log_definitions = { "apache": { "sep": " ", "fields": [ {"name": "datetime", "pos": slice(1, 5), "type": "datetime"}, {"name": "status", "pos": 5, "type": int}, {"name": "message", "pos": slice(6, None), "type": str}, ], }, "auth": { "sep": " ", "fields": [ {"name": "month", "pos": 0, "type": str}, {"name": "day", "pos": 1, "type": int}, {"name": "time", "pos": 2, "type": "datetime"}, {"name": "hostname", "pos": 3, "type": str}, {"name": "service", "pos": 4, "type": str}, {"name": "message", "pos": slice(5, None), "type": str}, ], }, "dns": { "sep": " ", "fields": [ {"name": "date", "pos": 0, "type": "datetime"}, {"name": "time", "pos": 1, "type": "datetime"}, {"name": "query", "pos": 2, "type": str}, {"name": "domain", "pos": 3, "type": str}, {"name": "record_type", "pos": 4, "type": str}, ], }, "firewall": { "sep": " ", "fields": [ {"name": "month", "pos": 0, "type": str}, {"name": "day", "pos": 1, "type": int}, {"name": "time", "pos": 2, "type": "datetime"}, {"name": "host", "pos": 3, "type": str}, {"name": "kernel", "pos": 4, "type": str}, {"name": "message", "pos": slice(5, None), "type": str}, ], }, "linux": { "sep": " ", "fields": [ {"name": "datetime", "pos": slice(1, 3), "type": "datetime"}, {"name": "level", "pos": 3, "type": str}, {"name": "component", "pos": 4, "type": str}, {"name": "pid", "pos": 5, "type": str}, {"name": "Content", "pos": slice(6, None), "type": str}, ], }, "log": { "sep": ";", "fields": [ {"name": "timestamp", "pos": 0, "type": "datetime"}, {"name": "ipsource", "pos": 1, "type": str}, {"name": "ipdestination", "pos": 2, "type": str}, {"name": "protocole", "pos": 3, "type": str}, {"name": "portsource", "pos": 4, "type": int}, {"name": "portdest", "pos": 5, "type": int}, {"name": "regle1", "pos": 6, "type": str}, {"name": "status", "pos": 7, "type": str}, {"name": "interface", "pos": 8, "type": str}, {"name": "inconnu", "pos": 9, "type": str}, {"name": "regle2", "pos": 10, "type": str}, ], }, "nginx": { "sep": " ", "fields": [ {"name": "time", "pos": slice(1, 2), "type": "datetime"}, {"name": "remote_ip", "pos": 2, "type": str}, {"name": "remote_user", "pos": 3, "type": str}, {"name": "request", "pos": slice(4, 7), "type": str}, {"name": "response", "pos": 7, "type": str}, {"name": "bytes", "pos": 8, "type": str}, {"name": "referrer", "pos": 9, "type": str}, {"name": "agent", "pos": slice(10, 13), "type": str}, ], }, "ssh": { "sep": " ", "fields": [ {"name": "datetime", "pos": slice(1, 3), "type": "datetime"}, {"name": "level", "pos": 3, "type": str}, {"name": "component", "pos": 4, "type": str}, {"name": "pid", "pos": 5, "type": str}, {"name": "Content", "pos": slice(6, None), "type": str}, ], }, "xferlog": { "sep": " ", "fields": [ {"name": "current_time", "pos": slice(1, 5), "type": "datetime"}, {"name": "transfer_time", "pos": 5, "type": int}, {"name": "remote_host", "pos": 6, "type": str}, {"name": "file_size", "pos": 7, "type": int}, {"name": "filename", "pos": 8, "type": str}, {"name": "transfer_type", "pos": 9, "type": str}, {"name": "special_flag", "pos": 10, "type": str}, {"name": "direction", "pos": 11, "type": "direction"}, {"name": "access_mode", "pos": 12, "type": str}, {"name": "username", "pos": 13, "type": str}, {"name": "service_name", "pos": 14, "type": str}, {"name": "auth_method", "pos": 15, "type": int}, {"name": "auth_user_id", "pos": 16, "type": str}, {"name": "status", "pos": 17, "type": str}, ], }, }