Last active
August 4, 2023 09:55
-
-
Save jrenggli/4768366c6d5c62ff10ae to your computer and use it in GitHub Desktop.
Graylog2 Extractor for VRPT/Syslog format (used by ZyXEL devices)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "extractors": [ | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "cat=\"(.*?)\"" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 5, | |
| "source_field": "message", | |
| "target_field": "cat", | |
| "title": "cat" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "proto=\"(.*?)\"" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 11, | |
| "source_field": "message", | |
| "target_field": "proto", | |
| "title": "proto" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [ | |
| { | |
| "config": {}, | |
| "type": "numeric" | |
| } | |
| ], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "duration=(\\d*)" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 6, | |
| "source_field": "message", | |
| "target_field": "duration", | |
| "title": "duration" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "dir=\"(.*?)\"" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 9, | |
| "source_field": "message", | |
| "target_field": "dir", | |
| "title": "dir" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "status=(.*?)," | |
| }, | |
| "extractor_type": "regex", | |
| "order": 18, | |
| "source_field": "message", | |
| "target_field": "status", | |
| "title": "status" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "devID=\"(.*?)\"" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 4, | |
| "source_field": "message", | |
| "target_field": "devID", | |
| "title": "devID" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [ | |
| { | |
| "config": {}, | |
| "type": "numeric" | |
| } | |
| ], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "protoID=(\\d*)" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 10, | |
| "source_field": "message", | |
| "target_field": "protoID", | |
| "title": "protoID" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "msg=\"(.*?)\"" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 13, | |
| "source_field": "message", | |
| "target_field": "message", | |
| "title": "message" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [ | |
| { | |
| "config": {}, | |
| "type": "numeric" | |
| } | |
| ], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "memory=(\\d*)" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 15, | |
| "source_field": "message", | |
| "target_field": "memory", | |
| "title": "memory" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "src=\"(.*?)\"" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 0, | |
| "source_field": "message", | |
| "target_field": "src", | |
| "title": "src" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "dst=\"(.*?)\"" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 1, | |
| "source_field": "message", | |
| "target_field": "dst", | |
| "title": "dst" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "note=\"(.*?)\"" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 2, | |
| "source_field": "message", | |
| "target_field": "note", | |
| "title": "note" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "user=\"(.*?)\"" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 3, | |
| "source_field": "message", | |
| "target_field": "user", | |
| "title": "user" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [ | |
| { | |
| "config": {}, | |
| "type": "numeric" | |
| } | |
| ], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "sent=(\\d*)" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 7, | |
| "source_field": "message", | |
| "target_field": "sent", | |
| "title": "sent" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [ | |
| { | |
| "config": {}, | |
| "type": "numeric" | |
| } | |
| ], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "rcvd=(\\d*)" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 8, | |
| "source_field": "message", | |
| "target_field": "rcvd", | |
| "title": "rcvd" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "client_mac=\"(.*?)\"" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 12, | |
| "source_field": "message", | |
| "target_field": "client_mac", | |
| "title": "client_mac" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [ | |
| { | |
| "config": {}, | |
| "type": "numeric" | |
| } | |
| ], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "cpu=(\\d*)" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 14, | |
| "source_field": "message", | |
| "target_field": "cpu", | |
| "title": "cpu" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [ | |
| { | |
| "config": {}, | |
| "type": "numeric" | |
| } | |
| ], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "sessions=(\\d*)" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 16, | |
| "source_field": "message", | |
| "target_field": "sessions", | |
| "title": "sessions" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "name=(.*?)," | |
| }, | |
| "extractor_type": "regex", | |
| "order": 17, | |
| "source_field": "message", | |
| "target_field": "name", | |
| "title": "name" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [ | |
| { | |
| "config": {}, | |
| "type": "numeric" | |
| } | |
| ], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "TxPkts=(\\d*)" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 19, | |
| "source_field": "message", | |
| "target_field": "TxPkts", | |
| "title": "TxPkts" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [ | |
| { | |
| "config": {}, | |
| "type": "numeric" | |
| } | |
| ], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "RxPkts=(\\d*)" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 20, | |
| "source_field": "message", | |
| "target_field": "RxPkts", | |
| "title": "RxPkts" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [ | |
| { | |
| "config": {}, | |
| "type": "numeric" | |
| } | |
| ], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "Colli\\.=(\\d*)" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 21, | |
| "source_field": "message", | |
| "target_field": "Colli", | |
| "title": "Colli" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [ | |
| { | |
| "config": {}, | |
| "type": "numeric" | |
| } | |
| ], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "TxB/s=(\\d*)" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 22, | |
| "source_field": "message", | |
| "target_field": "TxBs", | |
| "title": "TxBs" | |
| }, | |
| { | |
| "condition_type": "none", | |
| "condition_value": "", | |
| "converters": [ | |
| { | |
| "config": {}, | |
| "type": "numeric" | |
| } | |
| ], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "regex_value": "RxB/s=(\\d*)" | |
| }, | |
| "extractor_type": "regex", | |
| "order": 23, | |
| "source_field": "message", | |
| "target_field": "RxBs", | |
| "title": "RxBs" | |
| } | |
| ], | |
| "version": "0.92.3" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment