syslog-ng

Provided by Walter Brock. You can discuss on this log here.

"syslog1": {
    "display": "Syslog",
    "path": "/var/log/messages",
    "refresh": 5,
    "max": 50,
    "notify": false,
    "format": {
        "regex": "|(.*?) ([0-9]{1,2}) ([0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}) ([a-zA-Z0-9_\-\.]{1,256}) ([A-Za-z0-9_\-\/\.]{1,32})\[(.*?)\]:(.*)|",
        "match": {
            "Date": 3,
            "Source": 4,
            "Tag_ID": 5,
            "PID": 6,
            "Message": 7
        },
        "types": {
            "Date": "date:H:i:s",
            "Source": "txt",
            "Tag_ID": "txt",
            "PID": "numeral",
            "Message": "txt"
        }
    }
}

It matches these logs:

Jan 12 20:05:16 somehost.someserver.com snmpd: Last message 'Connection from UDP:' repeated 1 times, supressed by syslog-ng on somehost.someserver.com
Jan 12 20:05:16 somehost.someserver.com snmpd[1485]: Connection from UDP: [10.0.0.1]:56449->[10.0.0.1]
Jan 12 20:05:16 somehost.someserver.com snmpd: Last message 'Connection from UDP:' repeated 1 times, supressed by syslog-ng on somehost.someserver.com
Jan 12 20:05:16 somehost.someserver.com snmpd[1485]: Connection from UDP: [10.0.0.1]:52610->[10.0.0.1]
Jan 12 20:05:16 somehost.someserver.com snmpd: Last message 'Connection from UDP:' repeated 1 times, supressed by syslog-ng on somehost.someserver.com
Jan 12 20:05:16 somehost.someserver.com snmpd[1485]: Connection from UDP: [10.0.0.1]:38734->[10.0.0.1]
Jan 12 20:05:19 somehost.someserver.com snmpd: Last message 'Connection from UDP:' repeated 1 times, supressed by syslog-ng on somehost.someserver.com
Jan 12 20:06:13 somehost.someserver.com sshd[16343]: Accepted publickey for somebody from 12.34.45.67 port 58115 ssh2
Jan 12 20:06:13 somehost.someserver.com sshd[16343]: pam_unix(sshd:session): session opened for user somebody by (uid=0)