modseccfg: Update of "logfmt1/share"

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview

Artifact ID:	c2bbcf7ed1477278d254b4b7827d9de7bf37c995bd6bceca82897881475eb315
Page Name:	logfmt1/share
Date:	2020-12-16 15:21:44
Original User:	mario
Mimetype:	text/x-markdown
Parent:	960ffb536c9a4c35dacf8746ea9e150173d3fad3e4e8148f3e7b3152fdd83188 (diff)
Next	90a712551559b5d460954fc40e38785ec21a9f606c7f592e0caa7529e2112dc8

Content

*.fmt placeholder definitions should got to /usr/share/logfmt. They take precedence over the ones bundles in the pip packge, or the builtins in logfmt1.rulesdb

apache generic

placeholder	id	regex	grok/fmt-recursion	description/reference
%a	remote_addr	`[\d.:a-f]+`	-	mod_log_config.c/log_io.c
%{c}a	remote_addr	`[\d.:a-f]+`	-	mod_log_config.c/log_io.c
%h	remote_host	`[\w\-.:]+`	-	mod_log_config.c/log_io.c
%{c}h	remote_host	`[\w\-.:]+`	-	mod_log_config.c/log_io.c
%A	local_address	`[\d.:a-f]+`	-	mod_log_config.c/log_io.c
%u	remote_user	`[\-\w@.]+`	-	mod_log_config.c/log_io.c
%l	remote_logname	`[\w\-.:]+`	-	mod_log_config.c/log_io.c
%t	request_time	`\[?(\d[\d:\w\s:./\-+,;]+)\]?`	-	mod_log_config.c/log_io.c
%{u}t	request_time	`\d+/\w+/\d+:\d+:\d+:\d+\.\d+\s\+\d+`	-	mod_log_config.c/log_io.c
%{cu}t	request_time	`\d+-\w+-\d+\s\d+:\d+:\d+\.\d+`	-	mod_log_config.c/log_io.c
%{msec_frac}t	msec_frac	`[\d.]+`	-	mod_log_config.c/log_io.c
%{usec_frac}t	usec_frac	`[\d.]+`	-	mod_log_config.c/log_io.c
%f	request_file	`[^\s"]+`	-	mod_log_config.c/log_io.c
%b	bytes_sent	`\d+¦-`	-	mod_log_config.c/log_io.c
%B	bytes_sent	`\d+¦-`	-	mod_log_config.c/log_io.c
%O	bytes_out	`\d+`	-	mod_log_config.c/log_io.c
%I	bytes_in	`\d+`	-	mod_log_config.c/log_io.c
%S	bytes_combined	`\d+`	-	mod_log_config.c/log_io.c
%E	apr_status	`\w+`	-	mod_log_config.c/log_io.c
%M	message	`.+`	-	mod_log_config.c/log_io.c
%L	log_id	`[\w\-\.]+`	-	mod_log_config.c/log_io.c
%{c}L	log_id	`[\w\-\.]+`	-	mod_log_config.c/log_io.c
%{C}L	log_id	`[\w\-\.]*`	-	mod_log_config.c/log_io.c
%V	server_name	`[\w\-\.]+`	-	mod_log_config.c/log_io.c
%v	virtual_host	`[\w\-\.]+`	-	mod_log_config.c/log_io.c
%p	server_port	`\d+`	-	mod_log_config.c/log_io.c
%{local}p	server_port	`\d+`	-	mod_log_config.c/log_io.c
%{canonical}p	canonical_port	`[\w.]+`	-	mod_log_config.c/log_io.c
%{remote}p	remote_port	`\d+`	-	mod_log_config.c/log_io.c
%P	pid	`\d+`	-	mod_log_config.c/log_io.c
%{g}T	tid	`\d+`	-	mod_log_config.c/log_io.c
%{tid}P	tid	`\d+`	-	mod_log_config.c/log_io.c
%{pid}P	pid	`\d+`	-	mod_log_config.c/log_io.c
%{hextid}P	tid	`\w+`	-	mod_log_config.c/log_io.c
%{hexpid}P	pid	`\w+`	-	mod_log_config.c/log_io.c
%H	request_protocol	`[\w/\d.]+`	-	mod_log_config.c/log_io.c
%m	request_method	`[\w.]+`	-	mod_log_config.c/log_io.c
%q	request_query	`\??\S*`	-	mod_log_config.c/log_io.c
%F	file_line	`[/\w\-.:(\d)]+`	-	mod_log_config.c/log_io.c
%X	connection_status	`[Xx+\-.\d]+`	-	mod_log_config.c/log_io.c
%k	keepalives	`\d+`	-	mod_log_config.c/log_io.c
%r	request_line	`(?<request_method>\w+) (?<request_path>\S+) (?<request_protocol>[\w/\d.]+)`	-	mod_log_config.c/log_io.c
%D	request_duration_microseconds	`\d+`	-	mod_log_config.c/log_io.c
%T	request_duration_scaled	`[\d.]+`	-	mod_log_config.c/log_io.c
%{s}T	request_duration_seconds	`\d+`	-	mod_log_config.c/log_io.c
%{us}T	request_duration_microseconds	`\d+`	-	mod_log_config.c/log_io.c
%{ms}T	request_duration_milliseconds	`\d+`	-	mod_log_config.c/log_io.c
%U	request_uri	`\S+(?<!")`	-	mod_log_config.c/log_io.c
%s	status	`\d+`	-	mod_log_config.c/log_io.c
%>s	status	`-¦\d\d\d`	-	mod_log_config.c/log_io.c
%R	handler	`[\w:.\-]+`	-	mod_log_config.c/log_io.c
%^FU	ttfu	`-¦\d+`	-	mod_log_config.c/log_io.c
%^FB	ttfb	`-¦\d+`	-	mod_log_config.c/log_io.c
%^ĴS	json	`\{(?:[\w:,\s\[\]]+¦"(?:[^\\"]+¦\\.)*")\}`	-	mod_log_config.c/log_io.c
%{Referer}i	referer	`[^"]*`	-	mod_log_config.c/log_io.c
%{User-Agent}i	user_agent	`(?:[^"]+¦\\")*`	-	mod_log_config.c/log_io.c
%{(^misref+)}t	request_time	`None`	strftime	mod_log_config.c/log_io.c
%[<>]?{([w-]+)}[Conexic]	$1	`\S+`	None	mod_log_config.c/log_io.c
%{([w-]+)}^t[io]	$1	`\S+`	None	mod_log_config.c/log_io.c

