Skip to content

Instantly share code, notes, and snippets.

@mikepenz

mikepenz/multitail.md

Last active February 28, 2021 15:42
Show Gist options
  • Save mikepenz/a8a4a52f67a391895a4c to your computer and use it in GitHub Desktop.
Save mikepenz/a8a4a52f67a391895a4c to your computer and use it in GitHub Desktop.
Download ZIP
Install & Configure multitail, Configure multitail, Setup alias
Raw
multitail.md

#ABOUT

#INSTALLATION Run following commands:

curl https://gist.githubusercontent.com/mikepenz/a8a4a52f67a391895a4c/raw/0e142a381ddce88e7489d0753388bd9778cb246d/multitail.sh | sh;
source ~/.bashrc

This will start the script multitail.sh and call source ~/.bashrc afterwards

#UPGRADE If you upgrade from an pre 50 revision you have to run following command first

rm ~/.bash_tail_aliases

#HOW-TO-USE

  • -n | --number | -l | --lines
  • To define the number of lines to show (MAX 10.000)
  • -b | --buffer
  • To define the size of the buffer (DEFAULT 0 -> no limit)
  • -e | -s | --search
  • To search for a string within the number of lines (this will work for more than 10.000 lines)
  • -t | --tomcat | --stage
  • To output a predefined tomcat (tom | dev | test)
  • -c | --custom | --path
  • To pass a custom path
  • -p | --print
  • To print the multitail command instead of calling it directly
  • -d | --debug
  • To output the given attributes

#MultiTail This script uses multitail to output the logs ##How-To-MultiTail

  • q - will quit all windows etc.
  • b - use to see the buffer (default up to 1000 lines back in history :D)
  • shift + / - to search (in the 1000 lines)
  • h - minimal help :D ##About http://linux.die.net/man/1/multitail
Raw
multitail.sh
#!/bin/sh
echo "############################################################"
echo "############################################################"
echo "cleanup previous installations"
echo "############################################################"
echo "############################################################"
if [ -f ~/.multitailrc ]; then
rm ~/.multitailrc
fi
if [ -f ~/.bash_tail_aliases ]; then
rm ~/.bash_tail_aliases
echo "############################################################"
echo "multitail already up to date"
echo "############################################################"
else
echo "############################################################"
echo "apt-get update"
echo "############################################################"
apt-get update # To get the latest package lists
echo "############################################################"
echo "install dependencies"
echo "############################################################"
apt-get install libncursesw5-dev -y
apt-get install make
echo "############################################################"
echo "install multitail"
echo "############################################################"
echo "open temp..."
cd /tmp
echo "get multitail 6.4.1..."
wget http://www.vanheusden.com/multitail/multitail-6.4.1.tgz
echo "extract multitail 6.4.1..."
tar -xzf multitail-6.4.1.tgz
echo "go to the extracted folder..."
cd multitail-6.4.1/
echo "install multitail..."
make install
echo "remove installation files..."
rm -rf /tmp/multitail-6.4.1
#apt-get install multitail -y
fi
echo "############################################################"
echo "############################################################"
echo "############################################################"
echo "############################################################"
echo "create multitail configuration"
#download and set multitail config
curl https://gist.githubusercontent.com/mikepenz/a8a4a52f67a391895a4c/raw/ca9879865769a62c800e68055a74b57f6b945516/zmultitail.conf > /etc/multitail.conf
echo "############################################################"
echo "############################################################"
echo "Create bash alias 'log' for a faster usage"
bashaliases='#!/bin/bash
function logoutput() {
#!/bin/bash
# PREDEFINE MY VARIABLES
MULTITAIL_BASH_LINES="1000"
MULTITAIL_BASH_LINES_BUFFER="0"
MULTITAIL_BASH_SEARCH=""
MULTITAIL_BASH_TOMCAT=""
MULTITAIL_BASH_PRINT=""
MULTITAIL_BASH_DEBUG=""
MULTITAIL_BASH_PATH="/usr/local/tomcat/logs/catalina.out"
# Use > 1 to consume two arguments per pass in the loop (e.g. each
# argument has a corresponding value to go with it).
# Use > 0 to consume one or more arguments per pass in the loop (e.g.
# some arguments dont have a corresponding value to go with it such
# as in the --default example).
while [[ $# > 0 ]]
do
key="$1"
case $key in
-n|--number|-l|--lines)
MULTITAIL_BASH_LINES="$2"
shift # past argument
;;
-b|--buffer)
MULTITAIL_BASH_LINES_BUFFER="$2"
shift # past argument
;;
-e|-s|--search)
MULTITAIL_BASH_SEARCH="$2"
shift # past argument
;;
-t|--tomcat|--stage)
MULTITAIL_BASH_TOMCAT="$2"
shift # past argument
;;
-c|--custom|--path)
MULTITAIL_BASH_PATH="$2"
shift # past argument
;;
-p|--print)
MULTITAIL_BASH_PRINT="PRINT"
shift # past argument
;;
-d|--debug)
MULTITAIL_BASH_DEBUG="DEBUG"
shift # past argument
;;
--default)
MULTITAIL_BASH_DEFAULT=YES
;;
*)
# unknown option
;;
esac
shift # past argument or value
done
if [[ -n $MULTITAIL_BASH_DEBUG ]]; then
echo LINES = "${MULTITAIL_BASH_LINES}"
echo BUFFER = "${MULTITAIL_BASH_LINES_BUFFER}"
echo SEARCH = "${MULTITAIL_BASH_SEARCH}"
echo TOMCAT = "${MULTITAIL_BASH_TOMCAT}"
echo PATH = "${MULTITAIL_BASH_PATH}"
echo PRINT = "${MULTITAIL_BASH_PRINT}"
echo DEBUG = "${MULTITAIL_BASH_DEBUG}"
if [[ -n $key ]]; then
echo LASTUNSPECIFIC = "${key}"
fi
fi
if [ "${MULTITAIL_BASH_TOMCAT}" = "tom" ]; then
if [ -f "/usr/local/tomcat/logs/catalina.out" ]; then
MULTITAIL_BASH_PATH="/usr/local/tomcat/logs/catalina.out"
elif [ -f "/var/www/tomcat/logs/catalina.out" ]; then
MULTITAIL_BASH_PATH="/var/www/tomcat/logs/catalina.out"
else
echo "tomcat dev does not exist"
return
fi
elif [ "${MULTITAIL_BASH_TOMCAT}" = "dev" ]; then
if [ -f "/usr/local/tomcat_dev/logs/catalina.out" ]; then
MULTITAIL_BASH_PATH="/usr/local/tomcat_dev/logs/catalina.out"
elif [ -f "/usr/local/tomcatdev/logs/catalina.out" ]; then
MULTITAIL_BASH_PATH="/usr/local/tomcatdev/logs/catalina.out"
elif [ -f "/var/www/tomcat_dev/logs/catalina.out" ]; then
MULTITAIL_BASH_PATH="/var/www/tomcat_dev/logs/catalina.out"
elif [ -f "/var/www/tomcatdev/logs/catalina.out" ]; then
MULTITAIL_BASH_PATH="/var/www/tomcatdev/logs/catalina.out"
else
echo "tomcat dev does not exist"
return
fi
elif [ "${MULTITAIL_BASH_TOMCAT}" = "test" ]; then
if [ -f "/usr/local/tomcat_test/logs/catalina.out" ]; then
MULTITAIL_BASH_PATH="/usr/local/tomcat_test/logs/catalina.out"
elif [ -f "/usr/local/tomcattest/logs/catalina.out" ]; then
MULTITAIL_BASH_PATH="/usr/local/tomcattest/logs/catalina.out"
elif [ -f "/var/www/tomcat_test/logs/catalina.out" ]; then
MULTITAIL_BASH_PATH="/var/www/tomcat_test/logs/catalina.out"
elif [ -f "/var/www/tomcattest/logs/catalina.out" ]; then
MULTITAIL_BASH_PATH="/var/www/tomcattest/logs/catalina.out"
else
echo "tomcat test does not exist"
return
fi
fi
if [[ -n $MULTITAIL_BASH_PRINT ]]; then
if [[ -n $MULTITAIL_BASH_SEARCH ]]; then
echo multitail -n ${MULTITAIL_BASH_LINES} -m ${MULTITAIL_BASH_LINES_BUFFER} -CS log -e \"${MULTITAIL_BASH_SEARCH}\" -i ${MULTITAIL_BASH_PATH}
else
echo multitail -n ${MULTITAIL_BASH_LINES} -m ${MULTITAIL_BASH_LINES_BUFFER} -CS log -i ${MULTITAIL_BASH_PATH}
fi
else
if [[ -n $MULTITAIL_BASH_SEARCH ]]; then
multitail -n ${MULTITAIL_BASH_LINES} -m ${MULTITAIL_BASH_LINES_BUFFER} -CS log -e "${MULTITAIL_BASH_SEARCH}" -i ${MULTITAIL_BASH_PATH}
else
multitail -n ${MULTITAIL_BASH_LINES} -m ${MULTITAIL_BASH_LINES_BUFFER} -CS log -i ${MULTITAIL_BASH_PATH}
fi
fi
}
alias log=logoutput'
if [ ! -f ~/.bash_tail_aliases ]; then
touch ~/.bash_tail_aliases
echo "-- created file ~/.bash_tail_aliases (was missing)"
fi
echo "$bashaliases" > ~/.bash_tail_aliases
echo "############################################################"
echo "############################################################"
echo "Add the bash_tail_aliases reference to bashrc (if not exists)"
bashrc_content='if [ -f ~/.bash_tail_aliases ]; then
. ~/.bash_tail_aliases
fi'
if grep -q "bash_tail_aliases" ~/.bashrc; then
echo "-- bash_tail_aliases was already set"
else
echo "$bashrc_content" >> ~/.bashrc
echo "-- added bash_tail_aliases source (was missing)"
fi
echo "############################################################"
echo "############################################################"
echo "Add the bashrc reference to bash_profile (if not exists)"
bash_profile_content='if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi'
if grep -q "bashrc" ~/.bash_profile; then
echo "-- bashrc was already set"
else
echo "$bash_profile_content" >> ~/.bash_profile
echo "-- added bashrc source (was missing)"
fi
echo "############################################################"
echo "############################################################"
echo "Make sure to reload your bash after you've added those lines with: source ~/.bashrc"
echo "############################################################"
echo "############################################################"
echo "Everything set. Awesome. Try to call 'log'"
echo "############################################################"
echo "############################################################"
Raw
zmultitail.conf
# Pick default screen
defaultcscheme:log
# Default colorscheme for tomcat logs
colorscheme:log
cs_re:green:.*INFO.*
cs_re:yellow:.*WARN.*
cs_re:magenta:.*SEVERE.*
cs_re:red:.*FATAL.*
cs_re:red:.*ERROR.*
cs_re:blue:.*DEBUG.*
# /var/log/messages & .../syslog
colorscheme:syslog:kernel and unsorted messages
# segfaults
cs_re_s:red,,bold:kernel: ([^:]*): segfault at [^ ]* rip [^ ]* rsp [^ ]* error
cs_re:yellow:kernel: .*: segfault at [^ ]* rip [^ ]* rsp [^ ]* error
# misc
cs_re:red,,inverse/underline:kernel
cs_re:green:Detected.*$
cs_re:green:\[
cs_re:green:\]
cs_re:cyan::
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re_s:,,bold:^... .. ..:..:.. [^ ]* ([A-z0-9]*)
cs_re:red:scanlogd.*
cs_re:yellow:Did.not
#
# Zarafa
colorscheme:zarafa:www.zarafa.com
cs_re:magenta:none
cs_re:blue,,bold:debug
cs_re:green,,bold:info
cs_re:yellow:notice
cs_re:yellow,,bold:warning
cs_re:red:error
cs_re:red,,blink:fatal
cs_re:yellow::
cs_re:green:^... ... .. ..:..:.. ....
cs_re:cyan,,bold:/
cs_re:red,,bold:\(
cs_re:red,,bold:\)
cs_re_s:yellow,,underline:User *([^ ]*)
cs_re:magenta,,bold: *[a-z]*[0-9]+[a-z]*
cs_re:red:\[
cs_re:red:\]
#
# Oracle WebLogic
colorscheme:weblogic
cs_re_s:red,,bold:.*(<Error>).*
cs_re_s:yellow:.*(<Warning>).*
cs_re_s:blue:.*(<Debug>).*
cs_re_s:green:.*(<.*>).*
#
# Oracle GoldenGate
colorscheme:goldengate
cs_re_s:red,,bold:.*( ERROR ).*
cs_re_s:yellow:.*( WARNING ).*
cs_re_s:green:.*( INFO ).*
#
# ssh
colorscheme:ssh:www.openssh.org
cs_re:yellow:error: Could not get shadow information for.*
cs_re:yellow:fatal: Timeout before authentication for.*
cs_re_s:red,,bold:error: PAM: Authentication failure for(.*)
cs_re:red:error: PAM: Authentication failure for
cs_re:red,,blink:error: Bind to port [0-9]* on [^ ]* failed: Address already in use.
cs_re_s:red,,bold:error: PAM: Authentication failure for ([^ ]*) from (.*)
cs_re:red:error: PAM: Authentication failure for ([^ ]*) from (.*)
cs_re_s:green,,bold:Accepted [^ ]* for ([^ ]*) from ([^ ]*) port ([0-9]*) ssh2
cs_re:green:Accepted [^ ]* for [^ ]* from [^ ]* port.*
cs_re:red:PAM session setup failed\[[0-9]*\]:.*
cs_re_s:yellow,,bold:Failed ([^ ]*) for ([^ ]*) from ([^ ]*) port ([0-9]*).*
cs_re:yellow:Failed [^ ]* for [^ ]* from [^ ]* port [0-9]* .*
cs_re:red:Disconnecting: Too many authentication failures for.*
#
# PowerDNS
colorscheme:powerdns:www.powerdns.com
cs_re_s:green:Remote\ (.*)\ wants
cs_re:blue:'.*'
cs_re:red:MISS
cs_re:green,,bold:HIT
#
# UUCP
colorscheme:uucp:UUCP Log files
cs_re:yellow:uucico
cs_re:cyan:uuxqt
cs_re:magenta:Receiving
cs_re:magenta:Executing
cs_re:magenta:Sending
cs_re:cyan:Queuing
cs_re:cyan:Calling system
cs_re:green:Login successful
cs_re:green:Handshake successful
cs_re:green:Call complete
cs_re:red:ERROR:.*
#
# ADB logcat
colorscheme:logcat
cs_re_s:blue,,bold:^./(dalvikvm)\(
cs_re_s:blue,,bold:^./(Process)\(
cs_re_s:cyan:^./(ActivityManager)\(
cs_re_s:cyan:^./(ActivityThread)\(
cs_re_s:white,,bold:^./([^\(]*)\(
cs_re_s:green:^[^\(]*(\()[^\)]*(\))
cs_re:red,,inverse:[Pp]ermission [Dd]eni[ae][dl]
cs_re:red,,inverse:Caused by:
cs_re:cyan::
#cs_re:red,,inverse:^F
#cs_re:red,,bold:^E
#cs_re:yellow,,bold:^W
#cs_re:cyan,,bold:^I
#cs_re:green,,bold:^V
#cs_re:white:^D
cs_re_s:red,,inverse:^(F)/[^:]*: (.*)$
cs_re_s:red:^(E)/[^:]*: (.*)$
cs_re_s:yellow:^(W).[^:]*: (.*)$
#cs_re_s:green:^(I).[^:]*: (.*)$
cs_re_s:green:^(V)/[^:]*: (.*)$
cs_re_s:black,,bold:^(D)/[^:]*: (.*)$
#
# linux iptables firewall
colorscheme:liniptfw:Linux IPtables (2.6.x kernel)
cs_re:cyan::
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re_s:red:kernel: .*(DPT=[0-9]*)
cs_re_s:yellow:kernel: (IN=[^ ]*)
cs_re_s:cyan:kernel: .*(SRC=[^ ]*) *(DST=[^ ]*)
cs_re_s:green:kernel: .*(PROTO=[^ ]*)
#
# postfix log
colorscheme:postfix:www.postfix.org
cs_re:cyan::
cs_re:yellow:status=sent
cs_re:magenta:queue.active
cs_re:green:from=.*>
cs_re:red:to=.*>
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re:green:\[
cs_re:green:\]
#
# apache
colorscheme:apache:default Apache logging (webserver)
cs_re:red: 404
cs_re:cyan::
cs_re:green:\[
cs_re:green:\]
# ip-adresses in the format x.x.x.x
cs_re:yellow:^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}
# hostnames
cs_re:yellow:^[^ ]*
### Apache errorlog
colorscheme:apache_error:default Apache error logging
cs_re:yellow:\[client .*\]
cs_re:red: [^ ]*$
cs_re:blue:^\[... ... .. ..:..:.. ....\]
#
# rsstail (http://www.vanheusden.com/rsstail/)
colorscheme:rsstail:RSSTail output (RSS feed reader)
cs_re:cyan::
cs_re:cyan:/
cs_re:blue:^.......... ..:..:..
cs_re:green:Title:.*
cs_re:red:^Link:.*
cs_re:yellow:^Description:
#
# acctail (http://www.vanheusden.com/acctail/)
colorscheme:acctail:(BSD-) process accounting reader
cs_re:green:^................
cs_re_s:red:^.................(....)
cs_re_s:cyan:^......................(........)
cs_re_s:yellow:^...............................(........)
cs_re:blue:\.
#
# wtmptail (http://www.vanheusden.com/wtmptail/)
colorscheme:wtmptail:www.vanheusden.com/wtmptail/
cs_re:blue:\.
cs_re:blue::
cs_re:yellow:^USER.*
cs_re:green:^........
cs_re:cyan:[0-9]*:[0-9]*[ap]m
cs_re:red:^..................................
cs_re:black,red,blink:BOOT
cs_re:black,yellow:DEAD
#
# squid
colorscheme:squid:http proxy server
cs_re:blue:^[^ ]*
cs_re_s:yellow:^[^ ]* *[0-9]* *([^ ]*)
cs_re_s:green:^[^ ]* *[0-9]* *[^ ]* ([^ ]*)
cs_re_s:cyan:^[^ ]* *[0-9]* *[^ ]* [^ ]* *[0-9]* *[^ ]* *([^ ]*)
#
# asterisk
colorscheme:asterisk:software PBX
cs_re:blue::
cs_re:cyan:^...............
cs_re:red:ERROR
cs_re:yellow:WARNING
cs_re:green:NOTICE
cs_re:magenta:DEBUG
cs_re:magenta:VERBOSE
cs_re:red,black,underline:Unable to.*
#
# sendmail
colorscheme:sendmail
cs_re:blue|blue,,bold:^...............
cs_re:cyan:to=<[^>]*>
cs_re:yellow:stat=Deferred.*
cs_re:red:stat=User unknown
cs_re:green:stat=Sent.*
cs_re:magenta:relay=[^ ]*
cs_re:cyan::
cs_re:red:verify=FAIL
#
# MailScanner
colorscheme:mailscanner:wrapper around sendmail/clamav/spamassassin
cs_re:red:Detected HTML-specific exploits in.*
cs_re:magenta:Delivered [0-9]* warnings to virus senders
cs_re:yellow:Spam Checks: Found [0-9]* spam messages
cs_re:yellow:Content Checks: Detected and will disarm HTML message in.*
cs_re:green:Uninfected: Delivered [0-9]* messages
cs_re:red:Infected message [^ ]* came from.*
cs_re:yellow:Saved infected "[^"]*" to.*
cs_re:blue|blue,,bold:^...............
cs_re:cyan::
#
# SpamAssassin
colorscheme:spamassassin
cs_re:magenta::
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re:yellow:autolearn=failed
cs_re:red,,blink:server killed by [^,]*, shutting down
cs_re_s:yellow,,bold:identified spam ([^ ]*) for ([^ ]*) in ([^ ]*) seconds, ([^ ]*) bytes.
cs_re:yellow:identified spam [^ ]* for [^ ]* in [^ ]* seconds, [^ ]* bytes.
cs_re_s:green,,bold:server successfully spawned child process, pid (.*)
cs_re:green:server successfully spawned child process, pid
#
# ClamAV
colorscheme:clamav:clamd logging
cs_re:magenta::
cs_re:blue:^... ... [0-9]* ..:..:.. ....
