Sha256: 32e98e0517a56b43bb1f26883364b76cfd4aa0ae6ae8ef9bfd1fa85305cb113d
Contents?: true
Size: 1.66 KB
Versions: 14
Compression:
Stored size: 1.66 KB
Contents
vardef basic_time = '[[:digit:]]{2}:[[:digit:]]{2}:[[:digit:]]{2}'
vardef time = '\<' + $basic_time + '\>'
vardef ip = '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\>'
vardef non_empty = '[^[:blank:]]+'
state date start '^[[:alpha:]]{3}[[:blank:]]{1,2}[[:digit:]]{1,2}(?=[[:blank:]]' + $basic_time + ')' begin
state time start $time begin
state symbol start $non_empty begin
normal = ":" exitall
function = '[^:\(\[]+'
number delim "[" "]"
number delim "(" ")"
end
end
end
state ip start '^' + $ip begin
string = '[[:alnum:]]+(?=[[:blank:]]\[[[:digit:]]{2}/[[:alpha:]]{3}/[[:digit:]]{4})'
date = '[[:digit:]]{2}/[[:alpha:]]{3}/[[:digit:]]{4}(?=:' + $basic_time + ')'
time = $basic_time + '[[:blank:]][+-][[:digit:]]{4}'
twonumbers = '[1-5][[:digit:]]{2}[[:blank:]][-0-9]+'
state webmethod = "OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT|PROPFIND|MKCOL|COPY|MOVE|LOCK|UNLOCK" begin
string = $non_empty exit
end
end
vardef weekday_date = '\[[[:alpha:]]{3}[[:blank:]][[:alpha:]]{3}[[:blank:]]{1,2}[[:digit:]]{1,2}[[:blank:]](?=' + $basic_time + ')'
state date start '^' + $weekday_date begin
time = $time
date = '[[:digit:]]{4}\]'
date = $weekday_date
string = "[error]"
comment = "[notice]"
ip = $ip
end
ip = $ip
string = "root","failure"
(normal,port) = `((?:port|pid)[[:blank:]])([[:digit:]]+)`
state normal start '[[:blank:]](?=(IN|OUT)=)' begin
state normal = '(IN|OUT|PROTO)=(?=[^[:blank:]]+)' begin
string = $non_empty exit
end
state normal = '(SPT|DPT|TYPE|SEQ)=(?=[^[:blank:]]+)' begin
cbracket = $non_empty exit
end
number = "CWR|ECE|URG|ACK|PSH|RST|SYN|FIN"
ip = $ip
end
Version data entries
14 entries across 14 versions & 2 rubygems