Created
November 30, 2011 22:54
-
-
Save tskrynnyk/1411603 to your computer and use it in GitHub Desktop.
My configuration rules for message higlighting in lwatch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ------------------------------------------------------------------------------ | |
| # My configuration | |
| show_unparsed=yes | |
| # ------------------------------------------------------------------------------ | |
| # Higlightings | |
| # Default color for displaying date | |
| date_color=darkgray | |
| # Default color for displaying hostname | |
| host_color=lightgray | |
| # Default color for displaying service | |
| serv_color=brown | |
| # Default color for displaing message body | |
| # mesg_color=lightgray | |
| # ------------------------------------------------------------------------------ | |
| # Services | |
| /kernel|sshd|mon/ { | |
| match_service | |
| serv_color=red | |
| } | |
| /dhcpd|hostapd/ { | |
| match_service | |
| serv_color=brightblue | |
| } | |
| /dovecot|postfix/ { | |
| match_service | |
| serv_color=brown | |
| } | |
| /cron|sensord/ { | |
| match_service | |
| serv_color=darkgray | |
| color=darkgray | |
| } | |
| # ------------------------------------------------------------------------------ | |
| # Hosts | |
| /phone/ { | |
| match_host | |
| host_color=brown | |
| } | |
| # ------------------------------------------------------------------------------ | |
| # IP | |
| /([0-9]{1,3}\.){3}[0-9]{1,3}/ highlight=white | |
| # ------------------------------------------------------------------------------ | |
| # MAC | |
| /([0-9a-f]{2}:){5,13}[0-9a-f]{2}/ highlight=brightcyan | |
| # ------------------------------------------------------------------------------ | |
| # interfaces | |
| /(br|eth|ppp|tun|tap|wlan)[0-9]/ highlight=white | |
| # ------------------------------------------------------------------------------ | |
| # email addresses | |
| /[[:alnum:]\._=-]+@([[:alnum:]_-]+\.)+([[:alnum:]]+)+/ highlight=cyan | |
| # ------------------------------------------------------------------------------ | |
| # Errors/warnings | |
| # success | |
| /\b(accept(ed)?|success|authenticated|associated|completed|(?!((not|lost)\s))connect\w*(?! failed)|delivered|established|sent|secured)\b/ highlight=green | |
| # warning | |
| /\b(warning|changed|deferred|disconnect(ed)?|unknown|not\s(connect\w*|found)|removed)\b/ highlight=purple | |
| # error | |
| /\b(aborted|blocked|error|exceeded|fail(ed|ure)?|lost(\sconnection)?|not allowed|invalid|reject(ed)?|unavailable)\b/ highlight=brightred | |
| # ------------------------------------------------------------------------------ | |
| # Iptables | |
| /(?<=IPT\s\()[^)]+(?=\))/ { | |
| highlight=yellow | |
| } | |
| / IPT / { | |
| highlight=brightcyan | |
| } | |
| /\b(CWR|ECE|URG|ACK|PSH|RST|SYN|FIN)\b(?!=)/ highlight=yellow | |
| /(?<=(?<=PROTO)=)\w+/ highlight=yellow | |
| /(?<=(?<=TTL|TYPE|CODE)=)\d+/ highlight=white | |
| # Low ports | |
| /(?<=[SD]PT=)([0-9]{1,3}|10[0-2][0-4])\b/ highlight=brightred | |
| # Some interesting high ports | |
| # squid 3128 | |
| # http-alt 8080 | |
| # tproxy 8081 | |
| # openvpn 1194 | |
| # git 9418 | |
| /(?<=[DS]PT=)(3128|808[01]|1194|9418)\b / highlight=yellow | |
| /(?<=SPT=)\d+/ highlight=white | |
| /(?<=DPT=)\d+/ highlight=white | |
| # ------------------------------------------------------------------------------ | |
| # | |
| /root/ highlight=brown |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment