modseccfg: Update of "logfmt1/share"

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview

Artifact ID:	1c9872f112b4020ed69a6b953852ee1eecb8ae2c95cf41204b98c5a97faac96e
Page Name:	logfmt1/share
Date:	2020-12-16 15:18:01
Original User:	mario
Mimetype:	text/x-markdown
Parent:	2f0f786c5caa2db317b83333512325913662350967b25ea5af96b1141fae32b9 (diff)
Next	960ffb536c9a4c35dacf8746ea9e150173d3fad3e4e8148f3e7b3152fdd83188

Content

*.fmt placeholder definitions should got to /usr/share/logfmt. They take precedence over the ones bundles in the pip packge, or the builtins in logfmt1.rulesdb

apache generic

placeholder	id	regex	grok/fmt-recursion	description/reference
%a	remote_addr	[d.:a-f]+	-	???
%{c}a	remote_addr	[d.:a-f]+	-	???
%h	remote_host	[w-.:]+	-	???
%{c}h	remote_host	[w-.:]+	-	???
%A	local_address	[d.:a-f]+	-	???
%u	remote_user	[-w@.]+	-	???
%l	remote_logname	[w-.:]+	-	???
%t	request_time	[?(d[d:ws:./-+,;]+)]?	-	???
%{u}t	request_time	d+/w+/d+:d+:d+:d+.d+s+d+	-	???
%{cu}t	request_time	d+-w+-d+sd+:d+:d+.d+	-	???
%{msec_frac}t	msec_frac	[d.]+	-	???
%{usec_frac}t	usec_frac	[d.]+	-	???
%f	request_file	^misref+	-	???
%b	bytes_sent	d+¦-	-	???
%B	bytes_sent	d+¦-	-	???
%O	bytes_out	d+	-	???
%I	bytes_in	d+	-	???
%S	bytes_combined	d+	-	???
%E	apr_status	w+	-	???
%M	message	.+	-	???
%L	log_id	[w-.]+	-	???
%{c}L	log_id	[w-.]+	-	???
%{C}L	log_id	[w-.]*	-	???
%V	server_name	[w-.]+	-	???
%v	virtual_host	[w-.]+	-	???
%p	server_port	d+	-	???
%{local}p	server_port	d+	-	???
%{canonical}p	canonical_port	[w.]+	-	???
%{remote}p	remote_port	d+	-	???
%P	pid	d+	-	???
%{g}T	tid	d+	-	???
%{tid}P	tid	d+	-	???
%{pid}P	pid	d+	-	???
%{hextid}P	tid	w+	-	???
%{hexpid}P	pid	w+	-	???
%H	request_protocol	[w/d.]+	-	???
%m	request_method	[w.]+	-	???
%q	request_query	??S*	-	???
%F	file_line	[/w-.:(d)]+	-	???
%X	connection_status	[Xx+-.d]+	-	???
%k	keepalives	d+	-	???
%r	request_line	(?<request_method>w+) (?<request_path>S+) (?<request_protocol>[w/d.]+)	-	???
%D	request_duration_microseconds	d+	-	???
%T	request_duration_scaled	[d.]+	-	???
%{s}T	request_duration_seconds	d+	-	???
%{us}T	request_duration_microseconds	d+	-	???
%{ms}T	request_duration_milliseconds	d+	-	???
%U	request_uri	S+(?<!")	-	???
%s	status	d+	-	???
%>s	status	-¦ddd	-	???
%R	handler	[w:.-]+	-	???
%^FU	ttfu	-¦d+	-	???
%^FB	ttfb	-¦d+	-	???
%^ĴS	json	{(?:[w:,s[]]+¦"(?:^misref+¦\.)*")}	-	???
%{Referer}i	referer	^misref*	-	???
%{User-Agent}i	user_agent	(?:^misref+¦\")*	-	???
%{(^misref+)}t	request_time	None	strftime	???
%[<>]?{([w-]+)}[Conexic]	$1	S+	None	???
%{([w-]+)}^t[io]	$1	S+	None	???

strftime

placeholder	id	regex	grok/fmt-recursion	description/reference
%a	tm_wday	w+	-	strftime(3)
%A	tm_wday	w+	-	strftime(3)
%b	tm_mon	w+	-	strftime(3)
%B	tm_mon	w+	-	strftime(3)
%c	tm_dt	[-:/.wd]+	-	strftime(3)
%C	tm_cent	dd	-	strftime(3)
%d	tm_mday	dd	-	strftime(3)
%D	tm_mdy	d+/d+/d+	-	strftime(3)
%e	tm_mday	[ds]d	-	strftime(3)
%F	tm_date	dddd-dd-dd	-	strftime(3)
%G	tm_wyear	dddd	-	strftime(3)
%g	tm_wyearnc	dd	-	strftime(3)
%h	tm_mon	w+	-	strftime(3)
%H	tm_hour	dd	-	strftime(3)
%I	tm_hour	dd	-	strftime(3)
%j	tm_yday	ddd	-	strftime(3)
%k	tm_hour	dd	-	strftime(3)
%l	tm_hour	[ds]d	-	strftime(3)
%m	tm_mon	dd	-	strftime(3)
%M	tm_min	dd	-	strftime(3)
%n	newline	n	-	strftime(3)
%p	tm_ampm	AM¦PM	-	strftime(3)
%P	tm_ampm	am¦pm	-	strftime(3)
%r	tm_time	dd:dd:dd [AMPM]{2}	-	strftime(3)
%R	tm_time	dd:dd	-	strftime(3)
%s	tm_epoch	d+	-	strftime(3)
%S	tm_sec	dd	-	strftime(3)
%t	tab	t	-	strftime(3)
%T	tm_time	dd:dd:dd	-	strftime(3)
%u	tm_wday	[1-7]	-	strftime(3)
%U	tm_yday	[0-5]d¦5[0123]	-	strftime(3)
%V	tm_yday	dd	-	strftime(3)
%w	tm_wday	[0-6]	-	strftime(3)
%W	tm_yday	dd	-	strftime(3)
%x	tm_ldate	[-./d]+	-	strftime(3)
%X	tm_ltime	[:.d]+	-	strftime(3)
%y	tm_year	dd	-	strftime(3)
%Y	tm_year	dddd	-	strftime(3)
%z	tm_tz	[-+]dddd	-	strftime(3)
%Z	tm_tz	w+	-	strftime(3)
%+	tm_date	[-/:. wd]+	-	strftime(3)
%%	percent	%	-	strftime(3)

grok

placeholder	id	regex	grok/fmt-recursion	description/reference
%{GROK:((?:^misref+	{^misref+})+)}		None	grok	grok formats
%{USERNAME:([w.-]+)}	$1	[a-zA-Z0-9._-]+	USERNAME	grok formats
%{USER:([w.-]+)}	$1	[a-zA-Z0-9._-]+	USER	grok formats
%{INT:([w.-]+)}	$1	(?:[+-]?(?:[0-9]+))	INT	grok formats
%{BASE10NUM:([w.-]+)}	$1	(?<![0-9.+-])(?>[+-]?(?:(?:[0-9]+(?:.[0-9]+)?)¦(?…	BASE10NUM	grok formats
%{NUMBER:([w.-]+)}	$1	(?:(?<![0-9.+-])(?>[+-]?(?:(?:[0-9]+(?:.[0-9]+)?)…	NUMBER	grok formats
%{BASE16NUM:([w.-]+)}	$1	(?<![0-9A-Fa-f])(?:[+-]?(?:0x)?(?:[0-9A-Fa-f]+))	BASE16NUM	grok formats
%{BASE16FLOAT:([w.-]+)}	$1	(?<![0-9A-Fa-f.])(?:[+-]?(?:0x)?(?:(?:[0-9A-Fa-f]…	BASE16FLOAT	grok formats
%{POSINT:([w.-]+)}	$1	(?:[1-9][0-9]*)	POSINT	grok formats
%{NONNEGINT:([w.-]+)}	$1	(?:[0-9]+)	NONNEGINT	grok formats
%{WORD:([w.-]+)}	$1	w+	WORD	grok formats
%{NOTSPACE:([w.-]+)}	$1	S+	NOTSPACE	grok formats
%{SPACE:([w.-]+)}	$1	s*	SPACE	grok formats
%{DATA:([w.-]+)}	$1	.*?	DATA	grok formats
%{GREEDYDATA:([w.-]+)}	$1	.*	GREEDYDATA	grok formats
%{QUOTEDSTRING:([w.-]+)}	$1	(?>(?<!)(?>"(?>.¦^misref+)+"¦""¦(?>'(?>.¦^misref+)+…	QUOTEDSTRING	grok formats
%{UUID:([w.-]+)}	$1	[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{1…	UUID	grok formats
%{MAC:([w.-]+)}	$1	(?:(?:(?:[A-Fa-f0-9]{4}.){2}[A-Fa-f0-9]{4})¦(?:(?…	MAC	grok formats
%{CISCOMAC:([w.-]+)}	$1	(?:(?:[A-Fa-f0-9]{4}.){2}[A-Fa-f0-9]{4})	CISCOMAC	grok formats
%{WINDOWSMAC:([w.-]+)}	$1	(?:(?:[A-Fa-f0-9]{2}-){5}[A-Fa-f0-9]{2})	WINDOWSMAC	grok formats
%{COMMONMAC:([w.-]+)}	$1	(?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})	COMMONMAC	grok formats
%{IPV6:([w.-]+)}	$1	((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}¦:))¦(([0…	IPV6	grok formats
%{IPV4:([w.-]+)}	$1	(?<![0-9])(?:(?:25[0-5]¦2[0-4][0-9]¦[0-1]?[0-9]{1,…	IPV4	grok formats
%{IP:([w.-]+)}	$1	(?:((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}¦:))¦(…	IP	grok formats
%{HOSTNAME:([w.-]+)}	$1	(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:.(?:[0-9A-Za…	HOSTNAME	grok formats
%{HOST:([w.-]+)}	$1	(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:.(?:[0-9A-Za…	HOST	grok formats
%{IPORHOST:([w.-]+)}	$1	(?:(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:.(?:[0-9A…	IPORHOST	grok formats
%{HOSTPORT:([w.-]+)}	$1	(?:(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:.(?:[0-9A…	HOSTPORT	grok formats
%{PATH:([w.-]+)}	$1	(?:(?>/(?>[w_%!$@:.,-]+¦.)*)+¦(?>[A-Za-z]+:¦)(?…	PATH	grok formats
%{UNIXPATH:([w.-]+)}	$1	(?>/(?>[w_%!$@:.,-]+¦.)*)+	UNIXPATH	grok formats
%{TTY:([w.-]+)}	$1	(?:/dev/(pts¦tty([pq])?)(w+)?/?(?:[0-9]+))	TTY	grok formats
%{WINPATH:([w.-]+)}	$1	(?>[A-Za-z]+:¦)(?:[^?])+	WINPATH	grok formats
%{URIPROTO:([w.-]+)}	$1	[A-Za-z]+(+[A-Za-z+]+)?	URIPROTO	grok formats
%{URIHOST:([w.-]+)}	$1	(?:(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:.(?:[0-9A…	URIHOST	grok formats
%{URIPATH:([w.-]+)}	$1	(?:/[A-Za-z0-9$.+!'(){},~:;=@#%_-])+	URIPATH	grok formats
%{URIPARAM:([w.-]+)}	$1	?[A-Za-z0-9$.+!'¦(){},~@#%&/=:;_?-[]]	URIPARAM	grok formats
%{URIPATHPARAM:([w.-]+)}	$1	(?:/[A-Za-z0-9$.+!'(){},~:;=@#%_-])+(?:?[A-Za-…	URIPATHPARAM	grok formats
%{URI:([w.-]+)}	$1	[A-Za-z]+(+[A-Za-z+]+)?://(?:[a-zA-Z0-9._-]+(?::[…	URI	grok formats
%{MONTH:([w.-]+)}	$1	(?:Jan(?:uary)?¦Feb(?:ruary)?¦Mar(?:ch)?¦Apr(?:il…	MONTH	grok formats
%{MONTHNUM:([w.-]+)}	$1	(?:0?[1-9]¦1[0-2])	MONTHNUM	grok formats
%{MONTHNUM2:([w.-]+)}	$1	(?:0[1-9]¦1[0-2])	MONTHNUM2	grok formats
%{MONTHDAY:([w.-]+)}	$1	(?:(?:0[1-9])¦(?:[12][0-9])¦(?:3[01])¦[1-9])	MONTHDAY	grok formats
%{DAY:([w.-]+)}	$1	(?:Mon(?:day)?¦Tue(?:sday)?¦Wed(?:nesday)?¦Thu(?:r…	DAY	grok formats
%{YEAR:([w.-]+)}	$1	(?>dd){1,2}	YEAR	grok formats
%{HOUR:([w.-]+)}	$1	(?:2[0123]¦[01]?[0-9])	HOUR	grok formats
%{MINUTE:([w.-]+)}	$1	(?:[0-5][0-9])	MINUTE	grok formats
%{SECOND:([w.-]+)}	$1	(?:(?:[0-5]?[0-9]¦60)(?:[:.,][0-9]+)?)	SECOND	grok formats
%{TIME:([w.-]+)}	$1	(?!<[0-9])(?:2[0123]¦[01]?[0-9]):(?:[0-5][0-9])(?:…	TIME	grok formats
%{DATE_US:([w.-]+)}	$1	(?:0?[1-9]¦1[0-2])/-¦(?:[12][0-9])¦…	DATE_US	grok formats
%{DATE_EU:([w.-]+)}	$1	(?:(?:0[1-9])¦(?:[12][0-9])¦(?:3[01])¦[1-9])[./-](…	DATE_EU	grok formats
%{ISO8601_TIMEZONE:([w.-]+)}	$1	(?:Z¦+-(?::?(?:[0-5][0-9])…	ISO8601_TIMEZONE	grok formats
%{ISO8601_SECOND:([w.-]+)}	$1	(?:(?:(?:[0-5]?[0-9]¦60)(?:[:.,][0-9]+)?)¦60)	ISO8601_SECOND	grok formats
%{TIMESTAMP_ISO8601:([w.-]+)}	$1	(?>dd){1,2}-(?:0?[1-9]¦1[0-2])-(?:(?:0[1-9])¦(?:…	TIMESTAMP_ISO8601	grok formats
%{DATE:([w.-]+)}	$1	(?:0?[1-9]¦1[0-2])/-¦(?:[12][0-9])¦…	DATE	grok formats
%{DATESTAMP:([w.-]+)}	$1	(?:0?[1-9]¦1[0-2])/-¦(?:[12][0-9])¦…	DATESTAMP	grok formats
%{TZ:([w.-]+)}	$1	(?:[PMCE][SD]T¦UTC)	TZ	grok formats
%{DATESTAMP_RFC822:([w.-]+)}	$1	(?:Mon(?:day)?¦Tue(?:sday)?¦Wed(?:nesday)?¦Thu(?:r…	DATESTAMP_RFC822	grok formats
%{DATESTAMP_RFC2822:([w.-]+)}	$1	(?:Mon(?:day)?¦Tue(?:sday)?¦Wed(?:nesday)?¦Thu(?:r…	DATESTAMP_RFC2822	grok formats
%{DATESTAMP_OTHER:([w.-]+)}	$1	(?:Mon(?:day)?¦Tue(?:sday)?¦Wed(?:nesday)?¦Thu(?:r…	DATESTAMP_OTHER	grok formats
%{DATESTAMP_EVENTLOG:([w.-]+)}	$1	(?>dd){1,2}(?:0[1-9]¦1[0-2])(?:(?:0[1-9])¦(?:[12…	DATESTAMP_EVENTLOG	grok formats
%{SYSLOGTIMESTAMP:([w.-]+)}	$1	(?:Jan(?:uary)?¦Feb(?:ruary)?¦Mar(?:ch)?¦Apr(?:il…	SYSLOGTIMESTAMP	grok formats
%{PROG:([w.-]+)}	$1	(?:[w._/%-]+)	PROG	grok formats
%{SYSLOGPROG:([w.-]+)}	$1	(?<program>(?:[w._/%-]+))(?:[(?<pid>(?:[1-9][0-…	SYSLOGPROG	grok formats
%{SYSLOGHOST:([w.-]+)}	$1	(?:(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:.(?:[0-9A…	SYSLOGHOST	grok formats
%{SYSLOGFACILITY:([w.-]+)}	$1	<(?<facility>(?:[0-9]+)).(?<priority>(?:[0-9]+)…	SYSLOGFACILITY	grok formats
%{HTTPDATE:([w.-]+)}	$1	(?:(?:0[1-9])¦(?:[12][0-9])¦(?:3[01])¦[1-9])/(?:J…	HTTPDATE	grok formats
%{QS:([w.-]+)}	$1	(?>(?<!)(?>"(?>.¦^misref+)+"¦""¦(?>'(?>.¦^misref+)+…	QS	grok formats
%{LOGLEVEL:([w.-]+)}	$1	([Aa]lert¦ALERT¦[Tt]race¦TRACE¦[Dd]ebug¦DEBUG¦[Nn]…	LOGLEVEL	grok formats

^{^ a b c d e f g h i j k} Misreference