strftime

placeholder	id	regex	grok/fmt-recursion	description/reference
%a	tm_wday	`\w+`	-	strftime(3)
%A	tm_wday	`\w+`	-	strftime(3)
%b	tm_mon	`\w+`	-	strftime(3)
%B	tm_mon	`\w+`	-	strftime(3)
%c	tm_dt	`[-:/.\w\d]+`	-	strftime(3)
%C	tm_cent	`\d\d`	-	strftime(3)
%d	tm_mday	`\d\d`	-	strftime(3)
%D	tm_mdy	`\d+/\d+/\d+`	-	strftime(3)
%e	tm_mday	`[\d\s]\d`	-	strftime(3)
%F	tm_date	`\d\d\d\d-\d\d-\d\d`	-	strftime(3)
%G	tm_wyear	`\d\d\d\d`	-	strftime(3)
%g	tm_wyearnc	`\d\d`	-	strftime(3)
%h	tm_mon	`\w+`	-	strftime(3)
%H	tm_hour	`\d\d`	-	strftime(3)
%I	tm_hour	`\d\d`	-	strftime(3)
%j	tm_yday	`\d\d\d`	-	strftime(3)
%k	tm_hour	`\d\d`	-	strftime(3)
%l	tm_hour	`[\d\s]\d`	-	strftime(3)
%m	tm_mon	`\d\d`	-	strftime(3)
%M	tm_min	`\d\d`	-	strftime(3)
%n	newline	`\n`	-	strftime(3)
%p	tm_ampm	`AM¦PM`	-	strftime(3)
%P	tm_ampm	`am¦pm`	-	strftime(3)
%r	tm_time	`\d\d:\d\d:\d\d [AMPM]{2}`	-	strftime(3)
%R	tm_time	`\d\d:\d\d`	-	strftime(3)
%s	tm_epoch	`\d+`	-	strftime(3)
%S	tm_sec	`\d\d`	-	strftime(3)
%t	tab	`\t`	-	strftime(3)
%T	tm_time	`\d\d:\d\d:\d\d`	-	strftime(3)
%u	tm_wday	`[1-7]`	-	strftime(3)
%U	tm_yday	`[0-5]\d¦5[0123]`	-	strftime(3)
%V	tm_yday	`\d\d`	-	strftime(3)
%w	tm_wday	`[0-6]`	-	strftime(3)
%W	tm_yday	`\d\d`	-	strftime(3)
%x	tm_ldate	`[-./\d]+`	-	strftime(3)
%X	tm_ltime	`[:.\d]+`	-	strftime(3)
%y	tm_year	`\d\d`	-	strftime(3)
%Y	tm_year	`\d\d\d\d`	-	strftime(3)
%z	tm_tz	`[-+]\d\d\d\d`	-	strftime(3)
%Z	tm_tz	`\w+`	-	strftime(3)
%+	tm_date	`[-/:. \w\d]+`	-	strftime(3)
%%	percent	`%`	-	strftime(3)

grok

placeholder	id	regex	grok/fmt-recursion	description/reference
`%\{GROK:((?:[^{}]+\|\{[^{}]+\})+)\}`		`None`	grok	grok formats
%{USERNAME:([w.-]+)}	$1	`[a-zA-Z0-9._-]+`	USERNAME	grok formats
%{USER:([w.-]+)}	$1	`[a-zA-Z0-9._-]+`	USER	grok formats
%{INT:([w.-]+)}	$1	`(?:[+-]?(?:[0-9]+))`	INT	grok formats
%{BASE10NUM:([w.-]+)}	$1	`(?<![0-9.+-])(?>[+-]?(?:(?:[0-9]+(?:\.[0-9]+)?)¦(?…`	BASE10NUM	grok formats
%{NUMBER:([w.-]+)}	$1	`(?:(?<![0-9.+-])(?>[+-]?(?:(?:[0-9]+(?:\.[0-9]+)?)…`	NUMBER	grok formats
%{BASE16NUM:([w.-]+)}	$1	`(?<![0-9A-Fa-f])(?:[+-]?(?:0x)?(?:[0-9A-Fa-f]+))`	BASE16NUM	grok formats
%{BASE16FLOAT:([w.-]+)}	$1	`(?<![0-9A-Fa-f.])(?:[+-]?(?:0x)?(?:(?:[0-9A-Fa-f]…`	BASE16FLOAT	grok formats
%{POSINT:([w.-]+)}	$1	`(?:[1-9][0-9]*)`	POSINT	grok formats
%{NONNEGINT:([w.-]+)}	$1	`(?:[0-9]+)`	NONNEGINT	grok formats
%{WORD:([w.-]+)}	$1	`\w+`	WORD	grok formats
%{NOTSPACE:([w.-]+)}	$1	`\S+`	NOTSPACE	grok formats
%{SPACE:([w.-]+)}	$1	`\s*`	SPACE	grok formats
%{DATA:([w.-]+)}	$1	`.*?`	DATA	grok formats
%{GREEDYDATA:([w.-]+)}	$1	`.*`	GREEDYDATA	grok formats
%{QUOTEDSTRING:([w.-]+)}	$1	`(?>(?<!\)(?>"(?>\.¦[^\"]+)+"¦""¦(?>'(?>\.¦[^\']+)+…`	QUOTEDSTRING	grok formats
%{UUID:([w.-]+)}	$1	`[A-Fa-f0-9]{8}-(?:[A-Fa-f0-9]{4}-){3}[A-Fa-f0-9]{1…`	UUID	grok formats
%{MAC:([w.-]+)}	$1	`(?:(?:(?:[A-Fa-f0-9]{4}\.){2}[A-Fa-f0-9]{4})¦(?:(?…`	MAC	grok formats
%{CISCOMAC:([w.-]+)}	$1	`(?:(?:[A-Fa-f0-9]{4}\.){2}[A-Fa-f0-9]{4})`	CISCOMAC	grok formats
%{WINDOWSMAC:([w.-]+)}	$1	`(?:(?:[A-Fa-f0-9]{2}-){5}[A-Fa-f0-9]{2})`	WINDOWSMAC	grok formats
%{COMMONMAC:([w.-]+)}	$1	`(?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})`	COMMONMAC	grok formats
%{IPV6:([w.-]+)}	$1	`((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}¦:))¦(([0…`	IPV6	grok formats
%{IPV4:([w.-]+)}	$1	`(?<![0-9])(?:(?:25[0-5]¦2[0-4][0-9]¦[0-1]?[0-9]{1,…`	IPV4	grok formats
%{IP:([w.-]+)}	$1	`(?:((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}¦:))¦(…`	IP	grok formats
%{HOSTNAME:([w.-]+)}	$1	`(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\.(?:[0-9A-Za…`	HOSTNAME	grok formats
%{HOST:([w.-]+)}	$1	`(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\.(?:[0-9A-Za…`	HOST	grok formats
%{IPORHOST:([w.-]+)}	$1	`(?:(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\.(?:[0-9A…`	IPORHOST	grok formats
%{HOSTPORT:([w.-]+)}	$1	`(?:(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\.(?:[0-9A…`	HOSTPORT	grok formats
%{PATH:([w.-]+)}	$1	`(?:(?>/(?>[\w_%!$@:.,-]+¦\.)*)+¦(?>[A-Za-z]+:¦\)(?…`	PATH	grok formats
%{UNIXPATH:([w.-]+)}	$1	`(?>/(?>[\w_%!$@:.,-]+¦\.)*)+`	UNIXPATH	grok formats
%{TTY:([w.-]+)}	$1	`(?:/dev/(pts¦tty([pq])?)(\w+)?/?(?:[0-9]+))`	TTY	grok formats
%{WINPATH:([w.-]+)}	$1	`(?>[A-Za-z]+:¦\)(?:\[^\?])+`	WINPATH	grok formats
%{URIPROTO:([w.-]+)}	$1	`[A-Za-z]+(\+[A-Za-z+]+)?`	URIPROTO	grok formats
%{URIHOST:([w.-]+)}	$1	`(?:(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\.(?:[0-9A…`	URIHOST	grok formats
%{URIPATH:([w.-]+)}	$1	`(?:/[A-Za-z0-9$.+!'(){},~:;=@#%_\-])+`	URIPATH	grok formats
%{URIPARAM:([w.-]+)}	$1	`\?[A-Za-z0-9$.+!'¦(){},~@#%&/=:;_?\-\[\]]`	URIPARAM	grok formats
%{URIPATHPARAM:([w.-]+)}	$1	`(?:/[A-Za-z0-9$.+!'(){},~:;=@#%_\-])+(?:\?[A-Za-…`	URIPATHPARAM	grok formats
%{URI:([w.-]+)}	$1	`[A-Za-z]+(\+[A-Za-z+]+)?://(?:[a-zA-Z0-9._-]+(?::[…`	URI	grok formats
%{MONTH:([w.-]+)}	$1	`(?:Jan(?:uary)?¦Feb(?:ruary)?¦Mar(?:ch)?¦Apr(?:il…`	MONTH	grok formats
%{MONTHNUM:([w.-]+)}	$1	`(?:0?[1-9]¦1[0-2])`	MONTHNUM	grok formats
%{MONTHNUM2:([w.-]+)}	$1	`(?:0[1-9]¦1[0-2])`	MONTHNUM2	grok formats
%{MONTHDAY:([w.-]+)}	$1	`(?:(?:0[1-9])¦(?:[12][0-9])¦(?:3[01])¦[1-9])`	MONTHDAY	grok formats
%{DAY:([w.-]+)}	$1	`(?:Mon(?:day)?¦Tue(?:sday)?¦Wed(?:nesday)?¦Thu(?:r…`	DAY	grok formats
%{YEAR:([w.-]+)}	$1	`(?>\d\d){1,2}`	YEAR	grok formats
%{HOUR:([w.-]+)}	$1	`(?:2[0123]¦[01]?[0-9])`	HOUR	grok formats
%{MINUTE:([w.-]+)}	$1	`(?:[0-5][0-9])`	MINUTE	grok formats
%{SECOND:([w.-]+)}	$1	`(?:(?:[0-5]?[0-9]¦60)(?:[:.,][0-9]+)?)`	SECOND	grok formats
%{TIME:([w.-]+)}	$1	`(?!<[0-9])(?:2[0123]¦[01]?[0-9]):(?:[0-5][0-9])(?:…`	TIME	grok formats