cs_re_s:red,,bold:ERROR:(.*)
cs_re:red:ERROR:
cs_re_s:green,,bold:Protecting against ([0-9]*) viruses.
cs_re:green:Protecting against [0-9]* viruses.
cs_re:red,black,inverse:Exiting.*
cs_re_s:yellow,,bold:^(.*): Unable to open file or directory ERROR
cs_re:yellow:^.*: Unable to open file or directory ERROR
cs_re:red,black,inverse:LOGGING DISABLED.*
#
# samba
colorscheme:samba
cs_re_s:blue:^.([0-9]*/[0-9]*/[0-9]* [0-9]*:[0-9]*:[0-9]*, [0-9]*)
cs_re:blue:\.
cs_re_s:green:^ *([^ ]*).*(connect to service folkert initially as user [^ ]*)
cs_re:yellow:closed connection to service.*
cs_re:red:Error =.*
cs_re:red:ERRNO =.*
cs_re:red:^.*does not exist or is not a directory, when connecting to.*
cs_re:red:Ignoring unknown parameter.*
cs_re:green,,bold:smbd version.*started.
cs_re:green,,bold:Netbios nameserver version.*started.
cs_re:green:Samba name server.*is now a local master browser for workgroup.*on subnet.*
cs_re:yellow:Attempting to become domain master browser on workgroup.*, subnet.*
cs_re:green:Samba is now a logon server for workgroup.*on subnet.*
cs_re:yellow,,bold:Server.*at IP.*is announcing itself as a local master browser for workgroup.*and we think we are master. Forcing election.
#
# audit.log
colorscheme:audit
cs_re:cyan::
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re:red:Illegal user.*
cs_re:green:session opened for user.*
cs_re:green:Accepted publickey for
cs_re:yellow:Did not receive identification string from.*
#
# exim
colorscheme:exim
cs_re:cyan::
cs_re:blue|blue,,bold:^....-..-.. ..:..:..
cs_re:magenta,,bold:<=
cs_re:magenta,,bold:=>
cs_re:green,,bold:=> *[^ ]*
cs_re:green:<= *[^ ]*
cs_re:green,,bold:=> *[^ ]* <[^>]*>
cs_re:green:<= *[^ ]* <[^>]*>
cs_re:yellow:H=[^ ]*
cs_re:red:verify failed for SMTP recipient.*
cs_re:red: *[^ ]* \[[0-9\.:]*\]: Connection refused
cs_re:red:SMTP.*timeout.*
cs_re:yellow:Spool file is locked (another process is handling this message)
#
# httping
colorscheme:httping:ping for HTTP
cs_re:green:^PING .*:
cs_re:magenta:time=[0-9\.]* ms
cs_re:yellow:seq=[0-9]*
cs_re:green:^---.*
cs_re_s:green:^([0-9]*) connects, ([0-9]*) ok, ([^%]*)
cs_re_s:green:^round-trip.*= ([0-9\.]*)/([0-9\.]*)/([0-9\.]*)
cs_re:red:404 Not Found
cs_re:blue:[0-9]*KB/s
cs_re:red:could not connect
#
# netstat (use for example with multitail -R 1 -l "netstat")
colorscheme:netstat:see www.vanheusden.com/multitail/examples.html
cs_re:green:ESTABLISHED
cs_re:yellow:SYN_SENT
cs_re:magenta:CLOSE_WAIT
cs_re:blue:FIN_WAIT1
cs_re:blue,,underline:FIN_WAIT2
cs_re_s:red::([^ ]*)
cs_re:cyan:^[^ ]*
#
# tcpdump
colorscheme:tcpdump
cs_re:blue:^[^ ]*
cs_re:magenta::
cs_re_s:red:^[^ ]* [^ ]* *[^ ]* > [^:]*: *([^ ]*)
cs_re_s:green:^[^ ]* [^ ]* *[^ ]*\.([^ ]*) > [^ ]*\.([^:]*):
cs_re:magenta:\.
cs_re_s:yellow|yellow,,bold: IP (.*) > .*:
cs_re_s:yellow,,bold|yellow: IP [^ ]* > ([^:]*):
#17:44:07.363010 IP muur.intranet.vanheusden.com.49584 > keetweej.intranet.vanheusden.com.ssh:
#
# dhcpd
colorscheme:dhcpd
cs_re:magenta::
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re:green,,bold:DHCPACK
cs_re_s:green:DHCPACK on ([^ ]*) to ([^ ]*) to (.*)
cs_re_s:red,,bold:DHCPINFORM from ([^ ]*) via
cs_re:red:DHCPINFORM from.*via.*not authoritative for subnet.*
cs_re_s:yellow,,bold:DHCPDECLINE of ([^ ]*) from ([^ ]*) via
cs_re:yellow:DHCPDECLINE of.*from.*via.*
cs_re:cyan:DHCPNAK
#
# bind
colorscheme:bind
cs_re:magenta::
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re_s:yellow,,bold:lame server resolving ([^ ]*).*in ([^?]*).*: (.*$)
cs_re:yellow:lame server resolving [^ ]* .in [^:]*..:
cs_re_s:red,,bold:client ([^#]*)#[0-9]*: update forwarding denied
cs_re:red:client [^:]*: update forwarding denied
cs_re_s:cyan,,bold:received notify for zone (.*)
cs_re:cyan:received notify for zone
cs_re:cyan:zone [^:]*: transferred serial.*
cs_re:cyan:zone [^:]*: sending notifies .serial [0-9]*.
cs_re_s:green,,bold:transfer of [^ ]* from ([^#]*)#[0-9]*: end of transfer
cs_re:green:transfer of [^ ]* from [^:]*: end of transfer
cs_re:yellow:loading configuration from.*
cs_re:yellow:no IPv6 interfaces found
cs_re:red:logging channel [^ ]* file [^:]*: permission denied
cs_re:red:isc_log_open [^ ]* failed: permission denied
cs_re:red:zone [^:]*: loading master file [^:]*: file not found
cs_re:green,,bold:named reload succeeded
#
# smartd
colorscheme:smartd
cs_re_s:red,,bold:Device: [^,]*, SMART Usage Attribute: [0-9]* ([^ ]*) changed from [0-9]* to (.*)
cs_re:red:Device: [^,]*, SMART Usage Attribute: [0-9]* [^ ]* changed from [0-9]* to.*
#
# kerberos
colorscheme:kerberos
cs_re:magenta::
cs_re:blue:^... [0-9]* ..:..:..
cs_re_s:yellow,,bold:klogind.*: Authentication failed from ([^:]*): Software caused connection abort
cs_re:yellow:klogind.*: Authentication failed from [^:]*: Software caused connection abort
cs_re:red:klogind.*: Kerberos authentication failed
cs_re:red,,bold:klogind.*: User ([^ ]*) is not authorized to login to account(.*)
cs_re:red:klogind.*: User [^ ]* is not authorized to login to account.*
cs_re_s:red,,bold:ksu.*:.*authentication failed for ([^ ]*) on
cs_re:red:ksu.*:.*authentication failed for [^ ]* on.*
cs_re:green:commencing operation
cs_re_s:,,bold:AS_REQ [^}]*}, ([^ ]*) for (.*)
cs_re:magenta:Ticket expired
cs_re:red:Client not found in Kerberos database
#
# Oracle
colorscheme:oracle
cs_re:red,,bold:^ORA-0*600.*
cs_re:red,,bold:^ORA-0*7445.*
# ORA-07745:?
cs_re_s:yellow:^ORA-([^:]*):
#
# ntpd
colorscheme:ntpd
cs_re:magenta::
cs_re:blue:^... .. ..:..:..
cs_re_s:red,,bold:configure: keyword "([^"]*)" unknown, line ignored
cs_re:red:configure: keyword "([^"]*)" unknown, line ignored
cs_re:yellow,,blink:ntpd\[.*\]: ntpd exiting on signal.*
cs_re:green,,bold:ntpd\[.*\]: ntpd [^e].*
cs_re_s:green,,bold:synchronized to ([^,]*)
cs_re:green:synchronized to.*
cs_re:red:check receiver configuration / cableling
#
# nagtail
colorscheme:nagtail:www.nagios.org status viewer
cs_re:magenta::
cs_re:magenta:/
cs_re:blue:^..../../.. ..:..
cs_re_s:red,,bold:^................ (CRIT)
cs_re_s:yellow,,bold:^................ (WARN)
cs_re_s:green:^................ ( OK )
cs_re_s:white,,bold:^................ ( \?\? )
cs_re_s:green:^..../../.. ..:.. ..... *([^ ]*)
cs_re_s:yellow:^..../../.. ..:.. ..... *[^ ]* *(.*)
#
# WebSphere errorlog
colorscheme:websphere:WebSphere error-log
cs_re:magenta::
cs_re:magenta:/
cs_re:blue,,bold:\.
cs_re:blue:^.[0-9]*/[0-9]*/[0-9]* *[0-9]*:..:..:[0-9]* [^ ]*
cs_re_s:yellow:^.*\(([^:\)]*)
cs_re:red:Reason:.*
cs_re:red,,bold:Unable to
cs_re_s:red:Unable to(.*)
cs_re:red,,bold:Failed to
cs_re_s:red:Failed to(.*)
cs_re_s:green:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *([^ ]*)
cs_re_s:red,,bold:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( F )
cs_re_s:red:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( E )
cs_re_s:yellow,,bold:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( W )
cs_re_s:yellow:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( A )
cs_re_s:green,,bold:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *(I)
cs_re_s:green:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( C )
cs_re_s:magenta,,bold:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( R )
cs_re_s:magenta:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( O )
cs_re_s:red,,bold:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( Z )
cs_re:yellow:Next Linked Exception:
cs_re:magenta,,bold:Queue manager security exit rejected connection with error code [0-9]*
cs_re:red,,bold:com.ibm.mq.MQException: [^:]*: An MQException occurred: Completion Code [0-9]*, Reason [0-9]*
cs_re:yellow:Begin backtrace for nested exception
cs_re:yellow:Socket connection attempt refused
cs_re:yellow:Other data:
cs_re:yellow:Exception data follows:
cs_re:green:Target name: .*
#
# NNTPcache
colorscheme:nntpcache
cs_re:magenta::
cs_re:magenta:/
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re:yellow:nntpcache-expire.*: clean shutdown
cs_re:green:nntpcache-expire.*: expire task awakening
cs_re_s:red,,bold:Connection timed out: could.*t connect to ([^ ]*) as (.*)
cs_re:red:Connection timed out: could.*t connect to [^ ]* as
cs_re:yellow:^.*dropped connection during rebuild of.*$
cs_re:red,,bold:'501.*
cs_re:red,,bold:'480.*
#
# Veritas Netbackup restore log
colorscheme:vnetbr:Veritas Netbackup backup/restore logs
cs_re:magenta::
cs_re:magenta:\(
cs_re:magenta:\)
cs_re:blue:^..:..:.. .[0-9]*.[^\)]*.
cs_re_s:green:Restore job id ([0-9]*) will require ([0-9]*) image
cs_re:green:Restore job id [0-9]* will require [0-9]* image.*
cs_re_s:yellow,,bold:Media id ([^ ]*) is needed for the restore.
cs_re:yellow:Media id ([^ ]*) is needed for the restore.
cs_re:green:INF - Beginning restore from server [^ ]* to client [^ ]*.
cs_re_s:yellow,,bold:Changed ([^ ]*) to ([^ ]*)
cs_re:yellow:Changed [^ ]* to [^ ]*
cs_re_s:red,,bold:Directory ([^ ]*) already exists.
cs_re:red:Directory [^ ]* already exists.
cs_re_s:green,,bold:Added ([^ ]*) permission to directory (.*)
cs_re:green:Added [^ ]* permission to directory.*
cs_re_s:yellow,,blink:INF - Media id ([^ ]*) is not in a robotic library; administrative interaction may be required to satisfy a mount request.
cs_re:yellow:INF - Media id [^ ]* is not in a robotic library; administrative interaction may be required to satisfy a mount request.
cs_re:red,black,inverse:INF - Status = termination requested by administrator.
cs_re:red,,blink:media read error
cs_re:red,,bold:Status of restore from image created.*media read error
cs_re:red:INF - Status = the restore failed to recover the requested files.
cs_re:green,,bold:INF - Status = the requested operation was successfully completed.
#
# procmail
colorscheme:procmail
cs_re:magenta::
cs_re:magenta:/
cs_re_s:blue,,bold:^procmail: \[[0-9]*\] ([^ ]* [^ ]* *[^ ]* ..:..:.. [^ ]*)
cs_re:blue:^procmail: \[[0-9]*\] [^ ]* [^ ]* *[^ ]* ..:..:.. [^ ]*
cs_re_s:green,,bold:^procmail: Match on "(.*)"
cs_re:green:^procmail: Match on.*
cs_re:red:^procmail: Executing.*
cs_re:magenta,,bold:^procmail: Assigning
cs_re:yellow:warning:.*
cs_re:yellow:Couldn't determine implicit lockfile from.*
#
# checkpoint
colorscheme:checkpoint:Checkpoint Firewall-1
cs_re:magenta::
cs_re:blue|blue,,bold:^[0-9]*:[0-9]*:[0-9]*
cs_re:red,,bold:^..:..:.. *drop
cs_re_s:red,,bold:^..:..:.. *drop.*(service: *[^;]*)
cs_re:green:^..:..:.. *accept
cs_re:yellow,,bold:^..:..:.. *reject
cs_re_s:yellow,,bold:^..:..:.. *reject.*(service: *[^;]*)
cs_re:green,,bold:rule: *[^;]*
cs_re:yellow:service: *[^;]*
cs_re:magenta:src: *[^;]*
cs_re:magenta,,bold:dst: *[^;]*
cs_re:blue,,bold:>[^ ]*
#
# pppd
colorscheme:pppd:PPP daemon
cs_re:magenta::
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re_s:red,,bold:Hangup(.*)
cs_re:red:Hangup
cs_re_s:yellow,,bold:Terminating on signal(.*)
cs_re:yellow:Terminating on signal.*
cs_re_s:green,,bold:Connect time ([^ ]*) minutes.
