You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
35 lines
2.8 KiB
35 lines
2.8 KiB
#Sourcetype pour FH aviat
|
|
[aviat]
|
|
EXTRACT-aviat-generic = (?<device_time>\w+\s+\d{1,2}\s+\d{2}:\d{2}:\d{2}) (?<reported_ip>\S+) (?<user>[^\[]+)\[(?<pid>\d+)\] (?<message_text>.+)
|
|
EXTRACT-aviat-radius_user = (?<process>RADIUS)\(?<user>.+)
|
|
EXTRACT-aviat-alarm-generic = (?<alarm_title>.*) (?<type>alarm) is (?<state>\S+) in message_text
|
|
EXTRACT-aviat-event_log-generic = (?<type>Event log) activity (?<state>\S+), (?<alarm_title>.+) in message_text
|
|
EXTRACT-aviat-alarm-port = (?<alarm_title>Port) (?<src_interface>\d+) (?<interface_type>Ethernet( LSP)?) (?<interface_state>\S+) in alarm_title
|
|
EXTRACT-aviat-alarm-channel_link = Channel (?<src_interface>\d+) (?<alarm_title>channel link) (?<interface_state>\S+) in alarm_title
|
|
EXTRACT-aviat-alarm-excessive_frame_drop = Channel (?<src_interface>\d+) (?<alarm_title>excessive out frame drop) in alarm_title
|
|
EXTRACT-aviat-alarm-threshold_exceeded = (?<rate>[0-9\-]+ BER|ESR) (?<alarm_title>threshold exceeded) in alarm_title
|
|
EXTRACT-aviat-power_supply = (?<power>-?\d+V) (?<alarm_title>supply) in alarm_title
|
|
EXTRACT-aviat-input = (?<alarm_title>Alarm input) (?<input>\d+) in alarm_title
|
|
EXTRACT-aviat-atcp_max_power = (?<type>ATPC) (?<state>max power) for (?<reported_duration>.+),
|
|
EXTRACT-aviat-security_event = --- (?<type>Security) Event ---
|
|
EXTRACT-aviat-modulation_changed = (?<direction>[RT]x) (?<type>modulation changed), (?<modulation_from>\S+( Max Gain)?) to (?<modulation_to>\S+( Max Gain)?)
|
|
EXTRACT-aviat-radius_server = (?<type>RADIUS) (?<alarm_title>Server .+), Server (?<server>\d+)
|
|
EXTRACT-aviat-login_attempt = (?<state>Unsuccessful) user (?<type>login attempt), Portal (?<portal>\S+) Login FailedUserIP:(?<src_ip>[0-9\.]+)
|
|
EXTRACT-aviat-relay_output_state = (?<type>Relay Output) (?<relay>\d+) (?<state>\S+), Output is (?<output_state>\S+)
|
|
EXTRACT-aviat-relay_output_action_request = (?<type>Relay Output) (?<relay>\d+) Action request (received from (?<src_ip>[0-9\.]+)|sent to (?<dst_ip>[0-9\.]+))[\.,]( Slot(?<slot>\d+))?
|
|
EXTRACT-aviat-stp_port_change = (?<type>RSTP) (?<alarm_title>port role changed), (?<src_interface>[CP]\d+) was (?<state_from>[A-Z]+) now (?<state_to>[A-Z]+)
|
|
EXTRACT-aviat-watchdog_expired = (?<type>Watchdog expired)
|
|
EXTRACT-aviat-configuration_change = (?<type>Configuration changed), UserIP:(?<src_ip>[0-9\.]+)
|
|
EXTRACT-aviat-Software_received = (?<type>Software) file received, Software version (?<version>[0-9\.]+) (?<state>\S+)
|
|
EXTRACT-aviat-system_restart = Event (?<type>system restart)
|
|
EXTRACT-aviat-user_auth = (?<type>User authenticated)
|
|
EXTRACT-aviat-sntp_date_change = Date / (?<type>time changed) by SNTP, Old time: (?<old_time>.+)
|
|
EVAL-process = if(user=SYS OR user=XX,user,process)
|
|
EVAL-user = if(user=SYS OR user=XX,null(),user)
|
|
description = Sourcetype pour les FH
|
|
|
|
|
|
[syslog]
|
|
TRANSFORMS-sourcetype-fh_aviat = force_sourcetype_for_aviat
|
|
|