%{DATE_US:([w.-]+)}	$1	`(?:0?[1-9]¦1[0-2])[/-](?:(?:0[1-9])¦(?:[12][0-9])¦…`	DATE_US	grok formats
%{DATE_EU:([w.-]+)}	$1	`(?:(?:0[1-9])¦(?:[12][0-9])¦(?:3[01])¦[1-9])[./-](…`	DATE_EU	grok formats
%{ISO8601_TIMEZONE:([w.-]+)}	$1	`(?:Z¦[+-](?:2[0123]¦[01]?[0-9])(?::?(?:[0-5][0-9])…`	ISO8601_TIMEZONE	grok formats
%{ISO8601_SECOND:([w.-]+)}	$1	`(?:(?:(?:[0-5]?[0-9]¦60)(?:[:.,][0-9]+)?)¦60)`	ISO8601_SECOND	grok formats
%{TIMESTAMP_ISO8601:([w.-]+)}	$1	`(?>\d\d){1,2}-(?:0?[1-9]¦1[0-2])-(?:(?:0[1-9])¦(?:…`	TIMESTAMP_ISO8601	grok formats
%{DATE:([w.-]+)}	$1	`(?:0?[1-9]¦1[0-2])[/-](?:(?:0[1-9])¦(?:[12][0-9])¦…`	DATE	grok formats
%{DATESTAMP:([w.-]+)}	$1	`(?:0?[1-9]¦1[0-2])[/-](?:(?:0[1-9])¦(?:[12][0-9])¦…`	DATESTAMP	grok formats
%{TZ:([w.-]+)}	$1	`(?:[PMCE][SD]T¦UTC)`	TZ	grok formats
%{DATESTAMP_RFC822:([w.-]+)}	$1	`(?:Mon(?:day)?¦Tue(?:sday)?¦Wed(?:nesday)?¦Thu(?:r…`	DATESTAMP_RFC822	grok formats
%{DATESTAMP_RFC2822:([w.-]+)}	$1	`(?:Mon(?:day)?¦Tue(?:sday)?¦Wed(?:nesday)?¦Thu(?:r…`	DATESTAMP_RFC2822	grok formats
%{DATESTAMP_OTHER:([w.-]+)}	$1	`(?:Mon(?:day)?¦Tue(?:sday)?¦Wed(?:nesday)?¦Thu(?:r…`	DATESTAMP_OTHER	grok formats
%{DATESTAMP_EVENTLOG:([w.-]+)}	$1	`(?>\d\d){1,2}(?:0[1-9]¦1[0-2])(?:(?:0[1-9])¦(?:[12…`	DATESTAMP_EVENTLOG	grok formats
%{SYSLOGTIMESTAMP:([w.-]+)}	$1	`(?:Jan(?:uary)?¦Feb(?:ruary)?¦Mar(?:ch)?¦Apr(?:il…`	SYSLOGTIMESTAMP	grok formats
%{PROG:([w.-]+)}	$1	`(?:[\w._/%-]+)`	PROG	grok formats
%{SYSLOGPROG:([w.-]+)}	$1	`(?<program>(?:[\w._/%-]+))(?:\[(?<pid>(?:[1-9][0-…`	SYSLOGPROG	grok formats
%{SYSLOGHOST:([w.-]+)}	$1	`(?:(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\.(?:[0-9A…`	SYSLOGHOST	grok formats
%{SYSLOGFACILITY:([w.-]+)}	$1	`<(?<facility>(?:[0-9]+)).(?<priority>(?:[0-9]+)…`	SYSLOGFACILITY	grok formats
%{HTTPDATE:([w.-]+)}	$1	`(?:(?:0[1-9])¦(?:[12][0-9])¦(?:3[01])¦[1-9])/(?:J…`	HTTPDATE	grok formats
%{QS:([w.-]+)}	$1	`(?>(?<!\)(?>"(?>\.¦[^\"]+)+"¦""¦(?>'(?>\.¦[^\']+)+…`	QS	grok formats
%{LOGLEVEL:([w.-]+)}	$1	`([Aa]lert¦ALERT¦[Tt]race¦TRACE¦[Dd]ebug¦DEBUG¦[Nn]…`	LOGLEVEL	grok formats

^{^} Misreference