syslog-ng
Provided by Walter Brock. You can discuss on this log here.
"syslog1": {
"display": "Syslog",
"path": "/var/log/messages",
"refresh": 5,
"max": 50,
"notify": false,
"format": {
"regex": "|(.*?) ([0-9]{1,2}) ([0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}) ([a-zA-Z0-9_\-\.]{1,256}) ([A-Za-z0-9_\-\/\.]{1,32})\[(.*?)\]:(.*)|",
"match": {
"Date": 3,
"Source": 4,
"Tag_ID": 5,
"PID": 6,
"Message": 7
},
"types": {
"Date": "date:H:i:s",
"Source": "txt",
"Tag_ID": "txt",
"PID": "numeral",
"Message": "txt"
}
}
}
It matches these logs:
Jan 12 20:05:16 somehost.someserver.com snmpd: Last message 'Connection from UDP:' repeated 1 times, supressed by syslog-ng on somehost.someserver.com
Jan 12 20:05:16 somehost.someserver.com snmpd[1485]: Connection from UDP: [10.0.0.1]:56449->[10.0.0.1]
Jan 12 20:05:16 somehost.someserver.com snmpd: Last message 'Connection from UDP:' repeated 1 times, supressed by syslog-ng on somehost.someserver.com
Jan 12 20:05:16 somehost.someserver.com snmpd[1485]: Connection from UDP: [10.0.0.1]:52610->[10.0.0.1]
Jan 12 20:05:16 somehost.someserver.com snmpd: Last message 'Connection from UDP:' repeated 1 times, supressed by syslog-ng on somehost.someserver.com
Jan 12 20:05:16 somehost.someserver.com snmpd[1485]: Connection from UDP: [10.0.0.1]:38734->[10.0.0.1]
Jan 12 20:05:19 somehost.someserver.com snmpd: Last message 'Connection from UDP:' repeated 1 times, supressed by syslog-ng on somehost.someserver.com
Jan 12 20:06:13 somehost.someserver.com sshd[16343]: Accepted publickey for somebody from 12.34.45.67 port 58115 ssh2
Jan 12 20:06:13 somehost.someserver.com sshd[16343]: pam_unix(sshd:session): session opened for user somebody by (uid=0)