actiondb 0.7.0

A safe and efficient unstructured text (log) parsing library.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

patterns:
  -
    uuid: "c11c806a-766d-4a09-9f24-7de1fe02e51e"
    name: "SSH_PUBKEY"
    pattern: "Jun %{INT:day} %{INT:hour}:%{INT:min}:%{INT:sec} lobotomy sshd[%{INT:pid}]: Accepted publickey for zts from %{INT:oct0}.%{INT:oct1}.%{INT:oct2}.%{INT:oct3} port %{INT:port} ssh2"
  -
    name: "SSH_DISCONNECT"
    uuid: "9a49c47d-29e9-4072-be84-3b76c6814743"
    pattern: "Jun %{INT:day} %{INT:hour}:%{INT:min}:%{INT:sec} lobotomy sshd[%{INT:pid}]: Received disconnect from %{GREEDY:ipaddr}: %{INT:dunno}: disconnected by user"
  -
    uuid: "fa8bdbcb-e0fd-4da1-9fa4-15ecfec28ad2"
    pattern: "Jun %{INT:day} %{INT:hour}:%{INT:min}:%{INT:sec} lobotomy sshd[%{INT:pid}]: pam_unix(sshd:session): session closed for user zts"
    test_messages:
      -
        message: "Jun 12 1:2:3 lobotomy sshd[2000]: pam_unix(sshd:session): session closed for user zts"
        values:
          day: "12"
          hour: "1"
          min: "2"
          sec: "3"
          pid: "2000"