=4.0.5+d95b909" + } + ] + } + ] +} \ No newline at end of file