1291 lines
45 KiB
Plaintext
1291 lines
45 KiB
Plaintext
# Format of this file:
|
|
#
|
|
# include:configfile
|
|
# Also parse 'configfile'.
|
|
#
|
|
# defaultcscheme:<name of colorscheme>
|
|
# Selects the default color scheme to use. If this one is set, you
|
|
# no longer need -cS/-CS.
|
|
#
|
|
# colorscheme:<name of colorscheme>
|
|
# This name can be given for the commandline-parameter -cS. That
|
|
# way, one can select what colorscheme to use for the next
|
|
# logfile.
|
|
#
|
|
# cs_re:<color>:<regular expression>
|
|
# This defines a regular expression to find a particular string.
|
|
#
|
|
# color: [fg],[bg],[attribute[/otherattribute]][|other colorpair+attribute]
|
|
# e.g.: red,,bold|red would give bold red for line 1 and just red for line 2, etc.
|
|
# Possible colors: red, green, yellow, blue, magenta, cyan and white.
|
|
# For 256 colors support, you just have to use the color number of the ANSI 256 color scheme.
|
|
#
|
|
# cs_re_s:<color>:<regular expression>
|
|
# Like cs_re but only the substrings are used(!). E.g.:
|
|
# ^....(...)...(...)
|
|
# In the example above only what matches between '(' and ')' is
|
|
# assigned a color. See the 'acctail' colorscheme for an example.
|
|
#
|
|
# cs_re_val_less:<color>:<value>:<regular expression>
|
|
# cs_re_val_bigger:<color>:<value>:<regular expression>
|
|
# cs_re_val_equal:<color>:<value>:<regular expression>
|
|
# Like cs_re_s(!) but here the value of the sub(!)-string is
|
|
# compared against the given value. e.g.:
|
|
# cs_re_val_less: if "<value>" less then the value matched with
|
|
# the regular expression, then use the selected color. Please
|
|
# note that you have to select the value in the string with a
|
|
# substring match; put '(' and ')' around it.
|
|
#
|
|
# mcsre:color:regexp
|
|
# mcsre_s:color:regexp
|
|
# mcsre_val_less/bigger/equal:color:regexp
|
|
# These work like their cs_re* sisters only they merge their
|
|
# attributes (colors, bold, bright, etc.) with the previous
|
|
# merging one.
|
|
#
|
|
# scheme:<name of colorscheme>:<regular expression>
|
|
# This defines what colorscheme to use when the filename matches
|
|
# the given regular expression. This way, one can automatically
|
|
# use the correct colorscheme for certain files.
|
|
#
|
|
# check_mail:<seconds>
|
|
# How often MultiTail should check for new e-mail. You can switch
|
|
# mail-checking off by setting this value to 0.
|
|
#
|
|
# tab_stop:<number of spaces>
|
|
# Specifies the width of TAB characters. Default-value is 4.
|
|
#
|
|
# bind:key:program
|
|
# Binds a key to a external command. For example:
|
|
# bind:^j:/bin/bash - binds ^j (control + j) to bash. While the
|
|
# selected program is running, MultiTail is suspended. MultiTail
|
|
# will automatically come back when the external command ends.
|
|
#
|
|
# titlebar:
|
|
# what to put in the titlebar of the xterm in which MultiTail is
|
|
# running. see below for details
|
|
#
|
|
# tail:tail_program
|
|
# path to the tail-program (in case you want to use turbotail or
|
|
# so instead of the regular tail)
|
|
#
|
|
# bright:(1|0)
|
|
# use bright colors (1) or not (0)
|
|
#
|
|
# abbreviate_filesize
|
|
# wether to abbreviate filesizes to xKB/MB/GB (1) or not (0)
|
|
#
|
|
# show_subwindow_id
|
|
# when set to 1 and merging multiple inputs (e.g. logfiles) the
|
|
# output show is prepended with a number indicating the input
|
|
#
|
|
# markerline_color
|
|
# with this one you can set how a markerline looks. e.g. yellow on
|
|
# red or so
|
|
#
|
|
# markerline_timestamp
|
|
# sets whether to put a timestamp in the markerline (1) or not (0)
|
|
#
|
|
# ts_format:<format>
|
|
# format of timestamps. see the man-page of 'strftime' for a list
|
|
# of the fields that can be used
|
|
#
|
|
# shell:<path>
|
|
# shell to use when invoking programs. default is /bin/sh
|
|
#
|
|
# umask:<mask>
|
|
# umask used when creating files
|
|
#
|
|
#defaultcscheme:syslog
|
|
#
|
|
# /var/log/messages & .../syslog
|
|
colorscheme:syslog:kernel and unsorted messages
|
|
# segfaults
|
|
cs_re_s:red,,bold:kernel: ([^:]*): segfault at [^ ]* rip [^ ]* rsp [^ ]* error
|
|
cs_re:yellow:kernel: .*: segfault at [^ ]* rip [^ ]* rsp [^ ]* error
|
|
# misc
|
|
cs_re:red,,inverse/underline:kernel
|
|
cs_re:green:Detected.*$
|
|
cs_re:green:\[
|
|
cs_re:green:\]
|
|
cs_re:cyan::
|
|
cs_re:blue|blue,,bold:^... .. ..:..:..
|
|
cs_re_s:,,bold:^... .. ..:..:.. [^ ]* ([A-z0-9]*)
|
|
cs_re:red:scanlogd.*
|
|
cs_re:yellow:Did.not
|
|
#
|
|
# Zarafa
|
|
colorscheme:zarafa:www.zarafa.com
|
|
cs_re:magenta:none
|
|
cs_re:blue,,bold:debug
|
|
cs_re:green,,bold:info
|
|
cs_re:yellow:notice
|
|
cs_re:yellow,,bold:warning
|
|
cs_re:red:error
|
|
cs_re:red,,blink:fatal
|
|
cs_re:yellow::
|
|
cs_re:green:^... ... .. ..:..:.. ....
|
|
cs_re:cyan,,bold:/
|
|
cs_re:red,,bold:\(
|
|
cs_re:red,,bold:\)
|
|
cs_re_s:yellow,,underline:User *([^ ]*)
|
|
cs_re:magenta,,bold: *[a-z]*[0-9]+[a-z]*
|
|
cs_re:red:\[
|
|
cs_re:red:\]
|
|
#
|
|
# Oracle WebLogic
|
|
colorscheme:weblogic
|
|
cs_re_s:red,,bold:.*(<Error>).*
|
|
cs_re_s:yellow:.*(<Warning>).*
|
|
cs_re_s:blue:.*(<Debug>).*
|
|
cs_re_s:green:.*(<.*>).*
|
|
#
|
|
# Oracle GoldenGate
|
|
colorscheme:goldengate
|
|
cs_re_s:red,,bold:.*( ERROR ).*
|
|
cs_re_s:yellow:.*( WARNING ).*
|
|
cs_re_s:green:.*( INFO ).*
|
|
#
|
|
# ssh
|
|
colorscheme:ssh:www.openssh.org
|
|
cs_re:yellow:error: Could not get shadow information for.*
|
|
cs_re:yellow:fatal: Timeout before authentication for.*
|
|
cs_re_s:red,,bold:error: PAM: Authentication failure for(.*)
|
|
cs_re:red:error: PAM: Authentication failure for
|
|
cs_re:red,,blink:error: Bind to port [0-9]* on [^ ]* failed: Address already in use.
|
|
cs_re_s:red,,bold:error: PAM: Authentication failure for ([^ ]*) from (.*)
|
|
cs_re:red:error: PAM: Authentication failure for ([^ ]*) from (.*)
|
|
cs_re_s:green,,bold:Accepted [^ ]* for ([^ ]*) from ([^ ]*) port ([0-9]*) ssh2
|
|
cs_re:green:Accepted [^ ]* for [^ ]* from [^ ]* port.*
|
|
cs_re:red:PAM session setup failed\[[0-9]*\]:.*
|
|
cs_re_s:yellow,,bold:Failed ([^ ]*) for ([^ ]*) from ([^ ]*) port ([0-9]*).*
|
|
cs_re:yellow:Failed [^ ]* for [^ ]* from [^ ]* port [0-9]* .*
|
|
cs_re:red:Disconnecting: Too many authentication failures for.*
|
|
#
|
|
# PowerDNS
|
|
colorscheme:powerdns:www.powerdns.com
|
|
cs_re_s:green:Remote\ (.*)\ wants
|
|
cs_re:blue:'.*'
|
|
cs_re:red:MISS
|
|
cs_re:green,,bold:HIT
|
|
#
|
|
# UUCP
|
|
colorscheme:uucp:UUCP Log files
|
|
cs_re:yellow:uucico
|
|
cs_re:cyan:uuxqt
|
|
cs_re:magenta:Receiving
|
|
cs_re:magenta:Executing
|
|
cs_re:magenta:Sending
|
|
cs_re:cyan:Queuing
|
|
cs_re:cyan:Calling system
|
|
cs_re:green:Login successful
|
|
cs_re:green:Handshake successful
|
|
cs_re:green:Call complete
|
|
cs_re:red:ERROR:.*
|
|
#
|
|
# ADB logcat
|
|
colorscheme:logcat
|
|
cs_re_s:blue,,bold:^./(dalvikvm)\(
|
|
cs_re_s:blue,,bold:^./(Process)\(
|
|
cs_re_s:cyan:^./(ActivityManager)\(
|
|
cs_re_s:cyan:^./(ActivityThread)\(
|
|
cs_re_s:white,,bold:^./([^\(]*)\(
|
|
cs_re_s:green:^[^\(]*(\()[^\)]*(\))
|
|
cs_re:red,,inverse:[Pp]ermission [Dd]eni[ae][dl]
|
|
cs_re:red,,inverse:Caused by:
|
|
cs_re:cyan::
|
|
#cs_re:red,,inverse:^F
|
|
#cs_re:red,,bold:^E
|
|
#cs_re:yellow,,bold:^W
|
|
#cs_re:cyan,,bold:^I
|
|
#cs_re:green,,bold:^V
|
|
#cs_re:white:^D
|
|
cs_re_s:red,,inverse:^(F)/[^:]*: (.*)$
|
|
cs_re_s:red:^(E)/[^:]*: (.*)$
|
|
cs_re_s:yellow:^(W).[^:]*: (.*)$
|
|
#cs_re_s:green:^(I).[^:]*: (.*)$
|
|
cs_re_s:green:^(V)/[^:]*: (.*)$
|
|
cs_re_s:black,,bold:^(D)/[^:]*: (.*)$
|
|
#
|
|
# linux iptables firewall
|
|
colorscheme:liniptfw:Linux IPtables (2.6.x kernel)
|
|
cs_re:cyan::
|
|
cs_re:blue|blue,,bold:^... .. ..:..:..
|
|
cs_re_s:red:kernel: .*(DPT=[0-9]*)
|
|
cs_re_s:yellow:kernel: (IN=[^ ]*)
|
|
cs_re_s:cyan:kernel: .*(SRC=[^ ]*) *(DST=[^ ]*)
|
|
cs_re_s:green:kernel: .*(PROTO=[^ ]*)
|
|
#
|
|
# postfix log
|
|
colorscheme:postfix:www.postfix.org
|
|
cs_re:cyan::
|
|
cs_re:yellow:status=sent
|
|
cs_re:magenta:queue.active
|
|
cs_re:green:from=.*>
|
|
cs_re:red:to=.*>
|
|
cs_re:blue|blue,,bold:^... .. ..:..:..
|
|
cs_re:green:\[
|
|
cs_re:green:\]
|
|
#
|
|
# apache
|
|
colorscheme:apache:default Apache logging (webserver)
|
|
cs_re:yellow:"[ ]1[0-9][0-9][ ]
|
|
cs_re:green:"[ ][2-3][0-9][0-9][ ]
|
|
cs_re:red:"[ ][4-5][0-9][0-9][ ]
|
|
cs_re:cyan::
|
|
cs_re:green:\[
|
|
cs_re:green:\]
|
|
# ip-adresses in the format x.x.x.x
|
|
cs_re:yellow:^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}
|
|
# hostnames
|
|
cs_re:yellow:^[^ ]*
|
|
### Apache errorlog
|
|
colorscheme:apache_error:default Apache error logging
|
|
cs_re:yellow:\[client .*\]
|
|
cs_re:red: [^ ]*$
|
|
cs_re:blue:^\[... ... .. ..:..:.. ....\]
|
|
#
|
|
# rsstail (http://www.vanheusden.com/rsstail/)
|
|
colorscheme:rsstail:RSSTail output (RSS feed reader)
|
|
cs_re:cyan::
|
|
cs_re:cyan:/
|
|
cs_re:blue:^.......... ..:..:..
|
|
cs_re:green:Title:.*
|
|
cs_re:red:^Link:.*
|
|
cs_re:yellow:^Description:
|
|
#
|
|
# acctail (http://www.vanheusden.com/acctail/)
|
|
colorscheme:acctail:(BSD-) process accounting reader
|
|
cs_re:green:^................
|
|
cs_re_s:red:^.................(....)
|
|
cs_re_s:cyan:^......................(........)
|
|
cs_re_s:yellow:^...............................(........)
|
|
cs_re:blue:\.
|
|
#
|
|
# wtmptail (http://www.vanheusden.com/wtmptail/)
|
|
colorscheme:wtmptail:www.vanheusden.com/wtmptail/
|
|
cs_re:blue:\.
|
|
cs_re:blue::
|
|
cs_re:yellow:^USER.*
|
|
cs_re:green:^........
|
|
cs_re:cyan:[0-9]*:[0-9]*[ap]m
|
|
cs_re:red:^..................................
|
|
cs_re:black,red,blink:BOOT
|
|
cs_re:black,yellow:DEAD
|
|
#
|
|
# squid/squid3
|
|
colorscheme:squid:http proxy server
|
|
cs_re:blue:^[^ ]*
|
|
cs_re_s:yellow:^[^ ]* *[0-9]* *([^ ]*)
|
|
cs_re_s:green:^[^ ]* *[0-9]* *[^ ]* ([^ ]*)
|
|
cs_re_s:cyan:^[^ ]* *[0-9]* *[^ ]* [^ ]* *[0-9]* *[^ ]* *([^ ]*)
|
|
#
|
|
# asterisk
|
|
colorscheme:asterisk:software PBX
|
|
cs_re:blue::
|
|
cs_re:cyan:^...............
|
|
cs_re:red:ERROR
|
|
cs_re:yellow:WARNING
|
|
cs_re:green:NOTICE
|
|
cs_re:magenta:DEBUG
|
|
cs_re:magenta:VERBOSE
|
|
cs_re:red,black,underline:Unable to.*
|
|
#
|
|
# sendmail
|
|
colorscheme:sendmail
|
|
cs_re:blue|blue,,bold:^...............
|
|
cs_re:cyan:to=<[^>]*>
|
|
cs_re:yellow:stat=Deferred.*
|
|
cs_re:red:stat=User unknown
|
|
cs_re:green:stat=Sent.*
|
|
cs_re:magenta:relay=[^ ]*
|
|
cs_re:cyan::
|
|
cs_re:red:verify=FAIL
|
|
#
|
|
# MailScanner
|
|
colorscheme:mailscanner:wrapper around sendmail/clamav/spamassassin
|
|
cs_re:red:Detected HTML-specific exploits in.*
|
|
cs_re:magenta:Delivered [0-9]* warnings to virus senders
|
|
cs_re:yellow:Spam Checks: Found [0-9]* spam messages
|
|
cs_re:yellow:Content Checks: Detected and will disarm HTML message in.*
|
|
cs_re:green:Uninfected: Delivered [0-9]* messages
|
|
cs_re:red:Infected message [^ ]* came from.*
|
|
cs_re:yellow:Saved infected "[^"]*" to.*
|
|
cs_re:blue|blue,,bold:^...............
|
|
cs_re:cyan::
|
|
#
|
|
# SpamAssassin
|
|
colorscheme:spamassassin
|
|
cs_re:magenta::
|
|
cs_re:blue|blue,,bold:^... .. ..:..:..
|
|
cs_re:yellow:autolearn=failed
|
|
cs_re:red,,blink:server killed by [^,]*, shutting down
|
|
cs_re_s:yellow,,bold:identified spam ([^ ]*) for ([^ ]*) in ([^ ]*) seconds, ([^ ]*) bytes.
|
|
cs_re:yellow:identified spam [^ ]* for [^ ]* in [^ ]* seconds, [^ ]* bytes.
|
|
cs_re_s:green,,bold:server successfully spawned child process, pid (.*)
|
|
cs_re:green:server successfully spawned child process, pid
|
|
#
|
|
# ClamAV
|
|
colorscheme:clamav:clamd logging
|
|
cs_re:magenta::
|
|
cs_re:blue:^... ... [0-9]* ..:..:.. ....
|
|
cs_re_s:red,,bold:ERROR:(.*)
|
|
cs_re:red:ERROR:
|
|
cs_re_s:green,,bold:Protecting against ([0-9]*) viruses.
|
|
cs_re:green:Protecting against [0-9]* viruses.
|
|
cs_re:red,black,inverse:Exiting.*
|
|
cs_re_s:yellow,,bold:^(.*): Unable to open file or directory ERROR
|
|
cs_re:yellow:^.*: Unable to open file or directory ERROR
|
|
cs_re:red,black,inverse:LOGGING DISABLED.*
|
|
#
|
|
# samba
|
|
colorscheme:samba
|
|
cs_re_s:blue:^.([0-9]*/[0-9]*/[0-9]* [0-9]*:[0-9]*:[0-9]*, [0-9]*)
|
|
cs_re:blue:\.
|
|
cs_re_s:green:^ *([^ ]*).*(connect to service folkert initially as user [^ ]*)
|
|
cs_re:yellow:closed connection to service.*
|
|
cs_re:red:Error =.*
|
|
cs_re:red:ERRNO =.*
|
|
cs_re:red:^.*does not exist or is not a directory, when connecting to.*
|
|
cs_re:red:Ignoring unknown parameter.*
|
|
cs_re:green,,bold:smbd version.*started.
|
|
cs_re:green,,bold:Netbios nameserver version.*started.
|
|
cs_re:green:Samba name server.*is now a local master browser for workgroup.*on subnet.*
|
|
cs_re:yellow:Attempting to become domain master browser on workgroup.*, subnet.*
|
|
cs_re:green:Samba is now a logon server for workgroup.*on subnet.*
|
|
cs_re:yellow,,bold:Server.*at IP.*is announcing itself as a local master browser for workgroup.*and we think we are master. Forcing election.
|
|
#
|
|
# audit.log
|
|
colorscheme:audit
|
|
cs_re:cyan::
|
|
cs_re:blue|blue,,bold:^... .. ..:..:..
|
|
cs_re:red:Illegal user.*
|
|
cs_re:green:session opened for user.*
|
|
cs_re:green:Accepted publickey for
|
|
cs_re:yellow:Did not receive identification string from.*
|
|
#
|
|
# exim
|
|
colorscheme:exim
|
|
cs_re:cyan::
|
|
cs_re:blue|blue,,bold:^....-..-.. ..:..:..
|
|
cs_re:magenta,,bold:<=
|
|
cs_re:magenta,,bold:=>
|
|
cs_re:green,,bold:=> *[^ ]*
|
|
cs_re:green:<= *[^ ]*
|
|
cs_re:green,,bold:=> *[^ ]* <[^>]*>
|
|
cs_re:green:<= *[^ ]* <[^>]*>
|
|
cs_re:yellow:H=[^ ]*
|
|
cs_re:red:verify failed for SMTP recipient.*
|
|
cs_re:red: *[^ ]* \[[0-9\.:]*\]: Connection refused
|
|
cs_re:red:SMTP.*timeout.*
|
|
cs_re:yellow:Spool file is locked (another process is handling this message)
|
|
#
|
|
# httping
|
|
colorscheme:httping:ping for HTTP
|
|
cs_re:green:^PING .*:
|
|
cs_re:magenta:time=[0-9\.]* ms
|
|
cs_re:yellow:seq=[0-9]*
|
|
cs_re:green:^---.*
|
|
cs_re_s:green:^([0-9]*) connects, ([0-9]*) ok, ([^%]*)
|
|
cs_re_s:green:^round-trip.*= ([0-9\.]*)/([0-9\.]*)/([0-9\.]*)
|
|
cs_re:red:404 Not Found
|
|
cs_re:blue:[0-9]*KB/s
|
|
cs_re:red:could not connect
|
|
#
|
|
# netstat (use for example with multitail -R 1 -l "netstat")
|
|
colorscheme:netstat:see www.vanheusden.com/multitail/examples.html
|
|
cs_re:green:ESTABLISHED
|
|
cs_re:yellow:SYN_SENT
|
|
cs_re:magenta:CLOSE_WAIT
|
|
cs_re:blue:FIN_WAIT1
|
|
cs_re:blue,,underline:FIN_WAIT2
|
|
cs_re_s:red::([^ ]*)
|
|
cs_re:cyan:^[^ ]*
|
|
#
|
|
# tcpdump
|
|
colorscheme:tcpdump
|
|
cs_re:blue:^[^ ]*
|
|
cs_re:magenta::
|
|
cs_re_s:red:^[^ ]* [^ ]* *[^ ]* > [^:]*: *([^ ]*)
|
|
cs_re_s:green:^[^ ]* [^ ]* *[^ ]*\.([^ ]*) > [^ ]*\.([^:]*):
|
|
cs_re:magenta:\.
|
|
cs_re_s:yellow|yellow,,bold: IP (.*) > .*:
|
|
cs_re_s:yellow,,bold|yellow: IP [^ ]* > ([^:]*):
|
|
#17:44:07.363010 IP muur.intranet.vanheusden.com.49584 > keetweej.intranet.vanheusden.com.ssh:
|
|
#
|
|
# dhcpd
|
|
colorscheme:dhcpd
|
|
cs_re:magenta::
|
|
cs_re:blue|blue,,bold:^... .. ..:..:..
|
|
cs_re:green,,bold:DHCPACK
|
|
cs_re_s:green:DHCPACK on ([^ ]*) to ([^ ]*) to (.*)
|
|
cs_re_s:red,,bold:DHCPINFORM from ([^ ]*) via
|
|
cs_re:red:DHCPINFORM from.*via.*not authoritative for subnet.*
|
|
cs_re_s:yellow,,bold:DHCPDECLINE of ([^ ]*) from ([^ ]*) via
|
|
cs_re:yellow:DHCPDECLINE of.*from.*via.*
|
|
cs_re:cyan:DHCPNAK
|
|
#
|
|
# bind
|
|
colorscheme:bind
|
|
cs_re:magenta::
|
|
cs_re:blue|blue,,bold:^... .. ..:..:..
|
|
cs_re_s:yellow,,bold:lame server resolving ([^ ]*).*in ([^?]*).*: (.*$)
|
|
cs_re:yellow:lame server resolving [^ ]* .in [^:]*..:
|
|
cs_re_s:red,,bold:client ([^#]*)#[0-9]*: update forwarding denied
|
|
cs_re:red:client [^:]*: update forwarding denied
|
|
cs_re_s:cyan,,bold:received notify for zone (.*)
|
|
cs_re:cyan:received notify for zone
|
|
cs_re:cyan:zone [^:]*: transferred serial.*
|
|
cs_re:cyan:zone [^:]*: sending notifies .serial [0-9]*.
|
|
cs_re_s:green,,bold:transfer of [^ ]* from ([^#]*)#[0-9]*: end of transfer
|
|
cs_re:green:transfer of [^ ]* from [^:]*: end of transfer
|
|
cs_re:yellow:loading configuration from.*
|
|
cs_re:yellow:no IPv6 interfaces found
|
|
cs_re:red:logging channel [^ ]* file [^:]*: permission denied
|
|
cs_re:red:isc_log_open [^ ]* failed: permission denied
|
|
cs_re:red:zone [^:]*: loading master file [^:]*: file not found
|
|
cs_re:green,,bold:named reload succeeded
|
|
#
|
|
# smartd
|
|
colorscheme:smartd
|
|
cs_re_s:red,,bold:Device: [^,]*, SMART Usage Attribute: [0-9]* ([^ ]*) changed from [0-9]* to (.*)
|
|
cs_re:red:Device: [^,]*, SMART Usage Attribute: [0-9]* [^ ]* changed from [0-9]* to.*
|
|
#
|
|
# kerberos
|
|
colorscheme:kerberos
|
|
cs_re:magenta::
|
|
cs_re:blue:^... [0-9]* ..:..:..
|
|
cs_re_s:yellow,,bold:klogind.*: Authentication failed from ([^:]*): Software caused connection abort
|
|
cs_re:yellow:klogind.*: Authentication failed from [^:]*: Software caused connection abort
|
|
cs_re:red:klogind.*: Kerberos authentication failed
|
|
cs_re:red,,bold:klogind.*: User ([^ ]*) is not authorized to login to account(.*)
|
|
cs_re:red:klogind.*: User [^ ]* is not authorized to login to account.*
|
|
cs_re_s:red,,bold:ksu.*:.*authentication failed for ([^ ]*) on
|
|
cs_re:red:ksu.*:.*authentication failed for [^ ]* on.*
|
|
cs_re:green:commencing operation
|
|
cs_re_s:,,bold:AS_REQ [^}]*}, ([^ ]*) for (.*)
|
|
cs_re:magenta:Ticket expired
|
|
cs_re:red:Client not found in Kerberos database
|
|
#
|
|
# Oracle
|
|
colorscheme:oracle
|
|
cs_re:red,,bold:^ORA-0*600.*
|
|
cs_re:red,,bold:^ORA-0*7445.*
|
|
# ORA-07745:?
|
|
cs_re_s:yellow:^ORA-([^:]*):
|
|
#
|
|
# ntpd
|
|
colorscheme:ntpd
|
|
cs_re:magenta::
|
|
cs_re:blue:^... .. ..:..:..
|
|
cs_re_s:red,,bold:configure: keyword "([^"]*)" unknown, line ignored
|
|
cs_re:red:configure: keyword "([^"]*)" unknown, line ignored
|
|
cs_re:yellow,,blink:ntpd\[.*\]: ntpd exiting on signal.*
|
|
cs_re:green,,bold:ntpd\[.*\]: ntpd [^e].*
|
|
cs_re_s:green,,bold:synchronized to ([^,]*)
|
|
cs_re:green:synchronized to.*
|
|
cs_re:red:check receiver configuration / cableling
|
|
#
|
|
# nagtail
|
|
colorscheme:nagtail:www.nagios.org status viewer
|
|
cs_re:magenta::
|
|
cs_re:magenta:/
|
|
cs_re:blue:^..../../.. ..:..
|
|
cs_re_s:red,,bold:^................ (CRIT)
|
|
cs_re_s:yellow,,bold:^................ (WARN)
|
|
cs_re_s:green:^................ ( OK )
|
|
cs_re_s:white,,bold:^................ ( \?\? )
|
|
cs_re_s:green:^..../../.. ..:.. ..... *([^ ]*)
|
|
cs_re_s:yellow:^..../../.. ..:.. ..... *[^ ]* *(.*)
|
|
#
|
|
# WebSphere errorlog
|
|
colorscheme:websphere:WebSphere error-log
|
|
cs_re:magenta::
|
|
cs_re:magenta:/
|
|
cs_re:blue,,bold:\.
|
|
cs_re:blue:^.[0-9]*/[0-9]*/[0-9]* *[0-9]*:..:..:[0-9]* [^ ]*
|
|
cs_re_s:yellow:^.*\(([^:\)]*)
|
|
cs_re:red:Reason:.*
|
|
cs_re:red,,bold:Unable to
|
|
cs_re_s:red:Unable to(.*)
|
|
cs_re:red,,bold:Failed to
|
|
cs_re_s:red:Failed to(.*)
|
|
cs_re_s:green:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *([^ ]*)
|
|
cs_re_s:red,,bold:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( F )
|
|
cs_re_s:red:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( E )
|
|
cs_re_s:yellow,,bold:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( W )
|
|
cs_re_s:yellow:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( A )
|
|
cs_re_s:green,,bold:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *(I)
|
|
cs_re_s:green:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( C )
|
|
cs_re_s:magenta,,bold:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( R )
|
|
cs_re_s:magenta:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( O )
|
|
cs_re_s:red,,bold:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( Z )
|
|
cs_re:yellow:Next Linked Exception:
|
|
cs_re:magenta,,bold:Queue manager security exit rejected connection with error code [0-9]*
|
|
cs_re:red,,bold:com.ibm.mq.MQException: [^:]*: An MQException occurred: Completion Code [0-9]*, Reason [0-9]*
|
|
cs_re:yellow:Begin backtrace for nested exception
|
|
cs_re:yellow:Socket connection attempt refused
|
|
cs_re:yellow:Other data:
|
|
cs_re:yellow:Exception data follows:
|
|
cs_re:green:Target name: .*
|
|
#
|
|
# NNTPcache
|
|
colorscheme:nntpcache
|
|
cs_re:magenta::
|
|
cs_re:magenta:/
|
|
cs_re:blue|blue,,bold:^... .. ..:..:..
|
|
cs_re:yellow:nntpcache-expire.*: clean shutdown
|
|
cs_re:green:nntpcache-expire.*: expire task awakening
|
|
cs_re_s:red,,bold:Connection timed out: could.*t connect to ([^ ]*) as (.*)
|
|
cs_re:red:Connection timed out: could.*t connect to [^ ]* as
|
|
cs_re:yellow:^.*dropped connection during rebuild of.*$
|
|
cs_re:red,,bold:'501.*
|
|
cs_re:red,,bold:'480.*
|
|
#
|
|
# Veritas Netbackup restore log
|
|
colorscheme:vnetbr:Veritas Netbackup backup/restore logs
|
|
cs_re:magenta::
|
|
cs_re:magenta:\(
|
|
cs_re:magenta:\)
|
|
cs_re:blue:^..:..:.. .[0-9]*.[^\)]*.
|
|
cs_re_s:green:Restore job id ([0-9]*) will require ([0-9]*) image
|
|
cs_re:green:Restore job id [0-9]* will require [0-9]* image.*
|
|
cs_re_s:yellow,,bold:Media id ([^ ]*) is needed for the restore.
|
|
cs_re:yellow:Media id ([^ ]*) is needed for the restore.
|
|
cs_re:green:INF - Beginning restore from server [^ ]* to client [^ ]*.
|
|
cs_re_s:yellow,,bold:Changed ([^ ]*) to ([^ ]*)
|
|
cs_re:yellow:Changed [^ ]* to [^ ]*
|
|
cs_re_s:red,,bold:Directory ([^ ]*) already exists.
|
|
cs_re:red:Directory [^ ]* already exists.
|
|
cs_re_s:green,,bold:Added ([^ ]*) permission to directory (.*)
|
|
cs_re:green:Added [^ ]* permission to directory.*
|
|
cs_re_s:yellow,,blink:INF - Media id ([^ ]*) is not in a robotic library; administrative interaction may be required to satisfy a mount request.
|
|
cs_re:yellow:INF - Media id [^ ]* is not in a robotic library; administrative interaction may be required to satisfy a mount request.
|
|
cs_re:red,black,inverse:INF - Status = termination requested by administrator.
|
|
cs_re:red,,blink:media read error
|
|
cs_re:red,,bold:Status of restore from image created.*media read error
|
|
cs_re:red:INF - Status = the restore failed to recover the requested files.
|
|
cs_re:green,,bold:INF - Status = the requested operation was successfully completed.
|
|
#
|
|
# procmail
|
|
colorscheme:procmail
|
|
cs_re:magenta::
|
|
cs_re:magenta:/
|
|
cs_re_s:blue,,bold:^procmail: \[[0-9]*\] ([^ ]* [^ ]* *[^ ]* ..:..:.. [^ ]*)
|
|
cs_re:blue:^procmail: \[[0-9]*\] [^ ]* [^ ]* *[^ ]* ..:..:.. [^ ]*
|
|
cs_re_s:green,,bold:^procmail: Match on "(.*)"
|
|
cs_re:green:^procmail: Match on.*
|
|
cs_re:red:^procmail: Executing.*
|
|
cs_re:magenta,,bold:^procmail: Assigning
|
|
cs_re:yellow:warning:.*
|
|
cs_re:yellow:Couldn't determine implicit lockfile from.*
|
|
#
|
|
# checkpoint
|
|
colorscheme:checkpoint:Checkpoint Firewall-1
|
|
cs_re:magenta::
|
|
cs_re:blue|blue,,bold:^[0-9]*:[0-9]*:[0-9]*
|
|
cs_re:red,,bold:^..:..:.. *drop
|
|
cs_re_s:red,,bold:^..:..:.. *drop.*(service: *[^;]*)
|
|
cs_re:green:^..:..:.. *accept
|
|
cs_re:yellow,,bold:^..:..:.. *reject
|
|
cs_re_s:yellow,,bold:^..:..:.. *reject.*(service: *[^;]*)
|
|
cs_re:green,,bold:rule: *[^;]*
|
|
cs_re:yellow:service: *[^;]*
|
|
cs_re:magenta:src: *[^;]*
|
|
cs_re:magenta,,bold:dst: *[^;]*
|
|
cs_re:blue,,bold:>[^ ]*
|
|
#
|
|
# pppd
|
|
colorscheme:pppd:PPP daemon
|
|
cs_re:magenta::
|
|
cs_re:blue|blue,,bold:^... .. ..:..:..
|
|
cs_re_s:red,,bold:Hangup(.*)
|
|
cs_re:red:Hangup
|
|
cs_re_s:yellow,,bold:Terminating on signal(.*)
|
|
cs_re:yellow:Terminating on signal.*
|
|
cs_re_s:green,,bold:Connect time ([^ ]*) minutes.
|
|
cs_re:green:Connect time [^ ]* minutes.
|
|
cs_re_s:magenta,,bold:Sent ([0-9]*) bytes, received ([0-9]*) bytes.
|
|
cs_re:magenta:Sent [0-9]* bytes, received [0-9]* bytes.
|
|
cs_re:green:pppd [^ ]* started by [^,]*, uid [0-9]*
|
|
cs_re_s:blue,,bold:Using interface (.*)
|
|
cs_re:blue:Using interface.*
|
|
cs_re_s:green,,bold:local *IP address (.*)
|
|
cs_re:green:local *IP address.*
|
|
cs_re:red,black,inverse:Couldn't detach (fork failed:.*)
|
|
cs_re_s:yellow,,bold:Unsupported protocol (.*) received
|
|
cs_re:yellow,black,inverse:Unsupported protocol .* received
|
|
cs_re:yellow,,blink:Peer not responding
|
|
cs_re:,,inverse:DNS address.*
|
|
#
|
|
# INN
|
|
colorscheme:inn
|
|
cs_re:magenta::
|
|
cs_re:blue|blue,,bold:^... .. ..:..:..
|
|
cs_re:yellow:nnrpd.*: .* timeout
|
|
#
|
|
# Netscape Directory server (LDAP)
|
|
colorscheme:netscapeldap:Netscape Directory server (LDAP)
|
|
cs_re:magenta::
|
|
cs_re:magenta:/
|
|
cs_re:blue|blue,,bold:^.../.../....:..:..:.. ......
|
|
cs_re:green:Netscape-Directory.*starting up
|
|
cs_re:yellow:All database threads now stopped
|
|
cs_re:green:Backing up file.*
|
|
cs_re:red:Detected Disorderly Shutdown last time Directory Server was running, recovering database.
|
|
cs_re_s:yellow,,bold:Entry ([^ ]*) unknown object class ([^ ]*)
|
|
cs_re:yellow:Entry [^ ]* unknown object class [^ ]*
|
|
cs_re:red,,blink:Shutting down due to possible conflicts with other slapd processes
|
|
cs_re:red,,bold:Unable to start slapd because it is already running as process ([0-9]*)
|
|
cs_re:red,,blink:Unable to start slapd because it is already running as process [0-9]*
|
|
cs_re:yellow:slapd got [^ ]* signal
|
|
#
|
|
# vmstat
|
|
colorscheme:vmstat:vmstat is part of sysstat
|
|
cs_re_s:magenta:^(procs)
|
|
cs_re_s:red:^procs *(-*memory-*)
|
|
cs_re_s:green:^procs *-*memory-* *(-*swap-*)
|
|
cs_re_s:yellow:^procs *-*memory-* *-*swap-* *(-*io-*)
|
|
cs_re_s:blue:^procs *-*memory-* *-*swap-* *-*io-* *(-*system-*)
|
|
cs_re_s:magenta,,bold:^ *(r *b)
|
|
cs_re_s:red,,bold:^ *r *b *(swpd *free *buff *cache)
|
|
cs_re_s:green,,bold:^ *r *b *swpd *free *buff *cache *(si *so)
|
|
cs_re_s:yellow,,bold:^ *r *b *swpd *free *buff *cache *si *so *(bi *bo)
|
|
cs_re_s:blue,,bold:^ *r *b *swpd *free *buff *cache *si *so *bi *bo *(in *cs)
|
|
cs_re_s:,,bold:^ *r *b *swpd *free *buff *cache *si *so *bi *bo *in *cs *(us *sy *id *wa)
|
|
cs_re_val_bigger:yellow:0:([0-9]{1,})
|
|
#
|
|
# mpstat
|
|
colorscheme:mpstat:mpstat is part of systat
|
|
cs_re:magenta::
|
|
cs_re:blue:^..:..:.. ..
|
|
cs_re:blue,,bold:CPU.*
|
|
cs_re_val_bigger:yellow:0:([0-9]{1,}\.[0-9]{1,})
|
|
#
|
|
# log4j
|
|
colorscheme:log4j
|
|
cs_re:magenta::
|
|
cs_re:magenta:/
|
|
cs_re:blue:^[0-9]*-[0-9]*-[0-9]* [0-9]*:[0-9]*:[0-9]*,[0-9]*
|
|
cs_re_s:blue,,bold:^[^ ]* *[^,]*,[^ ]* *[0-9]* *(DEBUG) *[^ ]* [^ ]* *(.*)$
|
|
cs_re_s:green:^[^ ]* *[^,]*,[0-9]* *[0-9]* *(INFO) *[^ ]* [^ ]* *(.*)$
|
|
cs_re_s:yellow:^[^ ]* *[^,]*,[0-9]* *[0-9]* *(WARN) *[^ ]* [^ ]* *(.*)$
|
|
cs_re_s:red:^[^ ]* *[^,]*,[0-9]* *[0-9]* *(ERROR) *[^ ]* [^ ]* *(.*)$
|
|
cs_re_s:red,,bold:^[^ ]* *[^,]*,[0-9]* *[0-9]* *(FATAL) *[^ ]* [^ ]* *(.*)$
|
|
cs_re_s:white,,bold:^[^ ]* *[^,]*,[0-9]* *[0-9]* *[A-Z]* *(.*)
|
|
|
|
#log4jnew
|
|
colorscheme:log4jnew
|
|
cs_re:red,yellow,bold:ERROR
|
|
cs_re:red,yellow,bold:FATAL
|
|
cs_re:yellow:INFO
|
|
cs_re:green:WARN
|
|
#Date
|
|
cs_re_s:yellow:([0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2},[0-9]{3})
|
|
#Thread
|
|
cs_re_s:cyan: (\[.*\])
|
|
#Class
|
|
cs_re:cyan:[INFO|WARNING|ERROR|DEBUG|FATAL]\ ([a-zA-Z0-9\.]*)\
|
|
#Numbers
|
|
cs_re:magenta: ([0-9]{2,})
|
|
#Keywords
|
|
cs_re_s:green:(UNKNOWN|localhost|handling)
|
|
|
|
#
|
|
# LambdaMOO
|
|
colorscheme:lambdamoo:MUD/MOO server http://www.moo.mud.org/
|
|
cs_re:magenta::
|
|
cs_re:blue:^... [0-9]* ..:..:..:
|
|
cs_re:green:STARTING: Version [^ ]* of the LambdaMOO server
|
|
cs_re:yellow:DUMPING:.*
|
|
cs_re:red:Can't create initial connection point
|
|
cs_re_s:red,,bold/blink:Trying to dump database:(.*)
|
|
cs_re:red,,bold:Trying to dump database:
|
|
#
|
|
# BOINCTail
|
|
colorscheme:boinctail:BOINCTail http://www.vanheusden.com/boinctail/
|
|
cs_re:magenta::
|
|
cs_re_s:blue:^---> (... ... .. ..:..:.. ....)
|
|
cs_re_s:blue,,bold:^---> ........................ .([0-9]* seconds.*)
|
|
cs_re:yellow:report deadline
|
|
cs_re_s:red:^................ ([^,]*)
|
|
cs_re_s:green:, (estimated.*)
|
|
cs_re:green,,bold:workunit is ready
|
|
cs_re:red,,bold:not
|
|
cs_re_s:white,,bold:^name of workunit: (.*)
|
|
#
|
|
# p0f
|
|
colorscheme:p0f:p0f http://lcamtuf.coredump.cx/p0f.shtml
|
|
cs_re:magenta::
|
|
cs_re:blue,,bold:^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
|
|
cs_re_s:blue:^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:([0-9]*)
|
|
cs_re_s:yellow:^[^ ]* - ([^(]*)
|
|
cs_re:green:\(older, [0-9]*\)
|
|
cs_re:green,,bold:\(newer, [0-9]*\)
|
|
cs_re_val_bigger:cyan,,bold:501:\(up: ([0-9]*).*\)
|
|
cs_re:red:\(up: .*\)
|
|
cs_re:red,,bold:distance [0-9]*
|
|
cs_re_s:cyan:^ -> [^:]*:([0-9]*)
|
|
cs_re_s:white:^>> Masquerade at ([^:]*):
|
|
cs_re:white,,bold:^>> Masquerade at [^:]*:
|
|
cs_re_val_bigger:green,,bold:50:indicators at ([0-9]*)%
|
|
#
|
|
# portsentry
|
|
colorscheme:portsentry:http://sourceforge.net/projects/sentrytools/
|
|
cs_re:magenta::
|
|
cs_re_s:red,,bold:attackalert: ([^/]*)/Normal scan from host: ([^/]*)/([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) to TCP port: ([0-9]*)
|
|
cs_re:red:attackalert: [^/]*/Normal scan from host: [^/]*/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} to TCP port: [0-9]*
|
|
cs_re:cyan:attackalert: ERROR: cannot open ignore file. Blocking host anyway.
|
|
cs_re_s:yellow,,bold:attackalert: Host: ([^/]*)/([^ ]*) is already blocked Ignoring
|
|
cs_re:yellow:attackalert: Host: [^ ]* is already blocked Ignoring
|
|
#
|
|
# strace
|
|
colorscheme:strace:strace is the truss of Linux
|
|
# comments
|
|
cs_re:blue:/\*.*\*/
|
|
# call
|
|
cs_re:yellow:^[a-z_]*[0-9]*
|
|
# parenthesis around parameters
|
|
cs_re_s:yellow:^[a-z_]*[0-9]*(\()[^)]*(\))
|
|
# errno details
|
|
cs_re_s:blue:^[a-z]*\([^)]*\).*(\(.*\))
|
|
# return value
|
|
cs_re_s:green:^.*(= *-*[a-fx0-9]*)[^=]*$
|
|
# errno
|
|
cs_re_s:cyan:^.*= *-*[a-fx0-9]* *([A-Z]*)[^=]*$
|
|
# escapes
|
|
cs_re:magenta:\\[a-z]
|
|
cs_re:magenta:\\[0-9]*
|
|
# parameters (1)
|
|
cs_re:red:"[^"]*"
|
|
# names
|
|
cs_re:white:[a-z]*=
|
|
cs_re:white:[a-z0-9_]*:
|
|
# parameters (2)
|
|
cs_re:red:[0-9a-fx]*
|
|
cs_re:cyan:[A-Z_]*
|
|
# {}[]
|
|
cs_re:yellow:[\[\]]*
|
|
#
|
|
# Argus
|
|
colorscheme:argus:Argus http://qosient.com/argus/
|
|
mcsre_s:,,bold:[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\.([0-9]+).*[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\.([0-9]+)
|
|
mcsre_val_bigger:red,,bold:20000:([0-9]+)[ ]+([0-9]+)[ ]+[A-Z][A-Z][A-Z]
|
|
mcsre_s:magenta,,bold: (<->)
|
|
mcsre_s:cyan,,bold: (<[-?])
|
|
mcsre_s:yellow,,bold: ([-?]>)
|
|
mcsre:,blue:.*tcp.*
|
|
mcsre:,green:.*udp.*
|
|
mcsre:,cyan:.*icmp.*
|
|
mcsre:,,inverse:.*man.*
|
|
#
|
|
# ii - irc client
|
|
colorscheme:ii:ii IRC client http://www.suckless.org/wiki/tools/irc
|
|
cs_re_s:cyan:(^....-..-.. ..:..)
|
|
cs_re_s:magenta:^....-..-.. ..:.. <([[:alnum:]_\^\|`-]+)>
|
|
cs_re_s:green:^....-..-.. ..:.. <([[:alnum:]_\^\|`-]+)> (nion[ ,:].*)$
|
|
cs_re_s:yellow:(((http|https|ftp|gopher)|mailto):(//)?[^ <>\"[:blank:]]*|(www|ftp)[0-9]?\.[-a-z0-9.]+)
|
|
cs_re:blue:....-..-.. ..:...*has joined \#.*
|
|
cs_re:blue:....-..-.. ..:.. .*changed mode.*
|
|
#
|
|
# Snort
|
|
colorscheme:snort:Intrusion detector
|
|
cs_re:green:.*Priority: 3.*
|
|
cs_re:yellow:.*Priority: 2.*
|
|
cs_re:red:.*Priority: 1.*
|
|
#
|
|
# Motion
|
|
colorscheme:motion:Security camera software
|
|
cs_re:red:Unable to start external command
|
|
cs_re:red:[^ ]* query failed
|
|
cs_re:yellow:Failed to put image into video pipe
|
|
cs_re:red:Could not create symbolic link
|
|
cs_re:red:ffopen_open error creating [^ ]* file
|
|
cs_re:red:Memory error while allocating output media context
|
|
cs_re:red:av_new_stream - could not alloc stream
|
|
cs_re:red:avcodec_alloc_frame - could not alloc frame
|
|
cs_re:red:url_fopen - error opening file %s
|
|
cs_re:red:Error opening file %s
|
|
cs_re:red:Error while writing video frame
|
|
cs_re:red:Could not alloc frame
|
|
cs_re:green:Motion detected - starting event [0-9]*
|
|
cs_re:red:Could not fetch initial image from network camera
|
|
cs_re:red:Error capturing first image
|
|
cs_re:red:Failed to open video loopback
|
|
cs_re:red:MySQL error was
|
|
cs_re:red,,bold:Video device fatal error - terminating camera thread
|
|
cs_re:red:Video signal lost - Adding grey image
|
|
cs_re:red,,bold:Somebody stole the video device, lets hope we got his picture
|
|
cs_re:red,,blink:Could not allocate [0-9]* bytes of memory!
|
|
cs_re:red:Problem creating directory
|
|
cs_re:red:Error opening file [^ ]* with mode
|
|
cs_re:yellow:No response from camera
|
|
cs_re:red:Can't write picture to file
|
|
cs_re:red,,bold:Thread is going to finish due to this fatal error
|
|
cs_re:magenta:[^ ]* error in proc %d
|
|
cs_re:magenta:mmap failed
|
|
cs_re:yellow,,bold:Motion Exits.
|
|
cs_re:yellow,,bold:httpd quitting
|
|
#
|
|
# errpt - IBM AIX error report
|
|
# example usage: multitail -R 10 -cS errpt -l errpt
|
|
colorscheme:errpt:AIX error reporting tool
|
|
cs_re_s:blue|blue,,bold:^[^ ]* *(....)....(..)
|
|
cs_re_s:blue,,bold|blue:^[^ ]* *....(....)..
|
|
cs_re:magenta: I [A-Z] .*
|
|
cs_re:yellow: T [A-Z] .*
|
|
cs_re:red: [A-Z] H .*
|
|
#
|
|
# MySQL error log
|
|
colorscheme:mysql:MySQL error log
|
|
cs_re:magenta::
|
|
cs_re_s:blue|blue,,bold:^..(..).. ..:..:..
|
|
cs_re_s:blue,,bold|blue:^(..)..(..) ..:..:..
|
|
cs_re:blue:^...... ..:..:..
|
|
cs_re:red,,bold:^...... ..:..:.. \[ERROR\]
|
|
cs_re:red:^...... ..:..:.. \[ERROR\].*
|
|
cs_re:yellow,,bold:^...... ..:..:.. \[Warning\]
|
|
cs_re:yellow:^...... ..:..:.. \[Warning\].*
|
|
cs_re:green,,bold:^...... ..:..:.. \[Note\]
|
|
cs_re:green:^...... ..:..:.. \[Note\].*
|
|
cs_re:magenta:mysqld ended
|
|
cs_re:red:Can't start server.*
|
|
#
|
|
# BOINC
|
|
# execute boinc_client with -redirectio, it'll then create
|
|
# stdoutdae.txt and stderrdae.txt files
|
|
colorscheme:boinc:BOINC http://boinc.berkeley.edu/
|
|
cs_re:magenta::
|
|
cs_re:magenta:-
|
|
cs_re:blue|blue,,bold:....-..-.. ..:..:..
|
|
cs_re_s:green:^....-..-.. ..:..:.. ([^]]*])
|
|
cs_re:yellow:Received signal
|
|
cs_re:yellow,,blink:This computer is not attached to any projects
|
|
cs_re:red:gethostbyname failed
|
|
cs_re:green,,bold:Exit requested by user
|
|
cs_re:cyan:Rescheduling CPU: application exited
|
|
cs_re:cyan,,bold:Scheduler list download succeeded
|
|
cs_re:yellow,,bold:Throughput [0-9]* bytes/sec
|
|
cs_re:yellow,,underline:Finished upload of file.*
|
|
cs_re:yellow,,bold/underline:Computation for task.*finished
|
|
cs_re:red:Project communication failed:
|
|
cs_re:yellow:Access to reference site succeeded - project servers may be temporarily down.
|
|
cs_re_s:green,,bold:Requesting ([0-9]*) seconds of new work
|
|
cs_re:green:Requesting [0-9]* seconds of new work
|
|
cs_re:white,,bold:Deferring scheduler requests for.*
|
|
cs_re:white,,bold:Deferring communication for.*
|
|
cs_re:blue,,bold: [^ ]* download of file.*
|
|
cs_re:red:Project is down
|
|
#
|
|
# acpitail
|
|
# http://www.vanheusden.com/acpitail/
|
|
colorscheme:acpitail:Show temperature/battery/etc info
|
|
cs_re:magenta::
|
|
cs_re:magenta:-
|
|
cs_re:blue|blue,,bold:... ... [0-9]* ..:..:.. 2...
|
|
cs_re_val_less:red,,bold:5:^.* remaining capacity: .* .([0-9]*) minutes
|
|
cs_re_val_less:yellow:10:^.*remaining capacity: .* .([0-9]*) minutes
|
|
cs_re:red:error.*
|
|
cs_re_val_bigger:yellow:55:temperature.*: ([0-9]*)
|
|
cs_re_val_bigger:red,,bold:65:temperature.*: ([0-9]*)
|
|
#
|
|
# QMT: clamd
|
|
colorscheme:qmt-clamd
|
|
cs_re:blue,,bold:^....-..-.. ..:..:..
|
|
cs_re:red:ERROR:
|
|
cs_re_s:green,,bold:Protecting against ([0-9]*) viruses.
|
|
cs_re:green:Protecting against [0-9]* viruses.
|
|
cs_re:red,black,inverse:Exiting.*
|
|
cs_re_s:red,,bold:^(.*): Unable to open file or directory ERROR
|
|
cs_re:red:^.*: Unable to open file or directory ERROR
|
|
cs_re:red,black,inverse:LOGGING DISABLED.*
|
|
#cs_re:cyan:/var/qmail/simscan/.*(: OK)
|
|
cs_re:cyan:(: OK)
|
|
cs_re:magenta:/var/qmail/simscan/.*(: [^ ]* FOUND)
|
|
cs_re:yellow: LibClamAV Warning.*
|
|
#
|
|
# QMT: qmail-smtp
|
|
colorscheme:qmt-smtp
|
|
cs_re:blue,,bold:^....-..-.. ..:..:..
|
|
cs_re:red:verify failed for SMTP recipient.*
|
|
cs_re:red: *[^ ]* \[[0-9\.:]*\]: Connection refused
|
|
cs_re:red,,bold: *[^ ]*policy_check: policy_load failed
|
|
cs_re:white,,bold: *[^ ]*CLEAN ([^ ]*).*
|
|
cs_re:white,,bold: *[^ ]*policy_check: policy allows([^ ]*).*
|
|
cs_re:white,,bold: *[^ ]*RELAYCLIENT:([^ ]*).*
|
|
cs_re:magenta: *[^ ]*policy_check: policy forbid([^ ]*).*
|
|
cs_re:magenta:rblsmtpd: ([0-9\.]*).*
|
|
cs_re:magenta:qmail-smtpd.*
|
|
cs_re:magenta:spf-reject.*
|
|
cs_re:magenta: *[^ ]*CHKUSER rejected intrusion: ([^ ]*).*
|
|
cs_re:magenta: *[^ ]*CHKUSER rejected relaying: ([^ ]*).*
|
|
cs_re:magenta: *[^ ]*CHKUSER rejected rcpt: ([^ ]*).*
|
|
cs_re:magenta,,bold: *[^ ]*SPAM REJECT ([^ ]*).*
|
|
cs_re:magenta,,bold: *[^ ]*:VIRUS:.*
|
|
cs_re:magenta,,bold: *[^ ]*:ATTACH:.*
|
|
#
|
|
# QMT: qmail-send
|
|
colorscheme:qmt-send
|
|
cs_re:blue:^....-..-.. ..:..:..
|
|
cs_re:white,,bold:starting delivery ([0-9]*)
|
|
cs_re:white,,bold:delivery *[^ ]*: success:.*
|
|
cs_re:red,,bold:delivery *[^ ]*: failure:.*
|
|
cs_re:yellow,,bold:delivery *[^ ]*: deferral:.*
|
|
#
|
|
# QMT: SpamAssassin
|
|
colorscheme:qmt-spamassassin
|
|
cs_re:blue,,bold:^....-..-.. ..:..:..
|
|
#cs_re:cyan,,bold:info: spamd: clean message .*
|
|
cs_re_s:cyan,,bold:clean message ([^ ]*) for ([^ ]*) in ([^ ]*) seconds, ([^ ]*) bytes.
|
|
cs_re:magenta,,bold:info: spamd: identified spam.*
|
|
#cs_re:magenta,,bold:identified spam ([^ ]*) for ([^ ]*) in ([^ ]*) seconds, ([^ ]*) bytes.
|
|
cs_re_s:magenta,,bold:info: spamd: result: Y ([^ ]*) -.*
|
|
cs_re:yellow:autolearn=failed
|
|
cs_re:red,,blink:server killed by [^,]*, shutting down
|
|
cs_re_s:green,,bold:server successfully spawned child process, pid (.*)
|
|
cs_re:green:server successfully spawned child process, pid
|
|
cs_re:yellow: warn.*
|
|
cs_re:white,,bold:info: spamd: processing message.*
|
|
#
|
|
# QMT: sophie
|
|
colorscheme:qmt-sophie
|
|
cs_re:blue,,bold:^....-..-.. ..:..:..
|
|
cs_re:white,,bold:NOTICE *[^ ]*:.*
|
|
cs_re:yellow,,bold:Virus present.*
|
|
cs_re:magenta,,bold:WARNING *[^ ]*: Scan result =.*
|
|
cs_re:red,,bold:WARNING *[^ ]*: error:.*
|
|
#
|
|
# colorscript: colorscripts are external scripts that decide what colors to use
|
|
# for input they receive the line that needs colors
|
|
# as a result they emit: start,end,foreground color,background color,attributes\n
|
|
# ...\n
|
|
# \n <- an empty line (only a linefeed) indicates
|
|
# end of parameters for this line
|
|
# start offset: what position these colors/attributes start
|
|
# end offset: the position AFTER the last character for which the attributes are
|
|
# valid
|
|
# do NOT use spaces in each line!
|
|
colorscript:cscriptexample:/etc/multitail/colors-example.pl:this is a barely functional example script
|
|
#
|
|
#
|
|
# default colorschemes:
|
|
scheme:uucp:/var/log/uucp/
|
|
scheme:zarafa:/var/log/zarafa/
|
|
scheme:postfix:/var/log/mail/
|
|
scheme:sendmail:/var/log/mail/
|
|
scheme:exim:/var/log/mail/
|
|
scheme:apache:/var/log/apache/.*access
|
|
scheme:apache:/var/log/lighttpd/.*access
|
|
scheme:apache_error:/var/log/apache/.*error
|
|
scheme:asterisk:/var/log/asterisk/messages
|
|
scheme:samba:/var/log/samba/
|
|
scheme:squid:/var/log/squid/
|
|
scheme:squid:/var/log/squid3/
|
|
scheme:syslog,ssh:/var/log/
|
|
scheme:vnetbr:bplog.rest
|
|
scheme:procmail:procmail.log
|
|
scheme:inn:/var/log/news/
|
|
scheme:snort:/var/log/snort/alert
|
|
scheme:boinc:/var/lib/boinc-client/std...dae.txt
|
|
scheme:qmt-send:/var/log/qmail/send/current
|
|
scheme:qmt-smtp:/var/log/qmail/smtp/current
|
|
scheme:qmt-smtp:/var/log/qmail/submission/current
|
|
scheme:qmt-clamd:/var/log/qmail/clamd/current
|
|
scheme:qmt-spamassassin:/var/log/qmail/spam/current
|
|
scheme:qmt-sophie:/var/log/qmail/sophie/current
|
|
# the following line is to show you that colorscripts can be used the same way as colorschemes
|
|
scheme:cscriptexample:/dev/null
|
|
#
|
|
# default number of lines to buffer FOR THESE PATTERNS:
|
|
#default_nlines:500:/var/log/apache/*.access
|
|
#default_bytes:100kb:/var/log/
|
|
#
|
|
# default number of lines to buffer globally
|
|
# one can set only 1 of these two
|
|
#global_default_nlines:500
|
|
global_default_nkb:1MB
|
|
#
|
|
# how often to check for mail
|
|
# set to 0 to disable
|
|
# default is every 5 seconds
|
|
check_mail:0
|
|
#
|
|
# where to find the 'xclip' binary - used to send a buffer
|
|
# to the X clipboard
|
|
#xclip:/usr/bin/xclip
|
|
#
|
|
# where to find the 'pbcopy' binary - used to send a buffer
|
|
# to the clipboard (OSX-only)
|
|
#pbcopy:/usr/bin/pbcopy
|
|
#
|
|
# width of a TAB-character. in the VI editor this is, for
|
|
# example, 8. default in multitail is 4
|
|
tab_stop:8
|
|
#
|
|
# what program to start when the user presses a key
|
|
# ...:x:... just that key
|
|
# ...:^x:... that key with control
|
|
bind:g:/usr/bin/pine
|
|
bind:^k:/bin/bash
|
|
bind:^l:/usr/bin/telnet
|
|
bind:^s:/bin/su
|
|
#
|
|
# enable things with the xterm title bar
|
|
# %f changed file
|
|
# %h hostname
|
|
# %l system load
|
|
# %m "New mail" or nothing
|
|
# %u username
|
|
# %t date + time
|
|
titlebar:%m %u@%h %f (%t) [%l]
|
|
#
|
|
# how timestrings will look when using '-ts'
|
|
line_ts_format:%Y/%m/%d %H:%M:%S
|
|
#
|
|
# where to find tail. this is used when you don't use the default tail (using
|
|
# turbotail for example)
|
|
# or your tail is located somewhere else
|
|
#tail:/usr/bin/tail
|
|
# wether this tail only understands posix commands (=yes)
|
|
posix_tail:no
|
|
#
|
|
# use bright colors
|
|
#bright:1
|
|
#
|
|
# wether to abbreviate filesizes to xKB/MB/GB
|
|
abbreviate_filesize:on
|
|
#
|
|
# show number of subwindow?
|
|
show_subwindow_id:off
|
|
#
|
|
# attributes for the marker-line
|
|
markerline_color:red,black,reverse
|
|
#
|
|
# show timestamp in markerline?
|
|
markerline_timestamp:on
|
|
# whot character to print in the markerline
|
|
markerline_char:-
|
|
#
|
|
# attributes for the line that is printed when multitail switches subwindow
|
|
changeline_color:blue,white,bold/reverse
|
|
changeline_char:-
|
|
#
|
|
# line printed when nothing happens in a window for a while
|
|
idleline_color:yellow,black,bold/reverse
|
|
idleline_char:-
|
|
#
|
|
# line printed for multitail messages (regexp errors, file truncated, etc)
|
|
msgline_color:magenta,black,bold/reverse
|
|
msgline_char:-
|
|
#
|
|
# when converting to a timestring, use this format:
|
|
# (also for markerline)
|
|
ts_format:%b %d %H:%M:%S
|
|
#
|
|
# timestring format for conversions
|
|
cnv_ts_format:%b %d %H:%M:%S %Y
|
|
#
|
|
# timestring format for statusline
|
|
statusline_ts_format:%Y/%m/%d %H:%M:%S
|
|
#
|
|
# put statusline above the data instead below it?
|
|
statusline_above_data:no
|
|
#
|
|
# statusline attributes
|
|
statusline_attrs:white,black,reverse
|
|
#
|
|
# conversions
|
|
# note: the part you want to have replaced must be between '(' and ')'
|
|
# possible conversions:
|
|
# ip4tohost: an ip-address in 4 byte dotted format to a hostname
|
|
# epochtodate: a value representing the number of seconds since 1970 to
|
|
# a time-string. format of the string can be set with
|
|
# "ts_format".
|
|
# errnotostr: an errno-value to the error message it represents
|
|
# hextodec: a hex-value into its decimal version
|
|
# dectohex: a decimal value into hexadecimal
|
|
# tai64todate: converts a TAI64 string to a datestring (see http://cr.yp.to/libtai/tai64.html#tai64n for details)
|
|
# script this is a special case: it requires an extra parameter (before the regular expression): this parameter
|
|
# selects a script (perl, bash, as long as it is executable) which loops forever and then reads a line
|
|
# ending with \n, processes it and then emits the converted output also ending with \n (in 1 write!)
|
|
# Please note: when using perl, disable i/o buffering!
|
|
# abbrtok: abbreviates a value to KB/MB/GB
|
|
# signrtostring: signal number to descriptive name
|
|
convert:apache:ip4tohost:^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})
|
|
convert:squid:epochtodate:^([0-9]*)
|
|
convert:squid:ip4tohost:^[^ ]* *[0-9]* *([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})
|
|
convert:asterisk:epochtodate:^([0-9]*).([0-9]*)
|
|
convert:nagios.log:epochtodate:^.([0-9]*).
|
|
convert:qmailtimestr:tai64todate:^(@[^ ]*)
|
|
convert:geoip:script:/etc/multitail/convert-geoip.pl:([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})
|
|
#
|
|
# shell to invoke
|
|
shell:/bin/sh
|
|
#
|
|
# default scrollback linewrap mode
|
|
# default is yes (do wrap)
|
|
dsblwm:yes
|
|
#
|
|
# should a popup box be displayed when a window closes by itself?
|
|
warn_closed:yes
|
|
#
|
|
# allow 8 bit ascii? (e.g. umlauts etc.)
|
|
allow_8bit:yes
|
|
#
|
|
# beep, flash, popup or none when error?
|
|
beep_method:flash
|
|
# in case of beep_method:popup; how long to display the popup before it
|
|
# automatically disappears (in seconds)
|
|
beep_popup_length:0.1
|
|
#
|
|
# ^x instead of an inverse .
|
|
caret_notation:yes
|
|
#
|
|
# what umask to use when creating files
|
|
umask:0022
|
|
#
|
|
# how often to refresh popups (in case applicable)
|
|
popup_refresh_interval:5
|
|
#
|
|
# print a markerline when one merges multiple logfiles and tail changes
|
|
# from one logfile to an other
|
|
global_mark_change:no
|
|
# default settings for files selected with a regular expression(!)
|
|
default_mark_change:yes:/var/log/apache/.*
|
|
#
|
|
replace_by_markerline:-- MARK --
|
|
#
|
|
# what to buffer by default 'a'll or what went through the 'f'ilter
|
|
default_bufferwhat:f
|
|
#
|
|
# should searches be case insensitive? press 'I' in the main menu to toggle at run-time
|
|
searches_case_insensitive:no
|
|
#
|
|
# default linewrap mode
|
|
# a: all
|
|
# l: left
|
|
# r: right
|
|
# s: syslog
|
|
# S: syslog w/o procname
|
|
# o: offset
|
|
# w: wordwrap
|
|
default_linewrap:a
|
|
#
|
|
# follow filename instead of descriptor?
|
|
follow_filename:yes
|
|
#
|
|
# filters (complete lines)
|
|
filterscheme:syslog:removes '----mark----' and such
|
|
rule:ev:---- MARK ----
|
|
# on what file(s) to use the filter by default
|
|
usefilterscheme:syslog:/var/log/messages
|
|
#
|
|
# edits (part of lines)
|
|
# the type (e.g. 'ke') is like the command line switches -ke/-kS/-kr etc.
|
|
editscheme:syslog:removes '----'
|
|
editrule:ke:----
|
|
editrule:ke:make
|
|
# on what file(s) to use the filter by default
|
|
useeditscheme:syslog:/var/log/messages
|
|
#
|
|
# close windows when the end-of-file was reached?
|
|
close_closed_windows:yes
|
|
#
|
|
# should we skip empty lines? (the scrollback window always displays them)
|
|
suppress_empty_lines:yes
|
|
#
|
|
# how the splitline should look like
|
|
splitline_attrs:white,black,reverse
|
|
# can be attr (use attributes defined with splitline_attrs), regular (use statusline attributes), none (display none)
|
|
splitline:attributes
|
|
#
|
|
# what attributes to use when displaying things in reverse (-eC/-ec, highlight in main menu)
|
|
inverse:bold/reverse
|
|
#
|
|
# what key must the user press to abort an action? e.g. a menu or so
|
|
# this parameter expects an ascii-value
|
|
# e.g. control + a = 1
|
|
# escape = 27 - please note that you would have to press it twice
|
|
# ^g = 7
|
|
abort_key:7
|
|
# what key to press to exit multitail
|
|
# ^c = 3
|
|
exit_key:3
|
|
#
|
|
default_convert:apache:/var/log/apache/.*access
|
|
default_convert:apache:/var/log/lighttpd/.*access
|
|
default_convert:asterisk:/var/log/asterisk/messages
|
|
default_convert:squid:/var/log/squid/
|
|
default_convert:squid:/var/log/squid3/
|
|
default_convert:qmailtimestr:/var/log/qmail/qmail.smtpd.log
|
|
#
|
|
# when a buffer (for scrollback) gets too full, some lines must be freed (unless one sets the buffersize to unlimited)
|
|
# with this parameter one can set the minimum lines to free. this parameter is implemented for efficiency as with a
|
|
# 1MB buffer buffer management starts to use quit a bit of processortime
|
|
min_shrink:10
|
|
#
|
|
# when scrolling or searching through the logging, show (sub-)window-nrs? (toggle with ^t)
|
|
# press 't' to see a list of window-nrs and what's displayed in them
|
|
scrollback_show_winnrs:no
|
|
#
|
|
# for word-wrap: what is the max length of a word which should still be wrapped
|
|
wordwrapmaxlength:31
|
|
#
|
|
# for searches, multitail can remember a history which can be retrieved with ^r or cursorkey down in places where
|
|
# you can enter searchstrings
|
|
# set 'history_size' to 0 to disable this feature
|
|
searchhistory_file:~/.multitail.searchhistory
|
|
# how many strings to remember
|
|
searchhistory_size:15
|
|
#
|
|
# like searchhistory only for filenames, pathnames and commands
|
|
cmdfile_history_file:~/.multitail.cmdfilehistory
|
|
cmdfile_history_size:30
|
|
#
|
|
# default background color
|
|
# comment this line to use the default terminal color
|
|
#default_background_color:black
|
|
#
|
|
# in search-fields: give an empty edit-field or the previously used search string
|
|
reuse_searchstring:no
|
|
#
|
|
# how many initial lines to tail at least initially (if available)
|
|
min_n_bufferlines:50
|
|
#
|
|
# what characters to use for the borders around popups and such
|
|
# comment-out to use defaults
|
|
#box_bottom_left_hand_corner:+
|
|
#box_bottom_right_hand_corner:+
|
|
#box_bottom_side:-
|
|
#box_left_side:|
|
|
#box_right_side:|
|
|
#box_top_left_hand_corner:+
|
|
#box_top_right_hand_corner:+
|
|
#box_top_side:-
|
|
#
|
|
# text to put in front of line with window-number
|
|
window_number:[%02d]
|
|
subwindow_number:[%02d]
|
|
#
|
|
# parameters for --limit / --Limit
|
|
# format of timestamp in logging
|
|
syslog_ts_format:%Y/%m/%d %H:%M:%S
|
|
# show ip addresses or hostnames?
|
|
resolv_ip_addresses:yes
|
|
# show severity/facility? not shown in regular syslogd
|
|
show_severity_facility:yes
|
|
#
|
|
# should scrollback default to fullscreen (default is no)
|
|
# scrollback_fullscreen_default:yes
|
|
#
|
|
# suppress colors in the scollback window? this speeds up scrolling a little
|
|
scrollback_no_colors:no
|
|
#
|
|
# when you search in the scrollback: open new window with found strings (= on)
|
|
# or jump to the next found (= off)
|
|
scrollback_search_new_window:yes
|
|
#
|
|
# set to (yes) to map delete key as backspace key.
|
|
# this is useful if you are using mac
|
|
map_delete_as_backspace:no
|