cs_re:green:Connect time [^ ]* minutes.
cs_re_s:magenta,,bold:Sent ([0-9]*) bytes, received ([0-9]*) bytes.
cs_re:magenta:Sent [0-9]* bytes, received [0-9]* bytes.
cs_re:green:pppd [^ ]* started by [^,]*, uid [0-9]*
cs_re_s:blue,,bold:Using interface (.*)
cs_re:blue:Using interface.*
cs_re_s:green,,bold:local *IP address (.*)
cs_re:green:local *IP address.*
cs_re:red,black,inverse:Couldn't detach (fork failed:.*)
cs_re_s:yellow,,bold:Unsupported protocol (.*) received
cs_re:yellow,black,inverse:Unsupported protocol .* received
cs_re:yellow,,blink:Peer not responding
cs_re:,,inverse:DNS address.*
#
# INN
colorscheme:inn
cs_re:magenta::
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re:yellow:nnrpd.*: .* timeout
#
# Netscape Directory server (LDAP)
colorscheme:netscapeldap:Netscape Directory server (LDAP)
cs_re:magenta::
cs_re:magenta:/
cs_re:blue|blue,,bold:^.../.../....:..:..:.. ......
cs_re:green:Netscape-Directory.*starting up
cs_re:yellow:All database threads now stopped
cs_re:green:Backing up file.*
cs_re:red:Detected Disorderly Shutdown last time Directory Server was running, recovering database.
cs_re_s:yellow,,bold:Entry ([^ ]*) unknown object class ([^ ]*)
cs_re:yellow:Entry [^ ]* unknown object class [^ ]*
cs_re:red,,blink:Shutting down due to possible conflicts with other slapd processes
cs_re:red,,bold:Unable to start slapd because it is already running as process ([0-9]*)
cs_re:red,,blink:Unable to start slapd because it is already running as process [0-9]*
cs_re:yellow:slapd got [^ ]* signal
#
# vmstat
colorscheme:vmstat:vmstat is part of sysstat
cs_re_s:magenta:^(procs)
cs_re_s:red:^procs *(-*memory-*)
cs_re_s:green:^procs *-*memory-* *(-*swap-*)
cs_re_s:yellow:^procs *-*memory-* *-*swap-* *(-*io-*)
cs_re_s:blue:^procs *-*memory-* *-*swap-* *-*io-* *(-*system-*)
cs_re_s:magenta,,bold:^ *(r *b)
cs_re_s:red,,bold:^ *r *b *(swpd *free *buff *cache)
cs_re_s:green,,bold:^ *r *b *swpd *free *buff *cache *(si *so)
cs_re_s:yellow,,bold:^ *r *b *swpd *free *buff *cache *si *so *(bi *bo)
cs_re_s:blue,,bold:^ *r *b *swpd *free *buff *cache *si *so *bi *bo *(in *cs)
cs_re_s:,,bold:^ *r *b *swpd *free *buff *cache *si *so *bi *bo *in *cs *(us *sy *id *wa)
cs_re_val_bigger:yellow:0:([0-9]{1,})
#
# mpstat
colorscheme:mpstat:mpstat is part of systat
cs_re:magenta::
cs_re:blue:^..:..:.. ..
cs_re:blue,,bold:CPU.*
cs_re_val_bigger:yellow:0:([0-9]{1,}\.[0-9]{1,})
#
# log4j
colorscheme:log4j
cs_re:magenta::
cs_re:magenta:/
cs_re:blue:^[0-9]*-[0-9]*-[0-9]* [0-9]*:[0-9]*:[0-9]*,[0-9]*
cs_re_s:blue,,bold:^[^ ]* *[^,]*,[^ ]* *[0-9]* *(DEBUG) *[^ ]* [^ ]* *(.*)$
cs_re_s:green:^[^ ]* *[^,]*,[0-9]* *[0-9]* *(INFO) *[^ ]* [^ ]* *(.*)$
cs_re_s:yellow:^[^ ]* *[^,]*,[0-9]* *[0-9]* *(WARN) *[^ ]* [^ ]* *(.*)$
cs_re_s:red:^[^ ]* *[^,]*,[0-9]* *[0-9]* *(ERROR) *[^ ]* [^ ]* *(.*)$
cs_re_s:red,,bold:^[^ ]* *[^,]*,[0-9]* *[0-9]* *(FATAL) *[^ ]* [^ ]* *(.*)$
cs_re_s:white,,bold:^[^ ]* *[^,]*,[0-9]* *[0-9]* *[A-Z]* *(.*)
#
# LambdaMOO
colorscheme:lambdamoo:MUD/MOO server http://www.moo.mud.org/
cs_re:magenta::
cs_re:blue:^... [0-9]* ..:..:..:
cs_re:green:STARTING: Version [^ ]* of the LambdaMOO server
cs_re:yellow:DUMPING:.*
cs_re:red:Can't create initial connection point
cs_re_s:red,,bold/blink:Trying to dump database:(.*)
cs_re:red,,bold:Trying to dump database:
#
# BOINCTail
colorscheme:boinctail:BOINCTail http://www.vanheusden.com/boinctail/
cs_re:magenta::
cs_re_s:blue:^---> (... ... .. ..:..:.. ....)
cs_re_s:blue,,bold:^---> ........................ .([0-9]* seconds.*)
cs_re:yellow:report deadline
cs_re_s:red:^................ ([^,]*)
cs_re_s:green:, (estimated.*)
cs_re:green,,bold:workunit is ready
cs_re:red,,bold:not
cs_re_s:white,,bold:^name of workunit: (.*)
#
# p0f
colorscheme:p0f:p0f http://lcamtuf.coredump.cx/p0f.shtml
cs_re:magenta::
cs_re:blue,,bold:^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
cs_re_s:blue:^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:([0-9]*)
cs_re_s:yellow:^[^ ]* - ([^(]*)
cs_re:green:\(older, [0-9]*\)
cs_re:green,,bold:\(newer, [0-9]*\)
cs_re_val_bigger:cyan,,bold:501:\(up: ([0-9]*).*\)
cs_re:red:\(up: .*\)
cs_re:red,,bold:distance [0-9]*
cs_re_s:cyan:^ -> [^:]*:([0-9]*)
cs_re_s:white:^>> Masquerade at ([^:]*):
cs_re:white,,bold:^>> Masquerade at [^:]*:
cs_re_val_bigger:green,,bold:50:indicators at ([0-9]*)%
#
# portsentry
colorscheme:portsentry:http://sourceforge.net/projects/sentrytools/
cs_re:magenta::
cs_re_s:red,,bold:attackalert: ([^/]*)/Normal scan from host: ([^/]*)/([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) to TCP port: ([0-9]*)
cs_re:red:attackalert: [^/]*/Normal scan from host: [^/]*/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} to TCP port: [0-9]*
cs_re:cyan:attackalert: ERROR: cannot open ignore file. Blocking host anyway.
cs_re_s:yellow,,bold:attackalert: Host: ([^/]*)/([^ ]*) is already blocked Ignoring
cs_re:yellow:attackalert: Host: [^ ]* is already blocked Ignoring
#
# strace
colorscheme:strace:strace is the truss of Linux
# comments
cs_re:blue:/\*.*\*/
# call
cs_re:yellow:^[a-z_]*[0-9]*
# parenthesis around parameters
cs_re_s:yellow:^[a-z_]*[0-9]*(\()[^)]*(\))
# errno details
cs_re_s:blue:^[a-z]*\([^)]*\).*(\(.*\))
# return value
cs_re_s:green:^.*(= *-*[a-fx0-9]*)[^=]*$
# errno
cs_re_s:cyan:^.*= *-*[a-fx0-9]* *([A-Z]*)[^=]*$
# escapes
cs_re:magenta:\\[a-z]
cs_re:magenta:\\[0-9]*
# parameters (1)
cs_re:red:"[^"]*"
# names
cs_re:white:[a-z]*=
cs_re:white:[a-z0-9_]*:
# parameters (2)
cs_re:red:[0-9a-fx]*
cs_re:cyan:[A-Z_]*
# {}[]
cs_re:yellow:[\[\]]*
# ii - irc client
colorscheme:ii:ii IRC client http://www.suckless.org/wiki/tools/irc
cs_re_s:cyan:(^....-..-.. ..:..)
cs_re_s:magenta:^....-..-.. ..:.. <([[:alnum:]_\^\|`-]+)>
cs_re_s:green:^....-..-.. ..:.. <([[:alnum:]_\^\|`-]+)> (nion[ ,:].*)$
cs_re_s:yellow:(((http|https|ftp|gopher)|mailto):(//)?[^ <>\"[:blank:]]*|(www|ftp)[0-9]?\.[-a-z0-9.]+)
cs_re:blue:....-..-.. ..:...*has joined \#.*
cs_re:blue:....-..-.. ..:.. .*changed mode.*
#
# Snort
colorscheme:snort:Intrusion detector
cs_re:green:.*Priority: 3.*
cs_re:yellow:.*Priority: 2.*
cs_re:red:.*Priority: 1.*
#
# Motion
colorscheme:motion:Security camera software
cs_re:red:Unable to start external command
cs_re:red:[^ ]* query failed
cs_re:yellow:Failed to put image into video pipe
cs_re:red:Could not create symbolic link
cs_re:red:ffopen_open error creating [^ ]* file
cs_re:red:Memory error while allocating output media context
cs_re:red:av_new_stream - could not alloc stream
cs_re:red:avcodec_alloc_frame - could not alloc frame
cs_re:red:url_fopen - error opening file %s
cs_re:red:Error opening file %s
cs_re:red:Error while writing video frame
cs_re:red:Could not alloc frame
cs_re:green:Motion detected - starting event [0-9]*
cs_re:red:Could not fetch initial image from network camera
cs_re:red:Error capturing first image
cs_re:red:Failed to open video loopback
cs_re:red:MySQL error was
cs_re:red,,bold:Video device fatal error - terminating camera thread
cs_re:red:Video signal lost - Adding grey image
cs_re:red,,bold:Somebody stole the video device, lets hope we got his picture
cs_re:red,,blink:Could not allocate [0-9]* bytes of memory!
cs_re:red:Problem creating directory
cs_re:red:Error opening file [^ ]* with mode
cs_re:yellow:No response from camera
cs_re:red:Can't write picture to file
cs_re:red,,bold:Thread is going to finish due to this fatal error
cs_re:magenta:[^ ]* error in proc %d
cs_re:magenta:mmap failed
cs_re:yellow,,bold:Motion Exits.
cs_re:yellow,,bold:httpd quitting
#
# errpt - IBM AIX error report
# example usage: multitail -R 10 -cS errpt -l errpt
colorscheme:errpt:AIX error reporting tool
cs_re_s:blue|blue,,bold:^[^ ]* *(....)....(..)
cs_re_s:blue,,bold|blue:^[^ ]* *....(....)..
cs_re:magenta: I [A-Z] .*
cs_re:yellow: T [A-Z] .*
cs_re:red: [A-Z] H .*
#
# MySQL error log
colorscheme:mysql:MySQL error log
cs_re:magenta::
cs_re_s:blue|blue,,bold:^..(..).. ..:..:..
cs_re_s:blue,,bold|blue:^(..)..(..) ..:..:..
cs_re:blue:^...... ..:..:..
cs_re:red,,bold:^...... ..:..:.. \[ERROR\]
cs_re:red:^...... ..:..:.. \[ERROR\].*
cs_re:yellow,,bold:^...... ..:..:.. \[Warning\]
cs_re:yellow:^...... ..:..:.. \[Warning\].*
cs_re:green,,bold:^...... ..:..:.. \[Note\]
cs_re:green:^...... ..:..:.. \[Note\].*
cs_re:magenta:mysqld ended
cs_re:red:Can't start server.*
#
# BOINC
# execute boinc_client with -redirectio, it'll then create
# stdoutdae.txt and stderrdae.txt files
colorscheme:boinc:BOINC http://boinc.berkeley.edu/
cs_re:magenta::
cs_re:magenta:-
cs_re:blue|blue,,bold:....-..-.. ..:..:..
cs_re_s:green:^....-..-.. ..:..:.. ([^]]*])
cs_re:yellow:Received signal
cs_re:yellow,,blink:This computer is not attached to any projects
cs_re:red:gethostbyname failed
cs_re:green,,bold:Exit requested by user
cs_re:cyan:Rescheduling CPU: application exited
cs_re:cyan,,bold:Scheduler list download succeeded
cs_re:yellow,,bold:Throughput [0-9]* bytes/sec
cs_re:yellow,,underline:Finished upload of file.*
cs_re:yellow,,bold/underline:Computation for task.*finished
cs_re:red:Project communication failed:
cs_re:yellow:Access to reference site succeeded - project servers may be temporarily down.
cs_re_s:green,,bold:Requesting ([0-9]*) seconds of new work
cs_re:green:Requesting [0-9]* seconds of new work
cs_re:white,,bold:Deferring scheduler requests for.*
cs_re:white,,bold:Deferring communication for.*
cs_re:blue,,bold: [^ ]* download of file.*
cs_re:red:Project is down
#
# acpitail
# http://www.vanheusden.com/acpitail/
colorscheme:acpitail:Show temperature/battery/etc info
cs_re:magenta::
cs_re:magenta:-
cs_re:blue|blue,,bold:... ... [0-9]* ..:..:.. 2...
cs_re_val_less:red,,bold:5:^.* remaining capacity: .* .([0-9]*) minutes
cs_re_val_less:yellow:10:^.*remaining capacity: .* .([0-9]*) minutes
cs_re:red:error.*
cs_re_val_bigger:yellow:55:temperature.*: ([0-9]*)
cs_re_val_bigger:red,,bold:65:temperature.*: ([0-9]*)
#
# QMT: clamd
colorscheme:qmt-clamd
cs_re:blue,,bold:^....-..-.. ..:..:..
cs_re:red:ERROR:
cs_re_s:green,,bold:Protecting against ([0-9]*) viruses.
cs_re:green:Protecting against [0-9]* viruses.
cs_re:red,black,inverse:Exiting.*
cs_re_s:red,,bold:^(.*): Unable to open file or directory ERROR
cs_re:red:^.*: Unable to open file or directory ERROR
cs_re:red,black,inverse:LOGGING DISABLED.*
#cs_re:cyan:/var/qmail/simscan/.*(: OK)
cs_re:cyan:(: OK)
cs_re:magenta:/var/qmail/simscan/.*(: [^ ]* FOUND)
cs_re:yellow: LibClamAV Warning.*
#
# QMT: qmail-smtp
colorscheme:qmt-smtp
cs_re:blue,,bold:^....-..-.. ..:..:..
cs_re:red:verify failed for SMTP recipient.*
cs_re:red: *[^ ]* \[[0-9\.:]*\]: Connection refused
cs_re:red,,bold: *[^ ]*policy_check: policy_load failed
cs_re:white,,bold: *[^ ]*CLEAN ([^ ]*).*
cs_re:white,,bold: *[^ ]*policy_check: policy allows([^ ]*).*
cs_re:white,,bold: *[^ ]*RELAYCLIENT:([^ ]*).*
cs_re:magenta: *[^ ]*policy_check: policy forbid([^ ]*).*
cs_re:magenta:rblsmtpd: ([0-9\.]*).*
cs_re:magenta:qmail-smtpd.*
cs_re:magenta:spf-reject.*
cs_re:magenta: *[^ ]*CHKUSER rejected intrusion: ([^ ]*).*
cs_re:magenta: *[^ ]*CHKUSER rejected relaying: ([^ ]*).*
cs_re:magenta: *[^ ]*CHKUSER rejected rcpt: ([^ ]*).*
cs_re:magenta,,bold: *[^ ]*SPAM REJECT ([^ ]*).*
cs_re:magenta,,bold: *[^ ]*:VIRUS:.*
cs_re:magenta,,bold: *[^ ]*:ATTACH:.*
#
# QMT: qmail-send
colorscheme:qmt-send
cs_re:blue:^....-..-.. ..:..:..
cs_re:white,,bold:starting delivery ([0-9]*)
cs_re:white,,bold:delivery *[^ ]*: success:.*
cs_re:red,,bold:delivery *[^ ]*: failure:.*
cs_re:yellow,,bold:delivery *[^ ]*: deferral:.*
#
# QMT: SpamAssassin
colorscheme:qmt-spamassassin
cs_re:blue,,bold:^....-..-.. ..:..:..
#cs_re:cyan,,bold:info: spamd: clean message .*
cs_re_s:cyan,,bold:clean message ([^ ]*) for ([^ ]*) in ([^ ]*) seconds, ([^ ]*) bytes.
cs_re:magenta,,bold:info: spamd: identified spam.*
#cs_re:magenta,,bold:identified spam ([^ ]*) for ([^ ]*) in ([^ ]*) seconds, ([^ ]*) bytes.
cs_re_s:magenta,,bold:info: spamd: result: Y ([^ ]*) -.*
cs_re:yellow:autolearn=failed
cs_re:red,,blink:server killed by [^,]*, shutting down
cs_re_s:green,,bold:server successfully spawned child process, pid (.*)
cs_re:green:server successfully spawned child process, pid
cs_re:yellow: warn.*
cs_re:white,,bold:info: spamd: processing message.*
#
# QMT: sophie
colorscheme:qmt-sophie
cs_re:blue,,bold:^....-..-.. ..:..:..
cs_re:white,,bold:NOTICE *[^ ]*:.*
cs_re:yellow,,bold:Virus present.*
cs_re:magenta,,bold:WARNING *[^ ]*: Scan result =.*
cs_re:red,,bold:WARNING *[^ ]*: error:.*
#
# colorscript: colorscripts are external scripts that decide what colors to use
# for input they receive the line that needs colors
# as a result they emit: start,end,foreground color,background color,attributes\n
# ...\n
# \n <- an empty line (only a linefeed) indicates
# end of parameters for this line
# start offset: what position these colors/attributes start
# end offset: the position AFTER the last character for which the attributes are
# valid
# do NOT use spaces in each line!
#coorscript:cscriptexample:/etc/multitail/colors-example.pl:this is a barely functional example script
#
#
# default colorschemes:
scheme:uucp:/var/log/uucp/
scheme:zarafa:/var/log/zarafa/
scheme:postfix:/var/log/mail/
scheme:sendmail:/var/log/mail/
scheme:exim:/var/log/mail/
scheme:apache:/var/log/apache/.*access
scheme:apache:/var/log/lighttpd/.*access
scheme:apache_error:/var/log/apache/.*error
scheme:asterisk:/var/log/asterisk/messages
scheme:samba:/var/log/samba/
scheme:squid:/var/log/squid/
scheme:syslog,ssh:/var/log/
scheme:vnetbr:bplog.rest
scheme:procmail:procmail.log
scheme:inn:/var/log/news/
scheme:snort:/var/log/snort/alert
scheme:boinc:/var/lib/boinc-client/std...dae.txt
scheme:qmt-send:/var/log/qmail/send/current
scheme:qmt-smtp:/var/log/qmail/smtp/current
scheme:qmt-smtp:/var/log/qmail/submission/current
scheme:qmt-clamd:/var/log/qmail/clamd/current
scheme:qmt-spamassassin:/var/log/qmail/spam/current
scheme:qmt-sophie:/var/log/qmail/sophie/current
# the following line is to show you that colorscripts can be used the same way as colorschemes
scheme:cscriptexample:/dev/null
#
# default number of lines to buffer FOR THESE PATTERNS:
#default_nlines:500:/var/log/apache/*.access
#default_bytes:100kb:/var/log/
#
# default number of lines to buffer globally
# one can set only 1 of these two
#global_default_nlines:500
global_default_nkb:8MB
# disable checkmail
check_mail:0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment