From 29c737ca0089d98dc3f648d4a025a1bb9aad2341 Mon Sep 17 00:00:00 2001 From: Sebastien Thebert Date: Sun, 9 Nov 2014 22:56:41 +0100 Subject: [PATCH 01/47] Update README.md --- README.md | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 1a97398..9a04658 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,17 @@ -Octopussy -========= +Octopussy 2.0 +============= -Octopussy - Open Source Log Management Solution +# What's new ? + + * Complete rewriting of the Web Interface, moving from Apache::ASP to Mojolicious. + * API in order to have many Octopussy servers managed with the same web interface. + +# TODO List + +## Moving configuration files from XML to JSON + +## Server Daemon publishing API + +## Mojolicious Web Interface connected with many Server Daemon publishing API -**Official Web Site:** www.octopussy.pm -**Official Documentation:** also [on GitHub](https://github.com/sebthebert/Octopussy_Documentation/blob/master/00_Documentation.md) From 9ef8262e74a1fb8975f959c96893ee6fc207a834 Mon Sep 17 00:00:00 2001 From: Sebastien Thebert Date: Sun, 9 Nov 2014 22:57:40 +0100 Subject: [PATCH 02/47] Update dist.ini --- dist.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist.ini b/dist.ini index 012d378..2349a74 100644 --- a/dist.ini +++ b/dist.ini @@ -2,7 +2,7 @@ ; Dist::Zilla configuration ; name = Octopussy -version = 1.0.12 +version = 2.0 author = Sebastien Thebert license = GPL_3 copyright_holder = Sebastien Thebert From b27ac84ceedf8962a076c1e485068750863ec04d Mon Sep 17 00:00:00 2001 From: Sebastien Thebert Date: Sun, 9 Nov 2014 23:07:18 +0100 Subject: [PATCH 03/47] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9a04658..89abaa4 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ Octopussy 2.0 # TODO List ## Moving configuration files from XML to JSON - + ## Server Daemon publishing API ## Mojolicious Web Interface connected with many Server Daemon publishing API From 7141bd3f8259f60aa2892041aaea87a731d861d1 Mon Sep 17 00:00:00 2001 From: Sebastien Thebert Date: Mon, 10 Nov 2014 00:24:51 +0100 Subject: [PATCH 04/47] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 89abaa4..ef6e16e 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,9 @@ Octopussy 2.0 # TODO List ## Moving configuration files from XML to JSON - + +See [Issue #610](https://github.com/sebthebert/Octopussy/issues/610) + ## Server Daemon publishing API ## Mojolicious Web Interface connected with many Server Daemon publishing API From c2d9f10a095cb979a08b97d697c813c7bfc4a195 Mon Sep 17 00:00:00 2001 From: Sebastien Thebert Date: Mon, 10 Nov 2014 00:52:51 +0100 Subject: [PATCH 05/47] xml2json Services configuration files completed --- conf/logmanagement/services/ACPI.json | 85 + conf/logmanagement/services/ARPWatch.json | 92 + conf/logmanagement/services/Anacron.json | 57 + conf/logmanagement/services/Ansible.json | 15 + conf/logmanagement/services/Apache.json | 93 + conf/logmanagement/services/Apache2.json | 100 + .../services/Apache_Mod_Proxy.json | 64 + .../services/Apache_Mod_Security.json | 44 + .../services/Apache_Traffic.json | 51 + conf/logmanagement/services/Audispd.json | 36 + conf/logmanagement/services/Audit.json | 71 + conf/logmanagement/services/Automount.json | 57 + conf/logmanagement/services/Avahi.json | 156 ++ conf/logmanagement/services/Bind.json | 596 ++++++ .../services/Blue_Coat_System.json | 443 +++++ conf/logmanagement/services/CVS.json | 140 ++ conf/logmanagement/services/Cisco_ACS.json | 317 +++ conf/logmanagement/services/Cisco_ASA.json | 1206 ++++++++++++ conf/logmanagement/services/Cisco_Pix.json | 43 + conf/logmanagement/services/Cisco_Router.json | 190 ++ .../services/Cisco_Router_Traffic.json | 36 + conf/logmanagement/services/Cisco_Switch.json | 547 ++++++ .../services/Cisco_VPN_Client.json | 23 + conf/logmanagement/services/ClamAV.json | 127 ++ conf/logmanagement/services/Cracklib.json | 21 + conf/logmanagement/services/Cron.json | 239 +++ conf/logmanagement/services/Cyclades.json | 85 + conf/logmanagement/services/Cyrus_Mail.json | 99 + conf/logmanagement/services/DB2.json | 15 + conf/logmanagement/services/DHCP.json | 64 + conf/logmanagement/services/Dell_Switch.json | 72 + .../services/DenyAll_Filtering.json | 107 ++ .../services/DenyAll_System.json | 254 +++ .../services/DenyAll_Traffic.json | 219 +++ conf/logmanagement/services/Dhclient.json | 29 + conf/logmanagement/services/Dhcpcd.json | 50 + conf/logmanagement/services/Dnsmasq.json | 43 + conf/logmanagement/services/Dovecot.json | 282 +++ .../services/DragonFly_Mail_Agent.json | 50 + conf/logmanagement/services/Drbd.json | 520 +++++ conf/logmanagement/services/Exim.json | 44 + conf/logmanagement/services/F5_BigIP.json | 912 +++++++++ conf/logmanagement/services/F5_BigIP_ASM.json | 51 + .../services/F5_BigIP_ASM_Filtering.json | 16 + conf/logmanagement/services/Fam.json | 15 + .../services/Fortigate_System.json | 408 ++++ .../services/Fortigate_Traffic.json | 37 + conf/logmanagement/services/FreeRADIUS.json | 51 + conf/logmanagement/services/Ftpd.json | 50 + conf/logmanagement/services/HPLIP.json | 16 + conf/logmanagement/services/Hald.json | 29 + conf/logmanagement/services/Heartbeat.json | 386 ++++ conf/logmanagement/services/IBM_Cognos.json | 64 + conf/logmanagement/services/IPVS.json | 51 + conf/logmanagement/services/IP_Tables.json | 142 ++ conf/logmanagement/services/Incron.json | 57 + conf/logmanagement/services/IronPort.json | 492 +++++ .../services/IronPort_S-Series_System.json | 912 +++++++++ .../services/IronPort_S-Series_Traffic.json | 79 + .../services/IronPort_System.json | 177 ++ .../services/Juniper_DX_System.json | 170 ++ .../services/Juniper_DX_Traffic.json | 23 + conf/logmanagement/services/Keepalived.json | 394 ++++ conf/logmanagement/services/Ldap.json | 541 ++++++ .../services/Linux_Debian_System.json | 121 ++ .../services/Linux_Gnome_Desktop.json | 65 + .../services/Linux_Gnome_Desktop_FR.json | 22 + .../logmanagement/services/Linux_HA_Attr.json | 72 + conf/logmanagement/services/Linux_HA_Crm.json | 58 + .../services/Linux_HA_Ipfail.json | 30 + conf/logmanagement/services/Linux_HA_Log.json | 93 + .../services/Linux_HA_Stonith.json | 51 + conf/logmanagement/services/Linux_Kernel.json | 1710 +++++++++++++++++ .../services/Linux_Kernel_Audit.json | 51 + .../services/Linux_Kernel_Bluetooth.json | 44 + .../services/Linux_Kernel_FS_Ext3.json | 58 + .../services/Linux_Kernel_FS_Reiser.json | 44 + .../Linux_Kernel_Network_Bonding.json | 86 + .../services/Linux_Kernel_RAID.json | 51 + .../services/Linux_Kernel_USB.json | 170 ++ .../services/Linux_Network_Interface.json | 43 + conf/logmanagement/services/Linux_PAM.json | 142 ++ .../services/Linux_Red_Hat_System.json | 16 + conf/logmanagement/services/Linux_System.json | 589 ++++++ .../services/Logitech_Mouse_Control.json | 22 + .../services/Mac_OS_X_Installer.json | 114 ++ .../services/Mac_OS_X_Kernel.json | 233 +++ .../services/Mac_OS_X_Software_Update.json | 30 + .../services/Mac_OS_X_Steam.json | 30 + .../services/Mac_OS_X_System.json | 261 +++ .../services/Mac_OS_X_iTunes.json | 30 + conf/logmanagement/services/Mnogosearch.json | 72 + conf/logmanagement/services/Monit.json | 177 ++ conf/logmanagement/services/MySQL.json | 541 ++++++ conf/logmanagement/services/Nagios.json | 240 +++ conf/logmanagement/services/Nagios_NSCA.json | 93 + conf/logmanagement/services/Neoteris.json | 233 +++ .../services/NetApp_NetCache.json | 870 +++++++++ conf/logmanagement/services/NetFlow.json | 22 + .../services/Netscreen_NSM_System.json | 1045 ++++++++++ .../services/Netscreen_NSM_Traffic.json | 30 + .../services/Netscreen_System.json | 1486 ++++++++++++++ .../services/Netscreen_System_Antivirus.json | 72 + .../services/Netscreen_Traffic.json | 100 + conf/logmanagement/services/Nfs.json | 43 + conf/logmanagement/services/Nscd.json | 56 + conf/logmanagement/services/Ntop.json | 84 + conf/logmanagement/services/Ntp.json | 287 +++ conf/logmanagement/services/OSSEC.json | 16 + conf/logmanagement/services/Octopussy.json | 485 +++++ conf/logmanagement/services/OpenVZ.json | 79 + conf/logmanagement/services/Pcscd.json | 239 +++ conf/logmanagement/services/Postfix.json | 709 +++++++ conf/logmanagement/services/PostgreSQL.json | 590 ++++++ .../logmanagement/services/PostgreSQL_FR.json | 128 ++ .../services/Printer_HP_LaserJet.json | 99 + conf/logmanagement/services/PulseAudio.json | 57 + conf/logmanagement/services/Radius.json | 14 + conf/logmanagement/services/Rpc_statd.json | 36 + conf/logmanagement/services/Rsync.json | 72 + conf/logmanagement/services/Rsyslog.json | 155 ++ conf/logmanagement/services/Samba.json | 93 + conf/logmanagement/services/Samhain.json | 226 +++ conf/logmanagement/services/Saslauthd.json | 64 + conf/logmanagement/services/Sendmail.json | 198 ++ conf/logmanagement/services/Slony-I.json | 79 + conf/logmanagement/services/Smartd.json | 162 ++ conf/logmanagement/services/Snmpd.json | 148 ++ conf/logmanagement/services/SpamAssassin.json | 58 + conf/logmanagement/services/Squid_System.json | 632 ++++++ .../logmanagement/services/Squid_Traffic.json | 16 + conf/logmanagement/services/Sshd.json | 623 ++++++ conf/logmanagement/services/Stunnel.json | 393 ++++ conf/logmanagement/services/Subversion.json | 15 + conf/logmanagement/services/Sudo.json | 161 ++ conf/logmanagement/services/Syslog-ng.json | 219 +++ conf/logmanagement/services/Tftpd.json | 35 + conf/logmanagement/services/Vsftpd.json | 21 + conf/logmanagement/services/Windows_ADUC.json | 107 ++ ...plications_Citrix_Presentation_Server.json | 51 + .../Windows_Applications_McAfee_GER.json | 23 + .../services/Windows_SQLServer.json | 58 + .../services/Windows_Services.json | 100 + .../services/Windows_System.json | 471 +++++ .../services/Windows_System_Logon_Logoff.json | 177 ++ .../services/Windows_System_Printer.json | 93 + .../services/Windows_System_SmartCard.json | 37 + conf/logmanagement/services/Xen.json | 618 ++++++ conf/logmanagement/services/Xinetd.json | 70 + conf/logmanagement/services/Xscreensaver.json | 50 + conf/logmanagement/services/Zabbix.json | 183 ++ scripts/xml2json.pl | 91 + var/lib/octopussy/conf/services/ACPI.xml | 73 - var/lib/octopussy/conf/services/ARPWatch.xml | 79 - var/lib/octopussy/conf/services/Anacron.xml | 49 - var/lib/octopussy/conf/services/Ansible.xml | 12 - var/lib/octopussy/conf/services/Apache.xml | 80 - var/lib/octopussy/conf/services/Apache2.xml | 86 - .../conf/services/Apache_Mod_Proxy.xml | 55 - .../conf/services/Apache_Mod_Security.xml | 38 - .../conf/services/Apache_Traffic.xml | 43 - var/lib/octopussy/conf/services/Audispd.xml | 30 - var/lib/octopussy/conf/services/Audit.xml | 61 - var/lib/octopussy/conf/services/Automount.xml | 49 - var/lib/octopussy/conf/services/Avahi.xml | 134 -- var/lib/octopussy/conf/services/Bind.xml | 511 ----- .../conf/services/Blue_Coat_System.xml | 380 ---- var/lib/octopussy/conf/services/CVS.xml | 120 -- var/lib/octopussy/conf/services/Cisco_ACS.xml | 271 --- var/lib/octopussy/conf/services/Cisco_ASA.xml | 1034 ---------- var/lib/octopussy/conf/services/Cisco_Pix.xml | 37 - .../octopussy/conf/services/Cisco_Router.xml | 161 -- .../conf/services/Cisco_Router_Traffic.xml | 29 - .../octopussy/conf/services/Cisco_Switch.xml | 468 ----- .../conf/services/Cisco_VPN_Client.xml | 19 - var/lib/octopussy/conf/services/ClamAV.xml | 109 -- var/lib/octopussy/conf/services/Cracklib.xml | 18 - var/lib/octopussy/conf/services/Cron.xml | 205 -- var/lib/octopussy/conf/services/Cyclades.xml | 73 - .../octopussy/conf/services/Cyrus_Mail.xml | 85 - var/lib/octopussy/conf/services/DB2.xml | 12 - var/lib/octopussy/conf/services/DHCP.xml | 54 - .../octopussy/conf/services/Dell_Switch.xml | 61 - .../conf/services/DenyAll_Filtering.xml | 91 - .../conf/services/DenyAll_System.xml | 217 --- .../conf/services/DenyAll_Traffic.xml | 187 -- var/lib/octopussy/conf/services/Dhclient.xml | 24 - var/lib/octopussy/conf/services/Dhcpcd.xml | 43 - var/lib/octopussy/conf/services/Dnsmasq.xml | 37 - var/lib/octopussy/conf/services/Dovecot.xml | 240 --- .../conf/services/DragonFly_Mail_Agent.xml | 43 - var/lib/octopussy/conf/services/Drbd.xml | 446 ----- var/lib/octopussy/conf/services/Exim.xml | 38 - var/lib/octopussy/conf/services/F5_BigIP.xml | 781 -------- .../octopussy/conf/services/F5_BigIP_ASM.xml | 43 - .../conf/services/F5_BigIP_ASM_Filtering.xml | 12 - var/lib/octopussy/conf/services/Fam.xml | 13 - .../conf/services/Fortigate_System.xml | 349 ---- .../conf/services/Fortigate_Traffic.xml | 31 - .../octopussy/conf/services/FreeRADIUS.xml | 43 - var/lib/octopussy/conf/services/Ftpd.xml | 43 - var/lib/octopussy/conf/services/HPLIP.xml | 14 - var/lib/octopussy/conf/services/Hald.xml | 25 - var/lib/octopussy/conf/services/Heartbeat.xml | 331 ---- .../octopussy/conf/services/IBM_Cognos.xml | 54 - var/lib/octopussy/conf/services/IPVS.xml | 44 - var/lib/octopussy/conf/services/IP_Tables.xml | 122 -- var/lib/octopussy/conf/services/Incron.xml | 48 - var/lib/octopussy/conf/services/IronPort.xml | 421 ---- .../services/IronPort_S-Series_System.xml | 780 -------- .../services/IronPort_S-Series_Traffic.xml | 66 - .../conf/services/IronPort_System.xml | 151 -- .../conf/services/Juniper_DX_System.xml | 145 -- .../conf/services/Juniper_DX_Traffic.xml | 20 - .../octopussy/conf/services/Keepalived.xml | 338 ---- var/lib/octopussy/conf/services/Ldap.xml | 464 ----- .../conf/services/Linux_Debian_System.xml | 104 - .../conf/services/Linux_Gnome_Desktop.xml | 55 - .../conf/services/Linux_Gnome_Desktop_FR.xml | 18 - .../octopussy/conf/services/Linux_HA_Attr.xml | 61 - .../octopussy/conf/services/Linux_HA_Crm.xml | 50 - .../conf/services/Linux_HA_Ipfail.xml | 26 - .../octopussy/conf/services/Linux_HA_Log.xml | 80 - .../conf/services/Linux_HA_Stonith.xml | 43 - .../octopussy/conf/services/Linux_Kernel.xml | 1466 -------------- .../conf/services/Linux_Kernel_Audit.xml | 43 - .../conf/services/Linux_Kernel_Bluetooth.xml | 37 - .../conf/services/Linux_Kernel_FS_Ext3.xml | 49 - .../conf/services/Linux_Kernel_FS_Reiser.xml | 37 - .../services/Linux_Kernel_Network_Bonding.xml | 74 - .../conf/services/Linux_Kernel_RAID.xml | 43 - .../conf/services/Linux_Kernel_USB.xml | 145 -- .../conf/services/Linux_Network_Interface.xml | 36 - var/lib/octopussy/conf/services/Linux_PAM.xml | 122 -- .../conf/services/Linux_Red_Hat_System.xml | 12 - .../octopussy/conf/services/Linux_System.xml | 505 ----- .../conf/services/Logitech_Mouse_Control.xml | 18 - .../conf/services/Mac_OS_X_Installer.xml | 98 - .../conf/services/Mac_OS_X_Kernel.xml | 200 -- .../services/Mac_OS_X_Software_Update.xml | 26 - .../conf/services/Mac_OS_X_Steam.xml | 26 - .../conf/services/Mac_OS_X_System.xml | 224 --- .../conf/services/Mac_OS_X_iTunes.xml | 26 - .../octopussy/conf/services/Mnogosearch.xml | 60 - var/lib/octopussy/conf/services/Monit.xml | 152 -- var/lib/octopussy/conf/services/MySQL.xml | 464 ----- var/lib/octopussy/conf/services/Nagios.xml | 205 -- .../octopussy/conf/services/Nagios_NSCA.xml | 80 - var/lib/octopussy/conf/services/Neoteris.xml | 199 -- .../conf/services/NetApp_NetCache.xml | 744 ------- var/lib/octopussy/conf/services/NetFlow.xml | 19 - .../conf/services/Netscreen_NSM_System.xml | 894 --------- .../conf/services/Netscreen_NSM_Traffic.xml | 25 - .../conf/services/Netscreen_System.xml | 1273 ------------ .../services/Netscreen_System_Antivirus.xml | 61 - .../conf/services/Netscreen_Traffic.xml | 85 - var/lib/octopussy/conf/services/Nfs.xml | 36 - var/lib/octopussy/conf/services/Nscd.xml | 48 - var/lib/octopussy/conf/services/Ntop.xml | 72 - var/lib/octopussy/conf/services/Ntp.xml | 246 --- var/lib/octopussy/conf/services/OSSEC.xml | 13 - var/lib/octopussy/conf/services/Octopussy.xml | 416 ---- var/lib/octopussy/conf/services/OpenVZ.xml | 68 - var/lib/octopussy/conf/services/Pcscd.xml | 205 -- var/lib/octopussy/conf/services/Postfix.xml | 608 ------ .../octopussy/conf/services/PostgreSQL.xml | 506 ----- .../octopussy/conf/services/PostgreSQL_FR.xml | 110 -- .../conf/services/Printer_HP_LaserJet.xml | 85 - .../octopussy/conf/services/PulseAudio.xml | 49 - var/lib/octopussy/conf/services/Radius.xml | 12 - var/lib/octopussy/conf/services/Rpc_statd.xml | 31 - var/lib/octopussy/conf/services/Rsync.xml | 62 - var/lib/octopussy/conf/services/Rsyslog.xml | 133 -- var/lib/octopussy/conf/services/Samba.xml | 80 - var/lib/octopussy/conf/services/Samhain.xml | 193 -- var/lib/octopussy/conf/services/Saslauthd.xml | 55 - var/lib/octopussy/conf/services/Sendmail.xml | 170 -- var/lib/octopussy/conf/services/Slony-I.xml | 68 - var/lib/octopussy/conf/services/Smartd.xml | 138 -- var/lib/octopussy/conf/services/Snmpd.xml | 127 -- .../octopussy/conf/services/SpamAssassin.xml | 50 - .../octopussy/conf/services/Squid_System.xml | 542 ------ .../octopussy/conf/services/Squid_Traffic.xml | 14 - var/lib/octopussy/conf/services/Sshd.xml | 534 ----- var/lib/octopussy/conf/services/Stunnel.xml | 337 ---- .../octopussy/conf/services/Subversion.xml | 13 - var/lib/octopussy/conf/services/Sudo.xml | 138 -- var/lib/octopussy/conf/services/Syslog-ng.xml | 188 -- var/lib/octopussy/conf/services/Tftpd.xml | 28 - var/lib/octopussy/conf/services/Vsftpd.xml | 16 - .../octopussy/conf/services/Windows_ADUC.xml | 91 - ...pplications_Citrix_Presentation_Server.xml | 43 - .../Windows_Applications_McAfee_GER.xml | 19 - .../conf/services/Windows_SQLServer.xml | 49 - .../conf/services/Windows_Services.xml | 85 - .../conf/services/Windows_System.xml | 403 ---- .../services/Windows_System_Logon_Logoff.xml | 151 -- .../conf/services/Windows_System_Printer.xml | 79 - .../services/Windows_System_SmartCard.xml | 31 - var/lib/octopussy/conf/services/Xen.xml | 530 ----- var/lib/octopussy/conf/services/Xinetd.xml | 60 - .../octopussy/conf/services/Xscreensaver.xml | 44 - var/lib/octopussy/conf/services/Zabbix.xml | 157 -- 303 files changed, 29493 insertions(+), 25158 deletions(-) create mode 100644 conf/logmanagement/services/ACPI.json create mode 100644 conf/logmanagement/services/ARPWatch.json create mode 100644 conf/logmanagement/services/Anacron.json create mode 100644 conf/logmanagement/services/Ansible.json create mode 100644 conf/logmanagement/services/Apache.json create mode 100644 conf/logmanagement/services/Apache2.json create mode 100644 conf/logmanagement/services/Apache_Mod_Proxy.json create mode 100644 conf/logmanagement/services/Apache_Mod_Security.json create mode 100644 conf/logmanagement/services/Apache_Traffic.json create mode 100644 conf/logmanagement/services/Audispd.json create mode 100644 conf/logmanagement/services/Audit.json create mode 100644 conf/logmanagement/services/Automount.json create mode 100644 conf/logmanagement/services/Avahi.json create mode 100644 conf/logmanagement/services/Bind.json create mode 100644 conf/logmanagement/services/Blue_Coat_System.json create mode 100644 conf/logmanagement/services/CVS.json create mode 100644 conf/logmanagement/services/Cisco_ACS.json create mode 100644 conf/logmanagement/services/Cisco_ASA.json create mode 100644 conf/logmanagement/services/Cisco_Pix.json create mode 100644 conf/logmanagement/services/Cisco_Router.json create mode 100644 conf/logmanagement/services/Cisco_Router_Traffic.json create mode 100644 conf/logmanagement/services/Cisco_Switch.json create mode 100644 conf/logmanagement/services/Cisco_VPN_Client.json create mode 100644 conf/logmanagement/services/ClamAV.json create mode 100644 conf/logmanagement/services/Cracklib.json create mode 100644 conf/logmanagement/services/Cron.json create mode 100644 conf/logmanagement/services/Cyclades.json create mode 100644 conf/logmanagement/services/Cyrus_Mail.json create mode 100644 conf/logmanagement/services/DB2.json create mode 100644 conf/logmanagement/services/DHCP.json create mode 100644 conf/logmanagement/services/Dell_Switch.json create mode 100644 conf/logmanagement/services/DenyAll_Filtering.json create mode 100644 conf/logmanagement/services/DenyAll_System.json create mode 100644 conf/logmanagement/services/DenyAll_Traffic.json create mode 100644 conf/logmanagement/services/Dhclient.json create mode 100644 conf/logmanagement/services/Dhcpcd.json create mode 100644 conf/logmanagement/services/Dnsmasq.json create mode 100644 conf/logmanagement/services/Dovecot.json create mode 100644 conf/logmanagement/services/DragonFly_Mail_Agent.json create mode 100644 conf/logmanagement/services/Drbd.json create mode 100644 conf/logmanagement/services/Exim.json create mode 100644 conf/logmanagement/services/F5_BigIP.json create mode 100644 conf/logmanagement/services/F5_BigIP_ASM.json create mode 100644 conf/logmanagement/services/F5_BigIP_ASM_Filtering.json create mode 100644 conf/logmanagement/services/Fam.json create mode 100644 conf/logmanagement/services/Fortigate_System.json create mode 100644 conf/logmanagement/services/Fortigate_Traffic.json create mode 100644 conf/logmanagement/services/FreeRADIUS.json create mode 100644 conf/logmanagement/services/Ftpd.json create mode 100644 conf/logmanagement/services/HPLIP.json create mode 100644 conf/logmanagement/services/Hald.json create mode 100644 conf/logmanagement/services/Heartbeat.json create mode 100644 conf/logmanagement/services/IBM_Cognos.json create mode 100644 conf/logmanagement/services/IPVS.json create mode 100644 conf/logmanagement/services/IP_Tables.json create mode 100644 conf/logmanagement/services/Incron.json create mode 100644 conf/logmanagement/services/IronPort.json create mode 100644 conf/logmanagement/services/IronPort_S-Series_System.json create mode 100644 conf/logmanagement/services/IronPort_S-Series_Traffic.json create mode 100644 conf/logmanagement/services/IronPort_System.json create mode 100644 conf/logmanagement/services/Juniper_DX_System.json create mode 100644 conf/logmanagement/services/Juniper_DX_Traffic.json create mode 100644 conf/logmanagement/services/Keepalived.json create mode 100644 conf/logmanagement/services/Ldap.json create mode 100644 conf/logmanagement/services/Linux_Debian_System.json create mode 100644 conf/logmanagement/services/Linux_Gnome_Desktop.json create mode 100644 conf/logmanagement/services/Linux_Gnome_Desktop_FR.json create mode 100644 conf/logmanagement/services/Linux_HA_Attr.json create mode 100644 conf/logmanagement/services/Linux_HA_Crm.json create mode 100644 conf/logmanagement/services/Linux_HA_Ipfail.json create mode 100644 conf/logmanagement/services/Linux_HA_Log.json create mode 100644 conf/logmanagement/services/Linux_HA_Stonith.json create mode 100644 conf/logmanagement/services/Linux_Kernel.json create mode 100644 conf/logmanagement/services/Linux_Kernel_Audit.json create mode 100644 conf/logmanagement/services/Linux_Kernel_Bluetooth.json create mode 100644 conf/logmanagement/services/Linux_Kernel_FS_Ext3.json create mode 100644 conf/logmanagement/services/Linux_Kernel_FS_Reiser.json create mode 100644 conf/logmanagement/services/Linux_Kernel_Network_Bonding.json create mode 100644 conf/logmanagement/services/Linux_Kernel_RAID.json create mode 100644 conf/logmanagement/services/Linux_Kernel_USB.json create mode 100644 conf/logmanagement/services/Linux_Network_Interface.json create mode 100644 conf/logmanagement/services/Linux_PAM.json create mode 100644 conf/logmanagement/services/Linux_Red_Hat_System.json create mode 100644 conf/logmanagement/services/Linux_System.json create mode 100644 conf/logmanagement/services/Logitech_Mouse_Control.json create mode 100644 conf/logmanagement/services/Mac_OS_X_Installer.json create mode 100644 conf/logmanagement/services/Mac_OS_X_Kernel.json create mode 100644 conf/logmanagement/services/Mac_OS_X_Software_Update.json create mode 100644 conf/logmanagement/services/Mac_OS_X_Steam.json create mode 100644 conf/logmanagement/services/Mac_OS_X_System.json create mode 100644 conf/logmanagement/services/Mac_OS_X_iTunes.json create mode 100644 conf/logmanagement/services/Mnogosearch.json create mode 100644 conf/logmanagement/services/Monit.json create mode 100644 conf/logmanagement/services/MySQL.json create mode 100644 conf/logmanagement/services/Nagios.json create mode 100644 conf/logmanagement/services/Nagios_NSCA.json create mode 100644 conf/logmanagement/services/Neoteris.json create mode 100644 conf/logmanagement/services/NetApp_NetCache.json create mode 100644 conf/logmanagement/services/NetFlow.json create mode 100644 conf/logmanagement/services/Netscreen_NSM_System.json create mode 100644 conf/logmanagement/services/Netscreen_NSM_Traffic.json create mode 100644 conf/logmanagement/services/Netscreen_System.json create mode 100644 conf/logmanagement/services/Netscreen_System_Antivirus.json create mode 100644 conf/logmanagement/services/Netscreen_Traffic.json create mode 100644 conf/logmanagement/services/Nfs.json create mode 100644 conf/logmanagement/services/Nscd.json create mode 100644 conf/logmanagement/services/Ntop.json create mode 100644 conf/logmanagement/services/Ntp.json create mode 100644 conf/logmanagement/services/OSSEC.json create mode 100644 conf/logmanagement/services/Octopussy.json create mode 100644 conf/logmanagement/services/OpenVZ.json create mode 100644 conf/logmanagement/services/Pcscd.json create mode 100644 conf/logmanagement/services/Postfix.json create mode 100644 conf/logmanagement/services/PostgreSQL.json create mode 100644 conf/logmanagement/services/PostgreSQL_FR.json create mode 100644 conf/logmanagement/services/Printer_HP_LaserJet.json create mode 100644 conf/logmanagement/services/PulseAudio.json create mode 100644 conf/logmanagement/services/Radius.json create mode 100644 conf/logmanagement/services/Rpc_statd.json create mode 100644 conf/logmanagement/services/Rsync.json create mode 100644 conf/logmanagement/services/Rsyslog.json create mode 100644 conf/logmanagement/services/Samba.json create mode 100644 conf/logmanagement/services/Samhain.json create mode 100644 conf/logmanagement/services/Saslauthd.json create mode 100644 conf/logmanagement/services/Sendmail.json create mode 100644 conf/logmanagement/services/Slony-I.json create mode 100644 conf/logmanagement/services/Smartd.json create mode 100644 conf/logmanagement/services/Snmpd.json create mode 100644 conf/logmanagement/services/SpamAssassin.json create mode 100644 conf/logmanagement/services/Squid_System.json create mode 100644 conf/logmanagement/services/Squid_Traffic.json create mode 100644 conf/logmanagement/services/Sshd.json create mode 100644 conf/logmanagement/services/Stunnel.json create mode 100644 conf/logmanagement/services/Subversion.json create mode 100644 conf/logmanagement/services/Sudo.json create mode 100644 conf/logmanagement/services/Syslog-ng.json create mode 100644 conf/logmanagement/services/Tftpd.json create mode 100644 conf/logmanagement/services/Vsftpd.json create mode 100644 conf/logmanagement/services/Windows_ADUC.json create mode 100644 conf/logmanagement/services/Windows_Applications_Citrix_Presentation_Server.json create mode 100644 conf/logmanagement/services/Windows_Applications_McAfee_GER.json create mode 100644 conf/logmanagement/services/Windows_SQLServer.json create mode 100644 conf/logmanagement/services/Windows_Services.json create mode 100644 conf/logmanagement/services/Windows_System.json create mode 100644 conf/logmanagement/services/Windows_System_Logon_Logoff.json create mode 100644 conf/logmanagement/services/Windows_System_Printer.json create mode 100644 conf/logmanagement/services/Windows_System_SmartCard.json create mode 100644 conf/logmanagement/services/Xen.json create mode 100644 conf/logmanagement/services/Xinetd.json create mode 100644 conf/logmanagement/services/Xscreensaver.json create mode 100644 conf/logmanagement/services/Zabbix.json create mode 100755 scripts/xml2json.pl delete mode 100644 var/lib/octopussy/conf/services/ACPI.xml delete mode 100644 var/lib/octopussy/conf/services/ARPWatch.xml delete mode 100644 var/lib/octopussy/conf/services/Anacron.xml delete mode 100644 var/lib/octopussy/conf/services/Ansible.xml delete mode 100644 var/lib/octopussy/conf/services/Apache.xml delete mode 100644 var/lib/octopussy/conf/services/Apache2.xml delete mode 100644 var/lib/octopussy/conf/services/Apache_Mod_Proxy.xml delete mode 100644 var/lib/octopussy/conf/services/Apache_Mod_Security.xml delete mode 100644 var/lib/octopussy/conf/services/Apache_Traffic.xml delete mode 100644 var/lib/octopussy/conf/services/Audispd.xml delete mode 100644 var/lib/octopussy/conf/services/Audit.xml delete mode 100644 var/lib/octopussy/conf/services/Automount.xml delete mode 100644 var/lib/octopussy/conf/services/Avahi.xml delete mode 100644 var/lib/octopussy/conf/services/Bind.xml delete mode 100644 var/lib/octopussy/conf/services/Blue_Coat_System.xml delete mode 100644 var/lib/octopussy/conf/services/CVS.xml delete mode 100644 var/lib/octopussy/conf/services/Cisco_ACS.xml delete mode 100644 var/lib/octopussy/conf/services/Cisco_ASA.xml delete mode 100644 var/lib/octopussy/conf/services/Cisco_Pix.xml delete mode 100644 var/lib/octopussy/conf/services/Cisco_Router.xml delete mode 100644 var/lib/octopussy/conf/services/Cisco_Router_Traffic.xml delete mode 100644 var/lib/octopussy/conf/services/Cisco_Switch.xml delete mode 100644 var/lib/octopussy/conf/services/Cisco_VPN_Client.xml delete mode 100644 var/lib/octopussy/conf/services/ClamAV.xml delete mode 100644 var/lib/octopussy/conf/services/Cracklib.xml delete mode 100644 var/lib/octopussy/conf/services/Cron.xml delete mode 100644 var/lib/octopussy/conf/services/Cyclades.xml delete mode 100644 var/lib/octopussy/conf/services/Cyrus_Mail.xml delete mode 100644 var/lib/octopussy/conf/services/DB2.xml delete mode 100644 var/lib/octopussy/conf/services/DHCP.xml delete mode 100644 var/lib/octopussy/conf/services/Dell_Switch.xml delete mode 100644 var/lib/octopussy/conf/services/DenyAll_Filtering.xml delete mode 100644 var/lib/octopussy/conf/services/DenyAll_System.xml delete mode 100644 var/lib/octopussy/conf/services/DenyAll_Traffic.xml delete mode 100644 var/lib/octopussy/conf/services/Dhclient.xml delete mode 100644 var/lib/octopussy/conf/services/Dhcpcd.xml delete mode 100644 var/lib/octopussy/conf/services/Dnsmasq.xml delete mode 100644 var/lib/octopussy/conf/services/Dovecot.xml delete mode 100644 var/lib/octopussy/conf/services/DragonFly_Mail_Agent.xml delete mode 100644 var/lib/octopussy/conf/services/Drbd.xml delete mode 100644 var/lib/octopussy/conf/services/Exim.xml delete mode 100644 var/lib/octopussy/conf/services/F5_BigIP.xml delete mode 100644 var/lib/octopussy/conf/services/F5_BigIP_ASM.xml delete mode 100644 var/lib/octopussy/conf/services/F5_BigIP_ASM_Filtering.xml delete mode 100644 var/lib/octopussy/conf/services/Fam.xml delete mode 100644 var/lib/octopussy/conf/services/Fortigate_System.xml delete mode 100644 var/lib/octopussy/conf/services/Fortigate_Traffic.xml delete mode 100644 var/lib/octopussy/conf/services/FreeRADIUS.xml delete mode 100644 var/lib/octopussy/conf/services/Ftpd.xml delete mode 100644 var/lib/octopussy/conf/services/HPLIP.xml delete mode 100644 var/lib/octopussy/conf/services/Hald.xml delete mode 100644 var/lib/octopussy/conf/services/Heartbeat.xml delete mode 100644 var/lib/octopussy/conf/services/IBM_Cognos.xml delete mode 100644 var/lib/octopussy/conf/services/IPVS.xml delete mode 100644 var/lib/octopussy/conf/services/IP_Tables.xml delete mode 100644 var/lib/octopussy/conf/services/Incron.xml delete mode 100644 var/lib/octopussy/conf/services/IronPort.xml delete mode 100644 var/lib/octopussy/conf/services/IronPort_S-Series_System.xml delete mode 100644 var/lib/octopussy/conf/services/IronPort_S-Series_Traffic.xml delete mode 100644 var/lib/octopussy/conf/services/IronPort_System.xml delete mode 100644 var/lib/octopussy/conf/services/Juniper_DX_System.xml delete mode 100644 var/lib/octopussy/conf/services/Juniper_DX_Traffic.xml delete mode 100644 var/lib/octopussy/conf/services/Keepalived.xml delete mode 100644 var/lib/octopussy/conf/services/Ldap.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_Debian_System.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_Gnome_Desktop.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_Gnome_Desktop_FR.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_HA_Attr.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_HA_Crm.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_HA_Ipfail.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_HA_Log.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_HA_Stonith.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_Kernel.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_Kernel_Audit.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_Kernel_Bluetooth.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_Kernel_FS_Ext3.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_Kernel_FS_Reiser.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_Kernel_Network_Bonding.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_Kernel_RAID.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_Kernel_USB.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_Network_Interface.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_PAM.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_Red_Hat_System.xml delete mode 100644 var/lib/octopussy/conf/services/Linux_System.xml delete mode 100644 var/lib/octopussy/conf/services/Logitech_Mouse_Control.xml delete mode 100644 var/lib/octopussy/conf/services/Mac_OS_X_Installer.xml delete mode 100644 var/lib/octopussy/conf/services/Mac_OS_X_Kernel.xml delete mode 100644 var/lib/octopussy/conf/services/Mac_OS_X_Software_Update.xml delete mode 100644 var/lib/octopussy/conf/services/Mac_OS_X_Steam.xml delete mode 100644 var/lib/octopussy/conf/services/Mac_OS_X_System.xml delete mode 100644 var/lib/octopussy/conf/services/Mac_OS_X_iTunes.xml delete mode 100644 var/lib/octopussy/conf/services/Mnogosearch.xml delete mode 100644 var/lib/octopussy/conf/services/Monit.xml delete mode 100644 var/lib/octopussy/conf/services/MySQL.xml delete mode 100644 var/lib/octopussy/conf/services/Nagios.xml delete mode 100644 var/lib/octopussy/conf/services/Nagios_NSCA.xml delete mode 100644 var/lib/octopussy/conf/services/Neoteris.xml delete mode 100644 var/lib/octopussy/conf/services/NetApp_NetCache.xml delete mode 100644 var/lib/octopussy/conf/services/NetFlow.xml delete mode 100644 var/lib/octopussy/conf/services/Netscreen_NSM_System.xml delete mode 100644 var/lib/octopussy/conf/services/Netscreen_NSM_Traffic.xml delete mode 100644 var/lib/octopussy/conf/services/Netscreen_System.xml delete mode 100644 var/lib/octopussy/conf/services/Netscreen_System_Antivirus.xml delete mode 100644 var/lib/octopussy/conf/services/Netscreen_Traffic.xml delete mode 100644 var/lib/octopussy/conf/services/Nfs.xml delete mode 100644 var/lib/octopussy/conf/services/Nscd.xml delete mode 100644 var/lib/octopussy/conf/services/Ntop.xml delete mode 100644 var/lib/octopussy/conf/services/Ntp.xml delete mode 100644 var/lib/octopussy/conf/services/OSSEC.xml delete mode 100644 var/lib/octopussy/conf/services/Octopussy.xml delete mode 100644 var/lib/octopussy/conf/services/OpenVZ.xml delete mode 100644 var/lib/octopussy/conf/services/Pcscd.xml delete mode 100644 var/lib/octopussy/conf/services/Postfix.xml delete mode 100644 var/lib/octopussy/conf/services/PostgreSQL.xml delete mode 100644 var/lib/octopussy/conf/services/PostgreSQL_FR.xml delete mode 100644 var/lib/octopussy/conf/services/Printer_HP_LaserJet.xml delete mode 100644 var/lib/octopussy/conf/services/PulseAudio.xml delete mode 100644 var/lib/octopussy/conf/services/Radius.xml delete mode 100644 var/lib/octopussy/conf/services/Rpc_statd.xml delete mode 100644 var/lib/octopussy/conf/services/Rsync.xml delete mode 100644 var/lib/octopussy/conf/services/Rsyslog.xml delete mode 100644 var/lib/octopussy/conf/services/Samba.xml delete mode 100644 var/lib/octopussy/conf/services/Samhain.xml delete mode 100644 var/lib/octopussy/conf/services/Saslauthd.xml delete mode 100644 var/lib/octopussy/conf/services/Sendmail.xml delete mode 100644 var/lib/octopussy/conf/services/Slony-I.xml delete mode 100644 var/lib/octopussy/conf/services/Smartd.xml delete mode 100644 var/lib/octopussy/conf/services/Snmpd.xml delete mode 100644 var/lib/octopussy/conf/services/SpamAssassin.xml delete mode 100644 var/lib/octopussy/conf/services/Squid_System.xml delete mode 100644 var/lib/octopussy/conf/services/Squid_Traffic.xml delete mode 100644 var/lib/octopussy/conf/services/Sshd.xml delete mode 100644 var/lib/octopussy/conf/services/Stunnel.xml delete mode 100644 var/lib/octopussy/conf/services/Subversion.xml delete mode 100644 var/lib/octopussy/conf/services/Sudo.xml delete mode 100644 var/lib/octopussy/conf/services/Syslog-ng.xml delete mode 100644 var/lib/octopussy/conf/services/Tftpd.xml delete mode 100644 var/lib/octopussy/conf/services/Vsftpd.xml delete mode 100644 var/lib/octopussy/conf/services/Windows_ADUC.xml delete mode 100644 var/lib/octopussy/conf/services/Windows_Applications_Citrix_Presentation_Server.xml delete mode 100644 var/lib/octopussy/conf/services/Windows_Applications_McAfee_GER.xml delete mode 100644 var/lib/octopussy/conf/services/Windows_SQLServer.xml delete mode 100644 var/lib/octopussy/conf/services/Windows_Services.xml delete mode 100644 var/lib/octopussy/conf/services/Windows_System.xml delete mode 100644 var/lib/octopussy/conf/services/Windows_System_Logon_Logoff.xml delete mode 100644 var/lib/octopussy/conf/services/Windows_System_Printer.xml delete mode 100644 var/lib/octopussy/conf/services/Windows_System_SmartCard.xml delete mode 100644 var/lib/octopussy/conf/services/Xen.xml delete mode 100644 var/lib/octopussy/conf/services/Xinetd.xml delete mode 100644 var/lib/octopussy/conf/services/Xscreensaver.xml delete mode 100644 var/lib/octopussy/conf/services/Zabbix.xml diff --git a/conf/logmanagement/services/ACPI.json b/conf/logmanagement/services/ACPI.json new file mode 100644 index 0000000..1db6c0d --- /dev/null +++ b/conf/logmanagement/services/ACPI.json @@ -0,0 +1,85 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"acpid\"):daemon@>: <@REGEXP(\"client connected.+\"):msg@>", + "msg_id" : "ACPI:client_connected", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"acpid\"):daemon@>: <@REGEXP(\"client.+ has disconnected\"):msg@>", + "msg_id" : "ACPI:client_has_disconnected", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"acpid\"):daemon@>: <@REGEXP(\".+ rule loaded\"):msg@>", + "msg_id" : "ACPI:rule_loaded", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"acpid\"):daemon@>: <@REGEXP(\"exiting\"):msg@>", + "msg_id" : "ACPI:exiting", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"acpid\"):daemon@>: <@REGEXP(\"received event .+\"):msg@>", + "msg_id" : "ACPI:received_event", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"acpid\"):daemon@>: <@REGEXP(\"notifying client .+\"):msg@>", + "msg_id" : "ACPI:notifying_client", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"acpid\"):daemon@>: <@REGEXP(\"completed event .+\"):msg@>", + "msg_id" : "ACPI:completed_event", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"acpid\"):daemon@>: <@REGEXP(\"executing action .+\"):msg@>", + "msg_id" : "ACPI:executing_action", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"acpid\"):daemon@>: <@REGEXP(\"action exited with status.+\"):msg@>", + "msg_id" : "ACPI:action_exited_with_status", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"acpid\"):daemon@>: <@REGEXP(\"starting up with .+\"):msg@>", + "msg_id" : "ACPI:starting_up_with", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"acpid\"):daemon@>: <@REGEXP(\"waiting for events: .+\"):msg@>", + "msg_id" : "ACPI:waiting_for_events", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + } + ], + "website" : "http://sourceforge.net/projects/acpid/", + "version" : "201208090003", + "name" : "ACPI", + "description" : "ACPI Service" +} diff --git a/conf/logmanagement/services/ARPWatch.json b/conf/logmanagement/services/ARPWatch.json new file mode 100644 index 0000000..f7df776 --- /dev/null +++ b/conf/logmanagement/services/ARPWatch.json @@ -0,0 +1,92 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> arpwatch: <@REGEXP(\"new station\"):msg@> <@IP_ADDR:ip_addr@> <@MAC_ADDR:mac_addr@> <@NET_INTERFACE:interface@>", + "msg_id" : "ARPWatch:new_station", + "table" : "ARPWatch", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> arpwatch: <@REGEXP(\"Running as uid=\\d+ gid=\\d+\"):msg@>", + "msg_id" : "ARPWatch:running_as", + "table" : "ARPWatch", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> arpwatch: <@REGEXP(\"listening on\"):msg@> <@NET_INTERFACE:interface@>", + "msg_id" : "ARPWatch:listening_on", + "table" : "ARPWatch", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> arpwatch: <@REGEXP(\"exiting\"):msg@>", + "msg_id" : "ARPWatch:exiting", + "table" : "ARPWatch", + "taxonomy" : "Application.Stop", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> arpwatch: <@REGEXP(\"changed ethernet address\"):msg@> <@IP_ADDR:ip_addr@> <@MAC_ADDR:mac_addr@> (<@MAC_ADDR:NULL@>) <@NET_INTERFACE:interface@>", + "msg_id" : "ARPWatch:changed_ethernet_address", + "table" : "ARPWatch", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> arpwatch: <@REGEXP(\"0-source\"):msg@> <@IP_ADDR:ip_addr@> <@MAC_ADDR:mac_addr@>", + "msg_id" : "ARPWatch:zero_source", + "table" : "ARPWatch", + "taxonomy" : "Config.Changes", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> arpwatch: <@REGEXP(\"bogon\"):msg@> <@IP_ADDR:ip_addr@> <@MAC_ADDR:mac_addr@>", + "msg_id" : "ARPWatch:bogon", + "table" : "ARPWatch", + "taxonomy" : "Config.Changes", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> arpwatch: <@REGEXP(\"changed MAC address\"):msg@> <@IP_ADDR:ip_addr@> <@MAC_ADDR:mac_addr@> (<@MAC_ADDR:NULL@>)", + "msg_id" : "ARPWatch:changed_mac_address", + "table" : "ARPWatch", + "taxonomy" : "Config.Changes", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> arpwatch: <@REGEXP(\"last message repeated .+ times\"):msg@>", + "msg_id" : "ARPWatch:last_message_repeated", + "table" : "ARPWatch", + "taxonomy" : "Other", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> arpwatch: <@REGEXP(\"reused old MAC address\"):msg@> <@IP_ADDR:ip_addr@> <@MAC_ADDR:mac_addr@> (<@MAC_ADDR:NULL@>)", + "msg_id" : "ARPWatch:reused_old_mac_address", + "table" : "ARPWatch", + "taxonomy" : "Config.Changes", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> arpwatch: <@REGEXP(\"flip flop\"):msg@> <@IP_ADDR:ip_addr@> <@MAC_ADDR:mac_addr@> (<@MAC_ADDR:NULL@>)", + "msg_id" : "ARPWatch:flip_flop", + "table" : "ARPWatch", + "taxonomy" : "Config.Changes", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> arpwatch: <@REGEXP(\"new activity\"):msg@> <@IP_ADDR:ip_addr@> <@MAC_ADDR:mac_addr@>", + "msg_id" : "ARPWatch:new_activity", + "table" : "ARPWatch", + "taxonomy" : "Config.Changes", + "loglevel" : "Information" + } + ], + "website" : "", + "version" : "201404110008", + "name" : "ARPWatch", + "description" : "ARPWatch Service" +} diff --git a/conf/logmanagement/services/Anacron.json b/conf/logmanagement/services/Anacron.json new file mode 100644 index 0000000..4e6cc0a --- /dev/null +++ b/conf/logmanagement/services/Anacron.json @@ -0,0 +1,57 @@ +{ + "icon" : "operating_systems/os_linux_generic", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"anacron\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Job .+ started\"):msg@>", + "msg_id" : "Anacron:job_started", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"anacron\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Job .+ terminated.*\"):msg@>", + "msg_id" : "Anacron:job_terminated", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"anacron\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Updated timestamp for job `\\S+' to \\S+\"):msg@>", + "msg_id" : "Anacron:updated_timestamp_for_job", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"anacron\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Normal exit .+\"):msg@>", + "msg_id" : "Anacron:normal_exit", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"anacron\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Jobs will be executed sequentially\"):msg@>", + "msg_id" : "Anacron:jobs_executed_sequentially", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"anacron\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Will run job .+ in .+\"):msg@>", + "msg_id" : "Anacron:will_run_job", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"anacron\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Anacron .+ started on .+\"):msg@>", + "msg_id" : "Anacron:started_on", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + } + ], + "version" : "200905180003", + "name" : "Anacron", + "description" : "Anacron Service" +} diff --git a/conf/logmanagement/services/Ansible.json b/conf/logmanagement/services/Ansible.json new file mode 100644 index 0000000..4c1a633 --- /dev/null +++ b/conf/logmanagement/services/Ansible.json @@ -0,0 +1,15 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> ansible-<@WORD:module@>: Invoked with <@STRING:arguments@>", + "msg_id" : "Ansible:001", + "table" : "Ansible", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "http://www.ansibleworks.com", + "version" : "201311220002", + "name" : "Ansible", + "description" : "Ansible is a powerful automation engine that makes systems and apps simple to deploy." +} diff --git a/conf/logmanagement/services/Apache.json b/conf/logmanagement/services/Apache.json new file mode 100644 index 0000000..21087ba --- /dev/null +++ b/conf/logmanagement/services/Apache.json @@ -0,0 +1,93 @@ +{ + "icon" : "software/logo_apache", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:server@>: <@REGEXP(\"Syntax error on line \\d+ of .+:\"):msg@>", + "msg_id" : "Apache:syntax_error_on_line", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:server@>: <@REGEXP(\"Invalid command .+, perhaps mis-spelled or defined by a module not included in the server configuration\"):msg@>", + "msg_id" : "Apache:invalid_command", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:server@>: <@REGEXP(\"Cannot load .+ into server: .*\"):msg@>", + "msg_id" : "Apache:cannot_load_module", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:server@>: <@REGEXP(\"\\S+ startup failed\"):msg@> ", + "msg_id" : "Apache:startup_failed", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:server@>: <@REGEXP(\"\\S+ shutdown failed\"):msg@> ", + "msg_id" : "Apache:shutdown_failed", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:server@>: <@REGEXP(\"\\S+ -HUP succeeded\"):msg@>", + "msg_id" : "Apache:hup_succeeded", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:server@>: <@REGEXP(\"[error] .+ unable to include .+ in parsed file .+\"):msg@>", + "msg_id" : "Apache:unable_include_file", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:server@>: <@REGEXP(\"[error] .+ File does not exist: .+\"):msg@> ", + "msg_id" : "Apache:file_does_not_exist", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:server@>: <@REGEXP(\"[error] .+ Authentication failure.+\"):msg@>", + "msg_id" : "Apache:authentication_failure", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:server@>: <@REGEXP(\"[error] .+\"):msg@>", + "msg_id" : "Apache:various_errors", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"httpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"pam_ldap: error trying to bind as user .+\"):msg@>", + "msg_id" : "Apache:pam_ldap_error_bind", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"httpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"[warn] RSA server certificate CommonName .+ does NOT match server name.+\"):msg@>", + "msg_id" : "Apache:certificate_doesnt_match_servername", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://httpd.apache.org/", + "version" : "201002180002", + "name" : "Apache", + "description" : "Apache Service" +} diff --git a/conf/logmanagement/services/Apache2.json b/conf/logmanagement/services/Apache2.json new file mode 100644 index 0000000..f918460 --- /dev/null +++ b/conf/logmanagement/services/Apache2.json @@ -0,0 +1,100 @@ +{ + "icon" : "software/logo_apache", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"apache2\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\[error\\] .+ File does not exist: .+\"):msg@>", + "msg_id" : "Apache2:file_does_not_exist", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"apache2\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ script .+ not found or unable to stat.+\"):msg@>", + "msg_id" : "Apache2:script_not_found", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"apache2\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\[error\\] .+ Directory index forbidden by rule: .+\"):msg@>", + "msg_id" : "Apache2:directory_index_forbidden", + "table" : "Message", + "taxonomy" : "Access.Failure", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"apache2\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\[error\\] .+ unable to include .+ in parsed file .+\"):msg@>", + "msg_id" : "Apache2:unable_include_file", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"apache2\\S*: PHP Warning: .+\"):msg@>", + "msg_id" : "Apache2:php_warning", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"apache2\\S*: PHP Fatal error: .+\"):msg@>", + "msg_id" : "Apache2:php_fatal_error", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"apache2\\S*: PHP Parse error:.+\"):msg@>", + "msg_id" : "Apache2:php_parse_error", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"apache2\\S*: PHP Notice: .+\"):msg@>", + "msg_id" : "Apache2:php_notice", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"apache2\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"PAJAX: .+\"):msg@>", + "msg_id" : "Apache2:pajax_any_message", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"apache\\S+\"):NULL@>: <@REGEXP(\"nss_ldap: could not connect to any LDAP server.+\"):msg@>", + "msg_id" : "Apache2:couldnt_connect_ldap_server", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"apache2\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\[alert\\] \\[client \\S+\\] .+htaccess: Invalid command .+\"):msg@>", + "msg_id" : "Apache2:htaccess_invalid_command", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"apache2\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\[error\\] \\[client .+\\] client denied by server configuration: .+\"):msg@>", + "msg_id" : "Apache2:denied_by_server_configuration", + "table" : "Message", + "taxonomy" : "Access.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"apache2\"):daemon@>: <@REGEXP(\"PAJAX: .+\"):msg@>", + "msg_id" : "Apache2:pajax_any_message2", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "http://httpd.apache.org/", + "version" : "201002180008", + "name" : "Apache2", + "description" : "Apache2 Service" +} diff --git a/conf/logmanagement/services/Apache_Mod_Proxy.json b/conf/logmanagement/services/Apache_Mod_Proxy.json new file mode 100644 index 0000000..9b784cd --- /dev/null +++ b/conf/logmanagement/services/Apache_Mod_Proxy.json @@ -0,0 +1,64 @@ +{ + "icon" : "software/logo_apache", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> [<@DATE_TIME_APACHE_ERROR:apachetime@>] <@REGEXP(\"\\[error\\] ap_proxy_connect_backend disabling worker for .+\"):msg@>", + "msg_id" : "Apache_Mod_Proxy:connect_backend_disabling_worker", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> [<@DATE_TIME_APACHE_ERROR:apachetime@>] <@REGEXP(\"\\[error\\] proxy: got bad response .*from .+\"):msg@>", + "msg_id" : "Apache_Mod_Proxy:got_bad_response", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> [<@DATE_TIME_APACHE_ERROR:apachetime@>] <@REGEXP(\"\\[error\\] \\[client .+\\] proxy: error processing body.*\"):msg@>", + "msg_id" : "Apache_Mod_Proxy:error_processing_body", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> [<@DATE_TIME_APACHE_ERROR:apachetime@>] <@REGEXP(\"\\[error\\] .*APR does not understand this error code: proxy: read response failed from .+\"):msg@>", + "msg_id" : "Apache_Mod_Proxy:apr_doesnt_understand_error", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> [<@DATE_TIME_APACHE_ERROR:apachetime@>] <@REGEXP(\"\\[error\\] ajp_read_header: .+\"):msg@>", + "msg_id" : "Apache_Mod_Proxy:ajp_read_error", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> [<@DATE_TIME_APACHE_ERROR:apachetime@>] <@REGEXP(\"\\[error\\] proxy: AJP: disabled connection for .+\"):msg@>", + "msg_id" : "Apache_Mod_Proxy:ajp_disabled_connection_for", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> [<@DATE_TIME_APACHE_ERROR:apachetime@>] <@REGEXP(\"\\[error\\] proxy: AJP: failed to make connection to backend.+\"):msg@>", + "msg_id" : "Apache_Mod_Proxy:ajp_failed_backend", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> [<@DATE_TIME_APACHE_ERROR:apachetime@>] <@REGEXP(\"\\[error\\] .*The timeout specified has expired: proxy: .*\"):msg@>", + "msg_id" : "Apache_Mod_Proxy:timeout_specified_expired", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + } + ], + "version" : "201002180008", + "name" : "Apache_Mod_Proxy", + "description" : "Apache mod_proxy Service" +} diff --git a/conf/logmanagement/services/Apache_Mod_Security.json b/conf/logmanagement/services/Apache_Mod_Security.json new file mode 100644 index 0000000..bef0959 --- /dev/null +++ b/conf/logmanagement/services/Apache_Mod_Security.json @@ -0,0 +1,44 @@ +{ + "icon" : "software/logo_modsecurity", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> [<@DATE_TIME_APACHE_ERROR:apachetime@>] [error] [client <@IP_ADDR:client@>] ModSecurity: <@STRING:msg@> [id \"<@NUMBER:msg_id@>\"] [msg \"<@STRING:msg_category@>\"] [severity \"<@WORD:severity@>\"] [hostname \"<@WORD:hostname@>\"] [uri \"<@STRING:uri@>\"] [unique_id \"<@WORD:unique_id@>\"]", + "msg_id" : "Apache_Mod_Security:access_denied", + "table" : "Apache_Mod_Security", + "taxonomy" : "Access.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> [<@DATE_TIME_APACHE_ERROR:apachetime@>] [error] [client <@IP_ADDR:client@>] ModSecurity: <@REGEXP(\"Error reading request body: .+\"):msg@> [hostname \"<@WORD:hostname@>\"] [uri \"<@STRING:uri@>\"] [unique_id \"<@WORD:unique_id@>\"]", + "msg_id" : "Apache_Mod_Security:error_reading_request_body", + "table" : "Apache_Mod_Security", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> [<@DATE_TIME_APACHE_ERROR:apachetime@>] <@REGEXP(\"\\[error\\] \\[client .+\\] client denied by server configuration.*\"):msg@>", + "msg_id" : "Apache_Mod_Security:client_denied_server_configuration", + "table" : "Message", + "taxonomy" : "Access.Failure", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> [<@DATE_TIME_APACHE_ERROR:apachetime@>] <@REGEXP(\"\\[error\\] \\[client .+\\] File does not exist: .+\"):msg@>", + "msg_id" : "Apache_Mod_Security:file_does_not_exist", + "table" : "Message", + "taxonomy" : "Access.Failure", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> [<@DATE_TIME_APACHE_ERROR:apachetime@>] <@REGEXP(\"\\[error\\] \\[client .+\\] request failed: error reading the headers.*\"):msg@>", + "msg_id" : "Apache_Mod_Security:error_reading_headers", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + } + ], + "website" : "http://www.modsecurity.org/", + "version" : "201002180005", + "name" : "Apache_Mod_Security", + "description" : "Apache ModSecurity Service" +} diff --git a/conf/logmanagement/services/Apache_Traffic.json b/conf/logmanagement/services/Apache_Traffic.json new file mode 100644 index 0000000..889ce49 --- /dev/null +++ b/conf/logmanagement/services/Apache_Traffic.json @@ -0,0 +1,51 @@ +{ + "icon" : "software/logo_apache", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> apache: <@IP_ADDR:src_addr@> - - [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> HTTP/<@WORD:http_version@>\" <@REGEXP(\"200\"):status@> <@BYTES:rec_bytes@> \"<@STRING:referer@>\" \"<@USER_AGENT:user_agent@>\" <@STRING:NULL@>", + "msg_id" : "Apache_Traffic:code_200", + "table" : "Web_Traffic", + "taxonomy" : "Traffic.Granted", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> apache: <@IP_ADDR:src_addr@> - - [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> HTTP/<@WORD:http_version@>\" <@REGEXP(\"302\"):status@> - \"<@STRING:referer@>\" \"<@USER_AGENT:user_agent@>\" <@STRING:NULL@>", + "msg_id" : "Apache_Traffic:code_302", + "table" : "Web_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> apache: <@IP_ADDR:src_addr@> - - [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> HTTP/<@WORD:http_version@>\" <@REGEXP(\"40\\d\"):status@> - \"<@STRING:referer@>\" \"<@USER_AGENT:user_agent@>\" <@STRING:NULL@>", + "msg_id" : "Apache_Traffic:code_40x", + "table" : "Web_Traffic", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> apache: <@IP_ADDR:src_addr@> - - [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> HTTP/<@WORD:http_version@>\" <@REGEXP(\"503\"):status@> - \"<@STRING:referer@>\" \"<@USER_AGENT:user_agent@>\" <@STRING:NULL@>", + "msg_id" : "Apache_Traffic:code_503", + "table" : "Web_Traffic", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> apache: <@IP_ADDR:src_addr@> - - [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@>\" <@REGEXP(\"400\"):status@> <@BYTES:rec_bytes@> \"<@STRING:referer@>\" \"<@USER_AGENT:user_agent@>\" <@STRING:NULL@>", + "msg_id" : "Apache_Traffic:code_400", + "table" : "Web_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> apache: <@IP_ADDR:src_addr@> - - [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> HTTP/<@WORD:http_version@>\" <@REGEXP(\"200\"):status@> - \"<@STRING:referer@>\" \"<@USER_AGENT:user_agent@>\" <@STRING:NULL@>", + "msg_id" : "Apache_Traffic:code_200_zero_data", + "table" : "Web_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + } + ], + "website" : "http://httpd.apache.org/", + "version" : "200708230002", + "name" : "Apache_Traffic", + "description" : "Apache Traffic Service" +} diff --git a/conf/logmanagement/services/Audispd.json b/conf/logmanagement/services/Audispd.json new file mode 100644 index 0000000..3a6b884 --- /dev/null +++ b/conf/logmanagement/services/Audispd.json @@ -0,0 +1,36 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"audispd\"):daemon@>: <@REGEXP(\"max_restarts_parser called with: \\d+\"):msg@>", + "msg_id" : "Audispd:max_restarts_parser_called_with", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"audispd\"):daemon@>: <@REGEXP(\"priority_boost_parser called with: \\d+\"):msg@>", + "msg_id" : "Audispd:priority_boost_parser_called_with", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"audispd\"):daemon@>: <@REGEXP(\".+ plugin initialized\"):msg@>", + "msg_id" : "Audispd:plugin_initialized", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"audispd\"):daemon@>: <@REGEXP(\"audispd initialized with q_depth=\\d+ and \\d+ active plugins\"):msg@>", + "msg_id" : "Audispd:audispd_initialized_with_q_depth_and_active_plugins", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "", + "version" : "201004300005", + "name" : "Audispd", + "description" : "Audit Event Multiplexor Service" +} diff --git a/conf/logmanagement/services/Audit.json b/conf/logmanagement/services/Audit.json new file mode 100644 index 0000000..c66f4b8 --- /dev/null +++ b/conf/logmanagement/services/Audit.json @@ -0,0 +1,71 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"auditd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Started dispatcher: .+\"):msg@>", + "msg_id" : "Audit:started_dispatcher", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"auditd\"):daemon@>: <@REGEXP(\"Cannot daemonize .+\"):msg@>", + "msg_id" : "Audit:cannot_daemonize", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"auditd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"The audit daemon is exiting.\"):msg@>", + "msg_id" : "Audit:exiting", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"auditd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Error sending signal_info request.+\"):msg@>", + "msg_id" : "Audit:error_sending_signal_info_request", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"auditd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Init complete, auditd .+ listening for events .+\"):msg@>", + "msg_id" : "Audit:init_complete_listening_for_events", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"auditd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Audit daemon rotating log files\"):msg@>", + "msg_id" : "Audit:rotating_log_files", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"auditd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"client .+ socket closed unexpectedly\"):msg@>", + "msg_id" : "Audit:client_socket_closed_unexpectedly", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"auditd\"):daemon@>: <@REGEXP(\".+ permissions should be .+\"):msg@>", + "msg_id" : "Audit:permissions_should_be", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"auditd\"):daemon@>: <@REGEXP(\"The audit daemon is exiting.\"):msg@>", + "msg_id" : "Audit:exiting2", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Information" + } + ], + "website" : "", + "version" : "201208290005", + "name" : "Audit", + "description" : "Linux Kernel Audit Service" +} diff --git a/conf/logmanagement/services/Automount.json b/conf/logmanagement/services/Automount.json new file mode 100644 index 0000000..aaaccd5 --- /dev/null +++ b/conf/logmanagement/services/Automount.json @@ -0,0 +1,57 @@ +{ + "icon" : "", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"automount\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"lookup_mount: exports lookup failed for .+\"):msg@>", + "msg_id" : "Automount:exports_lookup_failed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"automount\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"lookup_nss_mount: key .+ not found in map.\"):msg@>", + "msg_id" : "Automount:key_not_found_in_map", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"automount\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"create_udp_client:\\d+: hostname lookup failed: Operation not permitted\"):msg@>", + "msg_id" : "Automount:create_udp_client_hostname_lookup_failed_operation_not_permitted", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"automount\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"create_tcp_client:\\d+: hostname lookup failed: Operation not permitted\"):msg@>", + "msg_id" : "Automount:create_tcp_client_hostname_lookup_failed_operation_not_permitted", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"automount\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"umount.+: ask umount returned .+\"):msg@>", + "msg_id" : "Automount:ask_umount_return", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"automount\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"syntax error in map near.+\"):msg@>", + "msg_id" : "Automount:syntax_error_in_map", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"automount\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"update_negative_cache: key.+not found in map.\"):msg@>", + "msg_id" : "Automount:update_negative_cache_key_not_found", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + } + ], + "version" : "201006040001", + "name" : "Automount", + "description" : "Automount Service" +} diff --git a/conf/logmanagement/services/Avahi.json b/conf/logmanagement/services/Avahi.json new file mode 100644 index 0000000..563088b --- /dev/null +++ b/conf/logmanagement/services/Avahi.json @@ -0,0 +1,156 @@ +{ + "icon" : "software/logo_avahi", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Registering new address record for .+\"):msg@>", + "msg_id" : "Avahi:registering_new_address_record", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Joining mDNS multicast group on .+\"):msg@>", + "msg_id" : "Avahi:joining_mdns_multicast_group", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"New relevant interface .+\"):msg@>", + "msg_id" : "Avahi:new_relevant_interface", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Server startup complete. Host name is .+\"):msg@>", + "msg_id" : "Avahi:server_startup_complete", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"avahi-daemon \\S+ starting up.\"):msg@>", + "msg_id" : "Avahi:starting_up", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Successfully dropped .+\"):msg@>", + "msg_id" : "Avahi:successfully_dropped", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Found user.+\\(UID \\d+\\) and group.+\\(GID \\d+\\).\"):msg@>", + "msg_id" : "Avahi:found_user_and_group", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Network interface enumeration completed.\"):msg@>", + "msg_id" : "Avahi:network_interface_enumeration_completed", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Registering \\w+ record with values .+\"):msg@>", + "msg_id" : "Avahi:registering_record_with_walues", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+quitting.\"):msg@>", + "msg_id" : "Avahi:quitting", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Leaving .+ on interface .+ with address .+\"):msg@>", + "msg_id" : "Avahi:leaving_on_interface_with_address", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Loading service file .+\"):msg@>", + "msg_id" : "Avahi:loading_service_file", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Received response with invalid source port .+ on interface .+\"):msg@>", + "msg_id" : "Avahi:response_with_invalid_source_port_received", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Service group file .+ changed, reloading.\"):msg@>", + "msg_id" : "Avahi:service_group_file_changed_reloading", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Invalid .+ query packet.\"):msg@>", + "msg_id" : "Avahi:invalid_query_packet", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Files changed, reloading.\"):msg@>", + "msg_id" : "Avahi:files_changed_reloading", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Service .+ successfully established.\"):msg@>", + "msg_id" : "Avahi:service_successfully_established", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Received response from host .+ with invalid source port .+ on interface .+\"):msg@>", + "msg_id" : "Avahi:received_response_with_invalid_source_port", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ called but no querier to remove.\"):msg@>", + "msg_id" : "Avahi:no_querier_to_remove", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Withdrawing address record for .+ on .+\"):msg@>", + "msg_id" : "Avahi:withdrawing_address_record_for_ip_on_interface", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"avahi-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Interface .+ no longer relevant for mDNS.\"):msg@>", + "msg_id" : "Avahi:interface_no_longer_relevant_for_mDNS", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "http://avahi.org/", + "version" : "201004300002", + "name" : "Avahi", + "description" : "Avahi (Zeroconf Networking) Service" +} diff --git a/conf/logmanagement/services/Bind.json b/conf/logmanagement/services/Bind.json new file mode 100644 index 0000000..8da158a --- /dev/null +++ b/conf/logmanagement/services/Bind.json @@ -0,0 +1,596 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: client <@IP_ADDR:client@>#<@NUMBER:NULL@>: query: <@WORD:query@> <@STRING:query_type@>", + "msg_id" : "Bind:query", + "table" : "Bind_query", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"lame server resolving .+\"):msg@>", + "msg_id" : "Bind:lame_server_resolving", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: client <@IP_ADDR:client@>#<@NUMBER:NULL@>: <@STRING:action@> zone <@SINGLE_QUOTED_STRING:zone@>: <@STRING:status@>", + "msg_id" : "Bind:action_on_zone", + "table" : "Bind_zone", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: client <@IP_ADDR:client@>#<@NUMBER:NULL@>: <@STRING:action@> <@SINGLE_QUOTED_STRING:zone@> <@REGEXP(\"denied \"):status@>", + "msg_id" : "Bind:action_on_zone_denied", + "table" : "Bind_zone", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: client <@IP_ADDR:client@>#<@NUMBER:NULL@>: <@REGEXP(\"updating zone\"):action@>", + "msg_id" : "Bind:updating_zone", + "table" : "Bind_zone", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: client <@IP_ADDR:client@>#<@NUMBER:NULL@>: <@STRING:action@> <@SINGLE_QUOTED_STRING:NULL@>: <@STRING:status@>", + "msg_id" : "Bind:action_on_zone2", + "table" : "Bind_zone", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"loading configuration from '.+'\"):msg@> ", + "msg_id" : "Bind:loading_configuration", + "table" : "Message", + "taxonomy" : "Config", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"no IPv\\d+ interfaces found\"):msg@> ", + "msg_id" : "Bind:no_ip_interface", + "table" : "Message", + "taxonomy" : "Config", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"zone .+: loading master file .+: file not found\"):msg@> ", + "msg_id" : "Bind:loading_master_file", + "table" : "Message", + "taxonomy" : "Config", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: zone <@STRING:zone@>: <@REGEXP(\"loaded serial \\d+\"):status@> ", + "msg_id" : "Bind:zone_loaded_serial", + "table" : "Bind_zone", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: zone <@STRING:zone@>: <@REGEXP(\"sending notifies \\(serial \\d+\\)\"):status@> ", + "msg_id" : "Bind:zone_sending_notifies", + "table" : "Bind_zone", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"notify question section contains no \\S+\"):msg@> ", + "msg_id" : "Bind:notify_question_contains_no", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: zone <@STRING:zone@>: <@REGEXP(\"refresh\"):action@>: <@STRING:status@>", + "msg_id" : "Bind:zone_refresh", + "table" : "Bind_zone", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: zone <@STRING:zone@>: <@REGEXP(\"transferred serial \\d+\"):status@> ", + "msg_id" : "Bind:zone_transferred_serial", + "table" : "Bind_zone", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: zone <@STRING:zone@>: <@REGEXP(\"loading master file .+\"):action@>: <@STRING:status@>", + "msg_id" : "Bind:zone_loading_master_file", + "table" : "Bind_zone", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"listening on .+\"):msg@>", + "msg_id" : "Bind:listening_on", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ no TTL specified; using SOA MINTTL instead\"):msg@> ", + "msg_id" : "Bind:no_ttl_specified", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"command channel listening on .+\"):msg@>", + "msg_id" : "Bind:command_channel_listening_on", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"zone \\S+: could not find .+ records\"):msg@> ", + "msg_id" : "Bind:zone_couldnt_find_records", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"zone \\S+: has \\S+ NS records\"):msg@> ", + "msg_id" : "Bind:zone_has_ns_records", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"zone \\S+: has \\S+ SOA records\"):msg@>", + "msg_id" : "Bind:zone_has_soa_records", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"starting BIND .+\"):msg@>", + "msg_id" : "Bind:starting_bind", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"transfer\"):action@> of <@SINGLE_QUOTED_STRING:zone@> from <@IP_ADDR:client@>#<@NUMBER:NULL@>: <@STRING:status@>", + "msg_id" : "Bind:zone_transfer", + "table" : "Bind_zone", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: zone <@STRING:zone@>: <@REGEXP(\"expired\"):status@> ", + "msg_id" : "Bind:zone_expired", + "table" : "Bind_zone", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: zone <@STRING:zone@>: <@REGEXP(\"saved\"):action@> <@SINGLE_QUOTED_STRING:status@> as <@SINGLE_QUOTED_STRING:NULL@> ", + "msg_id" : "Bind:zone_saved", + "table" : "Bind_zone", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"dns_master_load\"):action@>: <@STRING:zone@>:<@NUMBER:NULL@>: <@REGEXP(\"ignoring out-of-zone data .+\"):status@>", + "msg_id" : "Bind:ignoring_out_zone_data", + "table" : "Bind_zone", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"received notify\"):action@> for zone <@SINGLE_QUOTED_STRING:zone@>: <@REGEXP(\"not authoritative\"):status@>", + "msg_id" : "Bind:not_authoritative", + "table" : "Bind_zone", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"dns_rdata_fromtext\"):action@>: <@STRING:zone@>:<@NUMBER:NULL@>: <@REGEXP(\"near .+: out of range\"):status@>", + "msg_id" : "Bind:near_out_of_range", + "table" : "Bind_zone", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"using \\d+ CPU.*\"):msg@>", + "msg_id" : "Bind:using_cpu", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"running\"):msg@> ", + "msg_id" : "Bind:running", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: dns_master_load: <@WORD:zone@>:<@NUMBER:NULL@>: <@REGEXP(\"using RFC \\d+ TTL semantics\"):status@>", + "msg_id" : "Bind:using_rfc_ttl_semantics", + "table" : "Bind_zone", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@WORD:zone@>:<@NUMBER:NULL@>: <@REGEXP(\"file does not end with newline\"):status@>", + "msg_id" : "Bind:file_doesnt_end_newline", + "table" : "Bind_zone", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"dispatch \\S+: shutting down due to TCP receive error: connection reset\"):msg@>", + "msg_id" : "Bind:shutting_down_tcp_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>:<@REGEXP(\".+succeeded\"):msg@> ", + "msg_id" : "Bind:succeeded", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: missing ';' before .+\"):msg@>", + "msg_id" : "Bind:missing_before", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"reloading configuration failed: .+\"):msg@> ", + "msg_id" : "Bind:reloading_configuration_failed", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"dumping master file: .+\"):msg@>", + "msg_id" : "Bind:dumping_master_file_error", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: option '\\S+' is not allowed in 'slave' zone '\\S+'\"):msg@>", + "msg_id" : "Bind:not_allowed_in_slave", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"received notify\"):action@> for zone <@SINGLE_QUOTED_STRING:zone@>", + "msg_id" : "Bind:received_notify", + "table" : "Bind_zone", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"unknown control channel command '.+'\"):msg@> ", + "msg_id" : "Bind:unknown_control_channel_command", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: unexpected end of \\S+\"):msg@> ", + "msg_id" : "Bind:unexpected_end_of", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ expected near .+\"):msg@>", + "msg_id" : "Bind:error_expected_near", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: unexpected error.+\"):msg@>", + "msg_id" : "Bind:unexpected_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"internal_send: \\S+#\\d+: Invalid argument\"):msg@> ", + "msg_id" : "Bind:internal_invalid_argument", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"dns_rdata_fromtext: .+ near .+: bad dotted quad\"):msg@>", + "msg_id" : "Bind:bad_dotted_quad", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"shutting down: flushing changes\"):msg@> ", + "msg_id" : "Bind:shutting_down_flushing_changes", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+:\\d+: when using 'view' statements, all zones must be in views\"):msg@>", + "msg_id" : "Bind:zones_in_views", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"stopping command channel on .+\"):msg@>", + "msg_id" : "Bind:stopping_command_channel", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"no longer listening on .+\"):msg@>", + "msg_id" : "Bind:no_longer_listening", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"client \\S+: error sending response: connection reset\"):msg@> ", + "msg_id" : "Bind:connection_reset", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"dns_rdata_fromtext: .+:\\d+: .+: not a valid number\"):msg@> ", + "msg_id" : "Bind:config_not_valid_number", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"exiting\"):msg@> ", + "msg_id" : "Bind:exiting", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"zone .+: zone serial has gone backwards\"):msg@> ", + "msg_id" : "Bind:zone_serial_gone_backwards", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: unknown option .+\"):msg@>", + "msg_id" : "Bind:unknown_option", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"unable to rename log file .+\"):msg@> ", + "msg_id" : "Bind:unable_rename_file", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"client .+: update forwarding denied\"):msg@> ", + "msg_id" : "Bind:update_forwarding_denied", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"logging channel .+ permission denied\"):msg@> ", + "msg_id" : "Bind:logging_channel_permission_denied", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"isc_log_open .+ failed: permission denied\"):msg@> ", + "msg_id" : "Bind:isc_log_open_failed", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: dns_master_load: <@STRING:NULL@>: <@STRING:zone@>: <@REGEXP(\"CNAME and other data\"):action@> ", + "msg_id" : "Bind:cname_other_data", + "table" : "Bind_zone", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"nss_ldap: could not connect to any LDAP server .+\"):msg@>", + "msg_id" : "Bind:couldnt_connect_ldap_server", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"client .+: no more recursive clients: quota reached\"):msg@> ", + "msg_id" : "Bind:recursive_clients_quota_reached", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"loading configuration: failure\"):msg@> ", + "msg_id" : "Bind:loading_configuration_failure", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ is not a decimal dotted quad\"):msg@> ", + "msg_id" : "Bind:not_decimal_dotted_quad", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"dns_rdata_fromtext: .+:\\d+: near .+: extra input text\"):msg@> ", + "msg_id" : "Bind:extra_input_text", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Forwarding source address is .+\"):msg@>", + "msg_id" : "Bind:forwarding_source_address_is", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: WARNING SOA expire value is less than .+\"):msg@>", + "msg_id" : "Bind:soa_expire_value_warning", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: Database error .+\"):msg@>", + "msg_id" : "Bind:database_error", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: syntax error near .+\"):msg@>", + "msg_id" : "Bind:syntax_error_near", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\w+ zone .+ loaded \\(serial \\d+\\)\"):msg@>", + "msg_id" : "Bind:zone_loaded", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"USAGE \\d+ \\d+ CPU=.+ CHILDCPU=.+\"):msg@>", + "msg_id" : "Bind:usage", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\wSTATS \\d+ \\d+ .+\"):msg@>", + "msg_id" : "Bind:stats", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Ready to answer queries.\"):msg@>", + "msg_id" : "Bind:ready_to_answer_queries", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Cleaned cache of .+\"):msg@>", + "msg_id" : "Bind:cleaned_cache", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\w+ zone .+ rejected due to errors .+\"):msg@>", + "msg_id" : "Bind:zone_rejected_due_errors", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"sysquery: findns error .+\"):msg@>", + "msg_id" : "Bind:findns_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: Line \\d+: Unknown type:.+\"):msg@>", + "msg_id" : "Bind:config_unknown_type", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"No root nameservers for class .+\"):msg@>", + "msg_id" : "Bind:no_root_nameservers", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"found \\d+ CPU.*\"):msg@>", + "msg_id" : "Bind:found_cpu", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+:\\d+: expected a .+, got .+\"):msg@>", + "msg_id" : "Bind:error_expected_but_got", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"included from .+ line \\d+\"):msg@>", + "msg_id" : "Bind:included_from_line", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+:\\d+: option '.+' is obsolete\"):msg@> ", + "msg_id" : "Bind:option_obsolete", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"automatic empty zone: .+\"):msg@> ", + "msg_id" : "Bind:automatic_empty_zone", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"couldn't add command channel .+\"):msg@> ", + "msg_id" : "Bind:couldnt_add_command_channel", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"named\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"too many timeouts resolving .+\"):msg@>", + "msg_id" : "Bind:too_many_timeout_resolving", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://www.isc.org/index.pl?/sw/bind/index.php", + "version" : "201002180001", + "name" : "Bind", + "description" : "Bind DNS Server Service" +} diff --git a/conf/logmanagement/services/Blue_Coat_System.json b/conf/logmanagement/services/Blue_Coat_System.json new file mode 100644 index 0000000..ee2a8af --- /dev/null +++ b/conf/logmanagement/services/Blue_Coat_System.json @@ -0,0 +1,443 @@ +{ + "icon" : "companies/logo_bluecoat", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Management Console .+, enabled syslog.+\"):msg@>", + "msg_id" : "Blue_Coat_System:enabled_syslog", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Management Console .+, started packet capture.+\"):msg@>", + "msg_id" : "Blue_Coat_System:started_packet_capture", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Management Console .+, stopped packet capture.+\"):msg@>", + "msg_id" : "Blue_Coat_System:stopped_packet_capture", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Management Console .+, \\w+ed ICAP service .+\"):msg@>", + "msg_id" : "Blue_Coat_System:icap_service_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Administrator login from \\S+, user .+\"):msg@>", + "msg_id" : "Blue_Coat_System:administrator_login_from", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Read/write mode entered from \\S+ for user .+\"):msg@>", + "msg_id" : "Blue_Coat_System:entered_read_write_mode", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Management Console .+, changed config:Access_log:.+\"):msg@>", + "msg_id" : "Blue_Coat_System:config_accesslog_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Management Console .+, installed new VPM \\S+ File.+\"):msg@>", + "msg_id" : "Blue_Coat_System:installed_vpm_file", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Service .+ send-client-IP is disabled.+\"):msg@>", + "msg_id" : "Blue_Coat_System:service_sendclientip_disabled", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Management Console .+, unable to start user requested \\S+ upload.+\"):msg@>", + "msg_id" : "Blue_Coat_System:unable_start_requested_upload", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Cannot establish connection to service .+\"):msg@>", + "msg_id" : "Blue_Coat_System:cannot_establish_connection_to_service", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Access Log.+: Unable to connect to remote server for log uploading.+\"):msg@>", + "msg_id" : "Blue_Coat_System:unable_remote_log_uploading", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Access Log Custom.+: Couldn't connect socket to server.+\"):msg@>", + "msg_id" : "Blue_Coat_System:log_couldnt_connect_socket", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Snapshot \\S+ has fetched .+\"):msg@>", + "msg_id" : "Blue_Coat_System:snapshot_has_fetched", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Access Log Custom.+: Connecting to primary server .+\"):msg@>", + "msg_id" : "Blue_Coat_System:log_connecting_primary_server", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+NTP: Periodic query of server.+\"):msg@>", + "msg_id" : "Blue_Coat_System:ntp_periodic_query", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Access log.+: Log uploading failed.+\"):msg@>", + "msg_id" : "Blue_Coat_System:log_uploading_failed", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Management Console .+, added service-group entry .+ to service-group.+\"):msg@>", + "msg_id" : "Blue_Coat_System:added_entry_to_servicegroup", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Management Console .+, set service .+ to .+\"):msg@>", + "msg_id" : "Blue_Coat_System:set_service_config_to", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Health check: Entry .+ health has changed. Functioning properly..+\"):msg@>", + "msg_id" : "Blue_Coat_System:health_check_functioning_properly", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Health check: Entry .+ health has changed. Health check failed..+\"):msg@>", + "msg_id" : "Blue_Coat_System:health_check_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ISTag for .+ changed from .+\"):msg@>", + "msg_id" : "Blue_Coat_System:istag_changed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Initiating download of .+ database.+\"):msg@>", + "msg_id" : "Blue_Coat_System:initiating_download_database", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Download of .+ database complete.+\"):msg@>", + "msg_id" : "Blue_Coat_System:download_database_complete", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Management Console .+, performed health check for external service .+\"):msg@>", + "msg_id" : "Blue_Coat_System:performed_healthcheck_external_service", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Download of .+ database failed.+\"):msg@>", + "msg_id" : "Blue_Coat_System:download_database_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Access Log.+: Closing TCP/IP connection.+\"):msg@>", + "msg_id" : "Blue_Coat_System:closing_tcpip_connection", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Category list retrieved and mapped: .+\"):msg@>", + "msg_id" : "Blue_Coat_System:category_list_retrieved_mapped", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Access Log .+: Socket error occured while sending data.+\"):msg@>", + "msg_id" : "Blue_Coat_System:socket_error_while_sending", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Access Log.+: error in sending log data.+\"):msg@>", + "msg_id" : "Blue_Coat_System:error_sending_log_data", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Console user password authentication from .+ failed for user .+\"):msg@>", + "msg_id" : "Blue_Coat_System:password_authentication_failed", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ Management Console .+, initiated .+ database download.+\"):msg@>", + "msg_id" : "Blue_Coat_System:initiated_database_download", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+DNS lookup .+ rejected by server.+\"):msg@>", + "msg_id" : "Blue_Coat_System:dns_lookup_rejected", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Health check error: .+\"):msg@>", + "msg_id" : "Blue_Coat_System:health_check_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+Health check: Entry .+ health has changed.+\"):msg@>", + "msg_id" : "Blue_Coat_System:health_check_health_changed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ Management Console .+, changed .+ download .+ CONFIGURATION_EVENT .+\"):msg@>", + "msg_id" : "Blue_Coat_System:changed_download_configuration", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ Offbox Communication Error .+\"):msg@>", + "msg_id" : "Blue_Coat_System:offbox_communication_error", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ Receive failed. Using service .+ on local port .+\"):msg@>", + "msg_id" : "Blue_Coat_System:receive_failed_using_service", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ Dynamic categorization error: .+\"):msg@>", + "msg_id" : "Blue_Coat_System:dynamic_categorization_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ Config admin services: .+ listener .+\"):msg@>", + "msg_id" : "Blue_Coat_System:config_admin_services_listener", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ Config admin \\w+ed .+\"):msg@>", + "msg_id" : "Blue_Coat_System:config_admin_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ Config admin set .+\"):msg@>", + "msg_id" : "Blue_Coat_System:config_admin_set", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ Config admin access log.+\"):msg@>", + "msg_id" : "Blue_Coat_System:config_admin_access_log", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ DNS service restored after \\d+ timeouts.+\"):msg@>", + "msg_id" : "Blue_Coat_System:dns_service_restored", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ DNS lookup to .+ timed out.+\"):msg@>", + "msg_id" : "Blue_Coat_System:dns_timed_out", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ Management Console admin .+, requested NTP update .+\"):msg@>", + "msg_id" : "Blue_Coat_System:requested_ntp_update", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ Management Console admin .+, registerd external service .+\"):msg@>", + "msg_id" : "Blue_Coat_System:registerd_external_service", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ HTTP Listening on port .+\"):msg@>", + "msg_id" : "Blue_Coat_System:http_listening_on_port", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ CFSSL:SSL_\\w+ error:.+\"):msg@>", + "msg_id" : "Blue_Coat_System:ssl_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ NULL character found in the request .+\"):msg@>", + "msg_id" : "Blue_Coat_System:null_found_in_request", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ The websense server returned an invalid response.+\"):msg@>", + "msg_id" : "Blue_Coat_System:websense_returned_invalid_response", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ NTP: Receive timeout, retrying NTP Server: .+\"):msg@>", + "msg_id" : "Blue_Coat_System:ntp_receive_timeout", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ Access Log .+: Upload request completed.+\"):msg@>", + "msg_id" : "Blue_Coat_System:upload_request_completed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ NTP: Tried all configured servers.+\"):msg@>", + "msg_id" : "Blue_Coat_System:ntp_tried_all_servers", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ Management Console admin .+, changed .+ license key .+\"):msg@>", + "msg_id" : "Blue_Coat_System:changed_license_key", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ Management Console admin .+, changed config:.+\"):msg@>", + "msg_id" : "Blue_Coat_System:changed_config", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ Network interface \\w+: Interface.+\"):msg@>", + "msg_id" : "Blue_Coat_System:network_interface_changed_state", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ Management Console admin .+, changed offbox .+\"):msg@>", + "msg_id" : "Blue_Coat_System:changed_offbox_setting", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ Management Console admin .+, removed health check .+\"):msg@>", + "msg_id" : "Blue_Coat_System:removed_health_check", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ Management Console admin .+, set .+ for .+\"):msg@>", + "msg_id" : "Blue_Coat_System:modification_set_for", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ CONFIGURATION_EVENT .+\"):msg@>", + "msg_id" : "Blue_Coat_System:configuration_event", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ProxySG\"):daemon@>: <@REGEXP(\".+ Stats Worker: .+ SEVERE_ERROR .+\"):msg@>", + "msg_id" : "Blue_Coat_System:stats_worker_severe_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://www.bluecoat.com", + "version" : "201002180001", + "name" : "Blue_Coat_System", + "description" : "Blue Coat System Service" +} diff --git a/conf/logmanagement/services/CVS.json b/conf/logmanagement/services/CVS.json new file mode 100644 index 0000000..326c5f9 --- /dev/null +++ b/conf/logmanagement/services/CVS.json @@ -0,0 +1,140 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> cvs: <@REGEXP(\"unexpected EOF encountered during authentication\"):msg@> ", + "msg_id" : "CVS:unexpected_eof_during_authentication", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> cvsd[<@PID:pid@>]: <@REGEXP(\"caught signal .+\"):msg@>", + "msg_id" : "CVS:caught_signal", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> cvsd[<@PID:pid@>]: <@REGEXP(\"version .+ bailing out \"):msg@>", + "msg_id" : "CVS:version_bailing_out", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> cvs: <@REGEXP(\"password mismatch for .+\"):msg@>", + "msg_id" : "CVS:password_mismatch", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> cvs: <@REGEXP(\"login failure .+\"):msg@>", + "msg_id" : "CVS:login_failure", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> cvs: <@REGEXP(\"error .* called recursively. \\w+ message was:\"):msg@> ", + "msg_id" : "CVS:called_recursively_message_was", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> cvs: <@REGEXP(\"Aborting.\"):msg@> ", + "msg_id" : "CVS:aborting", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> cvs: <@REGEXP(\"cvs checkout: cannot open .+: No such file or directory\"):msg@> ", + "msg_id" : "CVS:cvs_checkout_cannot_open", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> cvs: <@REGEXP(\"cvs \\[checkout aborted\\]: .+\"):msg@> ", + "msg_id" : "CVS:checkout_aborted", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> cvs: <@REGEXP(\"Dying gasps received from client.\"):msg@> ", + "msg_id" : "CVS:dying_gasps_from_client", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> cvs: <@REGEXP(\"cvs \\[update aborted\\]: .+\"):msg@> ", + "msg_id" : "CVS:update_aborted", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> cvs: <@REGEXP(\"cvs update: cannot open directory .+\"):msg@>", + "msg_id" : "CVS:update_cannot_open_directory", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> cvs: <@REGEXP(\"login refused for \\w+: user has no password\"):msg@> ", + "msg_id" : "CVS:login_refused_no_password", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> cvs: <@REGEXP(\".*authentication failure; .+\"):msg@>", + "msg_id" : "CVS:authentication_failure", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> cvs: <@REGEXP(\"cvs update: Updating .+\"):msg@>", + "msg_id" : "CVS:updating", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> cvs: <@REGEXP(\"cvs update: cannot open CVS/Entries.Log.*\"):msg@>", + "msg_id" : "CVS:cant_open_entries_log", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> cvs: <@REGEXP(\"cvs \\[status aborted\\]:.*\"):msg@>", + "msg_id" : "CVS:cvs_status_aborted", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cvs\"):daemon@>: <@REGEXP(\"cvs rtag: Tagging .+\"):msg@>", + "msg_id" : "CVS:rtag_tagging", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cvs\"):daemon@>: <@REGEXP(\"cvs \\[rtag aborted\\]: .+\"):msg@>", + "msg_id" : "CVS:rtag_aborted", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + } + ], + "version" : "200902130002", + "name" : "CVS", + "description" : "CVS Service" +} diff --git a/conf/logmanagement/services/Cisco_ACS.json b/conf/logmanagement/services/Cisco_ACS.json new file mode 100644 index 0000000..0387819 --- /dev/null +++ b/conf/logmanagement/services/Cisco_ACS.json @@ -0,0 +1,317 @@ +{ + "icon" : "companies/logo_cisco", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@> <@WORD:level@>: <@REGEXP(\"$\"):msg@>", + "msg_id" : "Cisco_ACS:empty", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@> <@WORD:level@>: <@REGEXP(\"\\.\"):msg@>", + "msg_id" : "Cisco_ACS:dot", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@> <@WORD:level@> <@REGEXP(\"daemonizing...\"):msg@>", + "msg_id" : "Cisco_ACS:daemonizing", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@> <@WORD:level@>: <@REGEXP(\"running\"):msg@>", + "msg_id" : "Cisco_ACS:running", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@> <@WORD:level@>: <@REGEXP(\"initializing\"):msg@>", + "msg_id" : "Cisco_ACS:initializing", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@> <@WORD:level@> <@REGEXP(\"executing .+\"):msg@>", + "msg_id" : "Cisco_ACS:executing", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@> <@WORD:level@>: <@REGEXP(\"Creating file .+ with PID\"):msg@> <@PID:pid@>", + "msg_id" : "Cisco_ACS:creating_file_with_pid", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@> <@WORD:level@>: <@REGEXP(\"starting .+ in .+\"):msg@>", + "msg_id" : "Cisco_ACS:starting", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@> <@WORD:level@>: <@REGEXP(\"Number of .+ processes running is \\d+\"):msg@>", + "msg_id" : "Cisco_ACS:number_of_processes_running", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@> <@WORD:level@>: <@REGEXP(\"Waiting for .+ to come up..\"):msg@>", + "msg_id" : "Cisco_ACS:waiting_for_to_come_up", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@> <@WORD:level@>: <@REGEXP(\"LD_LIBRARY_PATH is set to: .+\"):msg@>", + "msg_id" : "Cisco_ACS:ld_library_path_is_set_to", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dbupgrade\"):daemon@>: <@WORD:level@>:<@REGEXP(\".+Database upgrade logging start\"):msg@>", + "msg_id" : "Cisco_ACS:database_upgrade_logging_start", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dbupgrade\"):daemon@>: <@WORD:level@>:<@REGEXP(\".+ Debugging\"):msg@> <@WORD:status@>", + "msg_id" : "Cisco_ACS:debugging_status", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dbupgrade\"):daemon@>: <@WORD:level@>:<@REGEXP(\".+ Current database version: .+\"):msg@>", + "msg_id" : "Cisco_ACS:current_database_version", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dbupgrade\"):daemon@>: <@WORD:level@>:<@REGEXP(\".+ storeUpgrade start upgrade.\"):msg@>", + "msg_id" : "Cisco_ACS:storeUpgrade_start_upgrade", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dbupgrade\"):daemon@>: <@WORD:level@>:<@REGEXP(\".+ Current swSchema version: .+\"):msg@>", + "msg_id" : "Cisco_ACS:current_swSchema_version", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dbupgrade\"):daemon@>: <@WORD:level@>:<@REGEXP(\".+ Database is already upgraded.\"):msg@>", + "msg_id" : "Cisco_ACS:database_is_already_upgraded", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dbupgrade\"):daemon@>: <@WORD:level@>:<@REGEXP(\".+ storeUpgrade end upgrade.\"):msg@>", + "msg_id" : "Cisco_ACS:storeUpgrade_end_upgrade", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dbupgrade\"):daemon@>: <@WORD:level@>:<@REGEXP(\".+ just nothing to do - upgrade not needed.\"):msg@>", + "msg_id" : "Cisco_ACS:just_nothing_to_do_upgrade_not_needed", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dbupgrade\"):daemon@>: <@WORD:level@>:<@REGEXP(\".+ storeUpgrade Done.\"):msg@>", + "msg_id" : "Cisco_ACS:storeUpgrade_done", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"database\"):daemon@> <@WORD:level@>: <@REGEXP(\"Database certificate found.\"):msg@>", + "msg_id" : "Cisco_ACS:database_certificate_found", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"database\"):daemon@> <@WORD:level@>: <@REGEXP(\"Starting SQL Anwyhere service ACSDB : network\"):msg@>[ <@STRING:status@> ]", + "msg_id" : "Cisco_ACS:starting_sql_anywhere_service_ACSDB_network_status", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mgmt\"):daemon@> <@WORD:level@>: <@REGEXP(\"Certificate found, starting .+\"):msg@>", + "msg_id" : "Cisco_ACS:certificate_found_starting_program", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mgmt\"):daemon@> <@WORD:level@>: <@REGEXP(\"After startup removing file\"):msg@>", + "msg_id" : "Cisco_ACS:after_startup_removing_file", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"adclient\"):daemon@> <@WORD:level@>: <@REGEXP(\"Run, Initializing DB query...\"):msg@>", + "msg_id" : "Cisco_ACS:run_initializing_db_query", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"adclient\"):daemon@> <@WORD:level@>: <@REGEXP(\".+WARN No appenders could be found for logger.+\"):msg@>", + "msg_id" : "Cisco_ACS:no_appenders_found_for_logger", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"adclient\"):daemon@> <@WORD:level@>: <@REGEXP(\".+WARN Please initialize the .+ system properly.\"):msg@>", + "msg_id" : "Cisco_ACS:please_initialize_system_properly", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"adclient\"):daemon@> <@WORD:level@>: <@REGEXP(\"Active Directory object founded.\"):msg@>", + "msg_id" : "Cisco_ACS:ad_object_founded", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"adclient\"):daemon@> <@WORD:level@>: <@REGEXP(\"Active directory check returned \\d+\"):msg@>", + "msg_id" : "Cisco_ACS:ad_check_returned_code", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"adclient\"):daemon@> <@WORD:level@>: <@REGEXP(\"Not joined - going up...\"):msg@>", + "msg_id" : "Cisco_ACS:not_joined_going_up", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"adclient\"):daemon@> <@WORD:level@>: <@REGEXP(\"adclient monitoring already enabled\"):msg@>", + "msg_id" : "Cisco_ACS:adclient_monitoring_already_enabled", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"runtime\"):daemon@> <@WORD:level@>: <@REGEXP(\".+ All rights preserved. All unpublished rights reserved.\"):msg@>", + "msg_id" : "Cisco_ACS:rights_information", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"runtime\"):daemon@> <@WORD:level@>: <@REGEXP(\"Copyright .+\"):msg@>", + "msg_id" : "Cisco_ACS:copyright_information", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"runtime\"):daemon@> <@WORD:level@>: <@REGEXP(\"Finished initialization\"):msg@>", + "msg_id" : "Cisco_ACS:finished_initialization", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"runtime\"):daemon@> <@WORD:level@>: <@REGEXP(\"in init\"):msg@>", + "msg_id" : "Cisco_ACS:ini_init", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"runtime\"):daemon@> <@WORD:level@>: <@REGEXP(\"iAnywhere Solutions, .+\"):msg@>A", + "msg_id" : "Cisco_ACS:ianywhere_solutions_address", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"runtime\"):daemon@> <@WORD:level@>: <@REGEXP(\"Core cleanup complete.\"):msg@>", + "msg_id" : "Cisco_ACS:core_cleanup_completed", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"runtime\"):daemon@> <@WORD:level@>: <@REGEXP(\"Checking core files. Total size .+\"):msg@>", + "msg_id" : "Cisco_ACS:checking_core_files_total_size", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@> <@WORD:level@>: <@REGEXP(\"MAIN_WORKER_THREADS_COUNT = \\d+\"):msg@>", + "msg_id" : "Cisco_ACS:main_worker_threads_count", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@> <@WORD:level@>: <@REGEXP(\"Number of processors = \\d+\"):msg@>", + "msg_id" : "Cisco_ACS:number_of_processors", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@> <@WORD:level@>: <@REGEXP(\"LDAP_IN_MAIN_POOL = \\d+\"):msg@>", + "msg_id" : "Cisco_ACS:ldap_in_main_pool", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@> <@WORD:level@>: <@REGEXP(\"LOGGING_IN_MAIN_POOL = \\d+\"):msg@>", + "msg_id" : "Cisco_ACS:logging_in_main_pool", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@> <@WORD:level@>: <@REGEXP(\"INTERNAL_ID_STORE_THREADS_COUNT = \\d+\"):msg@>", + "msg_id" : "Cisco_ACS:internal_id_store_threads_count", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@> <@WORD:level@>: <@REGEXP(\"AD_ID_STORE_THREADS_COUNT = \\d+\"):msg@>", + "msg_id" : "Cisco_ACS:ad_id_store_threads_count", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + } + ], + "website" : "", + "version" : "201005190007", + "name" : "Cisco_ACS", + "description" : "Cisco ACS Service" +} diff --git a/conf/logmanagement/services/Cisco_ASA.json b/conf/logmanagement/services/Cisco_ASA.json new file mode 100644 index 0000000..b2558d2 --- /dev/null +++ b/conf/logmanagement/services/Cisco_ASA.json @@ -0,0 +1,1206 @@ +{ + "icon" : "companies/logo_cisco", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: access-list <@STRING:acl@> denied <@WORD:protocol@> <@STRING:src@>/<@IP_ADDR:src_addr@>(<@NUMBER:src_port@>) -> <@STRING:dst@>/<@IP_ADDR:dst_addr@>(<@NUMBER:dst_port@>) <@REGEXP(\"hit-cnt \\d+ \\(first hit\\)\"):msg@> [<@STRING:acl_id@>]", + "msg_id" : "Cisco_ASA:accesslist_denied_first_hit", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Built inbound <@WORD:protocol@> connection <@NUMBER:connection_id@> for <@STRING:src@>:<@IP_ADDR:src_addr@>/<@NUMBER:src_port@> (<@IP_ADDR:src_addr_2@>/<@NUMBER:src_port_2@>) to <@STRING:dst@>:<@IP_ADDR:dst_addr@>/<@NUMBER:dst_port@> (<@IP_ADDR:dst_addr_2@>/<@NUMBER:dst_port_2@>)", + "msg_id" : "Cisco_ASA:built_inbound_connection", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Built inbound <@WORD:protocol@> connection for faddr <@IP_ADDR:faddr@>/<@NUMBER:faddr_port@> gaddr <@IP_ADDR:gaddr@>/<@NUMBER:gaddr_port@> laddr <@IP_ADDR:laddr@>/<@NUMBER:laddr_port@>", + "msg_id" : "Cisco_ASA:built_inbound_connection_faddr_gaddr_laddr", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Built outbound <@WORD:protocol@> connection <@NUMBER:connection_id@> for <@STRING:src@>:<@IP_ADDR:src_addr@>/<@NUMBER:src_port@> (<@IP_ADDR:src_addr_2@>/<@NUMBER:src_port_2@>) to <@STRING:dst@>:<@IP_ADDR:dst_addr@>/<@NUMBER:dst_port@> (<@IP_ADDR:dst_addr_2@>/<@NUMBER:dst_port_2@>)", + "msg_id" : "Cisco_ASA:built_outbound_connection", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Built outbound <@WORD:protocol@> connection for faddr <@IP_ADDR:faddr@>/<@NUMBER:faddr_port@> gaddr <@IP_ADDR:gaddr@>/<@NUMBER:gaddr_port@> laddr <@IP_ADDR:laddr@>/<@NUMBER:laddr_port@>", + "msg_id" : "Cisco_ASA:built_outbound_connection_faddr_gaddr_laddr", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Teardown <@WORD:protocol@> connection <@NUMBER:connection_id@> for <@STRING:src@>:<@IP_ADDR:src_addr@>/<@NUMBER:src_port@> to <@STRING:dst@>:<@IP_ADDR:dst_addr@>/<@NUMBER:dst_port@> duration <@TIME:duration@> bytes <@NUMBER:bytes@>", + "msg_id" : "Cisco_ASA:teardown_connection_OLD", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Teardown <@WORD:protocol@> connection for faddr <@IP_ADDR:faddr@>/<@NUMBER:faddr_port@> gaddr <@IP_ADDR:gaddr@>/<@NUMBER:gaddr_port@> laddr <@IP_ADDR:laddr@>/<@NUMBER:laddr_port@>", + "msg_id" : "Cisco_ASA:teardown_connection_faddr_gaddr_laddr", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Deny <@WORD:protocol@> (no connection) from <@IP_ADDR:src_addr@>/<@NUMBER:src_port@> to <@IP_ADDR:dst_addr@>/<@NUMBER:dst_port@> flags <@STRING:flags@> on interface <@STRING:interface@>", + "msg_id" : "Cisco_ASA:deny_connection", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Deny <@WORD:protocol@> src <@STRING:src@>:<@IP_ADDR:src_addr@>/<@NUMBER:src_port@> dst <@STRING:dst@>:<@IP_ADDR:dst_addr@>/<@NUMBER:dst_port@> by access-group \"<@STRING:acl@>\" [<@STRING:acl_id@>]", + "msg_id" : "Cisco_ASA:deny_by_accessgroup_long", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Teardown static <@WORD:protocol@> translation from <@STRING:src@>:<@IP_ADDR:src_addr@>/<@NUMBER:src_port@> to <@STRING:dst@>:<@IP_ADDR:dst_addr@>/<@NUMBER:dst_port@> duration <@TIME:duration@>", + "msg_id" : "Cisco_ASA:teardown_static_translation_long", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Teardown static translation from <@STRING:src@>:<@IP_ADDR:src_addr@> to <@STRING:dst@>:<@IP_ADDR:dst_addr@> duration <@TIME:duration@>", + "msg_id" : "Cisco_ASA:teardown_static_translation_short", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Built static <@WORD:protocol@> translation from <@STRING:src@>:<@IP_ADDR:src_addr@>/<@NUMBER:src_port@> to <@STRING:dst@>:<@IP_ADDR:dst_addr@>/<@NUMBER:dst_port@>", + "msg_id" : "Cisco_ASA:built_static_translation_long", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Built static translation from <@STRING:src@>:<@IP_ADDR:src_addr@> to <@STRING:dst@>:<@IP_ADDR:dst_addr@>", + "msg_id" : "Cisco_ASA:built_static_translation_short", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Built dynamic translation from <@STRING:src@>:<@IP_ADDR:src_addr@> to <@STRING:dst@>:<@IP_ADDR:dst_addr@>", + "msg_id" : "Cisco_ASA:built_dynamic_translation_short", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Teardown dynamic translation from <@STRING:src@>:<@IP_ADDR:src_addr@> to <@STRING:dst@>:<@IP_ADDR:dst_addr@> duration <@TIME:duration@>", + "msg_id" : "Cisco_ASA:teardown_dynamic_translation_short", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Deny inbound (No xlate) <@WORD:protocol@> src <@STRING:src@>:<@IP_ADDR:src_addr@>/<@NUMBER:src_port@> dst <@STRING:dst@>:<@IP_ADDR:dst_addr@>/<@NUMBER:dst_port@>", + "msg_id" : "Cisco_ASA:deny_inbound_no_xlate", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@> <@IP_ADDR:src_addr@> Retrieved <@IP_ADDR:dst_addr@>:<@STRING:msg@>", + "msg_id" : "Cisco_ASA:retrieved_file", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Deny <@WORD:protocol@> (Connection marked for Deletion) from <@IP_ADDR:src_addr@>/<@NUMBER:src_port@> to <@IP_ADDR:dst_addr@>/<@NUMBER:dst_port@> flags <@STRING:flags@> on interface <@STRING:interface@>", + "msg_id" : "Cisco_ASA:deny_connection_marked_for_deletion", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: <@WORD:protocol@> access denied by <@STRING:acl@> from <@IP_ADDR:src_addr@>/<@NUMBER:src_port@> to <@STRING:dst@>:<@IP_ADDR:dst_addr@>/<@NUMBER:dst_port@>", + "msg_id" : "Cisco_ASA:access_denied_by_acl", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Deny inbound <@WORD:protocol@> from <@IP_ADDR:src_addr@>/<@NUMBER:src_port@> to <@IP_ADDR:dst_addr@>/<@NUMBER:dst_port@> due to DNS Response", + "msg_id" : "Cisco_ASA:deny_inbound_due_to_dns_response", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Deny <@WORD:protocol@> src <@STRING:src@>:<@IP_ADDR:src_addr@> dst <@STRING:dst@><@IP_ADDR:dst_addr@> (<@STRING:status@>) by access-group \"<@STRING:acl@> [<@STRING:acl_id@>]", + "msg_id" : "Cisco_ASA:deny_by_accessgroup_short", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Teardown <@WORD:protocol@> connection <@NUMBER:connection_id@> for <@STRING:src@>:<@IP_ADDR:src_addr@>/<@NUMBER:src_port@> to <@STRING:dst@>:<@IP_ADDR:dst_addr@>/<@NUMBER:dst_port@> duration <@TIME:duration@> bytes <@NUMBER:bytes@> <@WORD:NULL@> <@STRING:flags@>", + "msg_id" : "Cisco_ASA:teardown_connection_with_protocol_flags", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: <@REGEXP(\"\\d+ in use, \\d+ most used\"):msg@>", + "msg_id" : "Cisco_ASA:connection_usage", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Deny inbound <@WORD:protocol@> src <@STRING:src@>:<@IP_ADDR:src_addr@>/<@NUMBER:src_port@> dst <@STRING:dst@>:<@IP_ADDR:dst_addr@>/<@NUMBER:dst_port@>", + "msg_id" : "Cisco_ASA:deny_inbound", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Dropped <@WORD:protocol@> DNS reply from <@STRING:src@>:<@IP_ADDR:src_addr@>/<@NUMBER:src_port@> to <@STRING:dst@>:<@IP_ADDR:dst_addr@>/<@NUMBER:dst_port@>; <@REGEXP(\"packet length \\d+ bytes exceeds configured limit of \\d+ bytes\"):msg@>", + "msg_id" : "Cisco_ASA:dropped_dns_reply_packet_length_exceeds_configured_limit", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@> <@IP_ADDR:src_addr@> Stored <@IP_ADDR:dst_addr@>:<@STRING:msg@>", + "msg_id" : "Cisco_ASA:stored_file", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Deny inbound (No xlate) <@WORD:protocol@> src <@STRING:src@>:<@IP_ADDR:src_addr@> dst <@STRING:dst@>:<@IP_ADDR:dst_addr@> (<@STRING:status@>)", + "msg_id" : "Cisco_ASA:deny_inbound_no_xlate_with_status", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Deny inbound <@WORD:protocol@> src <@STRING:src@>:<@IP_ADDR:src_addr@> dst <@STRING:dst@>:<@IP_ADDR:dst_addr@> (<@STRING:status@>)", + "msg_id" : "Cisco_ASA:deny_inbound_with_status", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Denied <@WORD:protocol@> type=<@WORD:type@>, from laddr <@IP_ADDR:laddr@> on interface <@STRING:interface@> to <@IP_ADDR:dst_addr@>: no matching session", + "msg_id" : "Cisco_ASA:denied_laddr_no_matching_session", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: regular translation creation failed for protocol <@WORD:protocol@> src <@STRING:src@>:<@IP_ADDR:src_addr@> dst <@STRING:dst@>:<@IP_ADDR:dst_addr@>", + "msg_id" : "Cisco_ASA:regular_translation_creation_failed", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Begin configuration: <@STRING:src@> writing to <@STRING:dst@>", + "msg_id" : "Cisco_ASA:writing_configuration", + "table" : "Cisco_ASA", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: <@STRING:src@> end configuration: OK", + "msg_id" : "Cisco_ASA:writing_configuration_ok", + "table" : "Cisco_ASA", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: User <@STRING:user@> executed the <@STRING:msg@> command.", + "msg_id" : "Cisco_ASA:user_executed_command", + "table" : "Cisco_ASA", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: access-list <@STRING:acl@> denied <@WORD:protocol@> <@STRING:src@>/<@IP_ADDR:src_addr@>(<@NUMBER:src_port@>) -> <@STRING:dst@>/<@IP_ADDR:dst_addr@>(<@NUMBER:dst_port@>) <@REGEXP(\"hit-cnt \\d+ \\(\\d+-second interval\\)\"):msg@> [<@STRING:acl_id@>]", + "msg_id" : "Cisco_ASA:accesslist_denied_interval", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Dropped <@WORD:protocol@> DNS request from <@STRING:src@>:<@IP_ADDR:src_addr@>/<@NUMBER:src_port@> to <@STRING:dst@>:<@IP_ADDR:dst_addr@>/<@NUMBER:dst_port@>; <@REGEXP(\"label length \\d+ bytes exceeds remaining packet length limit of \\d+ bytes\"):msg@>", + "msg_id" : "Cisco_ASA:dropped_dns_request_label_length_exceeds_remaining_packet_length_limit", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Dropped <@WORD:protocol@> DNS request from <@STRING:src@>:<@IP_ADDR:src_addr@>/<@NUMBER:src_port@> to <@STRING:dst@>:<@IP_ADDR:dst_addr@>/<@NUMBER:dst_port@>; <@REGEXP(\"label length \\d+ bytes exceeds protocol limit of \\d+ bytes\"):msg@>", + "msg_id" : "Cisco_ASA:dropped_dns_request_label_length_exceeds_protocol_limit", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: No translation group found for <@WORD:protocol@> src <@STRING:src@>:<@IP_ADDR:src_addr@> dst <@STRING:dst@>:<@IP_ADDR:dst_addr@> (<@STRING:status@>)", + "msg_id" : "Cisco_ASA:no_translation_group_found_status", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@> Too many <@WORD:protocol@> connections on xlate <@IP_ADDR:gaddr@>! <@STRING:msg@>", + "msg_id" : "Cisco_ASA:too_many_connections_on_xlate", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Begin configuration: <@STRING:dst@> reading from <@STRING:src@>", + "msg_id" : "Cisco_ASA:reading_configuration", + "table" : "Cisco_ASA", + "taxonomy" : "Config", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: <@REGEXP(\"User logged out: Uname:\"):msg@> <@STRING:user@>", + "msg_id" : "Cisco_ASA:user_logged_out", + "table" : "Cisco_ASA", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Dropped <@WORD:protocol@> DNS reply from <@STRING:src@>:<@IP_ADDR:src_addr@>/<@NUMBER:src_port@> to <@STRING:dst@>:<@IP_ADDR:dst_addr@>/<@NUMBER:dst_port@>; <@REGEXP(\"label length \\d+ bytes exceeds protocol limit of \\d+ bytes\"):msg@>", + "msg_id" : "Cisco_ASA:Dropped_DNS_reply_label_length_exceeds_protocol_limit", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: <@REGEXP(\"No route to .+ from .+\"):msg@>", + "msg_id" : "Cisco_ASA:no_route", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: No translation group found for <@WORD:protocol@> src <@STRING:src@>:<@IP_ADDR:src_addr@>/<@NUMBER:src_port@> dst <@STRING:dst@>:<@IP_ADDR:dst_addr@>/<@NUMBER:dst_port@>", + "msg_id" : "Cisco_ASA:no_translation_group_found", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Invalid transport field for protocol=<@WORD:protocol@> from <@IP_ADDR:src_addr@>/<@NUMBER:src_port@> to <@IP_ADDR:dst_addr@>/<@NUMBER:dst_port@>", + "msg_id" : "Cisco_ASA:invalid_transport_field", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Received <@WORD:protocol@> request collision from <@IP_ADDR:src_addr@>/<@STRING:src@> on interface <@STRING:interface@>", + "msg_id" : "Cisco_ASA:received_request_collision", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: <@REGEXP(\".+ Testing on interface\"):msg@> <@STRING:interface@> <@STRING:status@>", + "msg_id" : "Cisco_ASA:testing_on_interface", + "table" : "Cisco_ASA", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: <@REGEXP(\".+ Testing Interface\"):msg@> <@STRING:interface@>", + "msg_id" : "Cisco_ASA:testing_interface", + "table" : "Cisco_ASA", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: <@REGEXP(\".+ Lost Failover communications with mate on interface\"):msg@> <@STRING:interface@>", + "msg_id" : "Cisco_ASA:lost_failover_communications_with_mate", + "table" : "Cisco_ASA", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: <@REGEXP(\".+ Monitoring on interface\"):msg@> <@STRING:interface@> <@STRING:status@>", + "msg_id" : "Cisco_ASA:monitoring_on_interface", + "table" : "Cisco_ASA", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> : <@REGEXP(\"\\%FWSM.+\"):msg_id@>: Deny protocol <@WORD:protocol@> src <@STRING:src@>:<@IP_ADDR:src_addr@> dst <@STRING:dst@>:<@IP_ADDR:dst_addr@> by access-group \"<@STRING:acl@>\" [<@STRING:acl_id@>]", + "msg_id" : "Cisco_ASA:Deny_by_access_group_short_2", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: <@REGEXP(\"Teardown dynamic \\S+ translation from\"):msg@> <@WORD:src@>:<@WORD:src_addr@>/<@NUMBER:src_port@> to <@WORD:dst@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@> duration <@TIME:duration@>", + "msg_id" : "Cisco_ASA:teardown_dynamic_translation", + "table" : "Cisco_ASA", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: <@REGEXP(\"Teardown \\S+ connection \\d+ for\"):msg@> <@WORD:src@>:<@WORD:src_addr@>/<@NUMBER:src_port@> to <@WORD:dst@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@> duration <@TIME:duration@> bytes <@NUMBER:bytes@><@STRING:NULL@>", + "msg_id" : "Cisco_ASA:teardown_connection", + "table" : "Cisco_ASA", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: <@REGEXP(\"Built dynamic \\S+ translation from\"):msg@> <@WORD:src@>:<@WORD:src_addr@>/<@NUMBER:src_port@> to <@WORD:dst@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@>", + "msg_id" : "Cisco_ASA:built_dynamic_translation", + "table" : "Cisco_ASA", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: <@REGEXP(\"Built \\w+bound \\S+ connection \\d+ f\\w+\"):msg@> <@WORD:src@>:<@WORD:src_addr@>/<@NUMBER:src_port@> (<@WORD:src_addr_2@>/<@NUMBER:src_port_2@>) to <@WORD:dst@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@> (<@WORD:dst_addr_2@>/<@NUMBER:dst_port_2@><@STRING:NULL@>", + "msg_id" : "Cisco_ASA:built_connection", + "table" : "Cisco_ASA", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: <@REGEXP(\"Deny \\w+ src\"):msg@> <@WORD:src@>:<@WORD:src_addr@> dst <@WORD:dst@>:<@WORD:dst_addr@> <@STRING:NULL@> by access-group \"<@STRING:acl@>\" <@STRING:NULL@>", + "msg_id" : "Cisco_ASA:deny_by_accessgroup", + "table" : "Cisco_ASA", + "taxonomy" : "Access.Failure", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: <@REGEXP(\"Built \\w+bound ICMP connection for\"):msg@> faddr <@WORD:faddr@>/<@NUMBER:faddr_port@> gaddr <@WORD:gaddr@>/<@NUMBER:gaddr_port@> laddr <@WORD:laddr@>/<@NUMBER:laddr_port@>", + "msg_id" : "Cisco_ASA:built_icmp_connection", + "table" : "Cisco_ASA", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: <@REGEXP(\"Teardown ICMP connection for\"):msg@> faddr <@WORD:faddr@>/<@NUMBER:faddr_port@> gaddr <@WORD:gaddr@>/<@NUMBER:gaddr_port@> laddr <@WORD:laddr@>/<@NUMBER:laddr_port@>", + "msg_id" : "Cisco_ASA:teardown_icmp_connection", + "table" : "Cisco_ASA", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: <@REGEXP(\"\\w+ request discarded from\"):msg@> <@WORD:src_addr@>/<@NUMBER:src_port@> to <@WORD:dst@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@>", + "msg_id" : "Cisco_ASA:request_discarded", + "table" : "Cisco_ASA", + "taxonomy" : "Access.Failure", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: <@REGEXP(\"Asymmetric NAT rules matched for forward and reverse flows; Connection for .+ denied due to NAT reverse path failure\"):msg@>", + "msg_id" : "Cisco_ASA:asymmetric_nat_rules_matched", + "table" : "Cisco_ASA", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: <@REGEXP(\"Deny TCP \\(no connection\\) from\"):msg@> <@WORD:src_addr@>/<@NUMBER:src_port@> to <@WORD:dst_addr@>/<@NUMBER:dst_port@> flags <@STRING:flags@> on interface <@STRING:interface@>", + "msg_id" : "Cisco_ASA:deny_tcp_from", + "table" : "Cisco_ASA", + "taxonomy" : "Access.Failure", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: <@REGEXP(\"Failed to locate \\w+ interface for .+\"):msg@>", + "msg_id" : "Cisco_ASA:failed_to_locate_interface", + "table" : "Cisco_ASA", + "taxonomy" : "Network.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@> (<@STRING:msg@>) Lost Failover communications with mate on interface <@STRING:interface@>", + "msg_id" : "Cisco_ASA:001", + "table" : "Cisco_ASA", + "taxonomy" : "System.Errors", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@> (<@STRING:msg@>) Testing Interface <@STRING:interface@>", + "msg_id" : "Cisco_ASA:002", + "table" : "Cisco_ASA", + "taxonomy" : "Hardware.Network", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: (<@STRING:msg@>) Testing on interface <@STRING:interface@> <@STRING:msg@>", + "msg_id" : "Cisco_ASA:003", + "table" : "Cisco_ASA", + "taxonomy" : "Hardware.Network", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: (<@STRING:interface@>) Beginning configuration replication: <@STRING:msg@>", + "msg_id" : "Cisco_ASA:004", + "table" : "Cisco_ASA", + "taxonomy" : "Config.Changes", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: (<@STRING:interface@>) No response from other firewall (reason code = <@STRING:msg@>).", + "msg_id" : "Cisco_ASA:005", + "table" : "Cisco_ASA", + "taxonomy" : "Network", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: <@STRING:status@> <@WORD:protocol@> src <@STRING:interface@>:<@WORD:src_addr@>/<@NUMBER:src_port@> dst <@STRING:interface@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@> by access-group \"<@STRING:interface@>\" [<@STRING:msg@>]", + "msg_id" : "Cisco_ASA:006", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: (<@STRING:interface@>) End Configuration Replication (<@STRING:msg@>)", + "msg_id" : "Cisco_ASA:007", + "table" : "Cisco_ASA", + "taxonomy" : "Config", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Deny <@WORD:protocol@> reverse path check from <@WORD:src_addr@> to <@WORD:dst_addr@> on interface <@STRING:interface@>", + "msg_id" : "Cisco_ASA:008", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: access-list <@STRING:acl@> denied <@WORD:protocol@> for user <@STRING:user@> <@STRING:interface@>/<@WORD:src_addr@>(<@NUMBER:src_port@>) -> <@STRING:interface@>/<@WORD:dst_addr@>(<@NUMBER:dst_port@>) hit-cnt <@NUMBER:bytes@> first hit <@STRING:msg@>", + "msg_id" : "Cisco_ASA:009", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: (<@STRING:interface@>) Mate version <@STRING:msg@> is not identical with ours <@STRING:msg@>.", + "msg_id" : "Cisco_ASA:010", + "table" : "Cisco_ASA", + "taxonomy" : "System.Errors", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: [ Port-<@NUMBER:src_port@>-<@NUMBER:src_port@>] drop rate-<@STRING:msg@> exceeded. Current burst rate is <@STRING:msg@> per second, max configured rate is <@STRING:msg@>; Current average rate is <@STRING:msg@> per second, max configured rate is <@STRING:msg@>; Cumulative total count is <@STRING:msg@>", + "msg_id" : "Cisco_ASA:011", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: (<@STRING:status@>) Link status '<@STRING:msg@>' on interface <@STRING:interface@>", + "msg_id" : "Cisco_ASA:012", + "table" : "Cisco_ASA", + "taxonomy" : "Hardware.Network", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Line protocol on Interface <@STRING:interface@>, changed state to <@STRING:status@>", + "msg_id" : "Cisco_ASA:013", + "table" : "Cisco_ASA", + "taxonomy" : "Network", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group = <@STRING:msg@>, Username = <@WORD:user@>, IP = <@WORD:src_addr@>, Session <@STRING:status@>. Session Type: <@WORD:protocol@>, Duration: <@STRING:msg@>, Bytes xmt: <@NUMBER:bytes@>, Bytes rcv: <@NUMBER:bytes@>, Reason: <@STRING:msg@>", + "msg_id" : "Cisco_ASA:014", + "table" : "Cisco_ASA", + "taxonomy" : "Network", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: No translation group found for <@WORD:protocol@> src <@STRING:interface@>:<@WORD:src_addr@>/<@NUMBER:src_port@> dst <@STRING:interface@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@>", + "msg_id" : "Cisco_ASA:015", + "table" : "Cisco_ASA", + "taxonomy" : "Network", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: [ <@WORD:src_addr@>] drop rate-<@STRING:msg@> exceeded. Current burst rate is <@STRING:msg@> per second, max configured rate is <@STRING:msg@>; Current average rate is <@STRING:msg@> per second, max configured rate is <@STRING:msg@>; Cumulative total count is <@STRING:msg@>", + "msg_id" : "Cisco_ASA:016", + "table" : "Cisco_ASA", + "taxonomy" : "Network", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: [ <@STRING:msg@>] drop rate-<@STRING:msg@> exceeded. Current burst rate is <@STRING:msg@> per second, max configured rate is <@STRING:msg@>; Current average rate is <@STRING:msg@> per second, max configured rate is <@STRING:msg@>; Cumulative total count is <@STRING:msg@>", + "msg_id" : "Cisco_ASA:017", + "table" : "Cisco_ASA", + "taxonomy" : "Network", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: IKE reserved <@WORD:protocol@> <@WORD:protocol@> port <@NUMBER:src_port@> on interface <@STRING:interface@> successfully", + "msg_id" : "Cisco_ASA:018", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> 10.251.8.8 %ASA-4-737033: IPAA: Unable to assign AAA provided IP address (<@WORD:src_addr@>) to Client. This IP address has already been assigned by AAA", + "msg_id" : "Cisco_ASA:019", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: <@WORD:protocol@> flow from <@STRING:interface@>:<@WORD:src_addr@>/<@NUMBER:src_port@> to <@STRING:interface@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@> terminated by inspection engine, reason - inspector reset unconditionally.", + "msg_id" : "Cisco_ASA:020", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Dropped <@WORD:protocol@> <@WORD:protocol@> reply from <@STRING:interface@>:<@WORD:src_addr@>/<@NUMBER:src_port@> to <@STRING:interface@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@>; packet length <@NUMBER:bytes@> bytes exceeds configured limit of <@NUMBER:bytes@> bytes", + "msg_id" : "Cisco_ASA:021", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Duplicate <@WORD:protocol@> <@WORD:protocol@> from <@STRING:interface@>:<@WORD:src_addr@>/<@NUMBER:src_port@> to <@STRING:interface@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@> with different initial sequence number", + "msg_id" : "Cisco_ASA:022", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: URL Server <@WORD:src_addr@> not responding", + "msg_id" : "Cisco_ASA:023", + "table" : "Cisco_ASA", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: <@WORD:protocol@> access denied by ACL from <@WORD:src_addr@>/<@NUMBER:src_port@> to <@WORD:src_addr@>/<@NUMBER:src_port@>", + "msg_id" : "Cisco_ASA:024", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: IPS requested to reset <@WORD:protocol@> connection from <@STRING:interface@>:<@WORD:src_addr@>/<@NUMBER:src_port@> to <@STRING:interface@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@>", + "msg_id" : "Cisco_ASA:025", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: <@WORD:protocol@> flow from <@STRING:interface@>:<@WORD:src_addr@>/<@NUMBER:src_port@> to <@STRING:interface@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@> terminated by inspection engine,<@STRING:msg@>", + "msg_id" : "Cisco_ASA:026", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group <@STRING:user@> User <@STRING:user@> IP <@WORD:src_addr@> Address <@WORD:dst_addr@> assigned to session", + "msg_id" : "Cisco_ASA:027", + "table" : "Cisco_ASA", + "taxonomy" : "Auth", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: No matching connection for <@WORD:protocol@> error message: <@WORD:protocol@> src <@STRING:interface@>:<@WORD:src_addr@> dst <@STRING:interface@>:<@WORD:dst_addr@> (<@STRING:msg@>) on <@STRING:interface@> interface. Original IP payload: <@WORD:protocol@> src <@WORD:src_addr@>/<@NUMBER:src_port@> dst <@WORD:dst_addr@>/<@NUMBER:dst_port@>", + "msg_id" : "Cisco_ASA:028", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: TunnelGroup <@STRING:user@> GroupPolicy <@STRING:user@> User<@STRING:user@> IP <@WORD:src_addr@> No <@WORD:protocol@> address available for <@WORD:protocol@> connection", + "msg_id" : "Cisco_ASA:029", + "table" : "Cisco_ASA", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Invalid transport field for protocol=<@WORD:protocol@>, from <@WORD:src_addr@>/<@NUMBER:src_port@> to <@WORD:dst_addr@>/<@NUMBER:dst_port@>", + "msg_id" : "Cisco_ASA:030", + "table" : "Cisco_ASA", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Tunnel group search using certificate maps failed for peer certificate:<@WORD:user@>", + "msg_id" : "Cisco_ASA:031", + "table" : "Cisco_ASA", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> 1<@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: IPS requested to drop <@WORD:protocol@> packet from <@STRING:interface@>:<@WORD:src_addr@>/<@NUMBER:src_port@> to <@STRING:interface@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@>", + "msg_id" : "Cisco_ASA:032", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Failed to insert CRL for trustpoint <@STRING:msg@>. Reason:<@STRING:msg@>", + "msg_id" : "Cisco_ASA:033", + "table" : "Cisco_ASA", + "taxonomy" : "Auth", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Denied <@WORD:protocol@> <@STRING:msg@> from <@WORD:src_addr@> on interface <@STRING:interface@>", + "msg_id" : "Cisco_ASA:034", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Task ran for <@STRING:msg@>, <@STRING:msg@>", + "msg_id" : "Cisco_ASA:035", + "table" : "Cisco_ASA", + "taxonomy" : "Application", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Deny protocol <@WORD:protocol@> src <@STRING:interface@>:<@WORD:src_addr@> dst <@STRING:interface@>:<@WORD:dst_addr@> by access-group <@STRING:msg@>", + "msg_id" : "Cisco_ASA:036", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Tunnel group search using certificate maps failed for peer certificate: serial number: <@WORD:user@>, subject name: <@WORD:user@>, issuer_name: <@WORD:user@>", + "msg_id" : "Cisco_ASA:037", + "table" : "Cisco_ASA", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Deny IP spoof from (<@WORD:src_addr@>) to <@WORD:dst_addr@> on interface <@STRING:interface@>", + "msg_id" : "Cisco_ASA:038", + "table" : "Cisco_ASA", + "taxonomy" : "Attack", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Certificate validation failed. No suitable trustpoints found to validate certificate serial number: <@STRING:user@>, subject name: <@STRING:user@>, issuer name: <@STRING:user@>", + "msg_id" : "Cisco_ASA:039", + "table" : "Cisco_ASA", + "taxonomy" : "Auth.Failure", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Certificate chain failed validation. No suitable trustpoint was found to validate chain.", + "msg_id" : "Cisco_ASA:040", + "table" : "Cisco_ASA", + "taxonomy" : "Auth.Failure", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: No matching connection for <@WORD:protocol@> error message: <@WORD:protocol@> src <@STRING:interface@>:<@WORD:src_addr@> dst <@STRING:interface@>:<@WORD:dst_addr@> (<@STRING:msg@>) on <@STRING:interface@> interface. Original IP payload: <@STRING:msg@>.", + "msg_id" : "Cisco_ASA:041", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: TunnelGroup <@STRING:user@> GroupPolicy <@STRING:user@> User <@STRING:user@> IP <<@WORD:src_addr@>> No address available for SVC connection", + "msg_id" : "Cisco_ASA:042", + "table" : "Cisco_ASA", + "taxonomy" : "Auth", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: IP <<@WORD:src_addr@>> Error parsing SVC connect request.", + "msg_id" : "Cisco_ASA:043", + "table" : "Cisco_ASA", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: IP <<@WORD:src_addr@>> Error authenticating SVC connect request.", + "msg_id" : "Cisco_ASA:044", + "table" : "Cisco_ASA", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: (<@STRING:status@>) Monitoring on interface <@STRING:interface@> waiting", + "msg_id" : "Cisco_ASA:045", + "table" : "Cisco_ASA", + "taxonomy" : "Network.Errors", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: (<@STRING:status@>) Monitoring on interface <@STRING:interface@> normal", + "msg_id" : "Cisco_ASA:046", + "table" : "Cisco_ASA", + "taxonomy" : "Network", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group <<@STRING:user@>> User <<@STRING:user@>> IP <<@WORD:src_addr@>> Received large packet <@NUMBER:bytes@> (threshold <@NUMBER:bytes@>).", + "msg_id" : "Cisco_ASA:047", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Dropped <@WORD:protocol@> <@WORD:protocol@> request from <@STRING:interface@>:<@WORD:src_addr@>/<@NUMBER:src_port@> to <@STRING:interface@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@>; label length <@NUMBER:bytes@> bytes exceeds protocol limit of <@NUMBER:bytes@> bytes", + "msg_id" : "Cisco_ASA:048", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Denied <@WORD:protocol@> type=<@WORD:type@>, from laddr <@WORD:laddr@> on interface <@STRING:interface@> to <@WORD:dst_addr@>: <@STRING:msg@>", + "msg_id" : "Cisco_ASA:049", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Tunnel group search using certificate maps failed for peer certificate: serial number: <@STRING:user@>, subject name:<@STRING:user@>, issuer_name:<@STRING:user@>.", + "msg_id" : "Cisco_ASA:050", + "table" : "Cisco_ASA", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: portmap translation creation failed for <@WORD:protocol@> src <@STRING:interface@>:<@WORD:src_addr@>/<@NUMBER:src_port@> dst <@STRING:interface@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@>", + "msg_id" : "Cisco_ASA:051", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: IPAA: Unable to get address from group-policy or tunnel-group local pools", + "msg_id" : "Cisco_ASA:052", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: IPAA: Address assignment failed", + "msg_id" : "Cisco_ASA:053", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Dropped <@WORD:protocol@> <@WORD:protocol@> reply from <@STRING:interface@>:<@WORD:src_addr@>/<@NUMBER:src_port@> to <@STRING:interface@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@>; label length <@NUMBER:bytes@> bytes exceeds remaining packet length limit of <@NUMBER:bytes@> bytes", + "msg_id" : "Cisco_ASA:054", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Dropped <@WORD:protocol@> <@WORD:protocol@> reply from <@STRING:interface@>:<@WORD:src_addr@>/<@NUMBER:src_port@> to <@STRING:interface@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@>; label length <@NUMBER:bytes@> bytes exceeds protocol limit of <@NUMBER:bytes@> bytes", + "msg_id" : "Cisco_ASA:055", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Deny <@WORD:protocol@> teardrop fragment (size = <@NUMBER:bytes@>, offset = <@NUMBER:bytes@>) from <@WORD:src_addr@> to <@WORD:dst_addr@>", + "msg_id" : "Cisco_ASA:056", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: CRYPTO: The ASA hardware accelerator encountered an error (<@STRING:msg@>) while executing the command<@STRING:msg@>.", + "msg_id" : "Cisco_ASA:057", + "table" : "Cisco_ASA", + "taxonomy" : "Hardware", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: AAA Marking RADIUS server <@WORD:src_addr@> in aaa-server group RADIUS as <@STRING:status@>", + "msg_id" : "Cisco_ASA:058", + "table" : "Cisco_ASA", + "taxonomy" : "Application", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Dropped <@WORD:protocol@> <@WORD:protocol@> request from <@STRING:interface@>:<@WORD:src_addr@>/<@NUMBER:src_port@> to <@STRING:interface@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@>; label length <@NUMBER:bytes@> bytes exceeds remaining packet length limit of <@NUMBER:bytes@> bytes", + "msg_id" : "Cisco_ASA:059", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: (<@STRING:status@>) Switching to <@STRING:status@> - Other unit wants me <@STRING:status@>. <@STRING:status@> unit switch reason: <@STRING:msg@>.", + "msg_id" : "Cisco_ASA:060", + "table" : "Cisco_ASA", + "taxonomy" : "System", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: <@WORD:protocol@>: Error freeing address <@WORD:src_addr@>, <@STRING:msg@>", + "msg_id" : "Cisco_ASA:061", + "table" : "Cisco_ASA", + "taxonomy" : "Network", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: (<@STRING:status@>) Switching to <@STRING:status@> - <@STRING:msg@>.", + "msg_id" : "Cisco_ASA:062", + "table" : "Cisco_ASA", + "taxonomy" : "System", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: regular translation creation failed for protocol <@WORD:protocol@> src <@STRING:interface@>:<@WORD:src_addr@> dst <@STRING:interface@>:<@WORD:dst_addr@>", + "msg_id" : "Cisco_ASA:063", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Dropped <@WORD:protocol@> <@WORD:protocol@> reply from <@STRING:interface@>:<@WORD:src_addr@>/<@NUMBER:src_port@> to <@STRING:interface@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@>; <@STRING:msg@> <@NUMBER:bytes@> bytes exceeds protocol limit of <@NUMBER:bytes@> bytes", + "msg_id" : "Cisco_ASA:064", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Dropped <@WORD:protocol@> <@WORD:protocol@> request from <@STRING:interface@>:<@WORD:src_addr@>/<@NUMBER:src_port@> to <@STRING:interface@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@>; <@STRING:msg@> <@NUMBER:bytes@> bytes exceeds configured limit of <@NUMBER:bytes@> bytes", + "msg_id" : "Cisco_ASA:065", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: (<@STRING:status@>) Other firewall reporting failure.", + "msg_id" : "Cisco_ASA:066", + "table" : "Cisco_ASA", + "taxonomy" : "System.Errors", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: <@WORD:protocol@>: Unable to remove <@WORD:src_addr@> from standby: <@STRING:msg@>", + "msg_id" : "Cisco_ASA:067", + "table" : "Cisco_ASA", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: LU allocate xlate failed", + "msg_id" : "Cisco_ASA:068", + "table" : "Cisco_ASA", + "taxonomy" : "Application", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: (<@STRING:status@>) Switching to <@STRING:status@>.", + "msg_id" : "Cisco_ASA:069", + "table" : "Cisco_ASA", + "taxonomy" : "System.Errors", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@STRING:status@>: <@STRING:msg@> Module in slot <@STRING:msg@>, application up <@STRING:msg@>", + "msg_id" : "Cisco_ASA:070", + "table" : "Cisco_ASA", + "taxonomy" : "Hardware.Network", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: <@WORD:protocol@> port command different address: <@WORD:src_addr@>(<@WORD:src_addr@>) to <@WORD:dst_addr@> on interface <@STRING:interface@>", + "msg_id" : "Cisco_ASA:071", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: URL Server <@WORD:src_addr@> timed out URL <@STRING:msg@>", + "msg_id" : "Cisco_ASA:072", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Received ARP request collision from <@WORD:src_addr@>/<@WORD:src_addr@> on interface <@STRING:interface@> with existing ARP entry <@WORD:dst_addr@>/<@WORD:dst_addr@>", + "msg_id" : "Cisco_ASA:073", + "table" : "Cisco_ASA", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Dropped <@WORD:protocol@> <@WORD:protocol@> reply from <@STRING:interface@>:<@WORD:src_addr@>/<@NUMBER:src_port@> to <@STRING:interface@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@>; compression pointer length <@NUMBER:bytes@> bytes exceeds packet length limit of <@NUMBER:bytes@> bytes", + "msg_id" : "Cisco_ASA:074", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: User <@STRING:user@> executed the '<@STRING:msg@>' command.", + "msg_id" : "Cisco_ASA:075", + "table" : "Cisco_ASA", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: User <@STRING:user@>, running '<@STRING:msg@>' from IP <@WORD:src_addr@>, executed '<@STRING:msg@>'", + "msg_id" : "Cisco_ASA:076", + "table" : "Cisco_ASA", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: <@WORD:src_addr@> end configuration: <@STRING:msg@>", + "msg_id" : "Cisco_ASA:077", + "table" : "Cisco_ASA", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Begin configuration: <@WORD:src_addr@> <@STRING:msg@>", + "msg_id" : "Cisco_ASA:078", + "table" : "Cisco_ASA", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: User logged out: Uname: <@STRING:user@>", + "msg_id" : "Cisco_ASA:079", + "table" : "Cisco_ASA", + "taxonomy" : "Auth", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: User priv level changed: Uname: <@STRING:user@> <@STRING:msg@>", + "msg_id" : "Cisco_ASA:080", + "table" : "Cisco_ASA", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group = <@STRING:group@>, IP = <@WORD:src_addr@>, Session is being torn down. Reason: <@STRING:msg@>", + "msg_id" : "Cisco_ASA:081", + "table" : "Cisco_ASA", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group = <@STRING:group@>, IP = <@WORD:src_addr@>, Connection terminated for peer <@STRING:group@>. Reason: <@STRING:msg@> Remote Proxy <@WORD:src_addr@>, Local Proxy <@WORD:src_addr@>", + "msg_id" : "Cisco_ASA:082", + "table" : "Cisco_ASA", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: IP = <@WORD:src_addr@>,<@REGEXP(\".+Received encrypted packet with no matching SA, dropping\"):msg@>", + "msg_id" : "Cisco_ASA:083", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: <@STRING:msg@> Cfg'd: <@STRING:msg@>", + "msg_id" : "Cisco_ASA:084", + "table" : "Cisco_ASA", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> 10.12.13.10 %ASA-5-713119: Group = <@STRING:group@>, IP = <@WORD:src_addr@>, PHASE 1 COMPLETED", + "msg_id" : "Cisco_ASA:085", + "table" : "Cisco_ASA", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group = <@STRING:group@>, IP = <@WORD:src_addr@>,<@REGEXP(\".+Security negotiation complete for\"):msg@> <@STRING:group@> Group (<@STRING:group@>) <@STRING:msg@>, Inbound SPI = <@STRING:msg@>, Outbound SPI = <@STRING:msg@>", + "msg_id" : "Cisco_ASA:086", + "table" : "Cisco_ASA", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group = <@STRING:group@>, IP = <@WORD:src_addr@>, PHASE 2 COMPLETED (<@STRING:msg@>)", + "msg_id" : "Cisco_ASA:087", + "table" : "Cisco_ASA", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: IP = <@WORD:src_addr@>, IKE Initiator: Rekeying Phase <@STRING:msg@>, Intf <@STRING:interface@>, IKE Peer <@WORD:src_addr@> local Proxy Address <@WORD:dst_addr@>, remote Proxy Address <@WORD:dst_addr@>, Crypto map (<@STRING:msg@>)", + "msg_id" : "Cisco_ASA:088", + "table" : "Cisco_ASA", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group = <@STRING:group@>, IP = <@WORD:src_addr@>, IKE Initiator: Rekeying Phase <@STRING:msg@>, Intf <@STRING:interface@>, IKE Peer <@WORD:src_addr@> local Proxy Address <@WORD:src_addr@>, remote Proxy Address <@WORD:src_addr@>, Crypto map (<@STRING:msg@>)", + "msg_id" : "Cisco_ASA:089", + "table" : "Cisco_ASA", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group = <@STRING:group@>, IP = <@WORD:src_addr@>,<@REGEXP(\".+Received encrypted Oakley Main Mode packet with invalid payloads\"):msg@>, MessID = <@STRING:msg@>", + "msg_id" : "Cisco_ASA:090", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group = <@STRING:group@>, IP = <@WORD:src_addr@>, ERROR,<@REGEXP(\".+had problems decrypting packet, probably due to mismatched pre-shared key. Aborting\"):msg@>", + "msg_id" : "Cisco_ASA:091", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group = <@STRING:group@>, IP = <@WORD:src_addr@>,<@REGEXP(\".+Duplicate Phase 1 packet detected. Retransmitting last packet.\"):msg@>", + "msg_id" : "Cisco_ASA:092", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group = <@STRING:group@>, IP = <@WORD:src_addr@>,<@REGEXP(\".+Received an un-encrypted PAYLOAD_MALFORMED notify message, dropping\"):msg@>", + "msg_id" : "Cisco_ASA:093", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group = <@STRING:group@>, IP = <@WORD:src_addr@>,<@REGEXP(\".+Error, peer has indicated that something is wrong with our message. This could indicate a pre-shared key mismatch.\"):msg@>", + "msg_id" : "Cisco_ASA:094", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group = <@STRING:group@>, IP = <@WORD:src_addr@>,<@REGEXP(\".+Information Exchange processing failed\"):msg@>", + "msg_id" : "Cisco_ASA:095", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: IP = <@WORD:src_addr@>,<@REGEXP(\".+Header invalid, missing SA payload!\"):msg@> (next payload = <@STRING:msg@>)", + "msg_id" : "Cisco_ASA:096", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group = <@STRING:group@>, IP = <@WORD:src_addr@>,<@REGEXP(\".+Failure during phase 1 rekeying attempt due to collision\"):msg@>", + "msg_id" : "Cisco_ASA:097", + "table" : "Cisco_ASA", + "taxonomy" : "Network.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group = <@STRING:group@>, IP = <@WORD:src_addr@>,<@REGEXP(\".+PHASE 1 COMPLETED\"):msg@>", + "msg_id" : "Cisco_ASA:098", + "table" : "Cisco_ASA", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group = <@STRING:group@>, IP = <@WORD:src_addr@>,<@REGEXP(\".+Stale PeerTblEntry found, removing!\"):msg@>", + "msg_id" : "Cisco_ASA:099", + "table" : "Cisco_ASA", + "taxonomy" : "Network", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group = <@STRING:group@>, IP = <@WORD:src_addr@>,<@REGEXP(\".+Removing TunnelTbl from tunnel table failed, no match!\"):msg@>", + "msg_id" : "Cisco_ASA:100", + "table" : "Cisco_ASA", + "taxonomy" : "Network", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group = <@STRING:group@>, IP = <@WORD:src_addr@>,<@REGEXP(\".+IKE lost contact with remote peer, deleting connection\"):msg@> (keepalive type: <@STRING:msg@>)", + "msg_id" : "Cisco_ASA:101", + "table" : "Cisco_ASA", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>:<@REGEXP(\".+Received ARP response collision from\"):msg@> <@WORD:src_addr@>/<@STRING:msg@> on interface <@STRING:interface@><@REGEXP(\".+with existing ARP entry\"):msg@> <@WORD:dst_addr@>/<@STRING:msg@>", + "msg_id" : "Cisco_ASA:102", + "table" : "Cisco_ASA", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>:<@REGEXP(\".+Discard IP fragment set with more than 24 elements\"):msg@>: src = <@WORD:src_addr@>, dest = <@WORD:dst_addr@>, proto = <@WORD:protocol@>, id = <@STRING:msg_id@>", + "msg_id" : "Cisco_ASA:103", + "table" : "Cisco_ASA", + "taxonomy" : "Network", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: (<@STRING:status@>)<@REGEXP(\".+Failed to update IPSec failover runtime data on the\"):msg@> <@STRING:status@> unit.", + "msg_id" : "Cisco_ASA:104", + "table" : "Cisco_ASA", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group = <@STRING:group@>, IP = <@WORD:src_addr@>,<@REGEXP(\".+Unexpected cleanup of tunnel table entry during SA delete.\"):msg@>", + "msg_id" : "Cisco_ASA:105", + "table" : "Cisco_ASA", + "taxonomy" : "System.Errors", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Group = <@STRING:group@>, IP = <@WORD:src_addr@>,<@REGEXP(\".+Received an unencrypted packet when crypto active!! Dropping packet.\"):msg@>", + "msg_id" : "Cisco_ASA:106", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: IPSEC:<@REGEXP(\".+Received an ESP packet\"):msg@> (<@STRING:msg@>) from <@WORD:src_addr@> (user= <@WORD:user@>) to <@WORD:dst_addr@><@REGEXP(\".+that failed authentication.\"):msg@>", + "msg_id" : "Cisco_ASA:107", + "table" : "Cisco_ASA", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>:<@REGEXP(\".+CRYPTO: The ASA hardware accelerator encountered an error \"):msg@>(<@STRING:msg@>)", + "msg_id" : "Cisco_ASA:108", + "table" : "Cisco_ASA", + "taxonomy" : "Hardware", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>:<@REGEXP(\".+CRYPTO: The ASA created Crypto Archive File\"):msg@> < <@STRING:msg@> ><@REGEXP(\".+as a Soft Reset was necessary. Please forward this archived information to Cisco\"):msg@>", + "msg_id" : "Cisco_ASA:109", + "table" : "Cisco_ASA", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\%ASA-.+\"):msg_id@>: Dropped <@WORD:protocol@> <@WORD:protocol@> request from <@STRING:interface@>:<@WORD:src_addr@>/<@NUMBER:src_port@> to <@STRING:interface@>:<@WORD:dst_addr@>/<@NUMBER:dst_port@>; domain-name length <@NUMBER:bytes@> bytes<@REGEXP(\".+exceeds protocol limit of\"):msg@> <@NUMBER:bytes@> bytes", + "msg_id" : "Cisco_ASA:110", + "table" : "Cisco_ASA", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + } + ], + "website" : "", + "version" : "201206200001", + "name" : "Cisco_ASA", + "description" : "Cisco Asa Service" +} diff --git a/conf/logmanagement/services/Cisco_Pix.json b/conf/logmanagement/services/Cisco_Pix.json new file mode 100644 index 0000000..63ef018 --- /dev/null +++ b/conf/logmanagement/services/Cisco_Pix.json @@ -0,0 +1,43 @@ +{ + "icon" : "companies/logo_cisco", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@DATE_TIME_ISO:datetime_long@>: <@REGEXP(\".*\\%PIX-.+\"):msg_id@>: <@WORD:pix_addr@> <@REGEXP(\"Accessed\"):status@> URL <@WORD:url@>", + "msg_id" : "Cisco_Pix:url_access", + "table" : "Cisco_Pix_url_access", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@DATE_TIME_ISO:datetime_long@>: <@REGEXP(\".*\\%PIX-.+\"):msg_id@>: Deny <@WORD:type@> src <@WORD:src@> dst <@STRING:dst@> by access-group \"<@WORD:acl@>\"", + "msg_id" : "Cisco_Pix:deny_by_accessgroup", + "table" : "Cisco_Pix_traffic", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*\\%PIX-.+\"):msg_id@>: <@WORD:pix_addr@> <@REGEXP(\"Accessed\"):status@> URL <@WORD:url@>", + "msg_id" : "Cisco_Pix:url_access2", + "table" : "Cisco_Pix_url_access", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*\\%PIX-.+\"):msg_id@>: Deny <@WORD:type@> src <@WORD:src@> dst <@STRING:dst@> by access-group \"<@WORD:acl@>\"", + "msg_id" : "Cisco_Pix:deny_by_accessgroup2", + "table" : "Cisco_Pix_traffic", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*\\%PIX-.+\"):msg_id@>: Denied <@REGEXP(\"ICMP type=\\d+\"):type@>, <@STRING:NULL@> from <@WORD:src@> on interface <@NUMBER:NULL@>", + "msg_id" : "Cisco_Pix:denied_icmp", + "table" : "Cisco_Pix_traffic", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Information" + } + ], + "version" : "201110310002", + "name" : "Cisco_Pix", + "description" : "Cisco Pix Service" +} diff --git a/conf/logmanagement/services/Cisco_Router.json b/conf/logmanagement/services/Cisco_Router.json new file mode 100644 index 0000000..477334b --- /dev/null +++ b/conf/logmanagement/services/Cisco_Router.json @@ -0,0 +1,190 @@ +{ + "icon" : "companies/logo_cisco", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%SEC-6-IPACCESSLOGRL\"):msg_id@>: <@REGEXP(\"access-list logging rate-limited or missed \\d+ packet.*\"):msg@>", + "msg_id" : "Cisco_Router:acl_logging_limited", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%SYS-5-CONFIG_I\"):msg_id@>: <@REGEXP(\"Configured from \\S+ by .+\"):msg@>", + "msg_id" : "Cisco_Router:configured_from", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%BGP-5-ADJCHANGE\"):msg_id@>: <@REGEXP(\"neighbor \\S+ Down.+\"):msg@>", + "msg_id" : "Cisco_Router:bgp_neighbor_down", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%BGP-3-NOTIFICATION\"):msg_id@>: <@REGEXP(\"sent to neighbor \\S+ \\S+ (hold time expired) \\d+ bytes\"):msg@>", + "msg_id" : "Cisco_Router:bgp_notification_sent_neighbor", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%BGP-5-ADJCHANGE\"):msg_id@>: <@REGEXP(\"neighbor \\S+ Up\"):msg@>", + "msg_id" : "Cisco_Router:bgp_neighbor_up", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%LINK-3-UPDOWN\"):msg_id@>: <@REGEXP(\"Interface \\S+, changed state to \\S+\"):msg@>", + "msg_id" : "Cisco_Router:link_updown", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%LINEPROTO-5-UPDOWN\"):msg_id@>: <@REGEXP(\"Line protocol on Interface \\S+, changed state to \\S+\"):msg@>", + "msg_id" : "Cisco_Router:lineprotocol_updown", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>: <@REGEXP(\"-Traceback= .+\"):msg@>", + "msg_id" : "Cisco_Router:traceback", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%SYS-3-CPUHOG\"):msg_id@>: <@REGEXP(\"Task is running for \\S+msecs, more than \\S+msecs \\S+,process = .+\"):msg@>", + "msg_id" : "Cisco_Router:cpuhog", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%STANDBY-6-STATECHANGE\"):msg_id@>: <@REGEXP(\"\\S+ Group \\d+ state \\S+ -> \\S+\"):msg@>", + "msg_id" : "Cisco_Router:standby_statechange", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%WS_ALARM-6-INFO\"):msg_id@>: <@REGEXP(\"\\S+ INFO \\S+ Physical Port Administrative State \\S+\"):msg@>", + "msg_id" : "Cisco_Router:port_administrative_state", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%WS_ALARM-6-INFO\"):msg_id@>: <@REGEXP(\"\\S+ CRITICAL \\S+ Physical Port Link \\S+\"):msg@>", + "msg_id" : "Cisco_Router:physical_port_link", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%LINK-5-CHANGED\"):msg_id@>: <@REGEXP(\"Interface \\S+, changed state to .+\"):msg@>", + "msg_id" : "Cisco_Router:interface_changed_state", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%AMDP2_FE-3-UNDERFLO\"):msg_id@>: <@REGEXP(\"\\S+ transmit error\"):msg@>", + "msg_id" : "Cisco_Router:transmit_error", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%OSPF-5-ADJCHG\"):msg_id@>: <@REGEXP(\".+, Neighbor Down: .+\"):msg@>", + "msg_id" : "Cisco_Router:ospf_neighbor_down", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%OSPF-5-ADJCHG\"):msg_id@>: <@REGEXP(\".+, Loading Done\"):msg@>", + "msg_id" : "Cisco_Router:ospf_loading_done", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%RCMD-4-RSHPORTATTEMPT\"):msg_id@>: <@REGEXP(\"Attempted to connect to RSHELL from .+\"):msg@> ", + "msg_id" : "Cisco_Router:attempted_connect_rshell", + "table" : "Message", + "taxonomy" : "Access", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%ENVM-6-PSLEV\"):msg_id@>: <@REGEXP(\"Power \\wupply .+ state changed.+\"):msg@>", + "msg_id" : "Cisco_Router:power_supply_state_changed", + "table" : "Message", + "taxonomy" : "Hardware.Power", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%RADIUS-3-ALLDEADSERVER\"):msg_id@>: <@REGEXP(\".*No active radius servers found.+\"):msg@>", + "msg_id" : "Cisco_Router:no_radius_servers_found", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%RADIUS-6-SERVERALIVE\"):msg_id@>: <@REGEXP(\".*Radius server .+ is responding again.+\"):msg@>", + "msg_id" : "Cisco_Router:radius_server_responding_again", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%NSE100-3-VA_ERROR\"):msg_id@>: <@REGEXP(\".+ ASIC detected an error condition: .+\"):msg@>", + "msg_id" : "Cisco_Router:asic_detected_error_condition", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%CLEAR-5-COUNTERS\"):msg_id@>: <@REGEXP(\"Clear counter on .+\"):msg@>", + "msg_id" : "Cisco_Router:clear_counter", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%BGP-3-NOTIFICATION\"):msg_id@>: <@REGEXP(\"received from neighbor .+ \\d+ bytes\"):msg@>", + "msg_id" : "Cisco_Router:bgp_received_from_neighbor", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%HSRP-5-STATECHANGE\"):msg_id@>: <@REGEXP(\".+ state \\w+ -> \\w+\"):msg@>", + "msg_id" : "Cisco_Router:hsrp_state_change", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%SYS-5-RELOAD\"):msg_id@>: <@REGEXP(\"Reload requested by .+\"):msg@>", + "msg_id" : "Cisco_Router:reload_requested_by", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%BGP-6-BIGCHUNK\"):msg_id@>: <@REGEXP(\"Big chunk pool request .+\"):msg@>", + "msg_id" : "Cisco_Router:big_chunk_pool_request", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + } + ], + "version" : "200801250001", + "name" : "Cisco_Router", + "description" : "Cisco Router Service" +} diff --git a/conf/logmanagement/services/Cisco_Router_Traffic.json b/conf/logmanagement/services/Cisco_Router_Traffic.json new file mode 100644 index 0000000..009ed73 --- /dev/null +++ b/conf/logmanagement/services/Cisco_Router_Traffic.json @@ -0,0 +1,36 @@ +{ + "icon" : "companies/logo_cisco", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%SEC-6-IPACCESSLOGP\"):msg_id@>: list <@WORD:acl@> <@WORD:status@> <@WORD:protocol@> <@IP_ADDR:src_addr@>(<@NUMBER:src_port@>) -> <@IP_ADDR:dst_addr@>(<@NUMBER:dst_port@>), <@NUMBER:nb_packets@> <@REGEXP(\"packet.*\"):NULL@>", + "msg_id" : "Cisco_Router_Traffic:traffic1", + "table" : "Cisco_Router_traffic", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%SEC-6-IPACCESSLOGDP\"):msg_id@>: list <@WORD:acl@> <@WORD:status@> <@WORD:protocol@> <@IP_ADDR:src_addr@> -> <@IP_ADDR:dst_addr@> (<@NUMBER:NULL@>/<@NUMBER:NULL@>), <@NUMBER:nb_packets@> <@REGEXP(\"packet.*\"):NULL@>", + "msg_id" : "Cisco_Router_Traffic:traffic2", + "table" : "Cisco_Router_traffic", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%SEC-6-IPACCESSLOGNP\"):msg_id@>: list <@WORD:acl@> <@WORD:status@> <@WORD:protocol@> <@IP_ADDR:src_addr@> -> <@IP_ADDR:dst_addr@>, <@NUMBER:nb_packets@> <@REGEXP(\"packet.*\"):NULL@>", + "msg_id" : "Cisco_Router_Traffic:traffic3", + "table" : "Cisco_Router_traffic", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%SEC-6-IPACCESSLOGS\"):msg_id@>: list <@WORD:acl@> <@WORD:status@> <@IP_ADDR:src_addr@> <@NUMBER:nb_packets@> <@REGEXP(\"packet.*\"):NULL@>", + "msg_id" : "Cisco_Router_Traffic:traffic4", + "table" : "Cisco_Router_traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + } + ], + "version" : "200705070002", + "name" : "Cisco_Router_Traffic", + "description" : "Cisco Router Traffic Service" +} diff --git a/conf/logmanagement/services/Cisco_Switch.json b/conf/logmanagement/services/Cisco_Switch.json new file mode 100644 index 0000000..2a67524 --- /dev/null +++ b/conf/logmanagement/services/Cisco_Switch.json @@ -0,0 +1,547 @@ +{ + "icon" : "companies/logo_cisco", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%SYS-5-CONFIG_I\"):msg_id@>: <@REGEXP(\"Configured from \\S+ by .+\"):msg@>", + "msg_id" : "Cisco_Switch:configured_from", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%LINEPROTO-5-UPDOWN\"):msg_id@>: <@REGEXP(\"Line protocol on Interface \\S+, changed state to \\S+\"):msg@>", + "msg_id" : "Cisco_Switch:line_protocol_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%LINK-3-UPDOWN\"):msg_id@>: <@REGEXP(\"Interface \\S+, changed state to .+\"):msg@>", + "msg_id" : "Cisco_Switch:interface_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%ETHCNTR-3-LOOP_BACK_DETECTED\"):msg_id@>: <@REGEXP(\"Loop-back detected on \\S+.\"):msg@>", + "msg_id" : "Cisco_Switch:loopback_detected", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%PM-4-ERR_DISABLE\"):msg_id@>: <@REGEXP(\".+ error detected on .+ in err-disable state\"):msg@>", + "msg_id" : "Cisco_Switch:error_detected_disable_state", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%CLEAR-5-COUNTERS\"):msg_id@>: <@REGEXP(\"Clear counter on interface \\S+ by .+\"):msg@>", + "msg_id" : "Cisco_Switch:clear_counter_interface", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%MGMT-5-LOGIN_FAIL\"):msg_id@>:<@REGEXP(\"User.+failed to log in from .+ - max attempt reached\"):msg@>", + "msg_id" : "Cisco_Switch:max_failed_login", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%CLEAR-5-COUNTERS\"):msg_id@>: <@REGEXP(\"Clear counter on all interfaces by .+\"):msg@>", + "msg_id" : "Cisco_Switch:clear_counter_interfaces", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%SYS-5-SPAN_CFGSTATECHG\"):msg_id@>:<@REGEXP(\"local span session \\S+tive for destination port \\S+\"):msg@>", + "msg_id" : "Cisco_Switch:local_span_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%MGMT-5-ENABLE_FAIL\"):msg_id@>:<@REGEXP(\"User.* failed to enter enable mode .+\"):msg@>", + "msg_id" : "Cisco_Switch:failed_enter_enable", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%MGMT-6-ENABLEPASS\"):msg_id@>:<@REGEXP(\"User .*entered enable mode from .+\"):msg@>", + "msg_id" : "Cisco_Switch:entered_enable", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%MGMT-6-LOGINPASS\"):msg_id@>:<@REGEXP(\"User .*logged in from .+\"):msg@>", + "msg_id" : "Cisco_Switch:user_logged_in", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%RADIUS-5-ALLDEADSERVER\"):msg_id@>:<@REGEXP(\"All Radius servers dead:.+\"):msg@>", + "msg_id" : "Cisco_Switch:radius_servers_dead", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%RADIUS-5-SERVERALIVE\"):msg_id@>:<@REGEXP(\"Radius server .+ alive\"):msg@>", + "msg_id" : "Cisco_Switch:radius_server_alive", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%IP-3-TCP_BADCKSUM\"):msg_id@>:<@REGEXP(\"TCP bad checksum\"):msg@>", + "msg_id" : "Cisco_Switch:tcp_bad_checksum", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%LINK-5-CHANGED\"):msg_id@>: <@REGEXP(\"Interface \\S+, changed state to administratively \\S+\"):msg@>", + "msg_id" : "Cisco_Switch:link_changed_state", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%DTP-5-TRUNKPORTON\"):msg_id@>:<@REGEXP(\"Port \\S+ has become dot1q trunk\"):msg@>", + "msg_id" : "Cisco_Switch:become_dot1q_trunk", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%DTP-5-NONTRUNKPORTON\"):msg_id@>:<@REGEXP(\"Port \\S+ has become non-trunk\"):msg@>", + "msg_id" : "Cisco_Switch:become_nontrunk", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%RADIUS-4-RADIUS_DEAD\"):msg_id@>: <@REGEXP(\"RADIUS server \\S+ is not responding.\"):msg@>", + "msg_id" : "Cisco_Switch:radius_server_not_responding", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%SYS-5-RESTART\"):msg_id@>: <@REGEXP(\"System restarted.+\"):msg@>", + "msg_id" : "Cisco_Switch:system_restarted", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%CDP-4-NATIVE_VLAN_MISMATCH\"):msg_id@>: <@REGEXP(\"Native VLAN mismatch discovered on .+\"):msg@>", + "msg_id" : "Cisco_Switch:vlan_mismatch_discovered", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%CDP-4-NVLANMISMATCH\"):msg_id@>:<@REGEXP(\"Native vlan mismatch detected on port .+\"):msg@>", + "msg_id" : "Cisco_Switch:native_vlan_mismatch_detected", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%SPANTREE-2-UNBLOCK_CONSIST_PORT\"):msg_id@>: <@REGEXP(\"Unblocking .+ on .+. Port consistency restored.\"):msg@>", + "msg_id" : "Cisco_Switch:port_consistency_restored", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%SYS-5-RELOAD\"):msg_id@>: <@REGEXP(\"Reload requested\"):msg@>", + "msg_id" : "Cisco_Switch:reload_requested", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>: <@REGEXP(\"Compiled .+ by .+\"):msg@>", + "msg_id" : "Cisco_Switch:compiled_by", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>: <@REGEXP(\"Copyright .+ Cisco Systems, Inc.*\"):msg@>", + "msg_id" : "Cisco_Switch:copyright_cisco", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".+Cisco IOS Software, .+\"):msg@>", + "msg_id" : "Cisco_Switch:cisco_release", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%RADIUS-3-ALLDEADSERVER\"):msg_id@>: <@REGEXP(\".*No active radius servers found.+\"):msg@>", + "msg_id" : "Cisco_Switch:no_active_radius_found", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%RADIUS-6-SERVERALIVE\"):msg_id@>: <@REGEXP(\".*Radius server .+ is responding again.+\"):msg@>", + "msg_id" : "Cisco_Switch:radius_server_responding_again", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%MGMT-6-LOGINPASS\"):msg_id@>:<@REGEXP(\"User.+logged in from Console\"):msg@>", + "msg_id" : "Cisco_Switch:user_logged_from_console", + "table" : "Message", + "taxonomy" : "Access.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%SYS-5-MOD_OK:Module .+ is online\"):msg@>", + "msg_id" : "Cisco_Switch:module_is_online", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%SYS-3-MOD_PORTINTFINSYNC:Port Interface in sync for Module .+\"):msg@>", + "msg_id" : "Cisco_Switch:port_interface_in_sync", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%EC-5-CANNOT_BUNDLE2\"):msg_id@>: <@REGEXP(\".+ is not compatible with .+ and will be suspended (vlan mask is different)\"):msg@>", + "msg_id" : "Cisco_Switch:vlan_mask_different", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%SYS-1-SYS_DISABLEPS\"):msg_id@>: <@REGEXP(\"Rating of power supplies in redundancy not equal, power supply \\S+ disabled\"):msg@>", + "msg_id" : "Cisco_Switch:power_supply_disabled", + "table" : "Message", + "taxonomy" : "Hardware.Power", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%SYS-5-SUP_IMGSYNCFINISH\"):msg_id@>:<@REGEXP(\"Active supervisor has synchronized .+\"):msg@>", + "msg_id" : "Cisco_Switch:supervisor_has_synchronized", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%SYS-5-SUP_IMGSYNCSTART\"):msg_id@>:<@REGEXP(\"Active supervisor is synchronizing .+\"):msg@>", + "msg_id" : "Cisco_Switch:supervisor_is_synchronizing", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%SYS-5-SYS_RESET\"):msg_id@>:<@REGEXP(\"System reset from .+\"):msg@>", + "msg_id" : "Cisco_Switch:system_reset_from", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%SYS-5-SUP_MODSBY\"):msg_id@>:<@REGEXP(\"Module .+ is in standby mode\"):msg@>", + "msg_id" : "Cisco_Switch:module_in_standby_mode", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%SYS-5-PORT_SSUPOK\"):msg_id@>:<@REGEXP(\"Ports on standby .+ are up\"):msg@>", + "msg_id" : "Cisco_Switch:ports_on_standby_up", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%SYS-5-SUP_IMGSYNC\"):msg_id@>:<@REGEXP(\"File synchronization process will start in .+\"):msg@> ", + "msg_id" : "Cisco_Switch:file_synchronization_will_start", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%CDP-4-DUPLEX_MISMATCH\"):msg_id@>: <@REGEXP(\"duplex mismatch discovered on .+\"):msg@>", + "msg_id" : "Cisco_Switch:cdp_duplex_mismatch_discovered", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%SYS-2-PS_FAIL\"):msg_id@>:<@REGEXP(\"Power supply .+ failed\"):msg@>", + "msg_id" : "Cisco_Switch:power_supply_failed", + "table" : "Message", + "taxonomy" : "Hardware.Power", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%SYS-1-SYS_ENABLEPS\"):msg_id@>: <@REGEXP(\"Power supply .+ enabled\"):msg@>", + "msg_id" : "Cisco_Switch:power_supply_enabled", + "table" : "Message", + "taxonomy" : "Hardware.Power", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%RADIUS-4-RADIUS_ALIVE\"):msg_id@>: <@REGEXP(\"RADIUS server .+ has returned.\"):msg@>", + "msg_id" : "Cisco_Switch:radius_server_has_returned", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%RADIUS-3-SECRETDEFINEFAILED\"):msg_id@>: <@REGEXP(\"Key definition ignored.\"):msg@>", + "msg_id" : "Cisco_Switch:secret_key_definition_ignored", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%SSH-5-ENABLED\"):msg_id@>: <@REGEXP(\"SSH \\S+ has been enabled\"):msg@>", + "msg_id" : "Cisco_Switch:ssh_been_enabled", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%SYS-6-CLOCKUPDATE\"):msg_id@>: <@REGEXP(\"System clock has been updated from .+\"):msg@>", + "msg_id" : "Cisco_Switch:system_clock_updated", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%LINK-4-ERROR\"):msg_id@>: <@REGEXP(\"\\S+ is experiencing errors\"):msg@>", + "msg_id" : "Cisco_Switch:fast_ethernet_error", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%SYS-5-PS_REMOVE\"):msg_id@>:<@REGEXP(\"Power supply \\d+ has been removed\"):msg@>", + "msg_id" : "Cisco_Switch:power_supply_been_removed", + "table" : "Message", + "taxonomy" : "Hardware.Power", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%SYS-5-PS_INSERT\"):msg_id@>:<@REGEXP(\"Power supply \\d+ has been inserted\"):msg@>", + "msg_id" : "Cisco_Switch:power_supply_been_inserted", + "table" : "Message", + "taxonomy" : "Hardware.Power", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%SYS-2-PS_OK\"):msg_id@>:<@REGEXP(\"Power supply \\d+ okay\"):msg@>", + "msg_id" : "Cisco_Switch:power_supply_okay", + "table" : "Message", + "taxonomy" : "Hardware.Power", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%SW_MATM-4-MACFLAP_NOTIF\"):msg_id@>: <@REGEXP(\"Host .+ is flapping .+\"):msg@>", + "msg_id" : "Cisco_Switch:host_is_flapping", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%STACKMGR-4-STACK_LINK_CHANGE\"):msg_id@>: <@REGEXP(\"Stack .+ has changed to state .+\"):msg@>", + "msg_id" : "Cisco_Switch:stack_changed_state", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%STACKMGR-4-SWITCH_ADDED\"):msg_id@>: <@REGEXP(\"Switch .+ has been ADDED to the stack.*\"):msg@>", + "msg_id" : "Cisco_Switch:switch_added_to_stack", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%STACKMGR-5-.+_READY\"):msg_id@>: <@REGEXP(\".*Switch \\d+ is READY.*\"):msg@>", + "msg_id" : "Cisco_Switch:switch_is_ready", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%SYS-4-PS1_EMPTYALERT\"):msg_id@>:<@REGEXP(\"Single power supply system should utilize slot.+\"):msg@>", + "msg_id" : "Cisco_Switch:power_supply_should_utilize", + "table" : "Message", + "taxonomy" : "Hardware.Power", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%EC-5-CANNOT_BUNDLE2\"):msg_id@>: <@REGEXP(\"\\S+ is not compatible with \\S+ and will be suspended .+\"):msg@>", + "msg_id" : "Cisco_Switch:incompatible_will_be_suspended", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%EC-5-ERRPROT\"):msg_id@>: <@REGEXP(\"Channel protocol mismatch for interface .+\"):msg@>", + "msg_id" : "Cisco_Switch:channel_protocol_mismatch", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%EC-5-L3DONTBNDL2\"):msg_id@>: <@REGEXP(\"\\S+ suspended: LACP currently not enabled on the remote port.\"):msg@>", + "msg_id" : "Cisco_Switch:lacp_not_enabled", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%EC-5-COMPATIBLE\"):msg_id@>: <@REGEXP(\"\\S+ is compatible with port-channel members\"):msg@>", + "msg_id" : "Cisco_Switch:compatible_with_portchannel_members", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%SPANTREE-5-EXTENDED_SYSID\"):msg_id@>: <@REGEXP(\"Extended SysId enabled for .+\"):msg@>", + "msg_id" : "Cisco_Switch:extended_sysid_enabled", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%EC-5-ERRPROT\\d+\"):msg_id@>: <@REGEXP(\"Command rejected: .+\"):msg@>", + "msg_id" : "Cisco_Switch:command_rejected", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%STORM_CONTROL-3-SHUTDOWN\"):msg_id@>: <@REGEXP(\"A packet storm was detected on .+\\. The interface has been disabled.\"):msg@>", + "msg_id" : "Cisco_Switch:packet_storm_detected", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%STORM_CONTROL-2-SHUTDOWN\"):msg_id@>: <@REGEXP(\"Storm control shut down .+\"):msg@>", + "msg_id" : "Cisco_Switch:storm_control_shut_down", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%PORT_SECURITY-2-PSECURE_VIOLATION\"):msg_id@>: <@REGEXP(\"Security violation occurred, caused by MAC address .+ on port \\S+\"):msg@>.", + "msg_id" : "Cisco_Switch:security_violation_occured", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%SW_MATM-4-MACFLAP_NOTIF\"):msg_id@>: <@REGEXP(\"Host .+ in vlan \\S+ is flapping between port \\S+ and port \\S+\"):msg@>", + "msg_id" : "Cisco_Switch:host_is_flapping", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%DHCP_SNOOPING-5 -DHCP_SNOOPING_.+\"):msg_id@>: <@REGEXP(\"DHCP_SNOOPING drop message .+\"):msg@>", + "msg_id" : "Cisco_Switch:dhcp_snooping", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%C4K_EBM-4-HOSTF LAPPING\"):msg_id@>: <@REGEXP(\"Host .+ in vlan \\S+ is flapping between port \\S+ and port \\S+\"):msg@>", + "msg_id" : "Cisco_Switch:host_is_flapping_2", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%STORM_CONTROL-3 -FILTERED\"):msg_id@>: <@REGEXP(\"A Broadcast storm detected on .+\\. A packet filter action has been applied on the int erface.\"):msg@>", + "msg_id" : "Cisco_Switch:broadcast_storm_detected", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%SSH-4-SSH2_UNEX PECTED_MSG\"):msg_id@>: <@REGEXP(\"Unexpected message type has arrived. Terminating the connection\"):msg@>", + "msg_id" : "Cisco_Switch:ssh_unexpected_message_type", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%DHCPD-4-PING_CONFLICT\"):msg_id@>: <@REGEXP(\"DHCP address conflict:.+\"):msg@>", + "msg_id" : "Cisco_Switch:dhcp_address_conflict", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%PARSER-5-CFGLOG_LOGGEDCMD\"):msg_id@>: <@REGEXP(\"User:.+ logged command:.+\"):msg@>", + "msg_id" : "Cisco_Switch:user_logged_command", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%PM-4-ERR_RECOVER\"):msg_id@>: <@REGEXP(\"Attempting to recover from loopback err-disable state on \\S+\"):msg@>", + "msg_id" : "Cisco_Switch:attempting_recover_from_loopback", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%ETHCNTR-3-LOOP_BACK_DETECTED\"):msg_id@>: <@REGEXP(\"Keepalive packet loop-back detected on \\S+\"):msg@>", + "msg_id" : "Cisco_Switch:keepaine_packet_loopback_detected", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>: <@REGEXP(\"\\%SYS-6-LOGGINGHOST_STARTSTOP\"):msg_id@>: <@REGEXP(\"Logging to host \\S+ Port \\S+ started - CLI initiated\"):msg@>", + "msg_id" : "Cisco_Switch:logging_started_cli_initiated", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%ETHC-5-PORTTOSTP\"):msg_id@>:<@REGEXP(\"Port \\S+ joined bridge port \\S+\"):msg@>", + "msg_id" : "Cisco_Switch:joined_bridge_port", + "table" : "Message", + "taxonomy" : "Hardware.Network", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@> <@REGEXP(\"\\%ETHC-5-PORTFROMSTP\"):msg_id@>:<@REGEXP(\"Port \\S+ left bridge port \\S+\"):msg@>", + "msg_id" : "Cisco_Switch:left_bridge_port", + "table" : "Message", + "taxonomy" : "Hardware.Network", + "loglevel" : "Warning" + } + ], + "version" : "201402010006", + "name" : "Cisco_Switch", + "description" : "Cisco Switch Service" +} diff --git a/conf/logmanagement/services/Cisco_VPN_Client.json b/conf/logmanagement/services/Cisco_VPN_Client.json new file mode 100644 index 0000000..6209c57 --- /dev/null +++ b/conf/logmanagement/services/Cisco_VPN_Client.json @@ -0,0 +1,23 @@ +{ + "icon" : "companies/logo_cisco", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"vpnc\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"select: Interrupted system call\"):msg@>", + "msg_id" : "Cisco_VPN_Client:interrupted_system_call", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"vpnc\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"connection terminated by peer\"):msg@>", + "msg_id" : "Cisco_VPN_Client:connection_terminated_by_peer", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "", + "version" : "201004280003", + "name" : "Cisco_VPN_Client", + "description" : "Cisco VPN Client Service" +} diff --git a/conf/logmanagement/services/ClamAV.json b/conf/logmanagement/services/ClamAV.json new file mode 100644 index 0000000..87f8098 --- /dev/null +++ b/conf/logmanagement/services/ClamAV.json @@ -0,0 +1,127 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freshclam\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ClamAV update process started at .+\"):msg@>", + "msg_id" : "ClamAV:clamav_update_process_started", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freshclam\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Reading CVD header .+\"):msg@>", + "msg_id" : "ClamAV:reading_CVD_header", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freshclam\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* is up to date .+\"):msg@>", + "msg_id" : "ClamAV:is_up_to_date", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freshclam\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Invalid DNS reply. Falling back to HTTP mode.\"):msg@>", + "msg_id" : "ClamAV:invalid_dns_reply", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freshclam\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Can't query current.cvd.clamav.net\"):msg@>", + "msg_id" : "ClamAV:cant_query_clamav_net", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freshclam\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Connecting via .+\"):msg@>", + "msg_id" : "ClamAV:connecting_via", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freshclam\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Received signal: wake up\"):msg@>", + "msg_id" : "ClamAV:received_signal_wake_up", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freshclam\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"OK.*\"):msg@>", + "msg_id" : "ClamAV:ok", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freshclam\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Database updated .+ from db.local.clamav.net\"):msg@>", + "msg_id" : "ClamAV:database_updated", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freshclam\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Clamd successfully notified about the update.\"):msg@>", + "msg_id" : "ClamAV:clamd_successfully_notified_update", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freshclam\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Your ClamAV installation is OUTDATED!\"):msg@>", + "msg_id" : "ClamAV:clamav_installation_outdated", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freshclam\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Current functionality level = \\d+, recommended = \\d+\"):msg@>", + "msg_id" : "ClamAV:current_functionality_level_recommended", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freshclam\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Can't read .+ from db.local.clamav.net.*\"):msg@>", + "msg_id" : "ClamAV:cant_read_clamav_net", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freshclam\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"daily.c[lv]d updated.*\"):msg@>", + "msg_id" : "ClamAV:daily_updated", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freshclam\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Downloading .+\"):msg@>", + "msg_id" : "ClamAV:downloading", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freshclam\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Trying again in 5 secs.*\"):msg@>", + "msg_id" : "ClamAV:trying_again_5_secs", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freshclam\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"DON'T PANIC!.*\"):msg@>", + "msg_id" : "ClamAV:dont_panic", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "http://www.clamav.net/", + "version" : "200912140001", + "name" : "ClamAV", + "description" : "Clam AntiVirus Service" +} diff --git a/conf/logmanagement/services/Cracklib.json b/conf/logmanagement/services/Cracklib.json new file mode 100644 index 0000000..94efbe4 --- /dev/null +++ b/conf/logmanagement/services/Cracklib.json @@ -0,0 +1,21 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cracklib:.+updated dictionary.+\"):msg@>", + "msg_id" : "Cracklib:updated_dictionary", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cracklib: no dictionary update necessary.\"):msg@>", + "msg_id" : "Cracklib:no_dictionary_update_necessary", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "version" : "200812170003", + "name" : "Cracklib", + "description" : "Pro-active password checker library" +} diff --git a/conf/logmanagement/services/Cron.json b/conf/logmanagement/services/Cron.json new file mode 100644 index 0000000..2236efb --- /dev/null +++ b/conf/logmanagement/services/Cron.json @@ -0,0 +1,239 @@ +{ + "icon" : "operating_systems/os_linux_generic", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*CRON.*\"):daemon@>[<@PID:pid@>]: (<@STRING:user@>) CMD (<@STRING:msg@>)", + "msg_id" : "Cron:cmd", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*CRON.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*session closed for user .+\"):msg@>", + "msg_id" : "Cron:session_closed_for_user", + "table" : "Message", + "taxonomy" : "Access.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*CRON.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*session opened for user .+\"):msg@>", + "msg_id" : "Cron:session_opened_for_user", + "table" : "Message", + "taxonomy" : "Access.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*crontab.*\"):daemon@>[<@PID:pid@>]: (<@STRING:user@>) <@REGEXP(\"BEGIN EDIT.+\"):msg@>", + "msg_id" : "Cron:crontab_begin_edit", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*crontab.*\"):daemon@>[<@PID:pid@>]: (<@STRING:user@>) <@REGEXP(\"END EDIT.+\"):msg@>", + "msg_id" : "Cron:crontab_end_edit", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*crontab.*\"):daemon@>[<@PID:pid@>]: (<@STRING:user@>) <@REGEXP(\"LIST.+\"):msg@>", + "msg_id" : "Cron:crontab_list", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*cron.*\"):daemon@>[<@PID:pid@>]: (<@WORD:user@>) <@REGEXP(\"MAIL .+\"):msg@>", + "msg_id" : "Cron:mail", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*cron.*\"):daemon@>[<@PID:pid@>]: (<@STRING:user@>) <@REGEXP(\"STARTUP .+\"):msg@>", + "msg_id" : "Cron:startup", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*crond.*\"):daemon@>[<@PID:pid@>]: (<@WORD:user@>) <@REGEXP(\"ORPHAN .+\"):msg@> ", + "msg_id" : "Cron:orphan", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*CRON.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"nss_ldap: reconnected to LDAP server after \\d+ attempt\\(s\\)\"):msg@> ", + "msg_id" : "Cron:reconnected_ldap_after", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*CRON.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"nss_ldap: reconnecting to LDAP server...\"):msg@>", + "msg_id" : "Cron:reconnecting_ldap_server", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*cron.*\"):daemon@>[<@PID:pid@>]: (<@WORD:user@>) <@REGEXP(\"INFO \\(.+ing @reboot jobs.+\"):msg@>", + "msg_id" : "Cron:reboot_jobs", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*cron.*\"):daemon@>[<@PID:pid@>]: (<@WORD:user@>) <@REGEXP(\"INFO \\(pidfile fd = \\d+\\)\"):msg@> ", + "msg_id" : "Cron:pidfile_fd", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*crontab.*\"):daemon@>[<@PID:pid@>]: (<@WORD:user@>) <@REGEXP(\"REPLACE .+\"):msg@>", + "msg_id" : "Cron:crontab_replace", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*CRON.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"nss_ldap: could not search LDAP server.+\"):msg@>", + "msg_id" : "Cron:couldnt_search_ldap", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*CRON.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Permission denied\"):msg@> ", + "msg_id" : "Cron:permission_denied", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*CRON.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"pam_ldap: .+ Timed out\"):msg@> ", + "msg_id" : "Cron:pam_ldap_timed_out", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*cron.*\"):NULL@>[<@PID:pid@>]: (<@STRING:user@>) <@REGEXP(\"RELOAD .+\"):msg@>", + "msg_id" : "Cron:reload", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*CRON.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"nss_ldap: failed to bind to LDAP server .+\"):msg@>", + "msg_id" : "Cron:failed_bind_ldap_server", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*CRON.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"nss_ldap: reconnected to LDAP server .+\"):msg@>", + "msg_id" : "Cron:reconnected_to_ldap_server", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*CRON.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"nss_ldap: could not connect to any LDAP server .+\"):msg@>", + "msg_id" : "Cron:couldnt_connect_ldap_server", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*CRON.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"PAM unable to dlopen.+\"):msg@>", + "msg_id" : "Cron:pam_unable_dlopen", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*CRON.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"PAM adding faulty module: .+\"):msg@>", + "msg_id" : "Cron:pam_adding_faulty_module", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*CRON.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"PAM \\[dlerror: .+: cannot open shared object file: No such file or directory\\]\"):msg@> ", + "msg_id" : "Cron:cannot_open_shared_object", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*crond.*\"):daemon@>[<@PID:pid@>]: (<@STRING:user@>) MAIL (<@STRING:msg@>) ", + "msg_id" : "Cron:mail2", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*CRON.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"nss_ldap: could not soft reconnect to LDAP server.+\"):msg@>", + "msg_id" : "Cron:couldnt_soft_reconnect_ldap", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*cron.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\(CRON\\) DEATH .+\"):msg@>", + "msg_id" : "Cron:death", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*CRON.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"nss_ldap: could not get LDAP result.+\"):msg@>", + "msg_id" : "Cron:couldnt_get_ldap_result", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*cron.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Error: bad hour; .+\"):msg@>", + "msg_id" : "Cron:error_bad_hour", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*cron.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Error: bad command;.+\"):msg@>", + "msg_id" : "Cron:error_bad_command", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*cron.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Error: bad username; while reading .+\"):msg@>", + "msg_id" : "Cron:error_bad_username", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*CRON.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Authentication service cannot retrieve authentication info\"):msg@>", + "msg_id" : "Cron:cannot_retrieve_authentication_info", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*CRON.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\(CRON\\) info \\(No MTA installed, discarding output\\)\"):msg@>", + "msg_id" : "Cron:no_mta_installed", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "version" : "201211060001", + "name" : "Cron", + "description" : "Cron Service" +} diff --git a/conf/logmanagement/services/Cyclades.json b/conf/logmanagement/services/Cyclades.json new file mode 100644 index 0000000..560c525 --- /dev/null +++ b/conf/logmanagement/services/Cyclades.json @@ -0,0 +1,85 @@ +{ + "icon" : "companies/logo_avocent", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S+\"):NULL@> <@IP_ADDR:NULL@> <@REGEXP(\"EVT\\[2\\]: A user logged into the appliance.\"):msg@> User: <@WORD:user@>. Session type: <@NUMBER:session_type@>. ", + "msg_id" : "Cyclades:user_logged_in", + "table" : "Cyclades", + "taxonomy" : "Access.Success", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S+\"):NULL@> <@IP_ADDR:NULL@> <@REGEXP(\"EVT\\[3\\]: A user logged out of the appliance.\"):msg@> User: <@WORD:user@>. Session type: <@NUMBER:session_type@>. ", + "msg_id" : "Cyclades:user_logged_out", + "table" : "Cyclades", + "taxonomy" : "Access", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S+\"):NULL@> <@IP_ADDR:NULL@> <@REGEXP(\"EVT\\[5\\]: KVM session started.\"):msg@> User: <@WORD:user@>. Port name: <@WORD:port_name@>. Port number: <@NUMBER:port_number@> Session Type: <@NUMBER:session_type@>. ", + "msg_id" : "Cyclades:KVM_session_started", + "table" : "Cyclades", + "taxonomy" : "Access.Success", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S+\"):NULL@> <@IP_ADDR:NULL@> <@REGEXP(\"EVT\\[6\\]: KVM session stopped.\"):msg@> User: <@WORD:user@>. Port name: <@WORD:port_name@>. Port number: <@NUMBER:port_number@> Session Type: <@NUMBER:session_type@>. ", + "msg_id" : "Cyclades:KVM_session_stopped", + "table" : "Cyclades", + "taxonomy" : "Access", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S+\"):NULL@> <@IP_ADDR:NULL@> <@REGEXP(\"EVT\\[4\\]: User authentication failed.\"):msg@> User: <@WORD:user@>. ", + "msg_id" : "Cyclades:User_authentication_failed", + "table" : "Cyclades", + "taxonomy" : "Access.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S+\"):NULL@> <@IP_ADDR:NULL@> <@REGEXP(\"EVT\\[16\\]: New configuration activated by user\"):msg@>: <@WORD:user@>. ", + "msg_id" : "Cyclades:New_configuration_activated", + "table" : "Cyclades", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S+\"):NULL@> <@IP_ADDR:NULL@> <@REGEXP(\"EVT\\[11\\]: A daemon stopped.\"):msg@> User: <@WORD:user@>. Daemon name: <@WORD:daemon_name@>. ", + "msg_id" : "Cyclades:A_daemon_stopped", + "table" : "Cyclades", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S+\"):NULL@> <@IP_ADDR:NULL@> <@REGEXP(\"EVT\\[10\\]: A daemon started.\"):msg@> User: <@WORD:user@>. Daemon name: <@WORD:daemon_name@>.", + "msg_id" : "Cyclades:A_daemon_started", + "table" : "Cyclades", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S+\"):NULL@> <@IP_ADDR:NULL@> <@REGEXP(\"EVT\\[15\\]: Configuration saved to flash by user\"):msg@>: <@WORD:user@>. ", + "msg_id" : "Cyclades:Configuration_saved_to_flash", + "table" : "Cyclades", + "taxonomy" : "Config", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S+\"):NULL@> <@IP_ADDR:NULL@> <@REGEXP(\"EVT\\[12\\]: Admin session terminated. Command issued by user: \\S+. Terminated user\"):msg@>: <@WORD:user@>. ", + "msg_id" : "Cyclades:Admin_session_terminated", + "table" : "Cyclades", + "taxonomy" : "Access", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S+\"):NULL@> <@IP_ADDR:NULL@> <@REGEXP(\"EVT\\[17\\]: A user was added to the local user database. Command issued by user: \\S+. New user\"):msg@>: <@WORD:user@>. ", + "msg_id" : "Cyclades:A_user_was_added", + "table" : "Cyclades", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + } + ], + "version" : "200709260023", + "name" : "Cyclades", + "description" : "Cyclades KVM" +} diff --git a/conf/logmanagement/services/Cyrus_Mail.json b/conf/logmanagement/services/Cyrus_Mail.json new file mode 100644 index 0000000..9affb0f --- /dev/null +++ b/conf/logmanagement/services/Cyrus_Mail.json @@ -0,0 +1,99 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cyrus\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"archiving log file: .+\"):msg@>", + "msg_id" : "Cyrus_Mail:archiving_log_file", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cyrus\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"done checkpointing cyrus databases\"):msg@>", + "msg_id" : "Cyrus_Mail:done_checkpointing_cyrus_databases", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cyrus\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"checkpointing cyrus databases\"):msg@>", + "msg_id" : "Cyrus_Mail:checkpointing_cyrus_databases", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cyrus\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"archiving database file: .+\"):msg@>", + "msg_id" : "Cyrus_Mail:archiving_database_file", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cyrus\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"about to exec .+\"):msg@>", + "msg_id" : "Cyrus_Mail:about_to_exec", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cyrus\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"process \\d+ exited, status \\d+\"):msg@>", + "msg_id" : "Cyrus_Mail:process_exited", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cyrus\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"duplicate_prune: .+\"):msg@>", + "msg_id" : "Cyrus_Mail:duplicate_prune_action", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cyrus\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"tls_prune: .+\"):msg@>", + "msg_id" : "Cyrus_Mail:tls_prune_action", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cyrus\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"WARNING: cannot find executable for service '.+' -- ignored\"):msg@>", + "msg_id" : "Cyrus_Mail:cannot_find_executable_service", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cyrus\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\".*recovering cyrus databases\"):msg@>", + "msg_id" : "Cyrus_Mail:recovering_cyrus_databases", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cyrus\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"process started\"):msg@>", + "msg_id" : "Cyrus_Mail:process_started", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cyrus\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"ready for work\"):msg@>", + "msg_id" : "Cyrus_Mail:ready_for_work", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cyrus\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"executed\"):msg@>", + "msg_id" : "Cyrus_Mail:executed", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "http://cyrusimap.web.cmu.edu/", + "version" : "200901230004", + "name" : "Cyrus_Mail", + "description" : "Cyrus Mail Service" +} diff --git a/conf/logmanagement/services/DB2.json b/conf/logmanagement/services/DB2.json new file mode 100644 index 0000000..e166ccc --- /dev/null +++ b/conf/logmanagement/services/DB2.json @@ -0,0 +1,15 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"DB2\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Open of log file .+ failed .+\"):msg@>", + "msg_id" : "DB2:open_log_file_failed", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + } + ], + "website" : "", + "version" : "200905250002", + "name" : "DB2", + "description" : "DB2 Database Service" +} diff --git a/conf/logmanagement/services/DHCP.json b/conf/logmanagement/services/DHCP.json new file mode 100644 index 0000000..613fed1 --- /dev/null +++ b/conf/logmanagement/services/DHCP.json @@ -0,0 +1,64 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> dhcpd: <@REGEXP(\"DHCPREQUEST\"):action@> for <@IP_ADDR:client_ip@> from <@MAC_ADDR:client_mac@> (<@WORD:NULL@>) via <@NET_INTERFACE:server_nic@>", + "msg_id" : "DHCP:request", + "table" : "DHCP_Event", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> dhcpd: <@REGEXP(\"DHCPACK\"):action@> on <@IP_ADDR:client_ip@> to <@MAC_ADDR:client_mac@> (<@WORD:NULL@>) via <@NET_INTERFACE:server_nic@>", + "msg_id" : "DHCP:pack", + "table" : "DHCP_Event", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> dhcpd: <@REGEXP(\"Wrote \\d+ deleted host decls to leases file.\"):msg@>", + "msg_id" : "DHCP:writedeleted", + "table" : "DHCP_Event", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> dhcpd: <@REGEXP(\"Wrote \\d+ new dynamic host decls to leases file.\"):msg@>", + "msg_id" : "DHCP:writedynamic", + "table" : "DHCP_Event", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> dhcpd: <@REGEXP(\"Wrote \\d+ leases to leases file.\"):msg@>", + "msg_id" : "DHCP:writelease", + "table" : "DHCP_Event", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> dhcpd: <@REGEXP(\"DHCPDISCOVER\"):action@> from <@MAC_ADDR:client_mac@> (<@STRING:NULL@>) via <@NET_INTERFACE:server_nic@>", + "msg_id" : "DHCP:discover", + "table" : "DHCP_Event", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> dhcpd: <@REGEXP(\"DHCPOFFER\"):action@> on <@IP_ADDR:client_ip@> to <@MAC_ADDR:client_mac@> (<@STRING:NULL@>) via <@NET_INTERFACE:server_nic@>", + "msg_id" : "DHCP:offer", + "table" : "DHCP_Event", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> dhcpd: <@REGEXP(\"DHCPREQUEST\"):action@> for <@IP_ADDR:client_ip@> (<@STRING:NULL@>) from <@MAC_ADDR:client_mac@> via <@NET_INTERFACE:server_nic@>: <@REGEXP(\"unknown lease.+\"):msg@>", + "msg_id" : "DHCP:unknown_lease", + "table" : "DHCP_Event", + "taxonomy" : "Network", + "loglevel" : "Warning" + } + ], + "website" : "", + "version" : "201003080001", + "name" : "DHCP", + "description" : "ISC DHCP Server" +} diff --git a/conf/logmanagement/services/Dell_Switch.json b/conf/logmanagement/services/Dell_Switch.json new file mode 100644 index 0000000..a431308 --- /dev/null +++ b/conf/logmanagement/services/Dell_Switch.json @@ -0,0 +1,72 @@ +{ + "icon" : "companies/logo_dell", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> %<@REGEXP(\"AAA-E-AUTHFAIL\"):msg_id@>: <@REGEXP(\"Authentication failed for .+\"):msg@>", + "msg_id" : "Dell_Switch:authentication_failed_for", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> %<@REGEXP(\"MSCM-I-TERMTERMINATED\"):msg_id@>: <@REGEXP(\"SSH connection from .+ terminated\"):msg@> ", + "msg_id" : "Dell_Switch:ssh_connection_terminated", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> %<@REGEXP(\"COPY-W-TRAP\"):msg_id@>: <@REGEXP(\"The copy operation was completed successfully\"):msg@> ", + "msg_id" : "Dell_Switch:copy_completed_successfully", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> %<@REGEXP(\"MSCM-I-NEWTERM\"):msg_id@>: <@REGEXP(\"New SSH connection from .+\"):msg@>", + "msg_id" : "Dell_Switch:new_ssh_connection", + "table" : "Message", + "taxonomy" : "Auth", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> %<@REGEXP(\"LINK-W-Down\"):msg_id@>: <@STRING:msg@> ", + "msg_id" : "Dell_Switch:link_down", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> %<@REGEXP(\"LINK-I-Up\"):msg_id@>: <@STRING:msg@>", + "msg_id" : "Dell_Switch:link_up", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> %<@REGEXP(\"STP-W-PORTSTATUS\"):msg_id@>: <@REGEXP(\".+ STP status .+\"):msg@>", + "msg_id" : "Dell_Switch:stp_status", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> %<@REGEXP(\"MSCM-I-NEWTERM\"):msg_id@>: <@REGEXP(\"New TELNET connection from .+\"):msg@>", + "msg_id" : "Dell_Switch:new_telnet_connection", + "table" : "Message", + "taxonomy" : "Access.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> %<@REGEXP(\"MSCM-I-TERMTERMINATED\"):msg_id@>: <@REGEXP(\"TELNET connection from .+ terminated\"):msg@> ", + "msg_id" : "Dell_Switch:telnet_connection_terminated", + "table" : "Message", + "taxonomy" : "Access", + "loglevel" : "Information" + } + ], + "website" : "http://www.dell.com/content/products/category.aspx/networking?c=us&cs=555&l=en&s=biz", + "version" : "201002180009", + "name" : "Dell_Switch", + "description" : "Dell Switch Service" +} diff --git a/conf/logmanagement/services/DenyAll_Filtering.json b/conf/logmanagement/services/DenyAll_Filtering.json new file mode 100644 index 0000000..b3186f2 --- /dev/null +++ b/conf/logmanagement/services/DenyAll_Filtering.json @@ -0,0 +1,107 @@ +{ + "icon" : "companies/logo_denyall", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@STRING:proxy@> <@IP_ADDR:src_addr@> \"-\" [<@DATE_TIME_APACHE_ACCESS:NULL@>] RE <@WORD:rule@> <@WORD:action@> access to '<@WORD:http_method@> <@STRING:url@>", + "msg_id" : "DenyAll_Filtering:access_to1", + "table" : "DenyAll_Filtering", + "taxonomy" : "Other", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:instance@>: - <@IP_ADDR:src_addr@> \"-\" [<@DATE_TIME_APACHE_ACCESS:NULL@>] RE <@WORD:rule@> <@WORD:action@> access to '<@WORD:http_method@> <@STRING:url@>", + "msg_id" : "DenyAll_Filtering:access_to2", + "table" : "DenyAll_Filtering", + "taxonomy" : "Other", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:instance@>: <@STRING:proxy@> <@IP_ADDR:src_addr@> \"-\" [<@DATE_TIME_APACHE_ACCESS:NULL@>] RE <@WORD:rule@> <@WORD:action@> access to '<@WORD:http_method@> <@STRING:url@>", + "msg_id" : "DenyAll_Filtering:access_to3", + "table" : "DenyAll_Filtering", + "taxonomy" : "Other", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\"\\s*<\\w+ value=.+/>\\s*\"):NULL@>", + "msg_id" : "DenyAll_Filtering:soap_value", + "table" : "DenyAll_Filtering", + "taxonomy" : "Traffic", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\"<.*SOAP-ENV:.+>\"):NULL@> ", + "msg_id" : "DenyAll_Filtering:soap_env", + "table" : "DenyAll_Filtering", + "taxonomy" : "Traffic", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ xmlns:.+\"):NULL@>", + "msg_id" : "DenyAll_Filtering:xmlns", + "table" : "DenyAll_Filtering", + "taxonomy" : "Traffic", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\"<.+>\"):NULL@>", + "msg_id" : "DenyAll_Filtering:xml", + "table" : "DenyAll_Filtering", + "taxonomy" : "Traffic", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@REGEXP(\"\\S*'\"):NULL@> ", + "msg_id" : "DenyAll_Filtering:single_quote", + "table" : "DenyAll_Filtering", + "taxonomy" : "Traffic", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@REGEXP(\".*^M\"):NULL@> ", + "msg_id" : "DenyAll_Filtering:control_m", + "table" : "DenyAll_Filtering", + "taxonomy" : "Traffic", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@REGEXP(\".+\\\\n'\"):NULL@>", + "msg_id" : "DenyAll_Filtering:new_line", + "table" : "DenyAll_Filtering", + "taxonomy" : "Other", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: - <@IP_ADDR:src_addr@> \"-\" [<@DATE_TIME_APACHE_ACCESS:NULL@>] RE <@WORD:rule@> <@WORD:action@> access to '<@WORD:http_method@> <@STRING:url@>", + "msg_id" : "DenyAll_Filtering:access_to4", + "table" : "DenyAll_Filtering", + "taxonomy" : "Other", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\"\\S{200}.*\"):NULL@> ", + "msg_id" : "DenyAll_Filtering:big_word", + "table" : "DenyAll_Filtering", + "taxonomy" : "Other", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".{300}.*\"):NULL@>", + "msg_id" : "DenyAll_Filtering:big_string", + "table" : "DenyAll_Filtering", + "taxonomy" : "Other", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>:", + "msg_id" : "DenyAll_Filtering:empty", + "table" : "DenyAll_Filtering", + "taxonomy" : "Other", + "loglevel" : "Debug" + } + ], + "website" : "http://www.deny-all.com", + "version" : "201002120004", + "name" : "DenyAll_Filtering", + "description" : "DenyAll Filtering (eaccess.log) Service" +} diff --git a/conf/logmanagement/services/DenyAll_System.json b/conf/logmanagement/services/DenyAll_System.json new file mode 100644 index 0000000..e6771dc --- /dev/null +++ b/conf/logmanagement/services/DenyAll_System.json @@ -0,0 +1,254 @@ +{ + "icon" : "companies/logo_denyall", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ SSL handshake interrupted by system.+\"):msg@>", + "msg_id" : "DenyAll_System:sslhandshake_interrupted", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ Connection reset by peer.+\"):msg@>", + "msg_id" : "DenyAll_System:connection_reset_peer", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ SSL handshake failed.+\"):msg@>", + "msg_id" : "DenyAll_System:sslhandshake_failed", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ SSL handshake timed out.+\"):msg@> ", + "msg_id" : "DenyAll_System:sslhandshake_timed_out", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[error\\] .*No such file or directory: .+: error resolving name .+\"):msg@>", + "msg_id" : "DenyAll_System:error_resolving_name", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ SSL proxy connect failed.+\"):msg@>", + "msg_id" : "DenyAll_System:sslproxy_connect_failed", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[error\\] \\[client \\S+\\] .+: proxy connect to \\S+ port \\d+ failed\"):msg@> ", + "msg_id" : "DenyAll_System:proxy_connect_failed", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[notice\\] VALID LICENSE for \\d+/\\d+ server\\(s\\), \\d+ day\\(s\\).*\"):msg@>", + "msg_id" : "DenyAll_System:valid_license", + "table" : "DenyAll_System", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[notice\\] Accept mutex: sysvsem \\(Default: sysvsem\\)\"):msg@> ", + "msg_id" : "DenyAll_System:accept_mutex", + "table" : "DenyAll_System", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[notice\\] Apache configured -- resuming normal operations\"):msg@> ", + "msg_id" : "DenyAll_System:apache_configured", + "table" : "DenyAll_System", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@>: <@REGEXP(\"Syntax error on line \\d+ of .+:\"):msg@> ", + "msg_id" : "DenyAll_System:syntax_error", + "table" : "DenyAll_System", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:instance@>: <@REGEXP(\".+ \\[error\\] .+Connection timed out: proxy connect to .+ failed\"):msg@>", + "msg_id" : "DenyAll_System:proxy_timed_out", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[error\\] make_child: system load too high\"):msg@>", + "msg_id" : "DenyAll_System:load_too_high", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[error\\] fork: Unable to fork new process\"):msg@>", + "msg_id" : "DenyAll_System:unable_to_fork", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[error\\] make_child: system load is OK -> fork\\(\\) limitation removed\"):msg@>", + "msg_id" : "DenyAll_System:fork_limitation_removed", + "table" : "DenyAll_System", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[error\\] .+Permission denied: proxy: utimes.+\"):msg@>", + "msg_id" : "DenyAll_System:permission_denied_utimes", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ OpenSSL: error:.+\"):msg@> ", + "msg_id" : "DenyAll_System:openssl_error", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[error\\] .+ Invalid URI in request .+\"):msg@>", + "msg_id" : "DenyAll_System:invalid_uri_request", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+truerand: \\d+ bits generated.\"):msg@> ", + "msg_id" : "DenyAll_System:truerand_generated", + "table" : "DenyAll_System", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[error\\] server reached \\S+ setting, consider raising the \\S+ setting\"):msg@>", + "msg_id" : "DenyAll_System:server_reached_setting", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:instance@>: <@REGEXP(\".+ \\[warn\\] pid file .+ overwritten -- Unclean shutdown of previous Apache run\\?\"):msg@>", + "msg_id" : "DenyAll_System:apache_unclean_shutdown", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[error\\] .+Permission denied: EAccess: cannot open tmp file .+\"):msg@>", + "msg_id" : "DenyAll_System:cannot_open_tmp_file", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ SSL error on reading data.+\"):msg@>", + "msg_id" : "DenyAll_System:ssl_error_reading_data", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\"cat: write error: Broken pipe\"):msg@> ", + "msg_id" : "DenyAll_System:cat_broken_pipe", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[error\\].+Permission denied: proxy: error \\S+ing cache file .+\"):msg@>", + "msg_id" : "DenyAll_System:error_cache_file", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\"write error: Broken pipe\"):msg@> ", + "msg_id" : "DenyAll_System:write_error_broken_pipe", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> sProxy: <@REGEXP(\"Invalid command '.+'.*\"):msg@>", + "msg_id" : "DenyAll_System:invalid_command", + "table" : "DenyAll_System", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[error\\] mod_ssl: Child could not open SSLMutex lockfile.+\"):msg@>", + "msg_id" : "DenyAll_System:couldnt_open_sslmutex_file", + "table" : "DenyAll_System", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[error\\] System: No such file or directory.*\"):msg@>", + "msg_id" : "DenyAll_System:no_such_file_directory", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[error\\] \\[NOCACHE\\] This request was not cached but can be cached elsewhere :.+\"):msg@>", + "msg_id" : "DenyAll_System:request_was_not_cached", + "table" : "DenyAll_System", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[error\\] \\[client \\S+\\] File does not exist: .+\"):msg@>", + "msg_id" : "DenyAll_System:file_does_not_exist", + "table" : "DenyAll_System", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[error\\] \\[client \\S+\\] EAccess: truncated URL: .+\"):msg@>", + "msg_id" : "DenyAll_System:eaccess_truncated_url", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[error\\] \\[client \\S+\\] proxy: server returned a response without headers\"):msg@>", + "msg_id" : "DenyAll_System:response_without_headers", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[error\\] \\[client \\S+\\] .*Connection reset by peer: proxy: error reading from .+\"):msg@>", + "msg_id" : "DenyAll_System:proxy_error_reading_from", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@REGEXP(\".+ \\[error\\] \\[client \\S+\\] Client sent malformed Host header\"):msg@>", + "msg_id" : "DenyAll_System:sent_malformed_host_header", + "table" : "DenyAll_System", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://www.deny-all.com", + "version" : "200902160012", + "name" : "DenyAll_System", + "description" : "DenyAll System Service" +} diff --git a/conf/logmanagement/services/DenyAll_Traffic.json b/conf/logmanagement/services/DenyAll_Traffic.json new file mode 100644 index 0000000..2b8eda9 --- /dev/null +++ b/conf/logmanagement/services/DenyAll_Traffic.json @@ -0,0 +1,219 @@ +{ + "icon" : "companies/logo_denyall", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> <@BYTES:rec_bytes@> \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@>", + "msg_id" : "DenyAll_Traffic:product_recbytes", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> - \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@>", + "msg_id" : "DenyAll_Traffic:product_no_recbytes", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> <@BYTES:rec_bytes@> \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:total_time@> \"-\"", + "msg_id" : "DenyAll_Traffic:product_recbytes_no_3times", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> localhost \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@STRING:url@>\" <@NUMBER:status@> <@BYTES:rec_bytes@> <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@>", + "msg_id" : "DenyAll_Traffic:product_localhost_recbytes", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@STRING:instance@>: <@IP_ADDR:src_addr@> localhost \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@STRING:url@>\" <@NUMBER:status@> - <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@>", + "msg_id" : "DenyAll_Traffic:product_localhost_no_recbytes", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> <@BYTES:rec_bytes@> \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:denyall_time@>", + "msg_id" : "DenyAll_Traffic:product_recbytes_no_3times2", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> <@BYTES:rec_bytes@> \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@>", + "msg_id" : "DenyAll_Traffic:recbytes", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> - \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@>", + "msg_id" : "DenyAll_Traffic:no_recbytes", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> - \"<@STRING:referer@>\" \"<@STRING:browser@>\" [<@WORD:ssl_version@> <@WORD:ssl_bits@>] <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@>", + "msg_id" : "DenyAll_Traffic:ssl_no_rec_bytes", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> <@BYTES:rec_bytes@> \"<@STRING:referer@>\" \"<@STRING:browser@>\" [<@WORD:ssl_version@> <@WORD:ssl_bits@>] <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@>", + "msg_id" : "DenyAll_Traffic:ssl_rec_bytes", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"-\" 408 - \"-\" \"-\" <@FLOAT_NUMBER:denyall_time@>", + "msg_id" : "DenyAll_Traffic:error_408", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> <@BYTES:rec_bytes@> \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@> \"<@REGEXP(\"HIT from .+\"):NULL@>\"", + "msg_id" : "DenyAll_Traffic:hit_from", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> <@BYTES:rec_bytes@> \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@> \"<@REGEXP(\"MISS from \\S+\"):NULL@>\" ", + "msg_id" : "DenyAll_Traffic:miss_from", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> - \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@> \"<@REGEXP(\"MISS from \\S+\"):NULL@>\"", + "msg_id" : "DenyAll_Traffic:miss_from2", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> - \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@> \"<@REGEXP(\"HIT from .+\"):NULL@>\" ", + "msg_id" : "DenyAll_Traffic:hit_from2", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" <@BRACKETED_STRING:NULL@> \"-\" 408 - \"-\" \"-\" [<@WORD:ssl_version@> <@WORD:ssl_bits@>] <@FLOAT_NUMBER:denyall_time@>", + "msg_id" : "DenyAll_Traffic:ssl_error_408", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> - \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:denyall_time@>", + "msg_id" : "DenyAll_Traffic:product_no_recbytes_no_3times", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> <@BYTES:rec_bytes@> \"\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@>", + "msg_id" : "DenyAll_Traffic:product_recbytes_no_referer", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> <@BYTES:rec_bytes@> \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@> \"-\"", + "msg_id" : "DenyAll_Traffic:product_recbytes_referer_3times", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> - \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@> \"-\"", + "msg_id" : "DenyAll_Traffic:product_no_recbytes_referer_3times", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> <@BYTES:rec_bytes@> \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@> \"<@WORD:cache_status@> from <@WORD:NULL@>\"", + "msg_id" : "DenyAll_Traffic:cache_info", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> <@BYTES:rec_bytes@> \"\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@> \"<@WORD:cache_status@> from <@WORD:NULL@>\"", + "msg_id" : "DenyAll_Traffic:cache_info_no_referer", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@STRING:NULL@>\" <@REGEXP(\"406\"):status@> <@BYTES:rec_bytes@> \"-\" \"-\" <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@> \"-\"", + "msg_id" : "DenyAll_Traffic:httpcode_406", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@STRING:NULL@>\" <@NUMBER:status@> - \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:denyall_time@>", + "msg_id" : "DenyAll_Traffic:product_no_recbytes_referer_no_3times", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@STRING:NULL@>\" <@NUMBER:status@> <@BYTES:rec_bytes@> \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@>", + "msg_id" : "DenyAll_Traffic:product_recbytes_referer_3times2", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@STRING:NULL@>\" <@NUMBER:status@> - \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:denyall_time@> \"-\"", + "msg_id" : "DenyAll_Traffic:product_no_recbytes_referer_no_3times2", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> <@BYTES:rec_bytes@> \"\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:denyall_time@> \"-\"", + "msg_id" : "DenyAll_Traffic:no_referer", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" \"<@WORD:ssl_version@>\" \"<@WORD:NULL@>\" \"<@WORD:ssl_bits@>\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> <@BYTES:rec_bytes@> \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@>", + "msg_id" : "DenyAll_Traffic:traffic_ssl_cypher", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" \"<@WORD:ssl_version@>\" \"<@WORD:NULL@>\" \"<@WORD:ssl_bits@>\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> - \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:total_time@>-<@FLOAT_NUMBER:server_time@>=<@FLOAT_NUMBER:denyall_time@>", + "msg_id" : "DenyAll_Traffic:traffic_ssl_cypher2", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:device@> <@WORD:denyall_product@> <@WORD:instance@>: <@IP_ADDR:src_addr@> - \"-\" \"<@WORD:ssl_version@>\" \"<@WORD:NULL@>\" \"<@WORD:ssl_bits@>\" [<@DATE_TIME_APACHE_ACCESS:datetime@>] \"<@WORD:http_method@> <@STRING:url@> <@WORD:http_version@>\" <@NUMBER:status@> - \"<@STRING:referer@>\" \"<@STRING:browser@>\" <@FLOAT_NUMBER:denyall_time@>", + "msg_id" : "DenyAll_Traffic:traffic_ssl_cypher3", + "table" : "DenyAll_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + } + ], + "website" : "http://www.deny-all.com", + "version" : "201002120022", + "name" : "DenyAll_Traffic", + "description" : "DenyAll Traffic (access.log) Service" +} diff --git a/conf/logmanagement/services/Dhclient.json b/conf/logmanagement/services/Dhclient.json new file mode 100644 index 0000000..2c910eb --- /dev/null +++ b/conf/logmanagement/services/Dhclient.json @@ -0,0 +1,29 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dhclient\"):daemon@>: <@REGEXP(\"DHCPREQUEST .+\"):msg@>", + "msg_id" : "Dhclient:dhcprequest", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dhclient\"):daemon@>: <@REGEXP(\"DHCPACK .+\"):msg@>", + "msg_id" : "Dhclient:dhcpack", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dhclient\"):daemon@>: <@REGEXP(\"bound to .+\"):msg@>", + "msg_id" : "Dhclient:bound_to", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + } + ], + "website" : "", + "version" : "201211060004", + "name" : "Dhclient", + "description" : "Dhclient Service" +} diff --git a/conf/logmanagement/services/Dhcpcd.json b/conf/logmanagement/services/Dhcpcd.json new file mode 100644 index 0000000..178b9d2 --- /dev/null +++ b/conf/logmanagement/services/Dhcpcd.json @@ -0,0 +1,50 @@ +{ + "icon" : "", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dhcpcd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+renewing lease of.+\"):msg@>", + "msg_id" : "Dhcpcd:renewing_lease", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dhcpcd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+leased.+for \\d+ seconds\"):msg@>", + "msg_id" : "Dhcpcd:lease_time_seconds", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dhcpcd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+adding IP address.+\"):msg@>", + "msg_id" : "Dhcpcd:adding_ip_address", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dhcpcd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+adding default route via.+\"):msg@>", + "msg_id" : "Dhcpcd:adding_default_route", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dhcpcd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+lost lease, attemping to rebind\"):msg@>", + "msg_id" : "Dhcpcd:lost_lease_attemping_rebind", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"automount\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+Federated Naming service not supported\"):msg@>", + "msg_id" : "Dhcpcd:federated_naming_service_not_supported", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + } + ], + "version" : "201006040001", + "name" : "Dhcpcd", + "description" : "DHCP Client Daemon Service" +} diff --git a/conf/logmanagement/services/Dnsmasq.json b/conf/logmanagement/services/Dnsmasq.json new file mode 100644 index 0000000..550e00e --- /dev/null +++ b/conf/logmanagement/services/Dnsmasq.json @@ -0,0 +1,43 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dnsmasq\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"started, version .+\"):msg@>", + "msg_id" : "Dnsmasq:started", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dnsmasq\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"compile time options: .+\"):msg@>", + "msg_id" : "Dnsmasq:compile_time_options", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dnsmasq\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"no servers found in .+\"):msg@>", + "msg_id" : "Dnsmasq:no_servers_found", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dnsmasq\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"read /etc/hosts - \\d+ addresses\"):msg@>", + "msg_id" : "Dnsmasq:read_etc_host_addresses", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dnsmasq\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"exiting on receipt of \\w+\"):msg@>", + "msg_id" : "Dnsmasq:exiting_on_receipt_signal", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Notice" + } + ], + "website" : "", + "version" : "200902130003", + "name" : "Dnsmasq", + "description" : "Lightweight DHCP and caching DNS server Service" +} diff --git a/conf/logmanagement/services/Dovecot.json b/conf/logmanagement/services/Dovecot.json new file mode 100644 index 0000000..d24c688 --- /dev/null +++ b/conf/logmanagement/services/Dovecot.json @@ -0,0 +1,282 @@ +{ + "icon" : "software/logo_dovecot", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-login\"):daemon@>: <@REGEXP(\"Login\"):status@>: <@WORD:user@> [<@IP_ADDR:client_ip@>] ", + "msg_id" : "Dovecot:pop_imap_login", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-auth\"):daemon@>: <@REGEXP(\"nss_ldap: reconnecting to LDAP server...\"):msg@>", + "msg_id" : "Dovecot:reconnecting_ldap_server", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-auth\"):daemon@>: <@REGEXP(\"nss_ldap: reconnected to LDAP server after \\d+ attempt\\(s\\)\"):msg@>", + "msg_id" : "Dovecot:reconnected_ldap_server", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot\"):daemon@>: <@REGEXP(\"child .+ killed with signal \\d+\"):msg@>", + "msg_id" : "Dovecot:child_killed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-auth\"):daemon@>: <@REGEXP(\"pam_ldap: \\S+ Can't contact LDAP server\"):msg@>", + "msg_id" : "Dovecot:cant_contact_ldap_server", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-auth\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"pam_ldap: \\S+ Can't contact LDAP server\"):msg@>", + "msg_id" : "Dovecot:cant_contact_ldap_server2", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-login\"):daemon@>: <@REGEXP(\"Aborted login\"):status@> [<@IP_ADDR:client_ip@>] ", + "msg_id" : "Dovecot:pop_imap_login_aborted", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-login\"):daemon@>: <@REGEXP(\"fd_send\\(-1\\) failed: Broken pipe\"):msg@> ", + "msg_id" : "Dovecot:fdsend_broken_pipe", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot\"):daemon@> <@REGEXP(\"Killed with signal \\d+\"):msg@> ", + "msg_id" : "Dovecot:killed_with_signal", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot\"):daemon@> <@REGEXP(\"Dovecot starting up\"):msg@> ", + "msg_id" : "Dovecot:starting_up", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot\"):daemon@> <@REGEXP(\"Auth process died too early - shutting down\"):msg@> ", + "msg_id" : "Dovecot:auth_died_too_early", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot\"):daemon@> <@REGEXP(\"child .+ returned error \\d+\"):msg@> ", + "msg_id" : "Dovecot:child_returned_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-login\"):daemon@>: <@REGEXP(\"Disconnected\"):status@> [<@IP_ADDR:client_ip@>] ", + "msg_id" : "Dovecot:pop_imap_disconnected", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-auth\"):daemon@>: <@REGEXP(\"Passdb pam doesn't support .+ method\"):msg@> ", + "msg_id" : "Dovecot:pam_doesnt_support_method", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pop3\\(\\S+\\): mbox: Can't create root IMAP folder .+\"):msg@>", + "msg_id" : "Dovecot:cant_create_imap_folder", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot\"):daemon@> <@REGEXP(\"Warning: Corrected permissions for login directory .+\"):msg@>", + "msg_id" : "Dovecot:corrected_permissions_login_directory", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"imap-login: opendir.+ failed when trying to get list of authentication servers.+\"):msg@>", + "msg_id" : "Dovecot:opendir_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-auth\"):daemon@> <@REGEXP(\"Can't open passwd-file.+\"):msg@>", + "msg_id" : "Dovecot:cant_open_pwd_file", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pop3\\(\\S+\\): MAIL environment missing and autodetection failed.+\"):msg@>", + "msg_id" : "Dovecot:mail_environment_missing", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-auth\"):daemon@> <@REGEXP(\".+: unknown user\"):msg@>", + "msg_id" : "Dovecot:unknown_user", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"imap\\(\\S+\\): file .+: line \\d+ .+\"):msg@>", + "msg_id" : "Dovecot:debug_code_error", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot\"):daemon@>: <@REGEXP(\"chdir\\(.+\\) failed .+\"):msg@>", + "msg_id" : "Dovecot:chdir_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-auth\"):daemon@>: <@REGEXP(\"PAM: .+ User account has expired\"):msg@>", + "msg_id" : "Dovecot:pam_user_account_expired", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-auth\"):daemon@> <@REGEXP(\"Unknown passdb type .+\"):msg@>", + "msg_id" : "Dovecot:unknown_passdb", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-auth\"):daemon@>: <@REGEXP(\"PAM: pam_authenticate\\S+ failed: .+\"):msg@>", + "msg_id" : "Dovecot:pam_authenticate_failed", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-auth\"):daemon@>: <@REGEXP(\"PAM .+ illegal module type:.+\"):msg@>", + "msg_id" : "Dovecot:pam_illegal_module_type", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-auth\"):daemon@>: <@REGEXP(\"PAM: .+ Authentication service cannot retrieve authentication info.\"):msg@> ", + "msg_id" : "Dovecot:cannot_retrieve_authentication_info", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-auth\"):daemon@>: <@REGEXP(\".+ No password in reply\"):msg@> ", + "msg_id" : "Dovecot:no_password_reply", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-auth\"):daemon@>: <@REGEXP(\"pam_ldap: \\S+ Timed out\"):msg@> ", + "msg_id" : "Dovecot:pam_ldap_timed_out", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-auth\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"pam_ldap: error trying to bind as user .+ \\(Invalid credentials\\)\"):msg@>", + "msg_id" : "Dovecot:pam_ldap_invalid_credentials", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot-auth\"):daemon@>: <@REGEXP(\"Login process has too old .+ requests, killing it.\"):msg@>", + "msg_id" : "Dovecot:login_process_too_old", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"imap\\(\\S+\\): Corrupted index data file .+\"):msg@>", + "msg_id" : "Dovecot:imap_corrupted_data_file", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S+: Disconnected: Inactivity.+\"):msg@>", + "msg_id" : "Dovecot:disconnected_inactivity", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot\"):daemon@>: <@REGEXP(\"dovecot shutdown failed\"):msg@>", + "msg_id" : "Dovecot:shutdown_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot\"):daemon@> <@REGEXP(\"\\(\\S+\\): Error indexing mbox file.+\"):msg@>", + "msg_id" : "Dovecot:error_indexing_mbox_file", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot\"):daemon@>(<@WORD:NULL@>): <@REGEXP(\"file_wait_lock.+ failed with modify log file .+: Resource temporarily unavailable\"):msg@>", + "msg_id" : "Dovecot:file_wait_lock_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot\"):daemon@>(<@WORD:NULL@>): <@REGEXP(\"Corrupted index data file .+\"):msg@>", + "msg_id" : "Dovecot:corrupted_index_data_file", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot\"):daemon@>(<@WORD:NULL@>): <@REGEXP(\"fsck .+\"):msg@>", + "msg_id" : "Dovecot:fsck", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dovecot\"):daemon@>: <@REGEXP(\"Fatal: Can't use SSL certificate .+\"):msg@>", + "msg_id" : "Dovecot:cant_use_ssl_certificate", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://www.dovecot.org/", + "version" : "201002180017", + "name" : "Dovecot", + "description" : "Dovecot IMAP Server Service" +} diff --git a/conf/logmanagement/services/DragonFly_Mail_Agent.json b/conf/logmanagement/services/DragonFly_Mail_Agent.json new file mode 100644 index 0000000..027568c --- /dev/null +++ b/conf/logmanagement/services/DragonFly_Mail_Agent.json @@ -0,0 +1,50 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dma\"):daemon@>[<@WORD:mail_id@>]: mail to=<<@EMAIL:recipient@>> <@WORD:status@> as <@STRING:msg_id@>", + "msg_id" : "dma:mail_queued", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dma\"):daemon@>[<@WORD:msg_id@>]: <@REGEXP(\".+ delivery\"):status@>", + "msg_id" : "dma:delivery_status_1", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dma\"):daemon@>[<@WORD:msg_id@>]: <@REGEXP(\"delivery .+\"):status@>", + "msg_id" : "dma:delivery_status_2", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dma\"):daemon@>[<@WORD:msg_id@>]: using smarthost (<@STRING:relay@>)", + "msg_id" : "dma:relay", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dma\"):daemon@>[<@WORD:mail_id@>]: <@REGEXP(\"new mail from user=.+ uid=.+\"):status@> envelope_from=<@STRING:sender@>", + "msg_id" : "dma:new_mail", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dma\"):daemon@>[<@WORD:msg_id@>]: <@REGEXP(\"trying remote delivery to smtpserver\"):status@> [<@WORD:relay@>] <@REGEXP(\"pref \\d+\"):NULL@>", + "msg_id" : "dma:trying_remote_delivery", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + } + ], + "website" : "https://gitorious.org/dma", + "version" : "201312070006", + "name" : "DragonFly_Mail_Agent", + "description" : "A small Mail Transport Agent (MTA), designed for home and office use" +} diff --git a/conf/logmanagement/services/Drbd.json b/conf/logmanagement/services/Drbd.json new file mode 100644 index 0000000..edd2659 --- /dev/null +++ b/conf/logmanagement/services/Drbd.json @@ -0,0 +1,520 @@ +{ + "icon" : "software/logo_drbd", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Connection lost.\"):msg@> ", + "msg_id" : "Drbd:connection_lost", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: \\w+ terminated\"):msg@> ", + "msg_id" : "Drbd:module_terminated", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: \\S+ \\[\\d+\\]: cstate .+ --> .+\"):msg@>", + "msg_id" : "Drbd:cstate", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: PingAck did not arrive in time.\"):msg@> ", + "msg_id" : "Drbd:pingack_timeout", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: short read expecting header on sock.+\"):msg@>", + "msg_id" : "Drbd:short_read_expecting_header", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Connection established.\"):msg@> ", + "msg_id" : "Drbd:connection_established", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Handshake successful: .+\"):msg@>", + "msg_id" : "Drbd:handshake_successful", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: \\S+/\\S+ --> \\S+/\\S+\"):msg@> ", + "msg_id" : "Drbd:changed_state", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Peer\\(S\\): .+\"):msg@>", + "msg_id" : "Drbd:peers", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: I am\\(\\w+\\):.+\"):msg@>", + "msg_id" : "Drbd:i_am", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Resync started as .+\"):msg@>", + "msg_id" : "Drbd:resync_started", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Discarding network configuration.\"):msg@>", + "msg_id" : "Drbd:discarding_network_configuration", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: .+ shut down by peer.\"):msg@> ", + "msg_id" : "Drbd:shut_down_by_peer", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: .+ sock_sendmsg time expired.+\"):msg@>", + "msg_id" : "Drbd:sock_sendmsg_time_expired", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Found \\d+ transactions .+ in activity log.\"):msg@> ", + "msg_id" : "Drbd:found_transactions_activity_log", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: error receiving .+\"):msg@>", + "msg_id" : "Drbd:error_receiving", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Syncer continues.\"):msg@> ", + "msg_id" : "Drbd:syncer_continues", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Syncer waits for .+\"):msg@>", + "msg_id" : "Drbd:syncer_waits_for", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd: module cleanup done.\"):msg@>", + "msg_id" : "Drbd:module_cleanup_done", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: incompatible states .+\"):msg@> ", + "msg_id" : "Drbd:incompatible_states", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Peer\\(P\\):.+\"):msg@>", + "msg_id" : "Drbd:peer", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: sock was reset by peer\"):msg@> ", + "msg_id" : "Drbd:sock_reset_by_peer", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*EXT3 FS on drbd\\d+, internal journal\"):msg@>", + "msg_id" : "Drbd:ext3_fs_internal_journal", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: sock_\\S+msg returned -\\d+\"):msg@>", + "msg_id" : "Drbd:sock_msg_returned", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Not in Primary state, no IO requests allowed\"):msg@> ", + "msg_id" : "Drbd:not_in_primary_state", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Avoided requeue of resync_work\"):msg@> ", + "msg_id" : "Drbd:avoided_requeue_resync_work", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Current Primary shall become sync TARGET! Aborting to prevent data corruption.\"):msg@> ", + "msg_id" : "Drbd:primary_shall_become_target", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: resync bitmap: .+\"):msg@>", + "msg_id" : "Drbd:resync_bitmap", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: size = \\d+ GB .+\"):msg@> ", + "msg_id" : "Drbd:size", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: .+ marked out-of-sync .+\"):msg@>", + "msg_id" : "Drbd:marked_out_of_sync", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: \\d+ messages suppressed .+\"):msg@>", + "msg_id" : "Drbd:messages_suppressed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: conn\\( \\w+ -> \\w+ \\) disk\\( \\w+ -> \\w+ \\)\"):msg@>", + "msg_id" : "Drbd:connection_disk_state_changed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: peer\\( \\w+ -> \\w+ \\) conn\\( \\w+ -> \\w+ \\) pdsk\\( \\w+ -> \\w+ \\)\"):msg@>", + "msg_id" : "Drbd:peer_conn_pdsk_changed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: No usable activity log found.\"):msg@> ", + "msg_id" : "Drbd:no_usable_activity_log", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: receiver \\(re\\)started\"):msg@>", + "msg_id" : "Drbd:receiver_restarted", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: reading of bitmap took \\d+ jiffies\"):msg@> ", + "msg_id" : "Drbd:reading_bitmap_took_jiffies", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: \\w*size.* = \\d+.*\"):msg@> ", + "msg_id" : "Drbd:size_equal", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: conn\\( \\w+ -> \\w+ \\) pdsk\\( \\w+ -> \\w+ \\)\"):msg@> ", + "msg_id" : "Drbd:connection_pdsk_state_changed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: recounting of set bits took additional \\d+ jiffies\"):msg@> ", + "msg_id" : "Drbd:recounting_took_additional_jiffies", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Peer authenticated using .+\"):msg@>", + "msg_id" : "Drbd:peer_authenticated_using", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Writing meta data super block now.\"):msg@> ", + "msg_id" : "Drbd:writing_meta_data", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Began resync as .+\"):msg@>", + "msg_id" : "Drbd:began_resync_as", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: conn\\( \\w+ -> \\w+ \\)\"):msg@>", + "msg_id" : "Drbd:connection_state_changed", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Creating new current UUID\"):msg@> ", + "msg_id" : "Drbd:creating_new_current_uuid", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: tl_clear\\(\\)\"):msg@>", + "msg_id" : "Drbd:tl_clear", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Connection closed\"):msg@>", + "msg_id" : "Drbd:connection_closed", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: _drbd_send_page: .+\"):msg@>", + "msg_id" : "Drbd:send_page", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: BUG! md_sync_timer expired! Worker calls drbd_md_sync\\(\\).\"):msg@> ", + "msg_id" : "Drbd:bug_sync_timer_expired", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: sock was shut down by peer\"):msg@>", + "msg_id" : "Drbd:sock_was_shut_down", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: peer\\( \\w+ -> \\w+ \\)\"):msg@> ", + "msg_id" : "Drbd:peer_state_changed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: pdsk\\( \\w+ -> \\w+ \\)\"):msg@>", + "msg_id" : "Drbd:pdsk_state_changed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: role\\( \\w+ -> \\w+ \\)\"):msg@> ", + "msg_id" : "Drbd:role_state_changed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: disk\\( \\w+ -> \\w+ \\)\"):msg@>", + "msg_id" : "Drbd:disk_state_changed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: drbd_bm_resize called with capacity.+\"):msg@>", + "msg_id" : "Drbd:bm_resize_called", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: State change failed.+\"):msg@>", + "msg_id" : "Drbd:state_change_failed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+:.*state = .+\"):msg@>", + "msg_id" : "Drbd:state", + "table" : "Message", + "taxonomy" : "Config", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+:.*wanted = .+\"):msg@>", + "msg_id" : "Drbd:state_wanted", + "table" : "Message", + "taxonomy" : "Config", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+:.*role.+ disk.+\"):msg@>", + "msg_id" : "Drbd:state_role_disk", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+:.*\"):msg@>", + "msg_id" : "Drbd:resource_msg", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Resync done.+\"):msg@>", + "msg_id" : "Drbd:resync_done", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd: initialised. Version: .+\"):msg@>", + "msg_id" : "Drbd:initialised", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd: minor_table @ .+\"):msg@>", + "msg_id" : "Drbd:minor_table", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd: registered as block device major .+\"):msg@>", + "msg_id" : "Drbd:registered_block_device_major", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd: GIT-hash: .+\"):msg@>", + "msg_id" : "Drbd:git_hash", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"\\S+: drbd\\d+: \\d+ orphan inodes deleted\"):msg@>", + "msg_id" : "Drbd:orphan_inodes_deleted", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*drbd: \\[split-brain\\] Split Brain\"):msg@>", + "msg_id" : "Drbd:split_brain", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Starting worker thread.*\"):msg@>", + "msg_id" : "Drbd:starting_worker_thread", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Starting receiver thread.*\"):msg@>", + "msg_id" : "Drbd:starting_receiver_thread", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: receiver terminated\"):msg@>", + "msg_id" : "Drbd:receiver_terminated", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Terminating receiver thread\"):msg@>", + "msg_id" : "Drbd:terminating_receiver_thread", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: Terminating worker thread\"):msg@>", + "msg_id" : "Drbd:terminating_worker_thread", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*drbd\\d+: worker terminated\"):msg@>", + "msg_id" : "Drbd:worker_terminated", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"drbd-peer-outdater\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"debug: .+\"):msg@>", + "msg_id" : "Drbd:drbd_peer_outdater_debug", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + } + ], + "website" : "http://www.drbd.org/", + "version" : "200905270003", + "name" : "Drbd", + "description" : "Drbd Service" +} diff --git a/conf/logmanagement/services/Exim.json b/conf/logmanagement/services/Exim.json new file mode 100644 index 0000000..8a9a391 --- /dev/null +++ b/conf/logmanagement/services/Exim.json @@ -0,0 +1,44 @@ +{ + "icon" : "software/logo_exim", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"exim\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ Cannot open main log file .+: Permission denied: .+\"):msg@>", + "msg_id" : "Exim:cannot_open_main_logfile", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"exim\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ U=\\S+ P=\\S+ S=\\d+ id=\\S+\"):msg@>", + "msg_id" : "Exim:message_id", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"exim\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ U=\\S+ P=\\S+ S=\\d+\"):msg@>", + "msg_id" : "Exim:message_id2", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"exim\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"write failed on panic log: .+\"):msg@>", + "msg_id" : "Exim:write_failed_panic_log", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"exim\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ failed to write to main log: .+\"):msg@>", + "msg_id" : "Exim:failed_write_main_log", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Critical" + } + ], + "website" : "http://www.exim.org/", + "version" : "201002180005", + "name" : "Exim", + "description" : "Exim Service" +} diff --git a/conf/logmanagement/services/F5_BigIP.json b/conf/logmanagement/services/F5_BigIP.json new file mode 100644 index 0000000..e95a89b --- /dev/null +++ b/conf/logmanagement/services/F5_BigIP.json @@ -0,0 +1,912 @@ +{ + "icon" : "companies/logo_f5", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@STRING:object@> <@IP_ADDR:address@>:<@NUMBER:port@> monitor status <@WORD:status@>. ", + "msg_id" : "F5_BigIP:monitor_address_port", + "table" : "F5_BigIP_Monitor", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@STRING:object@> <@IP_ADDR:address@> monitor status <@WORD:status@>. ", + "msg_id" : "F5_BigIP:monitor_address", + "table" : "F5_BigIP_Monitor", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"AUDIT - user \\S+ - transaction .+ - create { .+ }\"):msg@> ", + "msg_id" : "F5_BigIP:object_create", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"AUDIT - user \\S+ - transaction .+ - obj_delete { .+ }\"):msg@> ", + "msg_id" : "F5_BigIP:object_delete", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm tmm[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"Config error: .+\"):msg@>", + "msg_id" : "F5_BigIP:config_error", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pvad\\S*\"):NULL@>: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\".+ - couldn't find profile with key=.+\"):msg@>", + "msg_id" : "F5_BigIP:couldnt_find_profile", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pvad\\S*\"):NULL@>: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"Log level changed to: \\S+\"):msg@>", + "msg_id" : "F5_BigIP:log_level_changed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> pam_console[<@NUMBER:NULL@>]: <@REGEXP(\"getpwnam failed for \\S+\"):msg@> ", + "msg_id" : "F5_BigIP:getpwnam_failed", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> pvad[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"Constraining entire tree...\"):msg@> ", + "msg_id" : "F5_BigIP:constraining_tree", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> pvad[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"Done constraining entire tree.\"):msg@>", + "msg_id" : "F5_BigIP:constraining_tree_done", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"address conflict detected for .+\"):msg@>", + "msg_id" : "F5_BigIP:address_conflict_detected", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> pvad[<@NUMBER:NULL@>]: <@REGEXP(\".+ connected!\"):msg@>", + "msg_id" : "F5_BigIP:pvad_service_connected", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> sod: <@WORD:NULL@>: Active ", + "msg_id" : "F5_BigIP:sod_active", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> sod: <@WORD:NULL@>: Standby", + "msg_id" : "F5_BigIP:sod_standby", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> pvad: <@WORD:NULL@>: Starting pvad", + "msg_id" : "F5_BigIP:starting_pvad", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@NUMBER:NULL@>: <@REGEXP(\"repeated \\d+ time.\"):msg@>", + "msg_id" : "F5_BigIP:tmm_repeated_n_time", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S+: .+ Unable to get peers local time\"):msg@> ", + "msg_id" : "F5_BigIP:unable_get_peers_localtime", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> httpd[<@NUMBER:NULL@>]: [error] <@REGEXP(\"[client \\S+] PAM: user \\S+ - not authenticated: User not known to the underlying authentication module\"):msg@>", + "msg_id" : "F5_BigIP:user_not_authenticated", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> httpd(pam_unix)[<@NUMBER:NULL@>]: <@REGEXP(\"authentication failure; logname=.+\"):msg@>", + "msg_id" : "F5_BigIP:authentication_failure", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"AUDIT - user \\S+ - transaction .+ - create_if { .+ }\"):msg@>", + "msg_id" : "F5_BigIP:create_if", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"DB changed: \\S+, configsync needed\"):msg@> ", + "msg_id" : "F5_BigIP:configsync_needed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\".+ feature not licensed.\"):msg@> ", + "msg_id" : "F5_BigIP:feature_not_licensed", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"Pool member\"):object@> <@IP_ADDR:address@>:<@NUMBER:port@> session status <@STRING:status@>. ", + "msg_id" : "F5_BigIP:pool_member_status", + "table" : "F5_BigIP_Monitor", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> bigpipe: <@REGEXP(\"Begin config sync .+ operation\"):msg@>", + "msg_id" : "F5_BigIP:begin_config_sync", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> bigpipe: <@REGEXP(\"Completed config sync .+ operation\"):msg@>", + "msg_id" : "F5_BigIP:completed_config_sync", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> httpd[<@NUMBER:NULL@>]: [error] <@REGEXP(\".+ Error connecting to tomcat .+\"):msg@>", + "msg_id" : "F5_BigIP:error_connecting_tomcat", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@WORD:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"Limiting open port RST response from \\d+ to \\d+ packets/sec\"):msg@>", + "msg_id" : "F5_BigIP:limiting_rst_response", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm tmm[<@NUMBER:NULL@>]: <@WORD:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"Limiting icmp unreach response from \\d+ to \\d+ packets/sec\"):msg@> ", + "msg_id" : "F5_BigIP:limiting_icmp_response", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> bigpipe: <@WORD:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"The configuration was successfully loaded.\"):msg@> ", + "msg_id" : "F5_BigIP:config_successfully_loaded", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"evWrite finished with no byte sent to connection .+ - connection deleted.\"):msg@>", + "msg_id" : "F5_BigIP:evwrite_no_byte_sent", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> httpd(pam_unix)[<@NUMBER:NULL@>]: <@REGEXP(\"bad username \\[\\]\"):msg@>", + "msg_id" : "F5_BigIP:bad_username", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"Node\"):object@> <@IP_ADDR:address@> session status <@WORD:status@>.", + "msg_id" : "F5_BigIP:node_session_status", + "table" : "F5_BigIP_Monitor", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@WORD:NULL@>: <@REGEXP(\"MCP Daemon's extreme DB storage extended by \\d+ bytes, now using a total of \\d+ bytes\"):msg@> ", + "msg_id" : "F5_BigIP:db_storage_extended", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@WORD:NULL@>: <@REGEXP(\"Attempting to write an auth configuration to .+\"):msg@>", + "msg_id" : "F5_BigIP:attempting_write_auth_configuration", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> bigpipe: <@REGEXP(\"Begin config install operation: \\S+\"):msg@>", + "msg_id" : "F5_BigIP:config_install_begin", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> bigpipe: <@REGEXP(\"Completed config install operation\"):msg@> ", + "msg_id" : "F5_BigIP:config_install_completed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"last message repeated \\d+ times\"):msg@>", + "msg_id" : "F5_BigIP:last_message_repeated", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm tmm[<@NUMBER:NULL@>]: <@REGEXP(\"\\S+: repeated \\d+ time.+\"):msg@> ", + "msg_id" : "F5_BigIP:tmm_repeated_times", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm tmm[<@NUMBER:NULL@>]: <@REGEXP(\"\\S+: http_process_state_prepend - Invalid action \\S+ during \\S+\"):msg@>", + "msg_id" : "F5_BigIP:http_invalid_action", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S+: STATE:big3d started ===.+\"):msg@>", + "msg_id" : "F5_BigIP:big3d_started", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"connection .+ was closed with active requests\"):msg@>", + "msg_id" : "F5_BigIP:connection_closed_active_requests", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"end_transaction message timeout on connection .+\"):msg@> ", + "msg_id" : "F5_BigIP:end_transaction_msg_timeout", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> bigpipe: <@REGEXP(\".+: Error running configsync\"):msg@>", + "msg_id" : "F5_BigIP:error_running_configsync", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S+: \\S+: Unable to set configsync.peerconfigtimeraw:\\d+\"):msg@> ", + "msg_id" : "F5_BigIP:unable_set_configsync", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> statsd: <@REGEXP(\"\\S+: Error 'illegal attempt to update using time \\d+ when last update time is \\d+ .+\"):msg@>", + "msg_id" : "F5_BigIP:illegal_update_time", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"\\S+ event in rule \\S+ requires an associated .+ profile on the virtual server \\S+.\"):msg@>", + "msg_id" : "F5_BigIP:event_requires_profile", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> cssd: <@REGEXP(\"\\S+: Error execing peerStatus script: \\d+\"):msg@>", + "msg_id" : "F5_BigIP:error_execing_script", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"Pool .+ is referenced by one or more virtual servers\"):msg@> ", + "msg_id" : "F5_BigIP:pool_multi_referenced", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> httpd[<@NUMBER:NULL@>]: <@REGEXP(\"pam_radius_auth: RADIUS server \\S+ failed to respond\"):msg@> ", + "msg_id" : "F5_BigIP:radius_failed_respond", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"AUDIT - user \\S+ - transaction .+ - modify { .+ }\"):msg@> ", + "msg_id" : "F5_BigIP:object_modify", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\".+ initialization phase triggered.\"):msg@> ", + "msg_id" : "F5_BigIP:initialization_phase_triggered", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> pvad[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"Resetting PVA i/o channel after \\d+ failed retries.\"):msg@> ", + "msg_id" : "F5_BigIP:resetting_pva_io_channel", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> fpdd[<@NUMBER:NULL@>]: <@REGEXP(\".+: HalOpen: sendMessage failed\"):msg@> ", + "msg_id" : "F5_BigIP:halopen_sendmsg_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> fpdd[<@NUMBER:NULL@>]: <@REGEXP(\".+: Cannot open HAL\"):msg@>", + "msg_id" : "F5_BigIP:cannot_open_hal", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@REGEXP(\".+: Removed publication with publisher id .+\"):msg@>", + "msg_id" : "F5_BigIP:removed_publication", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@REGEXP(\".+: Removed subscription with subscriber id .+\"):msg@>", + "msg_id" : "F5_BigIP:removed_subscription", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> fpdd[<@NUMBER:NULL@>]: <@REGEXP(\".+: HAL API returned .+\"):msg@>", + "msg_id" : "F5_BigIP:hal_api_returned", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> fpdd[<@NUMBER:NULL@>]: <@REGEXP(\".+: HalmsgTerminalImpl_::sendMessage\\(\\) Unable to send to any .+ address\"):msg@>", + "msg_id" : "F5_BigIP:halmsg_terminal_impl", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd: <@REGEXP(\".+: AUDIT - user \\S+ - transaction .+ - modify { .+ }\"):msg@> ", + "msg_id" : "F5_BigIP:object_modify2", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd<@REGEXP(\".+: Add a new Publication for publisherID .+\"):msg@>", + "msg_id" : "F5_BigIP:add_new_publication", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd<@REGEXP(\".+: Add a new Subscription for subscriberID .+\"):msg@>", + "msg_id" : "F5_BigIP:add_new_subscription", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"Initialization complete. The MCP is up and running\"):msg@>", + "msg_id" : "F5_BigIP:mcp_up_running", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> fpdd[<@NUMBER:NULL@>]: <@REGEXP(\"\\S+: halAnnunciatorSet: .+\"):msg@>", + "msg_id" : "F5_BigIP:halannunciatorset_msg", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> chmand<@REGEXP(\".+: Registered .+ as a publisher .+\"):msg@>", + "msg_id" : "F5_BigIP:registered_as_publisher", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> logger: <@REGEXP(\".+ Unable to get peers local time\"):msg@> ", + "msg_id" : "F5_BigIP:unable_get_peers_time", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> logger: <@REGEXP(\".+POST .+ HTTP.+\"):msg@>", + "msg_id" : "F5_BigIP:post_http", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> logger: <@REGEXP(\".+GET .+ HTTP.+\"):msg@>", + "msg_id" : "F5_BigIP:get_http", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> httpd[<@NUMBER:NULL@>]: <@REGEXP(\"[warn] .+ AUTHCACHE Error processing cookie .+\"):msg@>", + "msg_id" : "F5_BigIP:autcache_error_processing_cookie", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@REGEXP(\"Rule .+: .+\"):msg@>", + "msg_id" : "F5_BigIP:tmm_rule", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S+: Starting tomcat4\"):msg@> ", + "msg_id" : "F5_BigIP:starting_tomcat4", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".+pam_bigip_authz: couldn't open .+, returning notfound\"):msg@>", + "msg_id" : "F5_BigIP:pam_bigip_authz_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@REGEXP(\".+HA Connection with peer .+ lost.\"):msg@> ", + "msg_id" : "F5_BigIP:ha_connection_peer_lost", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@REGEXP(\".+HA Connection with peer .+ established.\"):msg@> ", + "msg_id" : "F5_BigIP:ha_connection_peer_established", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@REGEXP(\".+Limiting closed port RST response .+\"):msg@>", + "msg_id" : "F5_BigIP:limiting_closed_port_response", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@REGEXP(\".+: Limiting icmp unreach response .+\"):msg@>", + "msg_id" : "F5_BigIP:limiting_icmp_unreach_response", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> bcm56xxd[<@NUMBER:NULL@>]: <@REGEXP(\".+: Link: .+ is DOWN\"):msg@> ", + "msg_id" : "F5_BigIP:link_down", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> bcm56xxd[<@NUMBER:NULL@>]: <@REGEXP(\".+: Link: .+ is UP\"):msg@> ", + "msg_id" : "F5_BigIP:link_up", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> subsnmpd[<@NUMBER:NULL@>]: <@REGEXP(\"subsnmpd subagent is up.\"):msg@> ", + "msg_id" : "F5_BigIP:subsnmpd_subagent_up", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> rmonsnmpd[<@NUMBER:NULL@>]: <@REGEXP(\"rmonsnmpd subagent is up.\"):msg@> ", + "msg_id" : "F5_BigIP:rmonsnmpd_subagent_up", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@REGEXP(\".+: Add Self IP: .+\"):msg@>", + "msg_id" : "F5_BigIP:tmm_add_self_ip", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@REGEXP(\".+: Created vlan .+\"):msg@>", + "msg_id" : "F5_BigIP:tmm_created_vlan", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@REGEXP(\".+: Added tagged trunk .+\"):msg@>", + "msg_id" : "F5_BigIP:tmm_added_tagged_trunk", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@REGEXP(\".+: Interface .+ added to trunk .+\"):msg@>", + "msg_id" : "F5_BigIP:tmm_interface_added_trunk", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@REGEXP(\".+: Vlan .+ - \\w+ mac .+\"):msg@>", + "msg_id" : "F5_BigIP:tmm_vlan_mac", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".+ no IPv6 routers present\"):msg@> ", + "msg_id" : "F5_BigIP:no_ipv6_routers", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@REGEXP(\".+: Trunk .+ initialized\"):msg@> ", + "msg_id" : "F5_BigIP:tmm_trunk_initialized", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@REGEXP(\".+: Interface .+ - device .+\"):msg@>", + "msg_id" : "F5_BigIP:tmm_interface_device", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@REGEXP(\".+: Trunk .+ - \\d+ links active\"):msg@> ", + "msg_id" : "F5_BigIP:tmm_trunk_links_active", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@REGEXP(\".+: Vlan .+ - failsafe disabled.+\"):msg@>", + "msg_id" : "F5_BigIP:tmm_vlan_failsafe_disabled", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sod: .+: Toggle from .+ to .+\"):msg@>", + "msg_id" : "F5_BigIP:sod_toggle_from_to", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> SubDomain: <@REGEXP(\"REJECTING access to capability .+\"):msg@>", + "msg_id" : "F5_BigIP:subdomain_rejecting_capability_access", + "table" : "Message", + "taxonomy" : "Access.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> SubDomain: <@REGEXP(\"REJECTING .+ access to .+\"):msg@>", + "msg_id" : "F5_BigIP:subdomain_rejecting_access_to", + "table" : "Message", + "taxonomy" : "Access.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@REGEXP(\".+: Cookie persistence requires an HTTP profile to be associated with the virtual server\"):msg@> ", + "msg_id" : "F5_BigIP:cookie_persistence_requires_httpprofile", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".+snmpd\"):NULL@>[<@NUMBER:NULL@>]: <@REGEXP(\"AgentX master agent failed to respond to ping. Attempting to re-register.\"):msg@> ", + "msg_id" : "F5_BigIP:agentx_failed_to_respond", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> logger: <@REGEXP(\".+: Disk partition .+ has less than 40% free\"):msg@> ", + "msg_id" : "F5_BigIP:disk_partition_less_free", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> bigpipe: <@REGEXP(\".+: Error running config sync all\"):msg@>", + "msg_id" : "F5_BigIP:error_config_sync_all", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@REGEXP(\".+: .+ profile on .+ cannot be used with persistence.\"):msg@> ", + "msg_id" : "F5_BigIP:profile_cant_use_persistence", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> lacpd[<@NUMBER:NULL@>]: <@REGEXP(\".+: Link .+ removed from aggregation.*\"):msg@> ", + "msg_id" : "F5_BigIP:link_removed_from_aggregation", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> lacpd[<@NUMBER:NULL@>]: <@REGEXP(\".+: Link .+ added to aggregation.*\"):msg@> ", + "msg_id" : "F5_BigIP:link_added_to_aggregation", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> lacpd[<@NUMBER:NULL@>]: <@REGEXP(\".+: Link .+ Out of Sync.*\"):msg@>", + "msg_id" : "F5_BigIP:link_out_of_sync", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> iControlPortal.cgi[<@NUMBER:NULL@>]: <@REGEXP(\"f5km_init.+\"):msg@>", + "msg_id" : "F5_BigIP:icontrolportal_f5km_init", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> iControlPortal.cgi[<@NUMBER:NULL@>]: <@REGEXP(\"f5km_shutdown.+\"):msg@>", + "msg_id" : "F5_BigIP:icontrolportal_f5km_shutdown", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"root: Starting .*snmpd\"):msg@> ", + "msg_id" : "F5_BigIP:starting_snmpd", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@REGEXP(\".+: HTTP header .+ exceeded maximum allowed size .+\"):msg@>", + "msg_id" : "F5_BigIP:http_header_exceeded_size", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> bigd: <@REGEXP(\".+ Health check would route via .+ Check routing table.\"):msg@> ", + "msg_id" : "F5_BigIP:error_check_routing_table", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Out of Memory: Killed process .+\"):msg@>", + "msg_id" : "F5_BigIP:out_of_memory", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> pvad[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"SDRAM size is .+\"):msg@>", + "msg_id" : "F5_BigIP:sdram_size", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"Interface \\S+ not found\"):msg@> ", + "msg_id" : "F5_BigIP:tmm_interface_not_found", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"Rule .+ error: .+\"):msg@>", + "msg_id" : "F5_BigIP:mcpd_rule_error", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Zone:\\w+ freepages: .+ min: .+ low: .+ high: .+\"):msg@>", + "msg_id" : "F5_BigIP:zone_freepages", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Swap cache: .+\"):msg@>", + "msg_id" : "F5_BigIP:swap_cache_info", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\d+ pages of RAM\"):msg@> ", + "msg_id" : "F5_BigIP:pages_of_ram", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\d+ pages of .+\"):msg@>", + "msg_id" : "F5_BigIP:memory_pages_of", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> mcpd[<@NUMBER:NULL@>]: <@NUMBER:NULL@>:<@NUMBER:NULL@>: <@REGEXP(\"AUDIT - user \\S+ - transaction .+ - modify_delete { .+ }\"):msg@>", + "msg_id" : "F5_BigIP:object_modify_delete", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@REGEXP(\".+: No members available for pool .+\"):msg@>", + "msg_id" : "F5_BigIP:no_members_available_pool", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".+: someone advertises our address!\"):msg@> ", + "msg_id" : "F5_BigIP:someone_advertises_our_address", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".+: duplicate address detected!\"):msg@> ", + "msg_id" : "F5_BigIP:duplicate_address_detected", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> pvad[<@NUMBER:NULL@>]: <@REGEXP(\".+ PVA Version is .+\"):msg@>", + "msg_id" : "F5_BigIP:pva_version", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"root: Re-starting tmm\"):msg@> ", + "msg_id" : "F5_BigIP:restarting_tmm", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"LOGIN: Bigstart killing service .+\"):msg@>", + "msg_id" : "F5_BigIP:bigstart_killing_service", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> lacpd[<@NUMBER:NULL@>]: <@REGEXP(\".+ - Invalid LACPDU received on .+\"):msg@>", + "msg_id" : "F5_BigIP:invalid_lacpdu", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@REGEXP(\".+ http_process_state_prepend - Invalid action .+\"):msg@>", + "msg_id" : "F5_BigIP:http_process_state_prepend", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@REGEXP(\".+Persistence cookie hash failed\"):msg@> ", + "msg_id" : "F5_BigIP:persistence_cookie_hash_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> chmand[<@NUMBER:NULL@>]: <@REGEXP(\"\\S+: Initialized .+\"):msg@>", + "msg_id" : "F5_BigIP:chmand_initilized_something", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sod: \\S+: Failover condition, this standby will not be able to go active.\"):msg@> ", + "msg_id" : "F5_BigIP:failover_condition_unable_active", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sod: \\S+: Failover condition, active attempting to go standby.\"):msg@> ", + "msg_id" : "F5_BigIP:failover_condition_attemting_standby", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> pvad[<@NUMBER:NULL@>]: <@REGEXP(\".+ Tmm disconnected!\"):msg@> ", + "msg_id" : "F5_BigIP:tmm_disconnected", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"bigd: .+ Monitoring starts - tmm up.\"):msg@> ", + "msg_id" : "F5_BigIP:monitoring_starts_tmm_up", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"bigd: .+ Monitoring stops - tmm down.\"):msg@>", + "msg_id" : "F5_BigIP:monitoring_stops_tmm_down", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + } + ], + "website" : "http://www.f5.com/products/big-ip/", + "version" : "200902050008", + "name" : "F5_BigIP", + "description" : "F5 BigIP Service" +} diff --git a/conf/logmanagement/services/F5_BigIP_ASM.json b/conf/logmanagement/services/F5_BigIP_ASM.json new file mode 100644 index 0000000..9978c3d --- /dev/null +++ b/conf/logmanagement/services/F5_BigIP_ASM.json @@ -0,0 +1,51 @@ +{ + "icon" : "companies/logo_f5", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> ts_configsync.pl[<@NUMBER:NULL@>]: <@REGEXP(\"ASM config saved to .+\"):msg@>", + "msg_id" : "F5_BigIP_ASM:asm_config_saved", + "table" : "Message", + "taxonomy" : "Config.Backup", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> event_backup.pl[<@NUMBER:NULL@>]: <@REGEXP(\"ASM events saved to .+\"):msg@>", + "msg_id" : "F5_BigIP_ASM:asm_events_saved", + "table" : "Message", + "taxonomy" : "Config.Backup", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> log_manager[<@NUMBER:NULL@>]: <@REGEXP(\".+: \\[USER_ACTIVITY\\] User \\S+ cleared all illegal requests that were associated with .+\"):msg@>", + "msg_id" : "F5_BigIP_ASM:cleared_illegal_requests", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> log_manager[<@NUMBER:NULL@>]: <@REGEXP(\".+: \\[USER_ACTIVITY\\] User \\S+ performed Apply Policy operation on .+\"):msg@>", + "msg_id" : "F5_BigIP_ASM:performed_apply_policy_operation", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> tmm[<@NUMBER:NULL@>]: <@REGEXP(\".+: Rule \\S+ \\S+:.*\"):msg@>", + "msg_id" : "F5_BigIP_ASM:rule", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> log_manager[<@NUMBER:NULL@>]: <@REGEXP(\".+: \\[USER_ACTIVITY\\] User \\S+ created history version for .+\"):msg@>", + "msg_id" : "F5_BigIP_ASM:created_history_version", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + } + ], + "website" : "http://www.f5.com/products/big-ip/", + "version" : "200811170001", + "name" : "F5_BigIP_ASM", + "description" : "F5 BigIP ASM Service" +} diff --git a/conf/logmanagement/services/F5_BigIP_ASM_Filtering.json b/conf/logmanagement/services/F5_BigIP_ASM_Filtering.json new file mode 100644 index 0000000..2bc51ff --- /dev/null +++ b/conf/logmanagement/services/F5_BigIP_ASM_Filtering.json @@ -0,0 +1,16 @@ +{ + "icon" : "companies/logo_f5", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> dcc[<@NUMBER:NULL@>]: <@STRING:NULL@>: [SECEV] Request violations: <@STRING:request_violations@> support id: <@NUMBER:support_id@>, source ip: <@IP_ADDR:src_ip@>, xff ip: <@IP_ADDR:NULL@>, HTTP classifier: <@STRING:http_classifier@> request: <@STRING:request@>", + "msg_id" : "F5_BigIP_ASM_Filtering:secev_request_violations", + "table" : "F5_BigIP_ASM_Filtering", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Notice" + } + ], + "website" : "http://www.f5.com/products/big-ip/", + "version" : "200703080004", + "name" : "F5_BigIP_ASM_Filtering", + "description" : "F5 BigIP ASM Filtering Service" +} diff --git a/conf/logmanagement/services/Fam.json b/conf/logmanagement/services/Fam.json new file mode 100644 index 0000000..4f4540f --- /dev/null +++ b/conf/logmanagement/services/Fam.json @@ -0,0 +1,15 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"famd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"stat on \".+\" failed: No such file or directory\"):msg@>", + "msg_id" : "Fam:stat_failed", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + } + ], + "website" : "http://oss.sgi.com/projects/fam/", + "version" : "201002180001", + "name" : "Fam", + "description" : "File Alteration Monitor Service" +} diff --git a/conf/logmanagement/services/Fortigate_System.json b/conf/logmanagement/services/Fortigate_System.json new file mode 100644 index 0000000..904198b --- /dev/null +++ b/conf/logmanagement/services/Fortigate_System.json @@ -0,0 +1,408 @@ +{ + "icon" : "companies/logo_fortinet", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> action=<@WORD:NULL@> status=<@WORD:NULL@> reason=<@WORD:NULL@> msg=\"<@REGEXP(\"User .+ login successfully from .+\"):msg@>\"", + "msg_id" : "Fortigate_System:user_login_successfully", + "table" : "Fortigate_Event", + "taxonomy" : "Auth.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> <@STRING:NULL@> msg=\"<@REGEXP(\"User .+ login failed .+\"):msg@>\"", + "msg_id" : "Fortigate_System:user_login_failed", + "table" : "Fortigate_Event", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> action=<@WORD:NULL@> status=<@WORD:NULL@> reason=<@WORD:NULL@> msg=\"<@REGEXP(\"User .+ Logs out from .+\"):msg@>\"", + "msg_id" : "Fortigate_System:user_logs_out", + "table" : "Fortigate_Event", + "taxonomy" : "Access", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> msg=\"<@REGEXP(\"HA member.*move to .+\"):msg@>\" ", + "msg_id" : "Fortigate_System:ha_member_move_to", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> module=<@WORD:NULL@> submodule=<@WORD:NULL@> msg=\"<@REGEXP(\".+ made a change from .+ settings have been changed\"):msg@>\"", + "msg_id" : "Fortigate_System:settings_changed", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> module=<@WORD:NULL@> submodule=<@WORD:NULL@> msg=\"<@REGEXP(\"User .+ made a change via .+ setting has been changed\"):msg@>\"", + "msg_id" : "Fortigate_System:setting_been_changed", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> name=<@WORD:NULL@> msg=\"<@REGEXP(\"User .+ added .+ user .+ from .+\"):msg@>\"", + "msg_id" : "Fortigate_System:added_user", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> name=<@WORD:NULL@> msg=\"<@REGEXP(\"User .+ deleted .+ user .+ from .+\"):msg@>\"", + "msg_id" : "Fortigate_System:deleted_user", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> msg=\"<@REGEXP(\"Delete HA heartbeat device .+\"):msg@>\"", + "msg_id" : "Fortigate_System:delete_ha_heartbeat_device", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> msg=\"<@REGEXP(\"Add HA heartbeat device .+\"):msg@>\"", + "msg_id" : "Fortigate_System:add_ha_heartbeat_device", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> seq=<@NUMBER:NULL@> sintf=<@STRING:NULL@> dintf=<@STRING:NULL@> saddr=<@STRING:NULL@> daddr=<@STRING:NULL@> schd=<@WORD:NULL@> svr=<@STRING:NULL@> act=<@WORD:NULL@> nat=<@WORD:NULL@> log=<@WORD:NULL@> msg=\"<@REGEXP(\"User .+ deleted firewall policy .+\"):msg@>\"", + "msg_id" : "Fortigate_System:deleted_firewall_policy", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> name=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ deleted a virtual ip entry .+\"):msg@>\"", + "msg_id" : "Fortigate_System:deleted_virtualip_entry", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> name=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ deleted a firewall service .+\"):msg@>\"", + "msg_id" : "Fortigate_System:deleted_firewall_service", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> name=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ deleted a IP pool entry .+\"):msg@>\"", + "msg_id" : "Fortigate_System:deleted_ip_pool_entry", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> name=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ deleted a service group .+\"):msg@>\"", + "msg_id" : "Fortigate_System:deleted_service_group", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> name=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ deleted an address group .+\"):msg@>\"", + "msg_id" : "Fortigate_System:deleted_address_group", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> name=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ deleted an address .+\"):msg@>\"", + "msg_id" : "Fortigate_System:deleted_address", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> name=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ deleted radius server .+\"):msg@>\"", + "msg_id" : "Fortigate_System:deleted_radius_server", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> name=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ deleted an ipsec .+\"):msg@>\"", + "msg_id" : "Fortigate_System:deleted_ipsec", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> action=<@STRING:NULL@> msg=\"<@REGEXP(\"Admin user .+ changed password of .+\"):msg@>\"", + "msg_id" : "Fortigate_System:user_changed_password", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> seq=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ changed firewall policy .+\"):msg@>\"", + "msg_id" : "Fortigate_System:changed_firewall_policy", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> intf=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ changed the ip setting of interface .+\"):msg@>\"", + "msg_id" : "Fortigate_System:changed_ip_setting_interface", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> intf=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ added new interface .+\"):msg@>\"", + "msg_id" : "Fortigate_System:added_new_interface", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> seq=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ added new firewall policy .+\"):msg@>\"", + "msg_id" : "Fortigate_System:added_firewall_policy", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> action=<@WORD:NULL@> status=<@WORD:NULL@> reason=<@WORD:NULL@> msg=\"<@REGEXP(\"User .+ terminates the session from .+\"):msg@>\"", + "msg_id" : "Fortigate_System:user_terminates_session", + "table" : "Fortigate_Event", + "taxonomy" : "Access", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> status=<@STRING:NULL@> msg=\"<@REGEXP(\"Fortigate scheduled update failed\"):msg@>\"", + "msg_id" : "Fortigate_System:scheduled_update_failed", + "table" : "Fortigate_Event", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> name=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ added an address .+\"):msg@>\"", + "msg_id" : "Fortigate_System:added_address", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> seq=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ added new static routing entry .+\"):msg@>", + "msg_id" : "Fortigate_System:added_static_routing_entry", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> action=<@WORD:NULL@> msg=\"<@REGEXP(\"User .+ rebooted the device from .+\"):msg@>\"", + "msg_id" : "Fortigate_System:rebooted_the_device", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> name=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ deleted a recurring schedule .+\"):msg@>\"", + "msg_id" : "Fortigate_System:delete_recurring_schedule", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> name=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ added a virtual ip entry .+\"):msg@>\"", + "msg_id" : "Fortigate_System:added_virtualip_entry", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> intf=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ changed the access setting of interface .+\"):msg@>\"", + "msg_id" : "Fortigate_System:changed_interface_access_setting", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> action=<@WORD:NULL@> status=<@WORD:NULL@> reason=<@WORD:NULL@> msg=\"<@REGEXP(\"GUI session timeout .+\"):msg@>\"", + "msg_id" : "Fortigate_System:gui_session_timeout", + "table" : "Fortigate_Event", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> name=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ added ldap server .+\"):msg@>\"", + "msg_id" : "Fortigate_System:added_ldap_server", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> action=<@STRING:NULL@> msg=\"<@REGEXP(\"weblog file has been downloaded by .+\"):msg@>\"", + "msg_id" : "Fortigate_System:weblog_file_downloaded", + "table" : "Fortigate_Event", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> status=<@STRING:NULL@> msg=\"<@REGEXP(\"Fortigate updated .+\"):msg@>\"", + "msg_id" : "Fortigate_System:fortigate_updated", + "table" : "Fortigate_Event", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> action=<@STRING:NULL@> msg=\"<@REGEXP(\".+ has been updated successfully by .+\"):msg@>\"", + "msg_id" : "Fortigate_System:updated_successfully", + "table" : "Fortigate_Event", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> action=<@STRING:NULL@> msg=\"<@REGEXP(\"Update .+ failed by .+\"):msg@>\"", + "msg_id" : "Fortigate_System:update_failed", + "table" : "Fortigate_Event", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> action=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ backuped the configuration from .+\"):msg@>\"", + "msg_id" : "Fortigate_System:user_backuped_configuration", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Backup", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> status=<@STRING:NULL@> msg=\"<@REGEXP(\"Fortigate update now failed\"):msg@>\"", + "msg_id" : "Fortigate_System:fortigate_update_now_failed", + "table" : "Fortigate_Event", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> <@STRING:NULL@> msg=\"<@REGEXP(\"Negotiate SA Error:.+\"):msg@>\"", + "msg_id" : "Fortigate_System:negotiate_sa_error", + "table" : "Fortigate_Event", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> msg=\"<@REGEXP(\"Virtual cluster .+ HA master became slave\"):msg@>\"", + "msg_id" : "Fortigate_System:ha_master_became_slave", + "table" : "Fortigate_Event", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> name=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ added a service group .+\"):msg@> ", + "msg_id" : "Fortigate_System:added_service_group", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> name=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ added a firewall service .+\"):msg@>\" ", + "msg_id" : "Fortigate_System:added_firewall_service", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> name=<@STRING:NULL@> msg=\"<@REGEXP(\"User .+ added a IP pool entry .+\"):msg@>\"", + "msg_id" : "Fortigate_System:added_ip_pool_entry", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> <@STRING:NULL@> msg=\"<@REGEXP(\"User .+ changed the setting of static routing entry .+\"):msg@>\"", + "msg_id" : "Fortigate_System:changed_static_routing_entry", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> action=<@WORD:NULL@> status=<@WORD:NULL@> reason=<@WORD:NULL@> msg=\"<@REGEXP(\"User .+ login accepted from .+\"):msg@>\"", + "msg_id" : "Fortigate_System:user_login_accepted", + "table" : "Fortigate_Event", + "taxonomy" : "Auth.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> <@STRING:NULL@> msg=\"<@REGEXP(\"User .+ deleted static routing entry .+\"):msg@>", + "msg_id" : "Fortigate_System:deleted_static_routing_entry", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> intf=<@WORD:NULL@> msg=\"<@REGEXP(\"User .+ deleted interface .+\"):msg@>\"", + "msg_id" : "Fortigate_System:deleted_interface", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> msg=\"<@REGEXP(\"Disk logs exceed \\S+ of disk size.Deleted rolled log file name .+\"):msg@>", + "msg_id" : "Fortigate_System:disk_logs_exceed_size", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> <@STRING:NULL@> msg=\"<@REGEXP(\"User .+ changed timeout global setting to .+\"):msg@>\"", + "msg_id" : "Fortigate_System:changed_timeout_global_setting", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> <@STRING:NULL@> msg=\"<@REGEXP(\"User .+ changed the status of interface .+\"):msg@>\"", + "msg_id" : "Fortigate_System:changed_status_interface", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> msg=\"<@REGEXP(\"User .+ deleted a local certificate .+\"):msg@>\"", + "msg_id" : "Fortigate_System:user_deleted_local_certificate", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> msg=\"<@REGEXP(\"User .+ loaded local certificate .+\"):msg@>\"", + "msg_id" : "Fortigate_System:user_loaded_local_certificate", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> ui=<@STRING:ui@> <@STRING:NULL@> msg=\"<@REGEXP(\"System config file has been downloaded by.+\"):msg@>\"", + "msg_id" : "Fortigate_System:system_config_file_downloaded", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> <@STRING:NULL@> reason=<@WORD:NULL@> msg=\"<@REGEXP(\"User.*login failed .+\"):msg@>\"", + "msg_id" : "Fortigate_System:user_login_failed3", + "table" : "Fortigate_Event", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@DATE_SQL:NULL@> time=<@TIME:NULL@> devname=<@WORD:device_name@> device_id=<@WORD:NULL@> log_id=<@NUMBER:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> user=<@WORD:user@> <@STRING:NULL@> msg=\"<@REGEXP(\"IDS database has been updated.+\"):msg@>\"", + "msg_id" : "Fortigate_System:ids_database_been_updated", + "table" : "Fortigate_Event", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + } + ], + "website" : "http://www.fortinet.com/products/fortigate_overview.html", + "version" : "200709070001", + "name" : "Fortigate_System", + "description" : "Fortigate System Service" +} diff --git a/conf/logmanagement/services/Fortigate_Traffic.json b/conf/logmanagement/services/Fortigate_Traffic.json new file mode 100644 index 0000000..391749b --- /dev/null +++ b/conf/logmanagement/services/Fortigate_Traffic.json @@ -0,0 +1,37 @@ +{ + "icon" : "companies/logo_fortinet", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@WORD:NULL@> time=<@WORD:NULL@> devname=<@WORD:NULL@> device_id=<@WORD:NULL@> log_id=<@WORD:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> SN=<@WORD:NULL@> duration=<@WORD:NULL@> user=<@WORD:NULL@> group=<@WORD:NULL@> policyid=<@NUMBER:policy_id@> proto=<@WORD:NULL@> service=<@WORD:NULL@> status=<@STRING:status@> src=<@IP_ADDR:src_addr@> srcname=<@WORD:NULL@> dst=<@IP_ADDR:dst_addr@> dstname=<@WORD:NULL@> src_int=<@STRING:src_interface@> dst_int=<@STRING:dst_interface@> sent=<@BYTES:sent_bytes@> rcvd=<@BYTES:rcvd_bytes@> sent_pkt=<@NUMBER:sent_pkt@> rcvd_pkt=<@NUMBER:rcvd_pkt@> src_port=<@NUMBER:src_port@> dst_port=<@NUMBER:dst_port@> vpn=<@WORD:NULL@> tran_ip=<@IP_ADDR:translated_ip@> tran_port=<@NUMBER:translated_port@> dir_disp=<@WORD:NULL@> tran_disp=<@WORD:NULL@>", + "msg_id" : "Fortigate_Traffic:devname_with_pkt", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@WORD:NULL@> time=<@WORD:NULL@> devname=<@WORD:NULL@> device_id=<@WORD:NULL@> log_id=<@WORD:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> SN=<@WORD:NULL@> duration=<@WORD:NULL@> user=<@WORD:NULL@> group=<@WORD:NULL@> policyid=<@NUMBER:policy_id@> proto=<@WORD:NULL@> service=<@WORD:NULL@> status=<@STRING:status@> src=<@IP_ADDR:src_addr@> srcname=<@WORD:NULL@> dst=<@IP_ADDR:dst_addr@> dstname=<@WORD:NULL@> src_int=<@STRING:src_interface@> dst_int=<@STRING:dst_interface@> sent=<@BYTES:sent_bytes@> rcvd=<@BYTES:rcvd_bytes@> src_port=<@NUMBER:src_port@> dst_port=<@NUMBER:dst_port@> vpn=<@WORD:NULL@> tran_ip=<@IP_ADDR:translated_ip@> tran_port=<@NUMBER:translated_port@>", + "msg_id" : "Fortigate_Traffic:devname_without_pkt", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@WORD:NULL@> time=<@WORD:NULL@> device_id=<@WORD:NULL@> log_id=<@WORD:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> SN=<@WORD:NULL@> duration=<@WORD:NULL@> policyid=<@NUMBER:policy_id@> proto=<@WORD:NULL@> service=<@WORD:NULL@> status=<@STRING:status@> src=<@IP_ADDR:src_addr@> srcname=<@WORD:NULL@> dst=<@IP_ADDR:dst_addr@> dstname=<@WORD:NULL@> src_int=<@STRING:src_interface@> dst_int=<@STRING:dst_interface@> sent=<@BYTES:sent_bytes@> rcvd=<@BYTES:rcvd_bytes@> sent_pkt=<@NUMBER:sent_pkt@> rcvd_pkt=<@NUMBER:rcvd_pkt@> src_port=<@NUMBER:src_port@> dst_port=<@NUMBER:dst_port@> vpn=<@WORD:NULL@> tran_ip=<@IP_ADDR:translated_ip@> tran_port=<@NUMBER:translated_port@> dir_disp=<@WORD:NULL@> tran_disp=<@WORD:NULL@>", + "msg_id" : "Fortigate_Traffic:no_devname_with_pkt", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> date=<@WORD:NULL@> time=<@WORD:NULL@> device_id=<@WORD:NULL@> log_id=<@WORD:NULL@> type=<@WORD:NULL@> subtype=<@WORD:NULL@> pri=<@WORD:NULL@> vd=<@WORD:NULL@> SN=<@WORD:NULL@> duration=<@WORD:NULL@> policyid=<@NUMBER:policy_id@> proto=<@WORD:NULL@> service=<@WORD:NULL@> status=<@STRING:status@> src=<@IP_ADDR:src_addr@> srcname=<@WORD:NULL@> dst=<@IP_ADDR:dst_addr@> dstname=<@WORD:NULL@> src_int=<@STRING:src_interface@> dst_int=<@STRING:dst_interface@> sent=<@BYTES:sent_bytes@> rcvd=<@BYTES:rcvd_bytes@> src_port=<@NUMBER:src_port@> dst_port=<@NUMBER:dst_port@> vpn=<@WORD:NULL@> tran_ip=<@IP_ADDR:translated_ip@> tran_port=<@NUMBER:translated_port@>", + "msg_id" : "Fortigate_Traffic:no_devname_without_pkt", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + } + ], + "website" : "http://www.fortinet.com/products/fortigate_overview.html", + "version" : "200902050005", + "name" : "Fortigate_Traffic", + "description" : "Fortigate Traffic Service" +} diff --git a/conf/logmanagement/services/FreeRADIUS.json b/conf/logmanagement/services/FreeRADIUS.json new file mode 100644 index 0000000..9971325 --- /dev/null +++ b/conf/logmanagement/services/FreeRADIUS.json @@ -0,0 +1,51 @@ +{ + "icon" : "software/logo_freeradius", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freeradius\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Login OK: .+\"):msg@>", + "msg_id" : "FreeRADIUS:login_ok", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freeradius\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Login incorrect: .+\"):msg@>", + "msg_id" : "FreeRADIUS:login_incorrect", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freeradius\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Ready to process requests.\"):msg@>", + "msg_id" : "FreeRADIUS:ready_to_process_requests", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freeradius\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Errors initializing modules\"):msg@>", + "msg_id" : "FreeRADIUS:errors_initializing_modules", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freeradius\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Errors reading .+\"):msg@>", + "msg_id" : "FreeRADIUS:errors_reading", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"freeradius\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*Instantiation failed for module .+\"):msg@>", + "msg_id" : "FreeRADIUS:instantiation_failed_for_module", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://freeradius.org", + "version" : "201001220003", + "name" : "FreeRADIUS", + "description" : "FreeRADIUS service" +} diff --git a/conf/logmanagement/services/Ftpd.json b/conf/logmanagement/services/Ftpd.json new file mode 100644 index 0000000..68871b7 --- /dev/null +++ b/conf/logmanagement/services/Ftpd.json @@ -0,0 +1,50 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ftpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"connection from .+ at .+\"):msg@>", + "msg_id" : "Ftpd:connection_from", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ftpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"FTP LOGIN FROM .+\"):msg@>", + "msg_id" : "Ftpd:ftp_login_from", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ftpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*Couldn't open \\/etc\\/ftpusers\"):msg@>", + "msg_id" : "Ftpd:couldnt_open_etc_ftpusers", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ftpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: Transport endpoint is not connected\"):msg@>", + "msg_id" : "Ftpd:transport_endpoint_not_connected", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ftpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: conversation failed\"):msg@>", + "msg_id" : "Ftpd:conversation_failed", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ftpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"User \\S+ timed out after \\d+ seconds.*\"):msg@>", + "msg_id" : "Ftpd:user_timed_out", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "", + "version" : "200907030001", + "name" : "Ftpd", + "description" : "FTP Daemon Service" +} diff --git a/conf/logmanagement/services/HPLIP.json b/conf/logmanagement/services/HPLIP.json new file mode 100644 index 0000000..ee90631 --- /dev/null +++ b/conf/logmanagement/services/HPLIP.json @@ -0,0 +1,16 @@ +{ + "icon" : "", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"python: hp-systray.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"warning: No hp.+devices found in any installed.+queue. Exiting.\"):msg@>", + "msg_id" : "HPLIP:no_devices_found_in_any_queue", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Warning" + } + ], + "website" : "http://hplipopensource.com", + "version" : "201006040001", + "name" : "HPLIP", + "description" : "HP Linux Imaging and Printing Service" +} diff --git a/conf/logmanagement/services/Hald.json b/conf/logmanagement/services/Hald.json new file mode 100644 index 0000000..f522dc4 --- /dev/null +++ b/conf/logmanagement/services/Hald.json @@ -0,0 +1,29 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"hald\"):daemon@>: <@REGEXP(\"mounted .+ on behalf of uid \\d+\"):msg@>", + "msg_id" : "Hald:mounted_by_uid", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"hald\"):daemon@>: <@REGEXP(\"unmounted .+ from .+ on behalf of uid \\d+\"):msg@>", + "msg_id" : "Hald:unmounted_by_uid", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"hald\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+attempting to.+unmount.+as enclosing drive was disconnected\"):msg@>", + "msg_id" : "Hald:attempting_to_unmount_as_enclosing_drive_was_disconnected", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + } + ], + "website" : "http://freedesktop.org/wiki/Software/hal", + "version" : "201002180004", + "name" : "Hald", + "description" : "Hardware Abstraction Layer Service" +} diff --git a/conf/logmanagement/services/Heartbeat.json b/conf/logmanagement/services/Heartbeat.json new file mode 100644 index 0000000..73b09d7 --- /dev/null +++ b/conf/logmanagement/services/Heartbeat.json @@ -0,0 +1,386 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"debug: .+\"):msg@>", + "msg_id" : "Heartbeat:debug_msg", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: <@REGEXP(\"debug: .+\"):msg@>", + "msg_id" : "Heartbeat:debug_msg2", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: <@REGEXP(\"ERROR: .+\"):msg@>", + "msg_id" : "Heartbeat:error_msg", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: <@REGEXP(\"WARN: .+\"):msg@>", + "msg_id" : "Heartbeat:warning_msg2", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"WARN: .+\"):msg@>", + "msg_id" : "Heartbeat:warning_msg", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: <@REGEXP(\"/usr/lib/heartbeat/send_arp .+\"):msg@>", + "msg_id" : "Heartbeat:send_arp", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: <@REGEXP(\"CRIT: .+\"):msg@>", + "msg_id" : "Heartbeat:critical_msg", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cl_status\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ERROR: .+ is not a correct sub-command.\"):msg@>", + "msg_id" : "Heartbeat:not_correct_subcommand", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cl_status\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"info: .+\"):msg@>", + "msg_id" : "Heartbeat:msg_cl_status", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cl_status\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ERROR: return value:\\d+\"):msg@>", + "msg_id" : "Heartbeat:error_return_value", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cl_status\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ERROR: Cannot sign off from heartbeat.\"):msg@>", + "msg_id" : "Heartbeat:cannot_signoff_from_heartbeat", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: <@REGEXP(\"Going standby .+\"):msg@>", + "msg_id" : "Heartbeat:going_standby", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ERROR: .+\"):msg@>", + "msg_id" : "Heartbeat:heartbeat_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cl_status\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ERROR: .+\"):msg@>", + "msg_id" : "Heartbeat:cl_status_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: <@REGEXP(\"received ip-request-resp .+ OK yes\"):msg@>", + "msg_id" : "Heartbeat:received_iprequest_resp", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: <@REGEXP(\"WARNING: Filesystem .+ not mounted\\?\"):msg@>", + "msg_id" : "Heartbeat:filesystem_not_mounted", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: [<@PID:pid@>]: <@WORD:level@>: Daily informational memory statistics", + "msg_id" : "Heartbeat:daily_informational_memory_statistics", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: [<@PID:pid@>]: <@WORD:level@>: <@REGEXP(\"MSG stats: .*\"):msg@>", + "msg_id" : "Heartbeat:DIMS_MSG_stats", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: [<@PID:pid@>]: <@WORD:level@>: <@REGEXP(\"cl_malloc stats:.*\"):msg@>", + "msg_id" : "Heartbeat:DIMS_cl_malloc_stats", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: [<@PID:pid@>]: <@WORD:level@>: <@REGEXP(\"RealMalloc stats:.*\"):msg@>", + "msg_id" : "Heartbeat:DIMS_RealMalloc_stats", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: [<@PID:pid@>]: <@WORD:level@>: <@REGEXP(\"Current arena value:.*\"):msg@>", + "msg_id" : "Heartbeat:current_arena_value", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: [<@PID:pid@>]: <@WORD:level@>: <@REGEXP(\"These are nothing to worry about.\"):msg@>", + "msg_id" : "Heartbeat:DIMS_nothing_worry", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mgmtd\"):daemon@>: <@REGEXP(\".*authentication failure.*\"):msg@>", + "msg_id" : "Heartbeat:mgmtd_authentication_failure", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mgmtd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"ERROR: on_listen pam auth failed\"):msg@>", + "msg_id" : "Heartbeat:mgmtd_error_pam_auth", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pengine\"):daemon@>: [<@PID:pid@>]: <@STRING:msg@>", + "msg_id" : "Heartbeat:pengine_msg", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"crmd\"):daemon@>: [<@PID:pid@>]: <@STRING:msg@>", + "msg_id" : "Heartbeat:crmd_msg", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cib\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\".*cib_stats.*\"):msg@>", + "msg_id" : "Heartbeat:cib_stats", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"lrmd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"WARN: stonithRA plugin: .+\"):msg@>", + "msg_id" : "Heartbeat:lrmd_stonithRA_warning", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mgmtd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\".*on_add_rsc:.*\"):msg@>", + "msg_id" : "Heartbeat:mgmtd_add_resource", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"lrmd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\".*: monitor\"):msg@>", + "msg_id" : "Heartbeat:lrmd_monitor", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cib\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: retrieveCib: Reading cluster configuration from: .*\"):msg@>", + "msg_id" : "Heartbeat:cib_read_cluster_configuration", + "table" : "Message", + "taxonomy" : "Config", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cib\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: write_cib_contents: Wrote version .+ of the CIB to disk .+\"):msg@>", + "msg_id" : "Heartbeat:cib_write_to_disk", + "table" : "Message", + "taxonomy" : "Config", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mgmtd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: on_update_rsc_metaattrs:.*\"):msg@>", + "msg_id" : "Heartbeat:mgmtd_update_resource_meta_attributes", + "table" : "Message", + "taxonomy" : "Config", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mgmtd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: on_update_rsc_params:.*\"):msg@>", + "msg_id" : "Heartbeat:mgmtd_update_resource_params", + "table" : "Message", + "taxonomy" : "Config", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mgmtd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: on_set_target_role:.+\"):msg@>", + "msg_id" : "Heartbeat:mgmtd_set_target_role", + "table" : "Message", + "taxonomy" : "Config", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"lrmd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: rsc:.+: start\"):msg@>", + "msg_id" : "Heartbeat:lrmd_resource_start", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"lrmd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: rsc:.+: stop\"):msg@>", + "msg_id" : "Heartbeat:lrmd_resource_stop", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cib\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: apply_xml_diff: Digest mis-match: expected \\w+, calculated \\w+\"):msg@>", + "msg_id" : "Heartbeat:cib_apply_xml_diff_mismatch", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cib\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: cib_process_diff: .+ Requesting full refresh.\"):msg@>", + "msg_id" : "Heartbeat:cib_process_diff_request_full_refresh", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"WARN: node .+ is dead\"):msg@>", + "msg_id" : "Heartbeat:heartbeat_node_dead", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: Link .+ dead.\"):msg@>", + "msg_id" : "Heartbeat:heartbeat_link_dead", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"tengine\"):daemon@>: [<@PID:pid@>]: <@STRING:msg@>", + "msg_id" : "Heartbeat:tengine_several_messages", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"cib\"):daemon@>: [<@PID:pid@>]: <@STRING:msg@>", + "msg_id" : "Heartbeat:cib_several_messages", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ccm\"):daemon@>: [<@PID:pid@>]: <@STRING:msg@>", + "msg_id" : "Heartbeat:ccm_several_messages", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"lrmd\"):daemon@>: [<@PID:pid@>]: <@STRING:msg@>", + "msg_id" : "Heartbeat:lrmd_several_messages", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"CRIT: Cluster node .+ returning after partition.\"):msg@>", + "msg_id" : "Heartbeat:heartbeat_cluster_node_returning_after_partition", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"WARN: Deadtime value may be too small.\"):msg@>", + "msg_id" : "Heartbeat:heratbeat_deadtime_too_small", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: Link .+ \"):msg@>up.", + "msg_id" : "Heartbeat:heartbeat_link_up", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: Status update for node .+: status active\"):msg@>", + "msg_id" : "Heartbeat:heartbeat_node_active", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: Status update for node .+: status ping\"):msg@>", + "msg_id" : "Heartbeat:heartbeat_node_ping", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"heartbeat\"):daemon@>: [<@PID:pid@>]: <@STRING:msg@>", + "msg_id" : "Heartbeat:heartbeat_several_messages", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mgmtd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"ERROR: crm_abort:.+\"):msg@>", + "msg_id" : "Heartbeat:mgmtd_crm_abort", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mgmtd\"):daemon@>: [<@PID:pid@>]: <@STRING:msg@>", + "msg_id" : "Heartbeat:mgmtd_several_messages", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*dopd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"debug: .+\"):msg@>", + "msg_id" : "Heartbeat:dopd_debug", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + } + ], + "website" : "http://www.linux-ha.org/Heartbeat", + "version" : "201002180054", + "name" : "Heartbeat", + "description" : "Heartbeat Service" +} diff --git a/conf/logmanagement/services/IBM_Cognos.json b/conf/logmanagement/services/IBM_Cognos.json new file mode 100644 index 0000000..b52b8ef --- /dev/null +++ b/conf/logmanagement/services/IBM_Cognos.json @@ -0,0 +1,64 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"COGNOS\"):daemon@>:<@REGEXP(\".+Gateway stopped successfully\"):msg@>.", + "msg_id" : "IBM_Cognos:gateway_stopped_successfully", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"COGNOS\"):daemon@>:<@REGEXP(\".+Cognos stopped successfully.\"):msg@>", + "msg_id" : "IBM_Cognos:cognos_stopped_successfully", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"COGNOS\"):daemon@>:<@REGEXP(\".+Gateway started successfully\"):msg@>", + "msg_id" : "IBM_Cognos:gateway_started_successfully", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"COGNOS\"):daemon@>:<@REGEXP(\".+Cognos started successfully.\"):msg@>", + "msg_id" : "IBM_Cognos:cognos_started_successfully", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@>: <@REGEXP(\"Error while stopping gateway\"):msg@>", + "msg_id" : "IBM_Cognos:error_while_stopping_gateway", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@>: <@REGEXP(\"Error while stopping cognos\"):msg@>", + "msg_id" : "IBM_Cognos:error_while_stopping_cognos", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@>: <@REGEXP(\"Error while starting gateway\"):msg@>", + "msg_id" : "IBM_Cognos:error_while_starting_gateway", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@>: <@REGEXP(\"Error while starting cognos\"):msg@>", + "msg_id" : "IBM_Cognos:error_while_starting_cognos", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Critical" + } + ], + "website" : "http://www-01.ibm.com/software/analytics/cognos/", + "version" : "201211220004", + "name" : "IBM_Cognos", + "description" : "ibm cognos BI" +} diff --git a/conf/logmanagement/services/IPVS.json b/conf/logmanagement/services/IPVS.json new file mode 100644 index 0000000..c035c5e --- /dev/null +++ b/conf/logmanagement/services/IPVS.json @@ -0,0 +1,51 @@ +{ + "icon" : "software/logo_lvs", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"IPVS: sync thread stopped!\"):msg@> ", + "msg_id" : "IPVS:sync_thread_stopped", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"IPVS: sync thread started: .+\"):msg@>", + "msg_id" : "IPVS:sync_thread_started", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"IPVS: stopping sync thread .+\"):msg@>", + "msg_id" : "IPVS:stopping_sync_thread", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"IPVS: Registered protocols .+\"):msg@>", + "msg_id" : "IPVS:registered_protocols", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"IPVS: Connection hash table configured.*\"):msg@>", + "msg_id" : "IPVS:connection_hash_table_configured", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"IPVS: ipvs loaded.\"):msg@>", + "msg_id" : "IPVS:ipvs_loaded", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + } + ], + "website" : "http://www.linuxvirtualserver.org/software/ipvs.html", + "version" : "200812120003", + "name" : "IPVS", + "description" : "IP Virtual Server Service" +} diff --git a/conf/logmanagement/services/IP_Tables.json b/conf/logmanagement/services/IP_Tables.json new file mode 100644 index 0000000..5769c72 --- /dev/null +++ b/conf/logmanagement/services/IP_Tables.json @@ -0,0 +1,142 @@ +{ + "icon" : "software/logo_netfilter", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: RULE <@NUMBER:policy_id@> -- <@WORD:status@> IN=<@WORD:src_interface@> OUT= SRC=<@IP_ADDR:src_addr@> DST=<@IP_ADDR:dst_addr@> LEN=<@NUMBER:length@> TOS=<@HEXA_NUMBER:NULL@> PREC=<@HEXA_NUMBER:NULL@> TTL=<@NUMBER:ttl@> ID=<@NUMBER:id@> <@WORD:fragment_flag@> PROTO=<@REGEXP(\"TCP\"):ip_protocol@> SPT=<@NUMBER:src_port@> DPT=<@NUMBER:dst_port@> WINDOW=<@NUMBER:NULL@> RES=<@HEXA_NUMBER:NULL@> <@STRING:NULL@>", + "msg_id" : "IP_Tables:traffic_tcp_fragmented_input", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: RULE <@NUMBER:policy_id@> -- <@WORD:status@> IN= OUT=<@WORD:dst_interface@> SRC=<@IP_ADDR:src_addr@> DST=<@IP_ADDR:dst_addr@> LEN=<@NUMBER:length@> TOS=<@HEXA_NUMBER:NULL@> PREC=<@HEXA_NUMBER:NULL@> TTL=<@NUMBER:ttl@> ID=<@NUMBER:id@> <@WORD:fragment_flag@> PROTO=<@REGEXP(\"TCP\"):ip_protocol@> SPT=<@NUMBER:src_port@> DPT=<@NUMBER:dst_port@> WINDOW=<@NUMBER:NULL@> RES=<@HEXA_NUMBER:NULL@> <@STRING:NULL@>", + "msg_id" : "IP_Tables:traffic_tcp_fragmented_output", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: RULE <@NUMBER:policy_id@> -- <@WORD:status@> IN=<@WORD:src_interface@> OUT= SRC=<@IP_ADDR:src_addr@> DST=<@IP_ADDR:dst_addr@> LEN=<@NUMBER:length@> TOS=<@HEXA_NUMBER:NULL@> PREC=<@HEXA_NUMBER:NULL@> TTL=<@NUMBER:ttl@> ID=<@NUMBER:id@> PROTO=<@REGEXP(\"TCP\"):ip_protocol@> SPT=<@NUMBER:src_port@> DPT=<@NUMBER:dst_port@> WINDOW=<@NUMBER:NULL@> RES=<@HEXA_NUMBER:NULL@> <@STRING:NULL@>", + "msg_id" : "IP_Tables:traffic_tcp_input", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: RULE <@NUMBER:policy_id@> -- <@WORD:status@> IN= OUT=<@WORD:dst_interface@> SRC=<@IP_ADDR:src_addr@> DST=<@IP_ADDR:dst_addr@> LEN=<@NUMBER:length@> TOS=<@HEXA_NUMBER:NULL@> PREC=<@HEXA_NUMBER:NULL@> TTL=<@NUMBER:ttl@> ID=<@NUMBER:id@> PROTO=<@REGEXP(\"TCP\"):ip_protocol@> SPT=<@NUMBER:src_port@> DPT=<@NUMBER:dst_port@> WINDOW=<@NUMBER:NULL@> RES=<@HEXA_NUMBER:NULL@> <@STRING:NULL@>", + "msg_id" : "IP_Tables:traffic_tcp_output", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: RULE <@NUMBER:policy_id@> -- <@WORD:status@> IN=<@WORD:src_interface@> OUT= SRC=<@IP_ADDR:src_addr@> DST=<@IP_ADDR:dst_addr@> LEN=<@NUMBER:length@> TOS=<@HEXA_NUMBER:NULL@> PREC=<@HEXA_NUMBER:NULL@> TTL=<@NUMBER:ttl@> ID=<@NUMBER:id@> <@WORD:fragment_flag@> PROTO=<@REGEXP(\"UDP\"):ip_protocol@> SPT=<@NUMBER:src_port@> DPT=<@NUMBER:dst_port@> <@STRING:NULL@>", + "msg_id" : "IP_Tables:traffic_udp_fragmented_input", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: RULE <@NUMBER:policy_id@> -- <@WORD:status@> IN= OUT=<@WORD:dst_interface@> SRC=<@IP_ADDR:src_addr@> DST=<@IP_ADDR:dst_addr@> LEN=<@NUMBER:length@> TOS=<@HEXA_NUMBER:NULL@> PREC=<@HEXA_NUMBER:NULL@> TTL=<@NUMBER:ttl@> ID=<@NUMBER:id@> <@WORD:fragment_flag@> PROTO=<@REGEXP(\"UDP\"):ip_protocol@> SPT=<@NUMBER:src_port@> DPT=<@NUMBER:dst_port@> <@STRING:NULL@>", + "msg_id" : "IP_Tables:traffic_udp_fragmented_output", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: RULE <@NUMBER:policy_id@> -- <@WORD:status@> IN=<@WORD:src_interface@> OUT= SRC=<@IP_ADDR:src_addr@> DST=<@IP_ADDR:dst_addr@> LEN=<@NUMBER:length@> TOS=<@HEXA_NUMBER:NULL@> PREC=<@HEXA_NUMBER:NULL@> TTL=<@NUMBER:ttl@> ID=<@NUMBER:id@> PROTO=<@REGEXP(\"UDP\"):ip_protocol@> SPT=<@NUMBER:src_port@> DPT=<@NUMBER:dst_port@> <@STRING:NULL@>", + "msg_id" : "IP_Tables:traffic_udp_input", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: RULE <@NUMBER:policy_id@> -- <@WORD:status@> IN= OUT=<@WORD:dst_interface@> SRC=<@IP_ADDR:src_addr@> DST=<@IP_ADDR:dst_addr@> LEN=<@NUMBER:length@> TOS=<@HEXA_NUMBER:NULL@> PREC=<@HEXA_NUMBER:NULL@> TTL=<@NUMBER:ttl@> ID=<@NUMBER:id@> PROTO=<@REGEXP(\"UDP\"):ip_protocol@> SPT=<@NUMBER:src_port@> DPT=<@NUMBER:dst_port@> <@STRING:NULL@>", + "msg_id" : "IP_Tables:traffic_udp_output", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: RULE <@NUMBER:policy_id@> -- <@WORD:status@> IN=<@WORD:src_interface@> OUT= MAC=<@WORD:mac_addr@> SRC=<@IP_ADDR:src_addr@> DST=<@IP_ADDR:dst_addr@> LEN=<@NUMBER:length@> TOS=<@HEXA_NUMBER:NULL@> PREC=<@HEXA_NUMBER:NULL@> TTL=<@NUMBER:ttl@> ID=<@NUMBER:id@> <@WORD:fragment_flag@> PROTO=<@REGEXP(\"TCP\"):ip_protocol@> SPT=<@NUMBER:src_port@> DPT=<@NUMBER:dst_port@> WINDOW=<@NUMBER:NULL@> RES=<@HEXA_NUMBER:NULL@> <@STRING:null@>", + "msg_id" : "IP_Tables:traffic_tcp_mac_input", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: RULE <@NUMBER:policy_id@> -- <@WORD:status@> IN= OUT=<@WORD:dst_interface@> MAC=<@WORD:mac_addr@> SRC=<@IP_ADDR:src_addr@> DST=<@IP_ADDR:dst_addr@> LEN=<@NUMBER:length@> TOS=<@HEXA_NUMBER:NULL@> PREC=<@HEXA_NUMBER:NULL@> TTL=<@NUMBER:ttl@> ID=<@NUMBER:id@> <@WORD:fragment_flag@> PROTO=<@WORD:ip_protocol@> SPT=<@NUMBER:src_port@> DPT=<@NUMBER:dst_port@> WINDOW=<@NUMBER:NULL@> RES=<@HEXA_NUMBER:NULL@> <@STRING:null@>", + "msg_id" : "IP_Tables:traffic_tcp_mac_output", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: RULE <@NUMBER:policy_id@> -- <@WORD:status@> IN=<@WORD:src_interface@> OUT= MAC=<@WORD:mac_addr@> SRC=<@IP_ADDR:src_addr@> DST=<@IP_ADDR:dst_addr@> LEN=<@NUMBER:length@> TOS=<@HEXA_NUMBER:NULL@> PREC=<@HEXA_NUMBER:NULL@> TTL=<@NUMBER:ttl@> ID=<@NUMBER:id@> PROTO=<@REGEXP(\"UDP\"):ip_protocol@> SPT=<@NUMBER:src_port@> DPT=<@NUMBER:dst_port@> <@STRING:NULL@>", + "msg_id" : "IP_Tables:traffic_udp_mac_input", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: RULE <@NUMBER:policy_id@> -- <@WORD:status@> IN= OUT=<@WORD:dst_interface@> MAC=<@WORD:mac_addr@> SRC=<@IP_ADDR:src_addr@> DST=<@IP_ADDR:dst_addr@> LEN=<@NUMBER:length@> TOS=<@HEXA_NUMBER:NULL@> PREC=<@HEXA_NUMBER:NULL@> TTL=<@NUMBER:ttl@> ID=<@NUMBER:id@> PROTO=<@REGEXP(\"UDP\"):ip_protocol@> SPT=<@NUMBER:src_port@> DPT=<@NUMBER:dst_port@> <@STRING:NULL@>", + "msg_id" : "IP_Tables:traffic_udp_mac_output", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: RULE <@NUMBER:policy_id@> -- <@WORD:status@> IN=<@WORD:src_interface@> OUT= MAC=<@WORD:mac_addr@> SRC=<@IP_ADDR:src_addr@> DST=<@IP_ADDR:dst_addr@> LEN=<@NUMBER:length@> TOS=<@HEXA_NUMBER:NULL@> PREC=<@HEXA_NUMBER:NULL@> TTL=<@NUMBER:ttl@> ID=<@NUMBER:id@> <@WORD:fragment_flag@> PROTO=<@REGEXP(\"UDP\"):ip_protocol@> SPT=<@NUMBER:src_port@> DPT=<@NUMBER:dst_port@> <@STRING:NULL@>", + "msg_id" : "IP_Tables:traffic_udp_mac_fragmented_input", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: RULE <@NUMBER:policy_id@> -- <@WORD:status@> IN= OUT=<@WORD:dst_interface@> MAC=<@WORD:mac_addr@> SRC=<@IP_ADDR:src_addr@> DST=<@IP_ADDR:dst_addr@> LEN=<@NUMBER:length@> TOS=<@HEXA_NUMBER:NULL@> PREC=<@HEXA_NUMBER:NULL@> TTL=<@NUMBER:ttl@> ID=<@NUMBER:id@> <@WORD:fragment_flag@> PROTO=<@REGEXP(\"UDP\"):ip_protocol@> SPT=<@NUMBER:src_port@> DPT=<@NUMBER:dst_port@> <@STRING:NULL@>", + "msg_id" : "IP_Tables:traffic_udp_mac_fragmented_output", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: RULE <@NUMBER:policy_id@> -- <@WORD:status@> IN=<@WORD:src_interface@> OUT= SRC=<@IP_ADDR:src_addr@> DST=<@IP_ADDR:dst_addr@> LEN=<@NUMBER:length@> TOS=<@HEXA_NUMBER:NULL@> PREC=<@HEXA_NUMBER:NULL@> TTL=<@NUMBER:ttl@> ID=<@NUMBER:id@> PROTO=<@REGEXP(\"ICMP TYPE=\\d+\"):ip_protocol@> <@STRING:NULL@>", + "msg_id" : "IP_Tables:traffic_icmp_input", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: RULE <@NUMBER:policy_id@> -- <@WORD:status@> IN= OUT=<@WORD:dst_interface@> SRC=<@IP_ADDR:src_addr@> DST=<@IP_ADDR:dst_addr@> LEN=<@NUMBER:length@> TOS=<@HEXA_NUMBER:NULL@> PREC=<@HEXA_NUMBER:NULL@> TTL=<@NUMBER:ttl@> ID=<@NUMBER:id@> PROTO=<@REGEXP(\"ICMP TYPE=\\d+\"):ip_protocol@> <@STRING:NULL@>", + "msg_id" : "IP_Tables:traffic_icmp_output", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"ip_tables: .+ Netfilter Core Team\"):msg@>", + "msg_id" : "IP_Tables:netfilter_core_team", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Netfilter messages via .+\"):msg@>", + "msg_id" : "IP_Tables:netfilter_messages_via", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ ip_tables: .+ Netfilter Core Team\"):msg@>", + "msg_id" : "IP_Tables:copyright_information", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "http://www.netfilter.org/", + "version" : "201004300001", + "name" : "IP_Tables", + "description" : "IP Tables Service" +} diff --git a/conf/logmanagement/services/Incron.json b/conf/logmanagement/services/Incron.json new file mode 100644 index 0000000..1d2ad8e --- /dev/null +++ b/conf/logmanagement/services/Incron.json @@ -0,0 +1,57 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"incrond\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"loading \\S+ tables\"):msg@>", + "msg_id" : "Incron:loading_tables", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"incrond\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"table for user \\S+ changed, reloading\"):msg@>", + "msg_id" : "Incron:table_changed_reloading", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"incrond\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"cannot create watch for .+\"):msg@>", + "msg_id" : "Incron:cannot_create_watch", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"incrond\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"starting service.*\"):msg@>", + "msg_id" : "Incron:starting_service", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"incrond\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ready to process filesystem events\"):msg@>", + "msg_id" : "Incron:ready_process_filesystem_events", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"incrond\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"stopping service\"):msg@>", + "msg_id" : "Incron:stopping_service", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"incrond\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"loading table for user \\S+\"):msg@>", + "msg_id" : "Incron:loading_table_for_user", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "", + "version" : "200908070008", + "name" : "Incron", + "description" : "Incron Service" +} diff --git a/conf/logmanagement/services/IronPort.json b/conf/logmanagement/services/IronPort.json new file mode 100644 index 0000000..c3b3b54 --- /dev/null +++ b/conf/logmanagement/services/IronPort.json @@ -0,0 +1,492 @@ +{ + "icon" : "companies/logo_ironport", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: ICID <@NUMBER:icid@> <@REGEXP(\"close\"):msg@>", + "msg_id" : "IronPort:icid_close", + "table" : "IronPort", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> Subject <@STRING:subject@>", + "msg_id" : "IronPort:mid_subject", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Message finished\"):msg@> MID <@NUMBER:mid@> done", + "msg_id" : "IronPort:mid_message_finished_done", + "table" : "IronPort", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"Message-ID .+\"):msg@>", + "msg_id" : "IronPort:mid_message_id", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> ICID <@NUMBER:icid@> From: <@STRING:sender@>", + "msg_id" : "IronPort:mid_from", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> ICID <@NUMBER:icid@> RID <@NUMBER:rid@> To: <@STRING:rcpt@>", + "msg_id" : "IronPort:mid_to", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"queued for delivery\"):msg@>", + "msg_id" : "IronPort:mid_queued_for_delivery", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"antivirus negative.*\"):msg@> ", + "msg_id" : "IronPort:mid_antivirus_negative", + "table" : "IronPort", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: New SMTP DCID <@NUMBER:dcid@> <@REGEXP(\"interface .+ address .+ port .+\"):msg@>", + "msg_id" : "IronPort:dcid_new_smtp", + "table" : "IronPort", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Delivery start\"):msg@> DCID <@NUMBER:dcid@> MID <@NUMBER:mid@> <@REGEXP(\"to RID.+\"):NULL@>", + "msg_id" : "IronPort:mid_delivery_start", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"matched all recipients for per-recipient policy .+ in the \\w+bound table\"):msg@>", + "msg_id" : "IronPort:mid_matched_all_recipients", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Message done\"):msg@> DCID <@NUMBER:dcid@> MID <@NUMBER:mid@> <@REGEXP(\"to RID.+\"):NULL@>", + "msg_id" : "IronPort:mid_message_done", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> RID [<@STRING:rid@>] Response <@STRING:response@>", + "msg_id" : "IronPort:mid_response", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: New SMTP ICID <@NUMBER:icid@> <@REGEXP(\"interface .+ address .+ reverse dns host .+ verified yes\"):msg@>", + "msg_id" : "IronPort:icid_new_smtp_verified", + "table" : "IronPort", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: New SMTP ICID <@NUMBER:icid@> <@REGEXP(\"interface .+ address .+ reverse dns host .+ verified no\"):msg@>", + "msg_id" : "IronPort:icid_new_smtp_unverified", + "table" : "IronPort", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: ICID <@NUMBER:icid@> <@REGEXP(\"ACCEPT SG .+ SBRS .+\"):msg@>", + "msg_id" : "IronPort:icid_sendergroup_accept", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: ICID <@NUMBER:icid@> <@REGEXP(\"REJECT SG .+ match .+ SBRS .+\"):msg@>", + "msg_id" : "IronPort:icid_sendergroup_reject", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"using engine: .+ spam negative\"):msg@>", + "msg_id" : "IronPort:mid_spam_negative", + "table" : "IronPort", + "taxonomy" : "Email.Spam", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: ICID <@NUMBER:icid@> <@REGEXP(\"lost\"):msg@>", + "msg_id" : "IronPort:icid_lost", + "table" : "IronPort", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"ready \\d+ bytes from .+\"):msg@>", + "msg_id" : "IronPort:mid_ready_bytes_from", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Start\"):msg@> MID <@NUMBER:mid@> ICID <@NUMBER:icid@>", + "msg_id" : "IronPort:mid_start", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"using engine: .+ spam positive\"):msg@>", + "msg_id" : "IronPort:mid_spam_positive", + "table" : "IronPort", + "taxonomy" : "Email.Spam", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Message aborted\"):msg@> MID <@NUMBER:mid@> <@STRING:NULL@>", + "msg_id" : "IronPort:mid_message_aborted", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Message finished\"):msg@> MID <@NUMBER:mid@> aborted", + "msg_id" : "IronPort:mid_message_finished_aborted", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: ICID <@NUMBER:icid@> <@REGEXP(\"RELAY SG .+ match .+ SBRS .+\"):msg@>", + "msg_id" : "IronPort:icid_sendergroup_relay", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: DCID <@NUMBER:dcid@> <@REGEXP(\"close\"):msg@>", + "msg_id" : "IronPort:dcid_close", + "table" : "IronPort", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: ICID <@NUMBER:icid@> <@REGEXP(\"Unknown command:.*\"):msg@>", + "msg_id" : "IronPort:icid_unknown_command", + "table" : "IronPort", + "taxonomy" : "System.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> ICID <@NUMBER:icid@> <@REGEXP(\"To: <.*> Rejected by RAT\"):msg@>", + "msg_id" : "IronPort:mid_to_rejected_rat", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: Connection Error: DCID: <@NUMBER:dcid@> <@REGEXP(\".+\"):msg@>", + "msg_id" : "IronPort:dcid_connection_error", + "table" : "IronPort", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"was too big .+ for scanning by .+\"):msg@>", + "msg_id" : "IronPort:mid_too_big_scanning", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: ICID <@NUMBER:icid@> <@REGEXP(\"Receiving Failed: .+\"):msg@>", + "msg_id" : "IronPort:icid_receiving_failed", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\".+ pending till .+\"):msg@>", + "msg_id" : "IronPort:mid_pending_till", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"antivirus positive '.+'\"):msg@> ", + "msg_id" : "IronPort:mid_antivirus_positive", + "table" : "IronPort", + "taxonomy" : "Email.Antivirus", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Scanning .+ for expiration candidates.\"):msg@>", + "msg_id" : "IronPort:scanning_expiration_candidates", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Done scanning .+ remain in queue.\"):msg@>", + "msg_id" : "IronPort:done_scanning_remain_queue", + "table" : "IronPort", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: Delayed: DCID <@NUMBER:dcid@> MID <@NUMBER:mid@> <@REGEXP(\".+Unknown address error.+\"):msg@>", + "msg_id" : "IronPort:mid_delayed_unknown_address", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"was generated for bounce of .+\"):msg@>", + "msg_id" : "IronPort:mid_generated_for_bounce", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Bounced\"):msg@>: DCID <@NUMBER:dcid@> MID <@NUMBER:mid@> to RID <@NUMBER:rid@> - <@STRING:NULL@> - <@REGEXP(\".+\"):bounce_reason@>", + "msg_id" : "IronPort:mid_bounced", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Double bounce\"):msg@>: MID <@NUMBER:mid@> <@STRING:NULL@>", + "msg_id" : "IronPort:mid_double_bounce", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"was split creating MID \\d+ due to .+\"):msg@>", + "msg_id" : "IronPort:mid_split_creating", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"rewritten to MID \\d+ by .+\"):msg@>", + "msg_id" : "IronPort:mid_rewritten_to_by", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"using engine: .+ spam suspect\"):msg@>", + "msg_id" : "IronPort:mid_spam_suspect", + "table" : "IronPort", + "taxonomy" : "Email.Spam", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"antivirus repaired .+\"):msg@> ", + "msg_id" : "IronPort:mid_antivirus_repaired", + "table" : "IronPort", + "taxonomy" : "Email.Antivirus", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"antivirus encrypted.*\"):msg@> ", + "msg_id" : "IronPort:mid_antivirus_encrypted", + "table" : "IronPort", + "taxonomy" : "Email.Antivirus", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"antivirus unscannable .+\"):msg@>", + "msg_id" : "IronPort:mid_antivirus_unscannable", + "table" : "IronPort", + "taxonomy" : "Email.Antivirus", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: Delayed: DCID <@NUMBER:dcid@> MID <@NUMBER:mid@> <@STRING:msg@>", + "msg_id" : "IronPort:mid_delayed", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: Alias match: MID <@NUMBER:mid@> <@REGEXP(\".+ recipient .+ mapped to .+\"):msg@>", + "msg_id" : "IronPort:alias_match_recipient_mapped", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: ICID <@NUMBER:icid@> MID <@NUMBER:mid@> <@REGEXP(\"Invalid recipient address:.+\"):msg@>", + "msg_id" : "IronPort:mid_invalid_recipient_address", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: ICID <@NUMBER:icid@> <@REGEXP(\"Connection from .+ lost after \\d+ seconds .+\"):msg@>", + "msg_id" : "IronPort:icid_connection_lost_after", + "table" : "IronPort", + "taxonomy" : "Network.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Queue: Checkpoint \\w+ed\"):msg@>", + "msg_id" : "IronPort:checkpoint_started_finished", + "table" : "IronPort", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Possible Delivery\"):msg@>: DCID <@NUMBER:dcid@> MID <@NUMBER:mid@> <@STRING:NULL@>", + "msg_id" : "IronPort:mid_possible_delivery", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Warning: MID <@NUMBER:mid@>, <@REGEXP(\"Message Scanning Problem: .+\"):msg@>", + "msg_id" : "IronPort:mid_message_scanning_problem", + "table" : "IronPort", + "taxonomy" : "Email.Antivirus", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: ICID <@NUMBER:icid@> <@REGEXP(\"Invalid sender address: .+\"):msg@>", + "msg_id" : "IronPort:icid_invalid_sender_address", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"Could not convert character set: .+\"):msg@>", + "msg_id" : "IronPort:couldnt_convert_character_set", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: ICID <@NUMBER:icid@> <@REGEXP(\"disconnected address .+\"):msg@>", + "msg_id" : "IronPort:icid_disconnected_address", + "table" : "IronPort", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"released from.+quarantine.+\"):msg@>", + "msg_id" : "IronPort:mid_released_from_quarantine", + "table" : "IronPort", + "taxonomy" : "Email.Antivirus", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: ICID <@NUMBER:icid@> <@REGEXP(\"Bad syntax for command: .+\"):msg@>", + "msg_id" : "IronPort:icid_bad_syntax_command", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"Virus Threat Level=\\d+\"):msg@>", + "msg_id" : "IronPort:mid_virus_threat_level", + "table" : "IronPort", + "taxonomy" : "Email.Antivirus", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Critical: MID <@NUMBER:mid@> <@REGEXP(\"antivirus timeout error\"):msg@> ", + "msg_id" : "IronPort:mid_antivirus_timeout_error", + "table" : "IronPort", + "taxonomy" : "Email.Antivirus", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"attachment types .+\"):msg@>", + "msg_id" : "IronPort:mid_attachment_types", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+ alert was sent to .+ with subject .+\"):msg@>", + "msg_id" : "IronPort:alert_sent_to", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"was generated based on MID \\d+ .+\"):msg@>", + "msg_id" : "IronPort:mid_generated_based_on", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"quarantined to .+\"):msg@>", + "msg_id" : "IronPort:mid_quarantined_to", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"From: .+ To: .+\"):msg@>", + "msg_id" : "IronPort:mid_from_to", + "table" : "IronPort", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"quarantine .+ new reason .+\"):msg@>", + "msg_id" : "IronPort:mid_quarantine_new_reason", + "table" : "IronPort", + "taxonomy" : "Email.Antivirus", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"IronPort Virus Outbreak Filters Alert sent.+\"):msg@>", + "msg_id" : "IronPort:virus_outbreak_filters_alert", + "table" : "IronPort", + "taxonomy" : "Email.Antivirus", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: MID <@NUMBER:mid@> <@REGEXP(\"CASE sent a poorly formatted response.+\"):msg@>", + "msg_id" : "IronPort:case_poorly_formatted_response", + "table" : "IronPort", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: New SMTP ICID <@NUMBER:icid@> <@REGEXP(\"interface .+ address .+ reverse dns host unkno\"):msg@>", + "msg_id" : "IronPort:new_smtp_reverse_unkno", + "table" : "IronPort", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Critical: MID <@NUMBER:mid@> <@REGEXP(\"CASE could not be reached\"):msg@>", + "msg_id" : "IronPort:case_couldnt_be_reached", + "table" : "IronPort", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://www.ironport.com/products/email_security_appliances.html", + "version" : "200706060003", + "name" : "IronPort", + "description" : "IronPort" +} diff --git a/conf/logmanagement/services/IronPort_S-Series_System.json b/conf/logmanagement/services/IronPort_S-Series_System.json new file mode 100644 index 0000000..359118c --- /dev/null +++ b/conf/logmanagement/services/IronPort_S-Series_System.json @@ -0,0 +1,912 @@ +{ + "icon" : "companies/logo_ironport", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+: User \\S+ entered '.*'; prompt was .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:user_entered_to_prompt", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Listening for connections on .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:listening_for_connections", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Time offset from UTC: .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:time_offset_from_utc", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Process '.+' healthy\"):msg@>", + "msg_id" : "IronPort_S-Series_System:process_healthy", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: Network Participation: failed to connect to host: .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:failed_connect_to_host", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Version: .+ SN: .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:version_sn", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"\\S+ service listening on .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:service_listening_on", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Debug: Network Participation: Attempting to connect to host: .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:attempting_connect_to_host", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Critical: Failed to bootstrap the DNS resolver. Unable to contact root servers.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:unable_contact_dns_servers", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Active .+ db opened.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:active_db_opened", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Begin Logfile\"):msg@>", + "msg_id" : "IronPort_S-Series_System:begin_logfile", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"End Logfile\"):msg@>", + "msg_id" : "IronPort_S-Series_System:end_logfile", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"message: shutting down .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:shutting_down", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+ service shutting down on .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:service_shutting_down", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+: User \\S+ login from \\S+ on \\S+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:user_login_from", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"DB environment opened at .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:db_environment_opened", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"lame DNS referral:.+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:lame_dns_referral", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: DNS query network error .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:dns_query_network_error", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+: Skipping, not opted in.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:skipping_not_opted_in", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Started processing .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:started_processing", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Finished processing .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:finished_processing", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Debug: Network Participation: Successfully connected to host:.+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:succesfully_connected_to_host", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Debug: Network Participation: Closed connection to host:.+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:closed_connection_to_host", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Queued for update:.+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:queued_for_update", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Started downloading .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:started_downloading", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Finished downloading .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:finished_downloading", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Started update.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:started_update", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Started downloads.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:started_downloads", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Started applying .*update.*\"):msg@>", + "msg_id" : "IronPort_S-Series_System:started_applying_update", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Finished applying .*update.*\"):msg@>", + "msg_id" : "IronPort_S-Series_System:finished_applying_update", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Started manifest acquisition.+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:started_manifest_acquisition", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Finished manifest acquisition.+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:finished_manifest_acquisition", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Network Participation: Uploaded \\d+ bytes to .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:uploaded_bytes_to", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Finished downloads.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:finished_downloads", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Decrypted file .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:decrypted_file", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Restarting engine.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:restarting_engine", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Updating version info.+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:updating_version_info", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Accepted connection on .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:accepted_connection_on", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Closing scoring socket.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:closing_scoring_socket", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Started updating version info.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:started_updating_version_info", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"\\S+ db closed.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:db_closed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Switched \\S+ db.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:switched_db", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+User \\S+ commit changes:.*\"):msg@> ", + "msg_id" : "IronPort_S-Series_System:user_commit_changes", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"log\\S+:.+ user:.+ session:.+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:user_session", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Session \\S+ .*\"):msg@>", + "msg_id" : "IronPort_S-Series_System:session_info", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"PERIODIC REPORTS: .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:periodic_reports", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: Cannot open .+, non-existent.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:cannot_open_non_existent", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: A RAID-event has occurred: .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:raid_event_occured", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Internal SMTP system attempting to send a message to .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:smtp_attempting_send_message", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"bootstrapping DNS cache\"):msg@>", + "msg_id" : "IronPort_S-Series_System:bootstrapping_dns_cache", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: Error while sending alert: .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:error_while_sending_alert", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: Internal SMTP Error: .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:internal_smtp_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: Network Participation: Timed out after \\d+ seconds. Retrying in \\d+ seconds.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:network_timed_out", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: .+Failed to \\S+ server manifest.+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:failed_server_manifest", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Critical: Internal SMTP giving up on message to .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:critical_smtp_giving_up", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+\\w+ed decryption.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:started_finished_decryption", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+: \\w+ed preparing full \\w+ db update.+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:preparing_full_db_update", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Signalling switch of \\w+ db.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:signalling_switch_of_db", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: Received an invalid DNS Response:.+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:received_invalid_dns_response", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Closing management socket.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:closing_management_socket", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Finished update.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:finished_update", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Can't query nameserver .+ for its own IP without knowing its IP.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:cant_query_nameserver", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Internal SMTP system successfully sent a message to .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:smtp_successfully_sent_message", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Started update handler thread.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:started_update_handler_thread", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: Process .+ deemed unhealthy or slow.+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:process_deemed_unhealthy", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Process .+ not running so skipping health check\"):msg@>", + "msg_id" : "IronPort_S-Series_System:skipping_health_check", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+: \\w+ed preparing diff \\w+ db update .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:preparing_diff_db", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Finished updating version info.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:finished_updating_version_info", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: .+Failed to download .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:failed_to_download", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: .+Download timed out for .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:download_timed_out_for", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: .+Failed to acquire manifest.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:failed_acquire_manifest", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"System is coming up.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:system_coming_up", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Table \\S+ has \\d+ unique keys\"):msg@>", + "msg_id" : "IronPort_S-Series_System:table_unique_keys", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+ \\w+ed decompression.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:started_finished_decompression", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".+Error in https connection from .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:error_in_https_connection", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Period \\w+ using .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:period_using", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+Signalling switch of blacklist.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:signalling_switch_of_blacklist", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"\\w+ service on .+ redirecting to .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:service_redirecting", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Pages found in cache: .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:pages_found_in_cache", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Journal coeuslog.reporting .+ percent full using .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:journal_percent_full", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"HELPER checkpointed in .+ seconds\"):msg@>", + "msg_id" : "IronPort_S-Series_System:helper_checkpointed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Address .+ discovered for .+ added to firewall blacklist.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:address_added_to_blacklist", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Address .+ for .+ removed from firewall blacklist.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:address_removed_from_blacklist", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Log .+ pushed to remote host .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:log_pushed_to_remote", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Logfile rolled over\"):msg@>", + "msg_id" : "IronPort_S-Series_System:logfile_rolled_over", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Firewall blocked data from .+ to .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:firewall_blocked_data", + "table" : "Message", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Firewall noted data from .+ to .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:firewall_noted_data", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"A .+ alert was sent to .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:alert_was_sent_to", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"System is shutting down.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:system_shutting_down", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Critical: SSL error with client .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:ssl_error_with_client", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"DNS cache bootstrapped\"):msg@>", + "msg_id" : "IronPort_S-Series_System:dns_cache_bootstrapped", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+User \\w+ logged out of CLI session\"):msg@>", + "msg_id" : "IronPort_S-Series_System:user_logged_out_cli", + "table" : "Message", + "taxonomy" : "Access", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: .*General exception.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:general_exception", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Warning: <@REGEXP(\".+ Unable to apply update file .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:unable_apply_update_file", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Warning: <@REGEXP(\"Network Participation: Error sending data: .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:network_participation_error_sending", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Critical: <@REGEXP(\"Log Error: Push error for subscription .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:push_error_for_subscription", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+ feature key not enabled.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:feature_key_not_enabled", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"System Health Daemon started.+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:system_health_daemon_started", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\".+User .+ executed batch command: .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:user_executed_batch_command", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Info: \\d+: wbrs: Signaling switch of \\w+ db.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:wbrs_signaling_switch_db", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Info: \\d+: wbrs: Switch of \\w+ db succeeded.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:wbrs_switch_db_succeeded", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: \\d+: wbrs: Switch of \\w+ db failed.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:wbrs_switch_db_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Info: \\d+: \\S+: Skipping, not enabled.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:service_skipping_not_enabled", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\w+: Process .+ failed health checks.+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:process_failed_health_checks", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: Network Participation error: .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:network_participation_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: Report Query Failed\"):msg@>", + "msg_id" : "IronPort_S-Series_System:report_query_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Info: Query: The maximum number of concurrent queries has been exceeded.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:maximum_concurrent_queries_exceeded", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Info: Query: Closing \\S+ handle \\d+.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:query_closing_handle", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Critical: An application fault occurred:.+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:application_fault_occured", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Info: .+ has been disabled\"):msg@>", + "msg_id" : "IronPort_S-Series_System:service_has_been_disabled", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Info: .+ is currently not enabled\"):msg@>", + "msg_id" : "IronPort_S-Series_System:service_currently_not_enabled", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Info: Query: Merge query with handle .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:merge_query_with_handle", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Info: .+ has been enabled\"):msg@>", + "msg_id" : "IronPort_S-Series_System:service_has_been_enabled", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Info: Wrote .+ interval with time .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:wrote_interval_with_time", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Info: Query: Interval query with handle .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:interval_query_with_handle", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Info: Space management removed .+ interval with time .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:space_management_removed_interval", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"HELPER has joined the database\"):msg@>", + "msg_id" : "IronPort_S-Series_System:helper_joined_database", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"HELPER RPC server has been started\"):msg@>", + "msg_id" : "IronPort_S-Series_System:helper_rpc_started", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Critical: The reporting system has encountered a critical error while opening the database.+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:reporting_encountered_critical_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Replacing current .+ with new .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:replacing_current_with_new", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> INFO : <@REGEXP(\"Requests: total \\d+ current \\d+ Maxrss .+ Cpu: .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:system_info", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> INFO : <@REGEXP(\"Got an info query\"):msg@>", + "msg_id" : "IronPort_S-Series_System:got_info_query", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> INFO : <@REGEXP(\"Webroot\\s+spy found \\d+ scanned \\d+ avg scan time .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:webroot_spy_found_scanned", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> CRITICAL : <@REGEXP(\"Unable to connect to proxy .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:unable_connect_proxy", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> INFO : <@REGEXP(\"Webroot versions: .+\"):msg@>", + "msg_id" : "IronPort_S-Series_System:webroot_versions", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> INFO : <@REGEXP(\"Webroot process ready to process events\"):msg@>", + "msg_id" : "IronPort_S-Series_System:webroot_ready_process_events", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> INFO : <@REGEXP(\"Webroot initialized.\"):msg@>", + "msg_id" : "IronPort_S-Series_System:webroot_initialized", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"WARNING : EOF on querySocket\"):msg@>", + "msg_id" : "IronPort_S-Series_System:eof_on_querysocket", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"WARNING : .+ is pending\"):msg@>", + "msg_id" : "IronPort_S-Series_System:is_pending", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + } + ], + "website" : "http://www.ironport.com/products/web_security_appliances.html", + "version" : "200702200010", + "name" : "IronPort_S-Series_System", + "description" : "IronPort S-Series System Service" +} diff --git a/conf/logmanagement/services/IronPort_S-Series_Traffic.json b/conf/logmanagement/services/IronPort_S-Series_Traffic.json new file mode 100644 index 0000000..ceda9d7 --- /dev/null +++ b/conf/logmanagement/services/IronPort_S-Series_Traffic.json @@ -0,0 +1,79 @@ +{ + "icon" : "companies/logo_ironport", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>.<@NUMBER:NULL@> <@NUMBER:elapsed_time@> <@IP_ADDR:client_ip@> <@REGEXP(\"TCP_MISS\"):action@>/<@NUMBER:http_response@> <@BYTES:total_bytes@> <@WORD:http_method@> <@WORD:url@> - <@WORD:NULL@> <@WORD:content_type@> <@STRING:acl@>", + "msg_id" : "IronPort_S-Series_Traffic:tcp_miss", + "table" : "IronPort_S_Series_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>.<@NUMBER:NULL@> <@NUMBER:elapsed_time@> <@IP_ADDR:client_ip@> <@REGEXP(\"TCP_CLIENT_REFRESH_MISS\"):action@>/<@NUMBER:http_response@> <@BYTES:total_bytes@> <@WORD:http_method@> <@WORD:url@> - <@STRING:acl@>", + "msg_id" : "IronPort_S-Series_Traffic:tcp_client_refresh_miss", + "table" : "IronPort_S_Series_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>.<@NUMBER:NULL@> <@NUMBER:elapsed_time@> <@IP_ADDR:client_ip@> <@REGEXP(\"TCP_REFRESH_HIT\"):action@>/<@NUMBER:http_response@> <@BYTES:total_bytes@> <@WORD:http_method@> <@WORD:url@> - <@STRING:acl@>", + "msg_id" : "IronPort_S-Series_Traffic:tcp_refresh_hit", + "table" : "IronPort_S_Series_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>.<@NUMBER:NULL@> <@NUMBER:elapsed_time@> <@IP_ADDR:client_ip@> <@REGEXP(\"TCP_DENIED\"):action@>/<@NUMBER:http_response@> <@BYTES:total_bytes@> <@WORD:http_method@> <@WORD:url@> - <@STRING:acl@>", + "msg_id" : "IronPort_S-Series_Traffic:tcp_denied", + "table" : "IronPort_S_Series_Traffic", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>.<@NUMBER:NULL@> <@NUMBER:elapsed_time@> <@IP_ADDR:client_ip@> <@REGEXP(\"TCP_IMS_HIT\"):action@>/<@NUMBER:http_response@> <@BYTES:total_bytes@> <@WORD:http_method@> <@WORD:url@> - <@STRING:acl@>", + "msg_id" : "IronPort_S-Series_Traffic:tcp_ims_hit", + "table" : "IronPort_S_Series_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>.<@NUMBER:NULL@> <@NUMBER:elapsed_time@> <@IP_ADDR:client_ip@> <@REGEXP(\"TCP_MEM_HIT\"):action@>/<@NUMBER:http_response@> <@BYTES:total_bytes@> <@WORD:http_method@> <@WORD:url@> - <@STRING:acl@>", + "msg_id" : "IronPort_S-Series_Traffic:tcp_mem_hit", + "table" : "IronPort_S_Series_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>.<@NUMBER:NULL@> <@NUMBER:elapsed_time@> <@IP_ADDR:client_ip@> <@REGEXP(\"NONE\"):action@>/<@NUMBER:http_response@> <@BYTES:total_bytes@> <@WORD:http_method@> <@WORD:url@> - <@STRING:acl@>", + "msg_id" : "IronPort_S-Series_Traffic:transaction_error", + "table" : "IronPort_S_Series_Traffic", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>.<@NUMBER:NULL@> <@NUMBER:elapsed_time@> <@IP_ADDR:client_ip@> <@REGEXP(\"TCP_DENIED\"):action@>/<@NUMBER:http_response@> <@BYTES:total_bytes@> <@WORD:http_method@> <@STRING:url@>", + "msg_id" : "IronPort_S-Series_Traffic:tcp_denied2", + "table" : "IronPort_S_Series_Traffic", + "taxonomy" : "Traffic.Denied", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>.<@NUMBER:NULL@> <@NUMBER:elapsed_time@> <@IP_ADDR:client_ip@> <@WORD:action@>/<@NUMBER:http_response@> <@BYTES:total_bytes@> <@WORD:http_method@> <@WORD:url@> <@WORD:user@> <@STRING:acl@>", + "msg_id" : "IronPort_S-Series_Traffic:authenticated_user_traffic", + "table" : "IronPort_S_Series_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: req:<@IP_ADDR:client_ip@> user:<@WORD:user@> id:<@WORD:NULL@> <@NUMBER:http_response@> <@WORD:http_method@> <@STRING:url@> HTTP/<@WORD:NULL@> <@STRING:NULL@>", + "msg_id" : "IronPort_S-Series_Traffic:traffic", + "table" : "IronPort_S_Series_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + } + ], + "website" : "http://www.ironport.com/products/web_security_appliances.html", + "version" : "200703080001", + "name" : "IronPort_S-Series_Traffic", + "description" : "IronPort S-Series Traffic Service" +} diff --git a/conf/logmanagement/services/IronPort_System.json b/conf/logmanagement/services/IronPort_System.json new file mode 100644 index 0000000..7043952 --- /dev/null +++ b/conf/logmanagement/services/IronPort_System.json @@ -0,0 +1,177 @@ +{ + "icon" : "companies/logo_ironport", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: Received an invalid DNS Response: .+\"):msg@>", + "msg_id" : "IronPort_System:received_invalid_dns_response", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"DNS Error .+\"):msg@>", + "msg_id" : "IronPort_System:dns_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"DNS Temporary Failure .+\"):msg@>", + "msg_id" : "IronPort_System:dns_temporary_failure", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Status: .+\"):msg@>", + "msg_id" : "IronPort_System:status", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"case cache status: .+\"):msg@>", + "msg_id" : "IronPort_System:case_cache_status", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Begin Logfile\"):msg@>", + "msg_id" : "IronPort_System:begin_logfile", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: nameserver resolution path points to .+\"):msg@>", + "msg_id" : "IronPort_System:nameserver_resolution_path_points", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Maximum DNS recursion .+\"):msg@>", + "msg_id" : "IronPort_System:maximum_dns_recursion", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Log .+ pushed to remote host .+\"):msg@>", + "msg_id" : "IronPort_System:log_pushed_remote_host", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Time offset from UTC: \\d+ seconds\"):msg@>", + "msg_id" : "IronPort_System:time_offset_from_utc", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Critical: Log Error: Push error for subscription .+: SCP failed to transfer to .+\"):msg@>", + "msg_id" : "IronPort_System:scp_push_log_failed", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Version: .+ SN: .+\"):msg@>", + "msg_id" : "IronPort_System:version", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"Logfile rolled over\"):msg@>", + "msg_id" : "IronPort_System:logfile_rolled_over", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Info: <@REGEXP(\"End Logfile\"):msg@>", + "msg_id" : "IronPort_System:end_logfile", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: DNS query network error .+\"):msg@>", + "msg_id" : "IronPort_System:dns_query_network_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Critical: Error while sending alert: .+\"):msg@>", + "msg_id" : "IronPort_System:error_while_sending_alert", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Info: SMTP listener .+ shut down\"):msg@>", + "msg_id" : "IronPort_System:smtp_listener_shut_down", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Info: SMTP connection killed .+\"):msg@>", + "msg_id" : "IronPort_System:smtp_connection_killed", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Info: SMTP listener .+ starting\"):msg@>", + "msg_id" : "IronPort_System:smtp_listener_starting", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Info: Deliveries are currently suspended .+\"):msg@>", + "msg_id" : "IronPort_System:deliveries_currently_suspended", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Info: System is shutting down.\"):msg@>", + "msg_id" : "IronPort_System:system_shutting_down", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Info: System is coming up.\"):msg@>", + "msg_id" : "IronPort_System:system_coming_up", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Warning: Filter \".+\" committed as invalid:.+\"):msg@>", + "msg_id" : "IronPort_System:filter_commited_as_invalid", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Critical: An application fault occurred: Invalid Filter: .+\"):msg@>", + "msg_id" : "IronPort_System:application_fault_invalid_filter", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + } + ], + "website" : "http://www.ironport.com/products/email_security_appliances.html", + "version" : "200706060002", + "name" : "IronPort_System", + "description" : "IronPort System Service" +} diff --git a/conf/logmanagement/services/Juniper_DX_System.json b/conf/logmanagement/services/Juniper_DX_System.json new file mode 100644 index 0000000..ab3465a --- /dev/null +++ b/conf/logmanagement/services/Juniper_DX_System.json @@ -0,0 +1,170 @@ +{ + "icon" : "companies/logo_juniper", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][LSTN] <@STRING:object@> <@REGEXP(\"Up\"):status@> (VIP:<@WORD:vip@>)", + "msg_id" : "Juniper_DX_System:lstn_up", + "table" : "Juniper_DX_Monitor", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][LSTN] <@STRING:object@> <@REGEXP(\"Down\"):status@> (VIP:<@WORD:vip@>)", + "msg_id" : "Juniper_DX_System:lstn_down", + "table" : "Juniper_DX_Monitor", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][TSSN] <@REGEXP(\"Cannot contact\"):status@> <@REGEXP(\"Target Host\"):object@> <@REGEXP(\"\\S+:\\d+\"):vip@>.", + "msg_id" : "Juniper_DX_System:cannot_contact_target_host", + "table" : "Juniper_DX_Monitor", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][TSSN] <@REGEXP(\"Target Host\"):object@> <@REGEXP(\"\\S+:\\d+\"):vip@> <@REGEXP(\"has been contacted\"):status@>.", + "msg_id" : "Juniper_DX_System:target_host_been_contacted", + "table" : "Juniper_DX_Monitor", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][LOG_] SLB HealthCheck: <@REGEXP(\"Target \\S+\"):object@> (<@REGEXP(\"Group \\S+\"):vip@>) is <@REGEXP(\"UP\"):status@>", + "msg_id" : "Juniper_DX_System:slb_healthcheck_up", + "table" : "Juniper_DX_Monitor", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][LOG_] SLB HealthCheck: <@REGEXP(\"Target \\S+\"):object@> (<@REGEXP(\"Group \\S+\"):vip@>) is <@REGEXP(\"DOWN\"):status@>", + "msg_id" : "Juniper_DX_System:slb_healthcheck_down", + "table" : "Juniper_DX_Monitor", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][HEALTH] <@REGEXP(\"Target Server \\S+ passed layer 4 health check.\"):msg@>", + "msg_id" : "Juniper_DX_System:passed_layer4_healthcheck", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][LSTN] <@REGEXP(\"forwarder .+ - No target available.\"):msg@> ", + "msg_id" : "Juniper_DX_System:forwarder_no_target_available", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][HEALTH] <@REGEXP(\"Target Server \\S+ failed layer 4 health check.\"):msg@>", + "msg_id" : "Juniper_DX_System:failed_layer4_healthcheck", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][<@WORD:NULL@>] <@REGEXP(\"User \\S+ failed to \\S+ valid username and password combination\"):msg@>", + "msg_id" : "Juniper_DX_System:failed_username_password", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][RLSH] <@REGEXP(\"Cannot contact TFTP server .+\"):msg@>", + "msg_id" : "Juniper_DX_System:cannot_contact_tftp_server", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][MAIN] <@REGEXP(\"Rebooted from CLI.\"):msg@>", + "msg_id" : "Juniper_DX_System:rebooted_from_cli", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][LSTN] <@REGEXP(\"cluster .+ - No target available.\"):msg@>", + "msg_id" : "Juniper_DX_System:cluster_no_target_available", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][LOG_] <@REGEXP(\"\\S+: Link is Down\"):msg@>", + "msg_id" : "Juniper_DX_System:link_is_down", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][LOG_] <@REGEXP(\"\\S+: Link is up.+\"):msg@>", + "msg_id" : "Juniper_DX_System:link_is_up", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][WEBUI] <@REGEXP(\"WebUI: unable to connect with target stats.+\"):msg@>", + "msg_id" : "Juniper_DX_System:unable_connect_target_stats", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][HEALTH] <@REGEXP(\"Health : Target Server \\S+ TCP connect health check succeeded.\"):msg@>", + "msg_id" : "Juniper_DX_System:tcp_connect_healthcheck_succeeded", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][LOG_] <@REGEXP(\"arp: \\S+ is using my IP address \\S+!\"):msg@>", + "msg_id" : "Juniper_DX_System:arp_using_address", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][HEALTH] <@REGEXP(\"Health : Target Server \\S+ connect failed.+\"):msg@>", + "msg_id" : "Juniper_DX_System:target_server_connect_failed", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][HTTP] <@REGEXP(\"DX received insufficient bytes from target .+\"):msg@>", + "msg_id" : "Juniper_DX_System:received_insufficient_bytes", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][HTTP] <@REGEXP(\"cluster \\S+: Bad HTTP request:.+\"):msg@>", + "msg_id" : "Juniper_DX_System:bad_http_request", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][STKY] <@REGEXP(\"Client IP sticky on cluster .+ Assign new target .+\"):msg@>", + "msg_id" : "Juniper_DX_System:client_ip_sticky_new", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> Juniper Networks: [<@STRING:NULL@>][ALERT][HTTP] <@REGEXP(\"redirector \\S+ Up .+\"):msg@>", + "msg_id" : "Juniper_DX_System:redirector_up", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + } + ], + "website" : "http://www.juniper.net/products_and_services/application_acceleration/data_center_acceleration/dx_application_acceleration/", + "version" : "200902050009", + "name" : "Juniper_DX_System", + "description" : "Juniper DX System Service" +} diff --git a/conf/logmanagement/services/Juniper_DX_Traffic.json b/conf/logmanagement/services/Juniper_DX_Traffic.json new file mode 100644 index 0000000..ce3cb95 --- /dev/null +++ b/conf/logmanagement/services/Juniper_DX_Traffic.json @@ -0,0 +1,23 @@ +{ + "icon" : "companies/logo_juniper", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@IP_ADDR:src_addr@> - - [<@DATE_TIME_APACHE_ACCESS:apachetime@>] \"<@WORD:http_method@> <@WORD:url@> <@WORD:http_version@>\" <@NUMBER:status@> <@BYTES:rec_bytes@> <@STRING:NULL@>", + "msg_id" : "Juniper_DX_Traffic:traffic1", + "table" : "Web_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@IP_ADDR:src_addr@> [<@DATE_TIME_APACHE_ACCESS:apachetime@>] <@WORD:http_method@> <@WORD:url@> <@WORD:http_version@> <@NUMBER:status@> <@BYTES:rec_bytes@> <@STRING:NULL@>", + "msg_id" : "Juniper_DX_Traffic:miss", + "table" : "Web_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + } + ], + "website" : "http://www.juniper.net/products_and_services/application_acceleration/data_center_acceleration/dx_application_acceleration/", + "version" : "201003080002", + "name" : "Juniper_DX_Traffic", + "description" : "Juniper DX Traffic Service" +} diff --git a/conf/logmanagement/services/Keepalived.json b/conf/logmanagement/services/Keepalived.json new file mode 100644 index 0000000..5e051ab --- /dev/null +++ b/conf/logmanagement/services/Keepalived.json @@ -0,0 +1,394 @@ +{ + "icon" : "software/logo_keepalived", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Netlink reflector reports IP .+ added\"):msg@> ", + "msg_id" : "Keepalived:ip_added", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Activating healtchecker for service .+\"):msg@>", + "msg_id" : "Keepalived:activating_healtchecker_for_service", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\".+ Sending gratuitous ARPs on .+\"):msg@>", + "msg_id" : "Keepalived:sending_gratuitous_arps", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Registering Kernel .+\"):msg@> ", + "msg_id" : "Keepalived:registering_kernel", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Error connecting server .+\"):msg@>", + "msg_id" : "Keepalived:error_connecting_server", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Removing service .+ from VS .+\"):msg@>", + "msg_id" : "Keepalived:removing_service_from_vs", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\".+ setting protocol .+\"):msg@>", + "msg_id" : "Keepalived:setting_protocol", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>: <@REGEXP(\"Starting .+ child process, .+\"):msg@>", + "msg_id" : "Keepalived:starting_child_process", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\".+ removing protocol .+\"):msg@>", + "msg_id" : "Keepalived:removing_protocol", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Terminating .+ child process.+\"):msg@>", + "msg_id" : "Keepalived:terminating_child_process", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Registering gratutious ARP shared channel\"):msg@> ", + "msg_id" : "Keepalived:registering_gratutious_arp_channel", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Timeout connect, timeout server .+\"):msg@>", + "msg_id" : "Keepalived:timeout_connect_timeout_server", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>: <@REGEXP(\"Starting Keepalived .+\"):msg@>", + "msg_id" : "Keepalived:starting_keepalived", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Using LinkWatch kernel netlink reflector...\"):msg@> ", + "msg_id" : "Keepalived:using_kernel_netlink_reflector", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>: <@REGEXP(\"Stopping Keepalived .+\"):msg@>", + "msg_id" : "Keepalived:stopping_keepalived", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Netlink reflector reports IP .+ removed\"):msg@>", + "msg_id" : "Keepalived:ip_removed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"VRRP Error : VRID not valid !\"):msg@> ", + "msg_id" : "Keepalived:vrid_not_valid", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\".* must be between 1 & 255. reconfigure !\"):msg@> ", + "msg_id" : "Keepalived:vrid_not_valid2", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>: <@REGEXP(\"VRRP child process.+ died: Respawning\"):msg@> ", + "msg_id" : "Keepalived:vrrp_child_process_respawning", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>: <@REGEXP(\"Remove a zombie pid file .+\"):msg@>", + "msg_id" : "Keepalived:remove_zombie_pid_file", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\".+ the virtual id must be set!\"):msg@> ", + "msg_id" : "Keepalived:virtual_id_must_set", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Opening file .+\"):msg@>", + "msg_id" : "Keepalived:opening_file", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Configuration is using : \\d+ Bytes\"):msg@> ", + "msg_id" : "Keepalived:configuration_using_bytes", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"VRRP sockpool:.+\"):msg@>", + "msg_id" : "Keepalived:vrrp_sockpool", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\".+ Transition to MASTER STATE\"):msg@> ", + "msg_id" : "Keepalived:transition_to_master_state", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\".+ Entering MASTER STATE\"):msg@> ", + "msg_id" : "Keepalived:entering_master_state", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Adding service .+ to VS .+\"):msg@>", + "msg_id" : "Keepalived:adding_service_to_vs", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"HTTP status code success to .+\"):msg@>", + "msg_id" : "Keepalived:http_status_code_success", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Remote Web server .+ succeed on service.\"):msg@>", + "msg_id" : "Keepalived:remote_web_server_succeed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\".+ Entering BACKUP STATE\"):msg@> ", + "msg_id" : "Keepalived:entering_backup_state", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\".+ Received higher prio advert\"):msg@> ", + "msg_id" : "Keepalived:received_higher_prio_advert", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>: <@REGEXP(\"Terminating on signal\"):msg@> ", + "msg_id" : "Keepalived:terminating_on_signal", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Netlink: error: File exists,.+\"):msg@>", + "msg_id" : "Keepalived:netlink_error_file_exists", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\".+ Received lower prio advert, forcing new election\"):msg@> ", + "msg_id" : "Keepalived:received_lower_prio_alert", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"IPVS: No such destination\"):msg@> ", + "msg_id" : "Keepalived:ipvs_no_such_destination", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"IPVS: Destination already exists\"):msg@> ", + "msg_id" : "Keepalived:ipvs_destination_already_exists", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Read error with server .+: Connection reset by peer\"):msg@>", + "msg_id" : "Keepalived:read_error_with_server", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Timeout \\w+ read server .+\"):msg@>", + "msg_id" : "Keepalived:timeout_read_server", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"TCP connection to .+ success.\"):msg@> ", + "msg_id" : "Keepalived:tcp_connection_success", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"TCP connection to .+ failed !!!\"):msg@> ", + "msg_id" : "Keepalived:tcp_connection_failed", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Remote SMTP server .+ connected.\"):msg@> ", + "msg_id" : "Keepalived:remote_smtp_server_connected", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"SMTP alert successfully sent.\"):msg@> ", + "msg_id" : "Keepalived:smtp_alert_successfully_sent", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Adding sorry server .+ to VS .+\"):msg@>", + "msg_id" : "Keepalived:adding_sorry_server", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Removing sorry server .+ from VS .+\"):msg@>", + "msg_id" : "Keepalived:removing_sorry_server", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Timeout reading data to remote SMTP server .+\"):msg@>", + "msg_id" : "Keepalived:timeout_remote_smtp_server", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Suspending healtchecker for service .+\"):msg@>", + "msg_id" : "Keepalived:suspending_healtchecker_for_service", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Kernel is reporting: interface .+ DOWN\"):msg@>", + "msg_id" : "Keepalived:vrrp_interface_down", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"VRRP_Instance\\(.+\\) Entering FAULT STATE\"):msg@>", + "msg_id" : "Keepalived:vrrp_entering_fault_state", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"VRRP_Instance\\(.+\\) Now in FAULT state\"):msg@>", + "msg_id" : "Keepalived:vrrp_in_fault_state", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Kernel is reporting: interface .+ UP\"):msg@>", + "msg_id" : "Keepalived:vrrp_interface_up", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"VRRP_Script.+ timed out\"):msg@>", + "msg_id" : "Keepalived:vvrp_script_timeout", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"VRRP_Script.+ succeeded\"):msg@>", + "msg_id" : "Keepalived:vvrp_script_succeeded", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"VRRP_Instance.+ forcing a new MASTER election\"):msg@>", + "msg_id" : "Keepalived:vvrp_instance_forcing_election", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Process .+ didn't respond to SIGTERM\"):msg@>", + "msg_id" : "Keepalived:process_didnt_respond_sigterm", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Keepalived\"):daemon@>_<@WORD:module@>: <@REGEXP(\"Netlink: error: Cannot assign requested address, .+\"):msg@>", + "msg_id" : "Keepalived:netlink_error", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + } + ], + "website" : "http://www.keepalived.org/", + "version" : "201312070001", + "name" : "Keepalived", + "description" : "Keepalived Service" +} diff --git a/conf/logmanagement/services/Ldap.json b/conf/logmanagement/services/Ldap.json new file mode 100644 index 0000000..e957c1e --- /dev/null +++ b/conf/logmanagement/services/Ldap.json @@ -0,0 +1,541 @@ +{ + "icon" : "software/logo_openldap", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"daemon: activity on \\d+ descriptors\"):msg@>", + "msg_id" : "Ldap:daemon_activity_on_descriptors", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"daemon: select: listen=\\d+ active_threads=\\d+ tvp=.+\"):msg@> ", + "msg_id" : "Ldap:daemon_select", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"daemon: added \\d+r\"):msg@> ", + "msg_id" : "Ldap:daemon_added", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\d+r\"):msg@>", + "msg_id" : "Ldap:debug", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"daemon: read activity on \\d+\"):msg@> ", + "msg_id" : "Ldap:daemon_read_activity_on", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"daemon: new connection on \\d+\"):msg@> ", + "msg_id" : "Ldap:daemon_new_connection_on", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"daemon: removing \\d+\"):msg@> ", + "msg_id" : "Ldap:daemon_removing", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"slapd shutdown: waiting for .+\"):msg@>", + "msg_id" : "Ldap:shutdown_waiting_for", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"daemon: closing \\d+\"):msg@> ", + "msg_id" : "Ldap:daemon_closing", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"connection_read\\(\\d+\\): checking for input on id=\\d+\"):msg@>", + "msg_id" : "Ldap:connection_read_checking_input", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ber_get_next on fd \\d+ failed errno=\\d+ .+\"):msg@>", + "msg_id" : "Ldap:ber_get_next_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"send_ldap_response: msgid=\\d+ tag=\\d+ err=\\d+\"):msg@>", + "msg_id" : "Ldap:send_ldap_response", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"connection_get\\(\\d+\\): got connid=\\d+\"):msg@> ", + "msg_id" : "Ldap:connection_get", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"connection_read\\(\\d+\\): input error=.+ id=\\d+, closing.\"):msg@> ", + "msg_id" : "Ldap:connection_read", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"connection_closing: readying conn=\\d+ sd=\\d+ for close\"):msg@>", + "msg_id" : "Ldap:connection_closing", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"do_bind.+\"):msg@>", + "msg_id" : "Ldap:do_bind", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\S{2} ldbm_cache_open.+\"):msg@>", + "msg_id" : "Ldap:ldbm_cache_open", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*equality_candidates.*\"):msg@>", + "msg_id" : "Ldap:equality_candidates", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"send_ldap_result:.+\"):msg@>", + "msg_id" : "Ldap:send_ldap_result", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\S{2} list_candidates.*\"):msg@>", + "msg_id" : "Ldap:list_candidates", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ldbm_search: .+\"):msg@>", + "msg_id" : "Ldap:ldbm_search", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"search_candidates: .+\"):msg@>", + "msg_id" : "Ldap:search_candidates", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"====> cache_find_entry_dn2id\\(.+\"):msg@>", + "msg_id" : "Ldap:cache_find_entry_dn2id", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\S{2} id2entry_r\\(.+\"):msg@> ", + "msg_id" : "Ldap:id2entry_r", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\S{2} filter_candidates.*\"):msg@>", + "msg_id" : "Ldap:filter_candidates", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"====> cache_find_entry_id\\(.+\"):msg@>", + "msg_id" : "Ldap:cache_find_entry_id", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\S{2} dn2id.*\"):msg@>", + "msg_id" : "Ldap:dn2id", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"====> cache_return_entry_r.+\"):msg@>", + "msg_id" : "Ldap:cache_return_entry_r", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"connection_close: conn=\\d+ sd=\\d+\"):msg@>", + "msg_id" : "Ldap:connection_close", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"do_search\"):msg@>", + "msg_id" : "Ldap:do_search", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"dn2entry_r: dn: .+\"):msg@> ", + "msg_id" : "Ldap:dn2entry_r", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"=> ldbm_back_search\"):msg@> ", + "msg_id" : "Ldap:ldbm_back_search", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"<= index_read \\d+ candidates\"):msg@>", + "msg_id" : "Ldap:index_read_candidates", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"=> key_read\"):msg@>", + "msg_id" : "Ldap:key_read", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ldbm backend syncing \"):msg@>", + "msg_id" : "Ldap:ldbm_backend_syncing", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ldbm flushing db .+\"):msg@>", + "msg_id" : "Ldap:ldbm_flushing_db", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ldbm closing db .+\"):msg@>", + "msg_id" : "Ldap:ldbm_closing_db", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ldbm backend done syncing\"):msg@>", + "msg_id" : "Ldap:ldbm_backend_done_syncing", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"====> cache_release_all\"):msg@>", + "msg_id" : "Ldap:cache_release_all", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"daemon: conn=\\d+ fd=\\d+ connection from IP=.+ accepted.\"):msg@>", + "msg_id" : "Ldap:connection_from_ip_accepted", + "table" : "Message", + "taxonomy" : "Access.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"daemon: activity on:\"):msg@> ", + "msg_id" : "Ldap:activity_on", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"conn=\\d+ op=\\d+ SRCH base=.+\"):msg@>", + "msg_id" : "Ldap:conn_srch", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"conn=\\d+ op=\\d+ RESULT .+\"):msg@>", + "msg_id" : "Ldap:conn_result", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"deferring operation\"):msg@>", + "msg_id" : "Ldap:deferring_operation", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"conn=\\d+ op=\\d+ BIND dn=.+\"):msg@>", + "msg_id" : "Ldap:conn_bind", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"conn=\\d+ op=\\d+ SEARCH RESULT .+\"):msg@>", + "msg_id" : "Ldap:conn_search_result", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"daemon: shutdown requested and initiated.\"):msg@> ", + "msg_id" : "Ldap:shutdown_requested_and_initiated", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"slapd shutdown: freeing system resources.\"):msg@> ", + "msg_id" : "Ldap:freeing_system_resources", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"slap_sig_shutdown: signal \\d+\"):msg@>", + "msg_id" : "Ldap:slap_sig_shutdown", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"conn=\\d+ op=\\d+ UNBIND\"):msg@>", + "msg_id" : "Ldap:conn_unbind", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"connection_read\\(\\d+\\): no connection!\"):msg@>", + "msg_id" : "Ldap:connection_read_no_connection", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"conn=\\S+ fd=\\S+ closed\"):msg@>", + "msg_id" : "Ldap:conn_closed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"slapd shutdown: initiated\"):msg@> ", + "msg_id" : "Ldap:slapd_shutdown_initiated", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"slapd stopped.\"):msg@> ", + "msg_id" : "Ldap:slapd_stopped", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"slapd starting\"):msg@>", + "msg_id" : "Ldap:slapd_starting", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"send_ldap_search_result \\d+::\"):msg@> ", + "msg_id" : "Ldap:send_ldap_search_result", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"conn=\\d+ op=\\d+ MOD dn=.+\"):msg@> ", + "msg_id" : "Ldap:action_modify", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ldap\"):daemon@>: <@REGEXP(\"slapd shutdown succeeded\"):msg@> ", + "msg_id" : "Ldap:slapd_shutdown_succeeded", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ldap\"):daemon@>: <@REGEXP(\"slurpd shutdown succeeded\"):msg@>", + "msg_id" : "Ldap:slurpd_shutdown_succeeded", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"conn=\\d+ op=\\d+ ADD dn=.+\"):msg@>", + "msg_id" : "Ldap:action_add", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"conn=\\d+ op=\\d+ DEL dn=.+\"):msg@> ", + "msg_id" : "Ldap:action_delete", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"warning: cannot open .+: Too many open files\"):msg@>", + "msg_id" : "Ldap:too_many_open_files", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"daemon: accept.+ failed errno=\\d+ \\(Too many open files\\)\"):msg@>", + "msg_id" : "Ldap:too_many_open_files2", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"entry failed schema check: .+\"):msg@>", + "msg_id" : "Ldap:entry_failed_schema_check", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Entry .+: object class .+ requires attribute .+\"):msg@>", + "msg_id" : "Ldap:object_class_requires_attribute", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"daemon: bind\\(\\d+\\) failed.*\"):msg@>", + "msg_id" : "Ldap:bind_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"connections_destroy: nothing to destroy.+\"):msg@> ", + "msg_id" : "Ldap:connections_destroy", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*bind: invalid dn.+\"):msg@>", + "msg_id" : "Ldap:bind_invalid_dn", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*OpenLDAP: slapd .+\"):msg@>", + "msg_id" : "Ldap:openldap_slapd_version", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ do_extended: unsupported operation .+\"):msg@>", + "msg_id" : "Ldap:unsupported_operation", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"<= root access granted\"):msg@>", + "msg_id" : "Ldap:root_access_granted", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"=> access_allowed:.+\"):msg@>", + "msg_id" : "Ldap:access_allowed", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"<= bdb_\\w+_candidates:.+\"):msg@>", + "msg_id" : "Ldap:bdb_candidates", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"daemon: activity on \\d+ descriptor.*\"):msg@>", + "msg_id" : "Ldap:daemon_activity_on_descriptor", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]:", + "msg_id" : "Ldap:empty_line", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"slapd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"daemon: epoll: .+\"):msg@>", + "msg_id" : "Ldap:daemon_epoll", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + } + ], + "website" : "http://www.openldap.org", + "version" : "201304040007", + "name" : "Ldap", + "description" : "Ldap Service" +} diff --git a/conf/logmanagement/services/Linux_Debian_System.json b/conf/logmanagement/services/Linux_Debian_System.json new file mode 100644 index 0000000..44f3be9 --- /dev/null +++ b/conf/logmanagement/services/Linux_Debian_System.json @@ -0,0 +1,121 @@ +{ + "icon" : "operating_systems/os_linux_debian", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/etc/mysql/debian-start\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"warning : 1 client is using or hasn't closed the table properly\"):msg@>", + "msg_id" : "Linux_Debian_System:mysql_closed_table_properly", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/etc/mysql/debian-start\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Improperly closed tables are also reported if clients are accessing\"):msg@>", + "msg_id" : "Linux_Debian_System:mysql_closed_table_properly2", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/etc/mysql/debian-start\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"the tables \\*now\\*. A list of current connections is below.\"):msg@>", + "msg_id" : "Linux_Debian_System:mysql_closed_table_properly3", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/etc/mysql/debian-start\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\+-+\\+-+.+\"):msg@>", + "msg_id" : "Linux_Debian_System:mysql_row", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/etc/mysql/debian-start\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"| \\S+.+ | \\S+.+\"):msg@>", + "msg_id" : "Linux_Debian_System:mysql_row2", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/etc/mysql/debian-start\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"/usr/bin/mysqlcheck: Got error: 2002: Can't connect to local MySQL server through socket .+\"):msg@>", + "msg_id" : "Linux_Debian_System:mysql_cant_connect_socket", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/etc/mysql/debian-start\"):daemon@>[<@PID:pid@>]: ", + "msg_id" : "Linux_Debian_System:mysql_empty", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/etc/mysql/debian-start\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Uptime: .+\"):msg@>", + "msg_id" : "Linux_Debian_System:mysql_uptime", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/etc/mysql/debian-start\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\S+\\.\\S+\"):msg@>", + "msg_id" : "Linux_Debian_System:mysql_table", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/etc/mysql/debian-start\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"error .+ Table upgrade required.+\"):msg@>", + "msg_id" : "Linux_Debian_System:mysql_table_upgrade_required", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/etc/mysql/debian-start\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\S+\\s+OK\"):msg@>", + "msg_id" : "Linux_Debian_System:mysql_table_ok", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/etc/mysql/debian-start\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Checking for crashed MySQL tables.\"):msg@>", + "msg_id" : "Linux_Debian_System:checking_crashed_mysql_tables", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/etc/mysql/debian-start\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Upgrading MySQL tables if necessary.\"):msg@>", + "msg_id" : "Linux_Debian_System:upgrading_mysql_if_necessary", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/etc/mysql/debian-start\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Looking for '.+' in: .+\"):msg@> ", + "msg_id" : "Linux_Debian_System:mysql_looking_for", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/etc/mysql/debian-start\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Checking for insecure root accounts.\"):msg@> ", + "msg_id" : "Linux_Debian_System:mysql_checking_insecure_accounts", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/etc/mysql/debian-start\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ERROR 2006 .+: MySQL server has gone away\"):msg@>", + "msg_id" : "Linux_Debian_System:mysql_server_gone_away", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://www.debian.org", + "version" : "200904140001", + "name" : "Linux_Debian_System", + "description" : "Linux Debian System Service" +} diff --git a/conf/logmanagement/services/Linux_Gnome_Desktop.json b/conf/logmanagement/services/Linux_Gnome_Desktop.json new file mode 100644 index 0000000..3861df8 --- /dev/null +++ b/conf/logmanagement/services/Linux_Gnome_Desktop.json @@ -0,0 +1,65 @@ +{ + "icon" : "linux_desktops/linux_desktop_gnome", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"gconfd\"):daemon@> <@STRING:msg@>", + "msg_id" : "Linux_Gnome_Desktop:gconfd_msg", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"gdm\"):daemon@>[<@PID:pid@>]: <@STRING:msg@> ", + "msg_id" : "Linux_Gnome_Desktop:gdm_msg", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"gdmgreeter\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"GdkPixbuf-CRITICAL:.+\"):msg@> ", + "msg_id" : "Linux_Gnome_Desktop:gdmgreeter_gdkpixbuf_critical", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"gdmgreeter\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"GLib-GObject-CRITICAL: .+\"):msg@> ", + "msg_id" : "Linux_Gnome_Desktop:gdmgreeter_glib_object_critical", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"gdmgreeter\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"GLib-GObject-WARNING: .+\"):msg@> ", + "msg_id" : "Linux_Gnome_Desktop:gdmgreeter_glib_object_warning", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"gdmgreeter\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Gtk-CRITICAL: .+\"):msg@> ", + "msg_id" : "Linux_Gnome_Desktop:gdmgreeter_gtk_critical", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"gnome-keyring-daemon\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"failed to shutdown HAL context.*\"):msg@> ", + "msg_id" : "Linux_Gnome_Desktop:failed_shutdown_hal_context", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"gdmchooser\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"GLib-GObject-WARNING: .+\"):msg@>", + "msg_id" : "Linux_Gnome_Desktop:gdmchooser_glib_object_warning", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + } + ], + "website" : "http://www.gnome.org/", + "version" : "200810130008", + "name" : "Linux_Gnome_Desktop", + "description" : "Linux Gnome Desktop Service" +} diff --git a/conf/logmanagement/services/Linux_Gnome_Desktop_FR.json b/conf/logmanagement/services/Linux_Gnome_Desktop_FR.json new file mode 100644 index 0000000..cd0b98c --- /dev/null +++ b/conf/logmanagement/services/Linux_Gnome_Desktop_FR.json @@ -0,0 +1,22 @@ +{ + "icon" : "linux_desktops/linux_desktop_gnome", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> (<@WORD:user@>-<@NUMBER:NULL@>): <@REGEXP(\"Adresse .+ résolue vers une source de configuration en lecture seule .+\"):msg@>", + "msg_id" : "Linux_Gnome_Desktop_FR:source_configuration_lecture_seule", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> (<@WORD:user@>-<@NUMBER:NULL@>): <@REGEXP(\"Adresse .+ résolue vers une source de configuration accessible en écriture .+\"):msg@>", + "msg_id" : "Linux_Gnome_Desktop_FR:source_configuration_ecriture", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + } + ], + "version" : "200805130001", + "name" : "Linux_Gnome_Desktop_FR", + "description" : "Linux Gnome Desktop Service (FR version)" +} diff --git a/conf/logmanagement/services/Linux_HA_Attr.json b/conf/logmanagement/services/Linux_HA_Attr.json new file mode 100644 index 0000000..8103cb6 --- /dev/null +++ b/conf/logmanagement/services/Linux_HA_Attr.json @@ -0,0 +1,72 @@ +{ + "icon" : "software/logo_linux_ha", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"attrd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: main: Starting mainloop...\"):msg@>", + "msg_id" : "Linux_HA_Attr:starting_mainloop", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"attrd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: register_with_ha: .+\"):msg@>", + "msg_id" : "Linux_HA_Attr:register_with_ha", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"attrd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: .+: Added signal handler for signal .+\"):msg@>", + "msg_id" : "Linux_HA_Attr:added_signal_handler", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"attrd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: attrd_local_callback: Sending full refresh\"):msg@>", + "msg_id" : "Linux_HA_Attr:sending_full_refresh", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"attrd\"):daemon@>: [<@PID:pid@>]:<@REGEXP(\"info: attrd_shutdown: Exiting\"):msg@>", + "msg_id" : "Linux_HA_Attr:shutdown_exiting", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"attrd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: main: Exiting...\"):msg@>", + "msg_id" : "Linux_HA_Attr:main_exiting", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"attrd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: attrd_cib_connection_destroy: Connection to the CIB terminated...\"):msg@>", + "msg_id" : "Linux_HA_Attr:connection_cib_terminated", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"attrd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"ERROR: .+\"):msg@>", + "msg_id" : "Linux_HA_Attr:error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"attrd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"CRIT: .+: Lost connection to .+\"):msg@>", + "msg_id" : "Linux_HA_Attr:critical_lost_connection", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + } + ], + "website" : "", + "version" : "200906020002", + "name" : "Linux_HA_Attr", + "description" : "Linux High Availability Attr" +} diff --git a/conf/logmanagement/services/Linux_HA_Crm.json b/conf/logmanagement/services/Linux_HA_Crm.json new file mode 100644 index 0000000..1cec192 --- /dev/null +++ b/conf/logmanagement/services/Linux_HA_Crm.json @@ -0,0 +1,58 @@ +{ + "icon" : "software/logo_linux_ha", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"crm_verify\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"WARN: \\S+: Resource \\S+ cannot run anywhere\"):msg@>", + "msg_id" : "Linux_HA_Crm:resource_cannot_run_anywhere", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"crm_\\S+\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: Invoked: .+\"):msg@>", + "msg_id" : "Linux_HA_Crm:invoked", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"crm_attribute\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"ERROR: crm_abort: read_attr: .+\"):msg@>", + "msg_id" : "Linux_HA_Crm:crm_attribute_read_error", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"crm_resource\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"debug: .+\"):msg@>", + "msg_id" : "Linux_HA_Crm:crm_resource_debug", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"crm_resource\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: determine_online_status: .+\"):msg@>", + "msg_id" : "Linux_HA_Crm:determine_online_status", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"crm_resource\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"WARN: .+\"):msg@>", + "msg_id" : "Linux_HA_Crm:crm_resource_warning", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"crm_resource\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"ERROR: .+: Remapping .+ on \\S+ to an ERROR\"):msg@>", + "msg_id" : "Linux_HA_Crm:crm_resource_remapping_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + } + ], + "website" : "", + "version" : "200905270001", + "name" : "Linux_HA_Crm", + "description" : "Linux High Availability Crm" +} diff --git a/conf/logmanagement/services/Linux_HA_Ipfail.json b/conf/logmanagement/services/Linux_HA_Ipfail.json new file mode 100644 index 0000000..9ddc68b --- /dev/null +++ b/conf/logmanagement/services/Linux_HA_Ipfail.json @@ -0,0 +1,30 @@ +{ + "icon" : "software/logo_linux_ha", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ipfail: \\[\\d+\\]: ERROR: No managed resources\"):msg@>", + "msg_id" : "Linux_HA_Ipfail:no_managed_resources", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ipfail: \\[\\d+\\]: debug: Signing in with heartbeat\"):msg@>", + "msg_id" : "Linux_HA_Ipfail:signing_in_with_heartbeat", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ipfail: \\[\\d+\\]: debug: PID=\\d+\"):msg@>", + "msg_id" : "Linux_HA_Ipfail:pid", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + } + ], + "website" : "", + "version" : "200808260004", + "name" : "Linux_HA_Ipfail", + "description" : "Linux High Availability Ipfail" +} diff --git a/conf/logmanagement/services/Linux_HA_Log.json b/conf/logmanagement/services/Linux_HA_Log.json new file mode 100644 index 0000000..e4b50b1 --- /dev/null +++ b/conf/logmanagement/services/Linux_HA_Log.json @@ -0,0 +1,93 @@ +{ + "icon" : "software/logo_linux_ha", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logd: \\[\\d+\\]: WARN: Consider setting .+ for maximum supportability\"):msg@>", + "msg_id" : "Linux_HA_Log:consider_setting_maximum_supportability", + "table" : "Message", + "taxonomy" : "Config", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logd: \\[\\d+\\]: info: G_main_add_SignalHandler: Added signal handler for signal .+\"):msg@>", + "msg_id" : "Linux_HA_Log:added_signal_handler", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logd: \\[\\d+\\]: WARN: Core dumps could be lost if multiple dumps occur.\"):msg@>", + "msg_id" : "Linux_HA_Log:dumps_could_be_lost", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logd: \\[\\d+\\]: info: logd started with default configuration.\"):msg@>", + "msg_id" : "Linux_HA_Log:started_with_default_configuration", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logd: \\[\\d+\\]: debug: Stopping ha_logd with pid \\d+\"):msg@>", + "msg_id" : "Linux_HA_Log:stopping_halogd_with_pid", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logd: \\[\\d+\\]: debug: logd_term_action: .+\"):msg@>", + "msg_id" : "Linux_HA_Log:logd_term_action", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logd\"):daemon@>: <@REGEXP(\"\\[\\d+\\]: info: Waiting for pid=\\d+ to exit\"):msg@>", + "msg_id" : "Linux_HA_Log:waiting_for_pid", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logd\"):daemon@>: <@REGEXP(\"\\[\\d+\\]: info: Exiting write process\"):msg@>", + "msg_id" : "Linux_HA_Log:exiting_write_process", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: logd_term_write_action: received SIGTERM\"):msg@>", + "msg_id" : "Linux_HA_Log:received_sigterm", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"debug: Writing out \\d+ messages then quitting\"):msg@>", + "msg_id" : "Linux_HA_Log:writing_out_messages_quitting", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"info: Pid \\d+ exited\"):msg@>", + "msg_id" : "Linux_HA_Log:pid_exited", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"WARN: \\S+: working on IPC channel took \\d+ ms.*\"):msg@>", + "msg_id" : "Linux_HA_Log:working_on_ipc_channel", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "", + "version" : "200906230001", + "name" : "Linux_HA_Log", + "description" : "Linux High Availability Log" +} diff --git a/conf/logmanagement/services/Linux_HA_Stonith.json b/conf/logmanagement/services/Linux_HA_Stonith.json new file mode 100644 index 0000000..5a243b8 --- /dev/null +++ b/conf/logmanagement/services/Linux_HA_Stonith.json @@ -0,0 +1,51 @@ +{ + "icon" : "software/logo_linux_ha", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stonithd: \\[\\d+\\]: WARN: Consider setting .+ for maximum supportability\"):msg@>", + "msg_id" : "Linux_HA_Stonith:consider_setting_maximum_supportability", + "table" : "Message", + "taxonomy" : "Config", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stonithd: \\[\\d+\\]: info: G_main_add_SignalHandler: Added signal handler for signal .+\"):msg@>", + "msg_id" : "Linux_HA_Stonith:added_signal_handler", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stonithd: \\[\\d+\\]: info: Signing in with heartbeat.\"):msg@>", + "msg_id" : "Linux_HA_Stonith:signing_in_with_heartbeat", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stonithd: \\[\\d+\\]: notice: .+ start up successfully.\"):msg@>", + "msg_id" : "Linux_HA_Stonith:start_up_successfully", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stonithd: \\[\\d+\\]: WARN: Core dumps could be lost if multiple dumps occur.\"):msg@>", + "msg_id" : "Linux_HA_Stonith:dumps_could_be_lost", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stonithd\"):daemon@>: [<@PID:pid@>]: <@REGEXP(\"notice: .+stonithd normally quit.\"):msg@>", + "msg_id" : "Linux_HA_Stonith:normally_quit", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + } + ], + "website" : "", + "version" : "200904140001", + "name" : "Linux_HA_Stonith", + "description" : "Linux High Availability Stonith" +} diff --git a/conf/logmanagement/services/Linux_Kernel.json b/conf/logmanagement/services/Linux_Kernel.json new file mode 100644 index 0000000..fcb7db0 --- /dev/null +++ b/conf/logmanagement/services/Linux_Kernel.json @@ -0,0 +1,1710 @@ +{ + "icon" : "operating_systems/os_linux_generic", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"OEM ID: .+ Product ID: .+\"):msg@>", + "msg_id" : "Linux_Kernel:oem_id", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"per-CPU timeslice cutoff: .+ usecs.\"):msg@>", + "msg_id" : "Linux_Kernel:percpu_timeslice_cutoff", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"\\d+MB \\S+MEM available.\"):msg@>", + "msg_id" : "Linux_Kernel:mem_available", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"ESR value \\S+ enabling vector: .+\"):msg@>", + "msg_id" : "Linux_Kernel:esr_enabling_vector", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Booting processor .+\"):msg@>", + "msg_id" : "Linux_Kernel:booting_processor", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"\\S+ed ExtINT on CPU#\\d+\"):msg@> ", + "msg_id" : "Linux_Kernel:extint_on_cpu", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"ENABLING IO-APIC IRQs\"):msg@>", + "msg_id" : "Linux_Kernel:enabling_ioapic_irqs", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Detected .+ MHz processor.\"):msg@>", + "msg_id" : "Linux_Kernel:detected_mhz_processor", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Enabling fast FPU save and restore.+\"):msg@> ", + "msg_id" : "Linux_Kernel:enabling_fast_fpu", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Total of \\d+ processors activated \\(.+ BogoMIPS\\).\"):msg@>", + "msg_id" : "Linux_Kernel:total_processors_activated", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"number of MP IRQ sources: \\d+.\"):msg@>", + "msg_id" : "Linux_Kernel:number_mp_irq_sources", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"LAPIC \\(.+\\)\"):msg@>", + "msg_id" : "Linux_Kernel:lapic", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"init IO_APIC IRQs\"):msg@>", + "msg_id" : "Linux_Kernel:init_ioapic_irqs", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Enabling unmasked SIMD FPU exception support.+\"):msg@>", + "msg_id" : "Linux_Kernel:enabling_simd_fpu_exception", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"number of IO-APIC #\\d+ registers: \\d+.\"):msg@> ", + "msg_id" : "Linux_Kernel:number_ioapic_registers", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".... register #\\d+: \\S+\"):msg@>", + "msg_id" : "Linux_Kernel:register", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"POSIX conformance testing by UNIFIX\"):msg@>", + "msg_id" : "Linux_Kernel:posix_conformance_testing", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"IO-APIC \\(apicid-pin\\) .+ not connected.\"):msg@> ", + "msg_id" : "Linux_Kernel:ioapic_not_connected", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Local APIC address \\S+\"):msg@>", + "msg_id" : "Linux_Kernel:local_apic_address", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Kernel command line: .+\"):msg@>", + "msg_id" : "Linux_Kernel:kernel_command_line", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*martian source \\S+ from .+\"):msg@>", + "msg_id" : "Linux_Kernel:martian_source", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Intel machine check .+\"):msg@> ", + "msg_id" : "Linux_Kernel:intel_machine_check", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"found SMP MP-table at \\S+\"):msg@>", + "msg_id" : "Linux_Kernel:found_smp_mptable", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"NET: \\d+ messages suppressed.\"):msg@> ", + "msg_id" : "Linux_Kernel:net_messages_suppressed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"sending pkt_too_big .+ to self\"):msg@> ", + "msg_id" : "Linux_Kernel:pkt_too_big", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"UDP: short packet: .+ to .+\"):msg@>", + "msg_id" : "Linux_Kernel:udp_short_packet", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"cpu \\d+ \\S+: low \\d+, high \\d+, batch \\d+\"):msg@>", + "msg_id" : "Linux_Kernel:cpu_stats", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Free pages: .+\"):msg@>", + "msg_id" : "Linux_Kernel:free_pages", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Out of Memory: Killed process .+\"):msg@>", + "msg_id" : "Linux_Kernel:out_of_memory", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"\\S+ free:\\d+kB min:\\d+kB low:\\d+kB high:\\d+kB .+\"):msg@>", + "msg_id" : "Linux_Kernel:mem_stats", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"\\S+ per-cpu:\"):msg@>", + "msg_id" : "Linux_Kernel:per_cpu", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"protections\\[\\]: .+\"):msg@>", + "msg_id" : "Linux_Kernel:protections", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"\\S+: \\d+\\*\\d+kB \\d+\\*\\d+kB.+ = \\d+kB\"):msg@>", + "msg_id" : "Linux_Kernel:not_interesting3", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Swap cache: add \\d+, delete \\d+, find .+\"):msg@>", + "msg_id" : "Linux_Kernel:swap_cache_info", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Active:\\d+ inactive:\\d+ dirty:.+\"):msg@>", + "msg_id" : "Linux_Kernel:active_inactive_dirty", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"oom-killer: .+\"):msg@>", + "msg_id" : "Linux_Kernel:oom_killer", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"__va_range\\(.+\\): idx=\\d+ mapped at \\S+\"):msg@>", + "msg_id" : "Linux_Kernel:va_range", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"ACPI table found: .+\"):msg@>", + "msg_id" : "Linux_Kernel:acpi_table_found", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*ll header: \\S+\"):msg@>", + "msg_id" : "Linux_Kernel:header", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"BIOS-provided physical RAM map:\"):msg@>", + "msg_id" : "Linux_Kernel:bios_provided_physical_ram", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel:<@REGEXP(\".*BIOS-e820:.+\"):msg@>", + "msg_id" : "Linux_Kernel:bios_e820", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"hm, page .+ reserved twice.\"):msg@>", + "msg_id" : "Linux_Kernel:page_reserved_twice", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"I/O APIC .+ at \\S+\"):msg@>", + "msg_id" : "Linux_Kernel:io_apic_at", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ hash table entries: \\d+ .+\"):msg@>", + "msg_id" : "Linux_Kernel:hash_table_entries", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*device \\S+ \\S+ promiscuous mode\"):msg@>", + "msg_id" : "Linux_Kernel:promiscuous_mode", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"icmp v4 hw csum failure\"):msg@> ", + "msg_id" : "Linux_Kernel:icmp_csum_failure", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"klogd \\S+, log source = .+ started.\"):msg@>", + "msg_id" : "Linux_Kernel:klogd_started", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"printk: \\d+ messages suppressed.\"):msg@> ", + "msg_id" : "Linux_Kernel:printk_messages_suppressed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"NET: Registered protocol family \\d+\"):msg@> ", + "msg_id" : "Linux_Kernel:registered_protocol_family", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"ide-floppy driver \\S+\"):msg@>", + "msg_id" : "Linux_Kernel:floppy_driver", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Uniform CD-ROM driver.+\"):msg@> ", + "msg_id" : "Linux_Kernel:cdrom_driver", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Loaded \\d+ symbols from .+\"):msg@>", + "msg_id" : "Linux_Kernel:loaded_symbols", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Intel MultiProcessor Specification \\S+\"):msg@>", + "msg_id" : "Linux_Kernel:intel_multiproc_spec", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"dd: \\S+ records \\S+\"):msg@> ", + "msg_id" : "Linux_Kernel:dd_records", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sysctl: \\S+ = \\S+\"):msg@>", + "msg_id" : "Linux_Kernel:sysctl", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rc.sysinit: .+\"):msg@>", + "msg_id" : "Linux_Kernel:rc_sysinit", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"random: .+\"):msg@>", + "msg_id" : "Linux_Kernel:random", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"keytable: .+\"):msg@>", + "msg_id" : "Linux_Kernel:keytable", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"init: Switching to runlevel: \\d+\"):msg@> ", + "msg_id" : "Linux_Kernel:switching_runlevel", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"init: Entering runlevel: \\d+\"):msg@> ", + "msg_id" : "Linux_Kernel:entering_runlevel", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"hpasm: .+\"):msg@>", + "msg_id" : "Linux_Kernel:hpasm", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rc: Starting \\S+: succeeded\"):msg@>", + "msg_id" : "Linux_Kernel:rc_starting_succeeded", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rc: Starting \\S+: failed\"):msg@> ", + "msg_id" : "Linux_Kernel:rc_starting_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sysstat:.*\"):msg@>", + "msg_id" : "Linux_Kernel:sysstat", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"IOAPIC .+\"):msg@>", + "msg_id" : "Linux_Kernel:ioapic", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"LAPIC_NMI .+\"):msg@>", + "msg_id" : "Linux_Kernel:lapic_nmi", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*IO-APIC .+\"):msg@>", + "msg_id" : "Linux_Kernel:io_apic", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"\\d+ CPUs total\"):msg@> ", + "msg_id" : "Linux_Kernel:cpus_total", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Scanning bios .+\"):msg@> ", + "msg_id" : "Linux_Kernel:scanning_bios", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*Calibrating delay .+\"):msg@>", + "msg_id" : "Linux_Kernel:calibrating_delay", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"CPU .+ enabledProcessor .+\"):msg@>", + "msg_id" : "Linux_Kernel:cpu_enabledprocessor", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"RSD PTR.+\"):msg@>", + "msg_id" : "Linux_Kernel:rsd_ptr", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"On node \\d+ totalpages: \\d+\"):msg@>", + "msg_id" : "Linux_Kernel:node_totalpages", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"\\.\\.\\.\\.\\.\\.\\. : .+\"):msg@>", + "msg_id" : "Linux_Kernel:not_interesting1", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*\\S\\S \\S\\S\\S \\S\\S\\s+\\d\\s+\\d\\s+\\d\\s+\\d\\s+\\d\\s+\\d\\s+\\d\\s+\\S\\S\"):msg@>", + "msg_id" : "Linux_Kernel:not_interesting2", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*NR Log Phy Mask Trig IRR Pol Stat Dest Deli Vect:\"):msg@>", + "msg_id" : "Linux_Kernel:not_interesting4", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+CPU clock speed is \\S+ MHz.\"):msg@>", + "msg_id" : "Linux_Kernel:cpu_clock_speed", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+host bus clock speed is \\S+ MHz.\"):msg@> ", + "msg_id" : "Linux_Kernel:bus_clock_spped", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"PCI BIOS .+\"):msg@>", + "msg_id" : "Linux_Kernel:pci_bios_msg", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ APIC timer .+\"):msg@>", + "msg_id" : "Linux_Kernel:apic_timer", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Inspecting \\S+\"):msg@> ", + "msg_id" : "Linux_Kernel:inspecting_boot_map", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Enabling the CPU's according to the ACPI table\"):msg@> ", + "msg_id" : "Linux_Kernel:enabling_cpu_acpi", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*Virtual Wire compatibility mode.\"):msg@> ", + "msg_id" : "Linux_Kernel:virtual_wire_compatibility", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Serial driver version.+\"):msg@>", + "msg_id" : "Linux_Kernel:serial_driver_version", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Initializing RT netlink socket\"):msg@> ", + "msg_id" : "Linux_Kernel:initializing_rt_netlink", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Real Time Clock Driver.+\"):msg@>", + "msg_id" : "Linux_Kernel:rtclock_driver", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"RAMDISK driver initialized:.+\"):msg@> ", + "msg_id" : "Linux_Kernel:ramdisk_driver_initialized", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"allocated \\d+ pages and \\d+ bhs reserved for the highmem bounces\"):msg@>", + "msg_id" : "Linux_Kernel:allocated_highmem_bounces", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Uniform Multi-Platform E-IDE driver Revision: \\S+\"):msg@>", + "msg_id" : "Linux_Kernel:e_ide_driver", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"ServerWorks CSB5: .+\"):msg@>", + "msg_id" : "Linux_Kernel:serverworks_csb5", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"tty\\S+ at 0x\\S+ .+\"):msg@>", + "msg_id" : "Linux_Kernel:tty_at", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"ide\\d+ at 0x\\S+ .+\"):msg@>", + "msg_id" : "Linux_Kernel:ide_at", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"bigpage subsystem: .+\"):msg@>", + "msg_id" : "Linux_Kernel:bigpage_subsystem", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"IP Protocols: .+\"):msg@>", + "msg_id" : "Linux_Kernel:ip_protocols", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Linux IP multicast router .+\"):msg@>", + "msg_id" : "Linux_Kernel:linux_ip_multicast", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Symbols match kernel version .+\"):msg@>", + "msg_id" : "Linux_Kernel:symbols_match_kernel", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"SCSI subsystem driver Revision:.+\"):msg@> ", + "msg_id" : "Linux_Kernel:scsi_driver", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"exiting on signal \\d+\"):msg@> ", + "msg_id" : "Linux_Kernel:exiting_on_signal", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*heads= \\d+, sectors= \\d+, cylinders= \\d+.+\"):msg@>", + "msg_id" : "Linux_Kernel:heads_sectors_cylinders", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*blocks= \\d+ block_size= \\d+\"):msg@> ", + "msg_id" : "Linux_Kernel:blocks_block_size", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"INT_SRC_OVR .+\"):msg@>", + "msg_id" : "Linux_Kernel:int_src_ovr", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Journalled Block Device driver loaded\"):msg@> ", + "msg_id" : "Linux_Kernel:journalled_block_device", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Initializing CPU#\\d+\"):msg@> ", + "msg_id" : "Linux_Kernel:initializing_cpu", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"insmod: Module \\S+ loaded, with warnings\"):msg@> ", + "msg_id" : "Linux_Kernel:insmod_loaded_warnings", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"insmod:.+See \\S+ for information about tainted modules\"):msg@>", + "msg_id" : "Linux_Kernel:insmod_tainted_modules", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Enabling APIC mode: .+\"):msg@>", + "msg_id" : "Linux_Kernel:enabling_apic_mode", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"IRQ \\d+, Control Regs at \\S+\"):msg@>", + "msg_id" : "Linux_Kernel:irq_control_regs", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Rainbow Technologies CryptoSwift Linux Driver \\S+\"):msg@>", + "msg_id" : "Linux_Kernel:rainbow_crypto_driver", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Kernel logging \\(proc\\) stopped.\"):msg@> ", + "msg_id" : "Linux_Kernel:logging_stopped", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Kernel log daemon terminating.\"):msg@> ", + "msg_id" : "Linux_Kernel:log_daemon_terminating", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:NULL@> kernel: ", + "msg_id" : "Linux_Kernel:empty_line", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"TCP: drop open request from \\S+/\\d+\"):msg@> ", + "msg_id" : "Linux_Kernel:tcp_drop_open_request", + "table" : "Message", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"TCP: Treason uncloaked! Peer \\S+ shrinks window \\S+ Repaired.\"):msg@> ", + "msg_id" : "Linux_Kernel:tcp_treason_uncloaked", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"FIFO write timed out\"):msg@> ", + "msg_id" : "Linux_Kernel:fifo_write_timed_out", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"parport\\d+: FIFO is stuck\"):msg@>", + "msg_id" : "Linux_Kernel:parport_fifo_stuck", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"parport\\d+: BUSY timeout.+\"):msg@>", + "msg_id" : "Linux_Kernel:parport_busy_timeout", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"ENOMEM in journal_alloc_journal_head, retrying.\"):msg@>", + "msg_id" : "Linux_Kernel:enomem_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*__ratelimit: \\d+ messages suppressed\"):msg@>", + "msg_id" : "Linux_Kernel:ratelimit_messages_suppressed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:NULL@> kernel: <@REGEXP(\"\\[<\\S+>\\]\"):NULL@> <@STRING:NULL@>", + "msg_id" : "Linux_Kernel:UNKNOWN", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+: page allocation failure.+\"):msg@>", + "msg_id" : "Linux_Kernel:page_allocation_failure", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"atkbd.c: .+\"):msg@>", + "msg_id" : "Linux_Kernel:keyboard_msg", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"smb_lookup: find .+ failed, error=.+\"):msg@>", + "msg_id" : "Linux_Kernel:smb_lookup_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"zone\\(\\d+\\): \\d+ pages.\"):msg@> ", + "msg_id" : "Linux_Kernel:zone_pages", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"IRQ\\d+ -> .+\"):msg@>", + "msg_id" : "Linux_Kernel:irq", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"ISO 9660 Extensions:.+\"):msg@>", + "msg_id" : "Linux_Kernel:iso_9660_extensions", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"smb_add_request: request .+ timed out!\"):msg@>", + "msg_id" : "Linux_Kernel:smb_request_timed_out", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"SMB connection re-established.+\"):msg@>", + "msg_id" : "Linux_Kernel:smb_connection_reestablished", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"modprobe: modprobe: Can't locate module \\S+\"):msg@> ", + "msg_id" : "Linux_Kernel:modprobe_cant_locate_module", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"smb_proc_readdir_long: .+ breaking\"):msg@> ", + "msg_id" : "Linux_Kernel:smbproc_readdir_breaking", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Clock: inserting leap second .+\"):msg@>", + "msg_id" : "Linux_Kernel:clock_inserting_leap_second", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"CPU\\d+<.+>\"):msg@> ", + "msg_id" : "Linux_Kernel:cpu", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"cpu_sibling_map\\[\\d+\\].+\"):msg@> ", + "msg_id" : "Linux_Kernel:cpu_sibling_map", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+: eth\\d+: transmit timed out\"):msg@> ", + "msg_id" : "Linux_Kernel:interface_transmit_timed_out", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"SCSI disk error : .+\"):msg@>", + "msg_id" : "Linux_Kernel:scsi_disk_error", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*ACPI: .+\"):msg@>", + "msg_id" : "Linux_Kernel:acpi_info", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"CPU\\d*: .+\"):msg@>", + "msg_id" : "Linux_Kernel:cpu_info", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"IOAPIC\\[\\d+\\]: .+\"):msg@>", + "msg_id" : "Linux_Kernel:ioapic_info", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"\\w+ window: \\S{8}-\\S{8}\"):msg@>", + "msg_id" : "Linux_Kernel:window_address", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"\\s+I/O error: .+\"):msg@>", + "msg_id" : "Linux_Kernel:io_error", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"md: .+\"):msg@>", + "msg_id" : "Linux_Kernel:md_messages", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+NIC .*Link is Up.*\"):msg@>", + "msg_id" : "Linux_Kernel:nic_link_is_up", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+NIC .*Link is Down.*\"):msg@>", + "msg_id" : "Linux_Kernel:nic_link_is_down", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"icmpv6_send: addr_any/mcast source\"):msg@> ", + "msg_id" : "Linux_Kernel:icmpv6_send", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"FAT: Directory bread.+ failed\"):msg@> ", + "msg_id" : "Linux_Kernel:fat_directory_bread_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ rejecting I/O to dead device\"):msg@> ", + "msg_id" : "Linux_Kernel:rejecting_io_dead_device", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*kjournald starting.*\"):msg@>", + "msg_id" : "Linux_Kernel:kjournald_starting", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"VM: killing process .+\"):msg@>", + "msg_id" : "Linux_Kernel:vm_killing_process", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"No module symbols loaded - kernel modules not enabled.\"):msg@> ", + "msg_id" : "Linux_Kernel:no_module_symbols_loaded", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ default_wake_function.+\"):msg@>", + "msg_id" : "Linux_Kernel:default_wake_function", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ syscall_call.+\"):msg@>", + "msg_id" : "Linux_Kernel:syscall_call", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ \\w+_futex.+\"):msg@>", + "msg_id" : "Linux_Kernel:futex", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ wake_up_process.+\"):msg@>", + "msg_id" : "Linux_Kernel:wake_up_process", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ futex_wait.+\"):msg@>", + "msg_id" : "Linux_Kernel:futex_wait", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ warning: maximal mount count reached, running e2fsck is recommended\"):msg@> ", + "msg_id" : "Linux_Kernel:maximal_mount_count", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+: Link is up at .+\"):msg@>", + "msg_id" : "Linux_Kernel:link_is_up", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Buffer I/O error on device .+\"):msg@>", + "msg_id" : "Linux_Kernel:buffer_io_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ allocation failed .+\"):msg@>", + "msg_id" : "Linux_Kernel:allocation_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"\\w+ window: disabled.\"):msg@>", + "msg_id" : "Linux_Kernel:window_disabled", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ Attached scsi generic .+ type .+\"):msg@>", + "msg_id" : "Linux_Kernel:attached_scsi_generic", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"pnp: the driver '.+' has been registered\"):msg@>", + "msg_id" : "Linux_Kernel:pnp_driver_been_registered", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"portmap: server .+ not responding.+\"):msg@>", + "msg_id" : "Linux_Kernel:portmap_server_not_responding", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"kernel: RPC: failed to contact portmap .+\"):msg@>", + "msg_id" : "Linux_Kernel:rpc_failed_contact_portmap", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ zone: \\d+ pages.+\"):msg@>", + "msg_id" : "Linux_Kernel:zone_pages2", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"pnp: .+ ioport range \\S+ could not be reserved\"):msg@>", + "msg_id" : "Linux_Kernel:pnp_ioport_not_reserved", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"pnp: .+ ioport range \\S+ has been reserved\"):msg@>", + "msg_id" : "Linux_Kernel:pnp_ioport_been_reserved", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"PCI: .+\"):msg@>", + "msg_id" : "Linux_Kernel:pci_boot_info", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"SCSI device \\S+: .+ hdwr sectors.*\"):msg@>", + "msg_id" : "Linux_Kernel:scsi_device_hdwr_sectors", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"process .+ is using obsolete setsockopt SO_BSDCOMPAT\"):msg@> ", + "msg_id" : "Linux_Kernel:using_obsolete_setsockopt", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"ip_conntrack: table full, dropping packet.\"):msg@> ", + "msg_id" : "Linux_Kernel:ip_conntrack_table_full", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Processor #\\d+.*APIC version .+\"):msg@>", + "msg_id" : "Linux_Kernel:processor_apic_version", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Vendor: .+ Model: .+\"):msg@>", + "msg_id" : "Linux_Kernel:vendor_model", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"BUG: unable to handle kernel NULL pointer dereference at virtual address .+\"):msg@>", + "msg_id" : "Linux_Kernel:bug_null_pointer_dereference", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Bad page state in process '.+'\"):msg@> ", + "msg_id" : "Linux_Kernel:bad_page_state_process", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:NULL@> kernel: <@REGEXP(\"sys_write\\+.+\"):NULL@>", + "msg_id" : "Linux_Kernel:debug_sys_write", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:NULL@> kernel: <@REGEXP(\"sysenter_past_esp\\+.+\"):NULL@>", + "msg_id" : "Linux_Kernel:debug_sysenter_past_esp", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:NULL@> kernel: <@REGEXP(\"__alloc_pages\\+.+\"):NULL@>", + "msg_id" : "Linux_Kernel:debug_alloc_pages", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"file_update_time\\+.+\"):NULL@>", + "msg_id" : "Linux_Kernel:debug_file_update_time", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Trying to fix it up, but a reboot is needed\"):msg@> ", + "msg_id" : "Linux_Kernel:trying_fix_reboot_needed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"SMP alternatives: switching to \\w+ code\"):msg@> ", + "msg_id" : "Linux_Kernel:smp_alternatives_switching_code", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"io scheduler \\w+ registered.*\"):msg@>", + "msg_id" : "Linux_Kernel:io_scheduler_registered", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"page:\\S+ flags:\\S+ mapping:\\S+ mapcount:\\d+ count:\\d+\"):msg@> ", + "msg_id" : "Linux_Kernel:page_flags_mapping", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:NULL@> kernel: <@REGEXP(\"Backtrace:\"):NULL@> ", + "msg_id" : "Linux_Kernel:backtrace", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"error_code\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:error_code", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"bad_page\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:bad_page", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"get_page_from_freelist\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:get_page_from_freelist", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"vma_adjust\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:vma_adjust", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"vma_merge\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:vma_merge", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"__handle_mm_fault\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:handle_mm_fault", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"do_sync_read\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:do_sync_read", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"autoremove_wake_function\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:autoremove_wake_function", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"copy_process\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:copy_process", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"do_page_fault\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:do_page_fault", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"do_mmap_pgoff\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:do_mmap_pgoff", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"__activate_task\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:activate_task", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"sys_gettimeofday\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:sys_gettimeofday", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"__pagevec_lru_add_active\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:pagevec_lru_add_active", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"split_vma\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:split_vma", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"do_wp_page\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:do_wp_page", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"cache_alloc_refill\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:cache_alloc_refill", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"dnotify_parent\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:dnotify_parent", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"wake_up_new_task\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:wake_up_new_task", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"sys_open\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:sys_open", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"open_namei\\+.*\"):msg@>", + "msg_id" : "Linux_Kernel:open_namei", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"BUG: soft lockup detected on .+\"):msg@> ", + "msg_id" : "Linux_Kernel:bug_soft_lockup_detected", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"\\w+: received packet with own address as source address\"):msg@> ", + "msg_id" : "Linux_Kernel:own_address_source_address", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*\\w+: no IPv6 routers present\"):msg@>", + "msg_id" : "Linux_Kernel:no_ipv6_routers_present", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"TCP \\w+ registered\"):msg@>", + "msg_id" : "Linux_Kernel:tcp_module_registered", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ Found MSI capability\"):msg@>", + "msg_id" : "Linux_Kernel:found_msi_capability", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Allocating PCI resources starting at .+\"):msg@>", + "msg_id" : "Linux_Kernel:allocating_pci_resources", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Brought up \\d+ CPUs\"):msg@> ", + "msg_id" : "Linux_Kernel:brought_up_cpus", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"GSI \\d+ sharing vector .+ and IRQ .+\"):msg@>", + "msg_id" : "Linux_Kernel:gsi_sharing_vector", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ Link is .own.+\"):msg@>", + "msg_id" : "Linux_Kernel:network_link_down", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Allocate Port Service.+\"):msg@>", + "msg_id" : "Linux_Kernel:allocate_port_service", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"pnp: match found with the PnP device '.+' and the driver '.+'\"):msg@>", + "msg_id" : "Linux_Kernel:pnp_match_found", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"pnp: ACPI device : .+\"):msg@>", + "msg_id" : "Linux_Kernel:pnp_acpi_device", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"CPU \\d+: Syncing TSC to CPU \\d+.*\"):msg@>", + "msg_id" : "Linux_Kernel:syncing_tsc_to_cpu", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"CPU \\d+: synchronized TSC with CPU \\d+ .*\"):msg@>", + "msg_id" : "Linux_Kernel:synchronized_tsc_with_cpu", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+:.+: Flow control .+\"):msg@>", + "msg_id" : "Linux_Kernel:Network_Link_up", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*Linux version .+\"):msg@>", + "msg_id" : "Linux_Kernel:linux_version", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*mapped \\w*APIC to .+\"):msg@>", + "msg_id" : "Linux_Kernel:mapped_apic", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"ACPI.*: Dynamic SSDT Load - .+\"):msg@>", + "msg_id" : "Linux_Kernel:acpi_dynamic_ssdt_load", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Cannot allocate resource for EISA slot \\d+\"):msg@>", + "msg_id" : "Linux_Kernel:cannot_allocate_resource_eisa", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"AMD8111: .+\"):msg@>", + "msg_id" : "Linux_Kernel:amd8111_info", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"EISA: .+\"):msg@>", + "msg_id" : "Linux_Kernel:eisa_info", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*Entering add_active_range.+\"):msg@>", + "msg_id" : "Linux_Kernel:entering_add_active_range", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*PM: Registered nosave memory:.+\"):msg@>", + "msg_id" : "Linux_Kernel:pm_registered_nosave_memory", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*early res: \\d+ .+\"):msg@>", + "msg_id" : "Linux_Kernel:early_res", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*ioctl32\\(\\S+\\): Unknown cmd .+\"):msg@>", + "msg_id" : "Linux_Kernel:ioctl32_unknown_cmd", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*ethtool operation .+ not supported\"):msg@>", + "msg_id" : "Linux_Kernel:ethtool_operation_not_supported", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"hd\\S+: drive_cmd: status=.+ \\{ DriveReady SeekComplete Error \\}\"):msg@>", + "msg_id" : "Linux_Kernel:driveready_seekcomplete_error", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"hd\\S+: drive_cmd: error=.+ \\{ AbortedCommand \\}\"):msg@>", + "msg_id" : "Linux_Kernel:drive_cmd_aborted_command", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"ide: failed opcode was: .+\"):msg@>", + "msg_id" : "Linux_Kernel:ide_failed_opcode", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"host .+ ignores redirects for .+ to .+\"):msg@>", + "msg_id" : "Linux_Kernel:host_ignores_redirects_for", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*CE: hpet increasing min_delta_ns to .+\"):msg@>", + "msg_id" : "Linux_Kernel:hpet_increasing", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*TCP: too many of orphaned sockets.*\"):msg@>", + "msg_id" : "Linux_Kernel:too_many_orphaned_sockets", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*BUG: soft lockup - CPU.+ stuck for .+\"):msg@>", + "msg_id" : "Linux_Kernel:bug_soft_lockup", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"setitimer: .+ provided invalid timeval it_value: .+\"):msg@>", + "msg_id" : "Linux_Kernel:setitimer_provided_invalid_timeval", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*process .+ is using deprecated sysctl .+\"):msg@>", + "msg_id" : "Linux_Kernel:process_using_deprecated_sysctl", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*Orphaned socket dropped.+\"):msg@>", + "msg_id" : "Linux_Kernel:orphaned_socket_dropped", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*ACPI handle has no context!\"):msg@>", + "msg_id" : "Linux_Kernel:acpi_handle_no_context", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*TCP: time wait bucket table overflow.*\"):msg@>", + "msg_id" : "Linux_Kernel:tcp_bucket_table_overflow", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*possible SYN flooding on port .+\"):msg@>", + "msg_id" : "Linux_Kernel:possible_syn_flooding", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"RPC: Registered .+ transport module.\"):msg@>", + "msg_id" : "Linux_Kernel:registered_transport_module", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + } + ], + "website" : "http://www.kernel.org/", + "version" : "201002120016", + "name" : "Linux_Kernel", + "description" : "Linux Kernel Service" +} diff --git a/conf/logmanagement/services/Linux_Kernel_Audit.json b/conf/logmanagement/services/Linux_Kernel_Audit.json new file mode 100644 index 0000000..88634d8 --- /dev/null +++ b/conf/logmanagement/services/Linux_Kernel_Audit.json @@ -0,0 +1,51 @@ +{ + "icon" : "operating_systems/os_linux_generic", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@STRING:NULL@>type=<@NUMBER:type@> audit(<@WORD:NULL@>): arch=<@NUMBER:NULL@> syscall=<@NUMBER:NULL@> success=<@WORD:NULL@> exit=<@NUMBER:NULL@> a0=<@WORD:NULL@> a1=<@WORD:NULL@> a2=<@WORD:NULL@> a3=<@WORD:NULL@> items=<@NUMBER:NULL@> ppid=<@PID:ppid@> pid=<@PID:pid@> auid=<@NUMBER:NULL@> uid=<@NUMBER:uid@> gid=<@NUMBER:gid@> euid=<@NUMBER:NULL@> suid=<@NUMBER:NULL@> fsuid=<@NUMBER:NULL@> egid=<@NUMBER:NULL@> sgid=<@NUMBER:NULL@> fsgid=<@NUMBER:NULL@> tty=<@WORD:tty@> ses=<@NUMBER:session@> comm=\"<@STRING:command@>\" exe=\"<@STRING:exec@>\" key=\"<@STRING:key@>\"", + "msg_id" : "Linux_Kernel_Audit:syscall", + "table" : "Linux_Kernel_Audit", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: audit(<@WORD:NULL@>): user pid=<@PID:pid@> uid=<@NUMBER:uid@> auid=<@NUMBER:auid@> subj=<@WORD:subject@> msg='<@STRING:msg@>'", + "msg_id" : "Linux_Kernel_Audit:subject_message", + "table" : "Linux_Kernel_Audit", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: audit(<@WORD:NULL@>): login pid=<@PID:pid@> uid=<@NUMBER:uid@> old auid=<@NUMBER:auid@> new auid=<@NUMBER:NULL@>", + "msg_id" : "Linux_Kernel_Audit:old_auid_new_auid", + "table" : "Linux_Kernel_Audit", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: audit(<@WORD:NULL@>): audit_pid=<@PID:pid@> old=<@NUMBER:NULL@> by auid=<@NUMBER:auid@> subj=<@WORD:subject@>", + "msg_id" : "Linux_Kernel_Audit:subject", + "table" : "Linux_Kernel_Audit", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: audit(<@WORD:NULL@>): user pid=<@PID:pid@> uid=<@NUMBER:uid@> auid=<@NUMBER:auid@> subj=<@WORD:subject@> msg=''", + "msg_id" : "Linux_Kernel_Audit:subject_message_empty", + "table" : "Linux_Kernel_Audit", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: audit(<@WORD:NULL@>): auid=<@NUMBER:auid@> subj=<@WORD:subject@> op=<@REGEXP(\"remove rule\"):operation@> key=<@STRING:key@> list=<@NUMBER:list@> res=<@NUMBER:NULL@>", + "msg_id" : "Linux_Kernel_Audit:remove_rule", + "table" : "Linux_Kernel_Audit", + "taxonomy" : "System", + "loglevel" : "Information" + } + ], + "website" : "", + "version" : "201208290007", + "name" : "Linux_Kernel_Audit", + "description" : "Linux Kernel Auditing Service" +} diff --git a/conf/logmanagement/services/Linux_Kernel_Bluetooth.json b/conf/logmanagement/services/Linux_Kernel_Bluetooth.json new file mode 100644 index 0000000..3b1fe31 --- /dev/null +++ b/conf/logmanagement/services/Linux_Kernel_Bluetooth.json @@ -0,0 +1,44 @@ +{ + "icon" : "operating_systems/os_linux_generic", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*Bluetooth: .+ layer initialized\"):msg@>", + "msg_id" : "Linux_Kernel_Bluetooth:layer_initialized", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*Bluetooth: Core ver .+\"):msg@>", + "msg_id" : "Linux_Kernel_Bluetooth:core_version", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*Bluetooth: L2CAP ver .+\"):msg@>", + "msg_id" : "Linux_Kernel_Bluetooth:l2cap_version", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*Bluetooth: RFCOMM ver .+\"):msg@>", + "msg_id" : "Linux_Kernel_Bluetooth:rfcomm_version", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*Bluetooth: HCI device and connection manager initialized\"):msg@>", + "msg_id" : "Linux_Kernel_Bluetooth:hci_device_initialized", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + } + ], + "website" : "", + "version" : "200908120004", + "name" : "Linux_Kernel_Bluetooth", + "description" : "Linux Kernel Bluetooth Service" +} diff --git a/conf/logmanagement/services/Linux_Kernel_FS_Ext3.json b/conf/logmanagement/services/Linux_Kernel_FS_Ext3.json new file mode 100644 index 0000000..c984ccb --- /dev/null +++ b/conf/logmanagement/services/Linux_Kernel_FS_Ext3.json @@ -0,0 +1,58 @@ +{ + "icon" : "operating_systems/os_linux_generic", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*EXT3-fs: recovery complete.\"):msg@>", + "msg_id" : "Linux_Kernel_FS_Ext3:recovery_complete", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*EXT3 FS on \\S+, internal journal\"):msg@>", + "msg_id" : "Linux_Kernel_FS_Ext3:internal_journal", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*ext3_orphan_cleanup: deleting unreferenced inode \\d+\"):msg@>", + "msg_id" : "Linux_Kernel_FS_Ext3:deleting_unreferenced_inode", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*EXT3-fs: .*\\d+ orphan inode deleted\"):msg@>", + "msg_id" : "Linux_Kernel_FS_Ext3:orphan_inode_deleted", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*EXT3-fs: mounted filesystem with ordered data mode.\"):msg@>", + "msg_id" : "Linux_Kernel_FS_Ext3:mounted_ordered_data_mode", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*EXT3-fs warning: checktime reached.*\"):msg@>", + "msg_id" : "Linux_Kernel_FS_Ext3:checktime_reached", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*EXT3-fs error .+\"):msg@>", + "msg_id" : "Linux_Kernel_FS_Ext3:error", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Critical" + } + ], + "website" : "", + "version" : "200901290003", + "name" : "Linux_Kernel_FS_Ext3", + "description" : "Linux Kernel FileSystem Ext3" +} diff --git a/conf/logmanagement/services/Linux_Kernel_FS_Reiser.json b/conf/logmanagement/services/Linux_Kernel_FS_Reiser.json new file mode 100644 index 0000000..13f1787 --- /dev/null +++ b/conf/logmanagement/services/Linux_Kernel_FS_Reiser.json @@ -0,0 +1,44 @@ +{ + "icon" : "operating_systems/os_linux_generic", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*ReiserFS: \\S+: found reiserfs format .+\"):msg@>", + "msg_id" : "Linux_Kernel_FS_Reiser:found_reiserfs_format", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*ReiserFS: \\S+: using ordered data mode\"):msg@>", + "msg_id" : "Linux_Kernel_FS_Reiser:using_ordered_data_mode", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*ReiserFS: \\S+: journal params: device \\S+, size \\d+, .+\"):msg@>", + "msg_id" : "Linux_Kernel_FS_Reiser:journal_params", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*ReiserFS: \\S+: checking transaction log.*\"):msg@>", + "msg_id" : "Linux_Kernel_FS_Reiser:checking_transaction_log", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*ReiserFS: \\S+: Using \\S+ hash to sort names\"):msg@>", + "msg_id" : "Linux_Kernel_FS_Reiser:using_hash_sort_names", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + } + ], + "website" : "", + "version" : "201002190003", + "name" : "Linux_Kernel_FS_Reiser", + "description" : "Linux Kernel ReiserFS Service" +} diff --git a/conf/logmanagement/services/Linux_Kernel_Network_Bonding.json b/conf/logmanagement/services/Linux_Kernel_Network_Bonding.json new file mode 100644 index 0000000..324357b --- /dev/null +++ b/conf/logmanagement/services/Linux_Kernel_Network_Bonding.json @@ -0,0 +1,86 @@ +{ + "icon" : "operating_systems/os_linux_generic", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*Ethernet Channel Bonding Driver:.+\"):msg@>", + "msg_id" : "Linux_Kernel_Network_Bonding:ethernet_channel_bonding_driver", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*ADDRCONF\\(NETDEV_UP\\): .+: link is not ready\"):msg@>", + "msg_id" : "Linux_Kernel_Network_Bonding:link_is_not_ready", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*ADDRCONF\\(NETDEV_CHANGE\\): .+: link becomes ready\"):msg@>", + "msg_id" : "Linux_Kernel_Network_Bonding:link_becomes_ready", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*bonding: MII link monitoring set to \\d+ ms\"):msg@>", + "msg_id" : "Linux_Kernel_Network_Bonding:mii_link_monitoring_set", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*bonding: \\S+: enslaving \\S+ as a backup interface with a down link.\"):msg@>", + "msg_id" : "Linux_Kernel_Network_Bonding:enslaving_as_backup_interface", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*bonding: \\S+: link status definitely up for interface .+\"):msg@>", + "msg_id" : "Linux_Kernel_Network_Bonding:link_status_definitely_up", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*bonding: \\S+: making interface \\S+ the new active one.\"):msg@>", + "msg_id" : "Linux_Kernel_Network_Bonding:making_interface_active", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*bonding: \\S+: first active interface up!\"):msg@>", + "msg_id" : "Linux_Kernel_Network_Bonding:first_active_interface_up", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*bonding: \\S+ param is irrelevant in mode .+\"):msg@>", + "msg_id" : "Linux_Kernel_Network_Bonding:param_irrelevant_in_mode", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*bonding: \\S+: link status definitely down for interface .+, disabling it\"):msg@>", + "msg_id" : "Linux_Kernel_Network_Bonding:link_status_definitely_down", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*bonding: \\S+: now running without any active interface !\"):msg@>", + "msg_id" : "Linux_Kernel_Network_Bonding:without_any_active_interface", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + } + ], + "website" : "", + "version" : "200901290005", + "name" : "Linux_Kernel_Network_Bonding", + "description" : "Linux Kernel with Network Bonding" +} diff --git a/conf/logmanagement/services/Linux_Kernel_RAID.json b/conf/logmanagement/services/Linux_Kernel_RAID.json new file mode 100644 index 0000000..adb16e4 --- /dev/null +++ b/conf/logmanagement/services/Linux_Kernel_RAID.json @@ -0,0 +1,51 @@ +{ + "icon" : "operating_systems/os_linux_generic", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: mptbase: <@REGEXP(\".+ RAID STATUS CHANGE for .+\"):msg@>", + "msg_id" : "Linux_Kernel_RAID:raid_status_change", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: mptbase: <@REGEXP(\".+ PhysDisk is now online.*\"):msg@> ", + "msg_id" : "Linux_Kernel_RAID:physdisk_now_online", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: mptbase: <@REGEXP(\".+ volume is now optimal.*\"):msg@>", + "msg_id" : "Linux_Kernel_RAID:volume_now_optimal", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: mptbase: <@REGEXP(\".+ PhysDisk is now missing.*\"):msg@> ", + "msg_id" : "Linux_Kernel_RAID:physdisk_now_missing", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: mptbase: <@REGEXP(\".+ volume is now degraded.*\"):msg@>", + "msg_id" : "Linux_Kernel_RAID:volume_now_degraded", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: mptsas: <@REGEXP(\".+ \\w+ing ssp device, channel \\d+, id \\d+, phy \\d+\"):msg@> ", + "msg_id" : "Linux_Kernel_RAID:attaching_removing_ssp_device", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Information" + } + ], + "website" : "http://www.kernel.org/", + "version" : "200702160013", + "name" : "Linux_Kernel_RAID", + "description" : "Linux Kernel RAID Service" +} diff --git a/conf/logmanagement/services/Linux_Kernel_USB.json b/conf/logmanagement/services/Linux_Kernel_USB.json new file mode 100644 index 0000000..3e3fb29 --- /dev/null +++ b/conf/logmanagement/services/Linux_Kernel_USB.json @@ -0,0 +1,170 @@ +{ + "icon" : "operating_systems/os_linux_generic", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*usb-storage: .+\"):msg@>", + "msg_id" : "Linux_Kernel_USB:storage_info", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*USB Mass Storage support registered.*\"):msg@>", + "msg_id" : "Linux_Kernel_USB:support_registered", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+: new .+ USB device using .+\"):msg@>", + "msg_id" : "Linux_Kernel_USB:new_device_using", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+: Cannot enable port \\d+. Maybe the USB cable is bad.+\"):msg@> ", + "msg_id" : "Linux_Kernel_USB:maybe_usb_cable_bad", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+: USB disconnect, address \\d+\"):msg@> ", + "msg_id" : "Linux_Kernel_USB:disconnect", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*usb .+: configuration #\\d+ chosen from \\d+ choice.*\"):msg@>", + "msg_id" : "Linux_Kernel_USB:configuration_chosen", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*usbcore: registered new driver .+\"):msg@>", + "msg_id" : "Linux_Kernel_USB:usbcore_registered_new_driver", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*scsi\\d+ : SCSI emulation for USB Mass Storage devices\"):msg@>", + "msg_id" : "Linux_Kernel_USB:scsi_emulation_mass_storage", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+: New USB device .+\"):msg@>", + "msg_id" : "Linux_Kernel_USB:new_usb_device", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*hub .+: USB hub found\"):msg@>", + "msg_id" : "Linux_Kernel_USB:usb_hub_found", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*hub .+: \\d+ ports detected\"):msg@>", + "msg_id" : "Linux_Kernel_USB:ports_detected", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ Product: .+\"):msg@>", + "msg_id" : "Linux_Kernel_USB:product", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ Manufacturer: .+\"):msg@>", + "msg_id" : "Linux_Kernel_USB:manufacturer", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ SerialNumber: .+\"):msg@>", + "msg_id" : "Linux_Kernel_USB:serialnumber", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ scsi .+ Direct-Access.+\"):msg@>", + "msg_id" : "Linux_Kernel_USB:scsi_direct_access", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ Attached scsi .+\"):msg@>", + "msg_id" : "Linux_Kernel_USB:attached_scsi", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+byte logical blocks.+\"):msg@>", + "msg_id" : "Linux_Kernel_USB:logical_blocks", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ Write Protect is .+\"):msg@>", + "msg_id" : "Linux_Kernel_USB:write_protect_status", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ Mode Sense: .+\"):msg@>", + "msg_id" : "Linux_Kernel_USB:mode_sense", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ Assuming drive cache: write through\"):msg@>", + "msg_id" : "Linux_Kernel_USB:assuming_drive_cache_write_through", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ Attached .+ removable disk\"):msg@>", + "msg_id" : "Linux_Kernel_USB:attached_removable_disk", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+ bread failed in .+\"):msg@>", + "msg_id" : "Linux_Kernel_USB:bread_failed", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".+sd.: sd.+\"):msg@>", + "msg_id" : "Linux_Kernel_USB:sd", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + } + ], + "website" : "", + "version" : "201004300006", + "name" : "Linux_Kernel_USB", + "description" : "Linux Kernel USB Service" +} diff --git a/conf/logmanagement/services/Linux_Network_Interface.json b/conf/logmanagement/services/Linux_Network_Interface.json new file mode 100644 index 0000000..ab5bc36 --- /dev/null +++ b/conf/logmanagement/services/Linux_Network_Interface.json @@ -0,0 +1,43 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"if.*\"):daemon@>: <@REGEXP(\".+ changed config file: config --> restart interface!\"):msg@>", + "msg_id" : "Linux_Network_Interface:interface_config_changed_restart_interface", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"if.*\"):daemon@>: <@REGEXP(\".+ device: .+\"):msg@>", + "msg_id" : "Linux_Network_Interface:device_information", + "table" : "Message", + "taxonomy" : "Hardware.Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"if.*\"):daemon@> <@NET_INTERFACE:interface@>", + "msg_id" : "Linux_Network_Interface:interface", + "table" : "Message", + "taxonomy" : "Hardware.Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"if.*\"):daemon@>: <@REGEXP(\"IP address: .+\"):msg@>", + "msg_id" : "Linux_Network_Interface:ip_address", + "table" : "Message", + "taxonomy" : "Hardware.Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"if.*\"):daemon@>:", + "msg_id" : "Linux_Network_Interface:empty", + "table" : "Message", + "taxonomy" : "Hardware.Network", + "loglevel" : "Information" + } + ], + "website" : "", + "version" : "201004300006", + "name" : "Linux_Network_Interface", + "description" : "Linux Network Interface Services" +} diff --git a/conf/logmanagement/services/Linux_PAM.json b/conf/logmanagement/services/Linux_PAM.json new file mode 100644 index 0000000..b6e1636 --- /dev/null +++ b/conf/logmanagement/services/Linux_PAM.json @@ -0,0 +1,142 @@ +{ + "icon" : "operating_systems/os_linux_generic", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"(?:login|su)\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\(pam_unix\\) session closed for user .+\"):msg@>", + "msg_id" : "Linux_PAM:session_closed_for_user2", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pam_access\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"access denied for user .+\"):msg@> ", + "msg_id" : "Linux_PAM:user_access_denied", + "table" : "Message", + "taxonomy" : "Access.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pam_group\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"no day specified\"):msg@> ", + "msg_id" : "Linux_PAM:no_day_specified", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pam_access\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: line \\d+: bad field count\"):msg@> ", + "msg_id" : "Linux_PAM:bad_field_count", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pam_pwdfile\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"password too short or NULL\"):msg@> ", + "msg_id" : "Linux_PAM:password_too_short", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pam_pwdfile\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"wrong password for user .+\"):msg@>", + "msg_id" : "Linux_PAM:wrong_password", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pam_console\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"getpwnam failed for .+\"):msg@>", + "msg_id" : "Linux_PAM:console_getpwnam_failed", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"PAM-mkhomedir\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"unable to create directory .+\"):msg@>", + "msg_id" : "Linux_PAM:unable_create_directory", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"login\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\(pam_securetty\\) access denied: tty .+ is not secure !\"):msg@>", + "msg_id" : "Linux_PAM:tty_not_secure", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*pam_unix.* expired password for user .+\"):msg@>", + "msg_id" : "Linux_PAM:password_expired", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pam_limits\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"setrlimit limit .+ to .+ failed: .*\"):msg@>", + "msg_id" : "Linux_PAM:setrlimit_failed", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"pam_unix\\(su:session\\): session closed for user .+\"):msg@>", + "msg_id" : "Linux_PAM:session_closed_for_user", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\(pam_unix\\) authentication failure; .+\"):msg@>", + "msg_id" : "Linux_PAM:authentication_failure", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@>[<@PID:pid@>]: <@REGEXP(\"pam_unix\\(\\S+\\): authentication failure; .+\"):msg@>", + "msg_id" : "Linux_PAM:authentication_failure2", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"login\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\(pam_unix\\) \\d+ more authentication failures; .+\"):msg@>", + "msg_id" : "Linux_PAM:more_authentication_failures", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\(pam_unix\\) could not recover authentication token\"):msg@>", + "msg_id" : "Linux_PAM:couldnt_recover_authentication_token", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>: <@REGEXP(\"pam_unix\\(\\S+\\): authentication failure; .+\"):msg@>", + "msg_id" : "Linux_PAM:authentication_failure3", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@>: <@REGEXP(\"pam_env\\(\\S+\\): non-alphanumeric key .+ ignoring\"):msg@>", + "msg_id" : "Linux_PAM:non_alphanumeric_key", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@>: <@REGEXP(\".+ pam_env\\(\\S+\\): non-alphanumeric key .+ ignoring\"):msg@>", + "msg_id" : "Linux_PAM:non_alphanumeric_key2", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + } + ], + "website" : "http://www.kernel.org/pub/linux/libs/pam/", + "version" : "201004280001", + "name" : "Linux_PAM", + "description" : "Linux PAM Service" +} diff --git a/conf/logmanagement/services/Linux_Red_Hat_System.json b/conf/logmanagement/services/Linux_Red_Hat_System.json new file mode 100644 index 0000000..89df467 --- /dev/null +++ b/conf/logmanagement/services/Linux_Red_Hat_System.json @@ -0,0 +1,16 @@ +{ + "icon" : "operating_systems/os_linux_redhat", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rhnsd\"):daemon@>[<@PID:pid@>]: <@STRING:msg@>", + "msg_id" : "Linux_Red_Hat_System:rhnsd", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + } + ], + "website" : "http://www.redhat.com/", + "version" : "200606060001", + "name" : "Linux_Red_Hat_System", + "description" : "Linux Red Hat System Service" +} diff --git a/conf/logmanagement/services/Linux_System.json b/conf/logmanagement/services/Linux_System.json new file mode 100644 index 0000000..d90f833 --- /dev/null +++ b/conf/logmanagement/services/Linux_System.json @@ -0,0 +1,589 @@ +{ + "icon" : "operating_systems/os_linux_generic", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@>[<@PID:pid@>]: <@REGEXP(\".*session opened for user .+\"):msg@>", + "msg_id" : "Linux_System:session_opened_for_user", + "table" : "Message", + "taxonomy" : "Access.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@>[<@PID:pid@>]: <@REGEXP(\".*session closed for user \\S+\"):msg@>", + "msg_id" : "Linux_System:session_closed_for_user", + "table" : "Message", + "taxonomy" : "Access.Failure", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@>[<@PID:pid@>]:<@REGEXP(\".+check pass; user unknown\"):msg@> ", + "msg_id" : "Linux_System:check_pass_user_unknown", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"pam_authenticate: Authentication failure\"):msg@> ", + "msg_id" : "Linux_System:su_pam_authentication_failure", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"udev\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"removing device node .+\"):msg@>", + "msg_id" : "Linux_System:removing_device_node", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"-- MARK --\"):msg@>", + "msg_id" : "Linux_System:mark", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@>[<@PID:pid@>]: <@REGEXP(\"new user: name=.+\"):msg@>", + "msg_id" : "Linux_System:new_user", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@>[<@PID:pid@>]:<@REGEXP(\".* password changed for \\S+\"):msg@>", + "msg_id" : "Linux_System:password_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@>[<@PID:pid@>]: <@REGEXP(\".*authentication failure; logname=.+\"):msg@>", + "msg_id" : "Linux_System:authentication_failure", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@STRING:NULL@>[<@PID:pid@>]: <@REGEXP(\"DIALUP AT .+\"):msg@>", + "msg_id" : "Linux_System:dialup_at", + "table" : "Message", + "taxonomy" : "Access", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"passwd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ Password for \\S+ was changed\"):msg@>", + "msg_id" : "Linux_System:password_was_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"chfn\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"changed user \\S+ information\"):msg@>", + "msg_id" : "Linux_System:changed_user_info", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"(?:groupadd|useradd|adduser)\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"new group: name=.+\"):msg@>", + "msg_id" : "Linux_System:new_group", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslogd\"):daemon@> <@WORD:NULL@>: <@REGEXP(\"restart\"):msg@>. ", + "msg_id" : "Linux_System:syslogd_restart", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"shutdown\"):daemon@>: <@REGEXP(\"shutting down for system halt\"):msg@>", + "msg_id" : "Linux_System:system_halt", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog\"):daemon@>: <@REGEXP(\"\\S+ startup succeeded\"):msg@>", + "msg_id" : "Linux_System:syslog_startup_succeeded", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"userdel\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"delete user .+\"):msg@>", + "msg_id" : "Linux_System:userdel_delete_user", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"userdel\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"removed group .+ owned by .+\"):msg@>", + "msg_id" : "Linux_System:userdel_removed_group", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"usermod\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"change user .+ password\"):msg@>", + "msg_id" : "Linux_System:usermod_change_user_password", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"gpasswd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"set members of \\w+ to .+\"):msg@>", + "msg_id" : "Linux_System:set_members_to", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@>: <@REGEXP(\".+ startup succeeded\"):msg@> ", + "msg_id" : "Linux_System:daemon_startup_succeeded", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@>: <@REGEXP(\".+ shutdown succeeded\"):msg@> ", + "msg_id" : "Linux_System:daemon_shutdown_succeeded", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"FAILED su for \\S+ by \\S+\"):msg@>", + "msg_id" : "Linux_System:failed_su", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"network\"):daemon@>: <@REGEXP(\"Bringing up interface \\S+: succeeded\"):msg@>", + "msg_id" : "Linux_System:bringing_up_interface", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"(?:atd|login|su)\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*session closed for user \\S+\"):msg@>", + "msg_id" : "Linux_System:any_session_closed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"login\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"FAILED LOGIN .+\"):msg@> ", + "msg_id" : "Linux_System:failed_login", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Successful su for \\S+ by \\S+\"):msg@>", + "msg_id" : "Linux_System:successful_su", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\+ \\?\\?\\? \\S+:\\S+\"):msg@>", + "msg_id" : "Linux_System:su_something", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"(?:groupdel|userdel)\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"remove group `.+'\"):msg@>", + "msg_id" : "Linux_System:groupdel_userdel_remove_group", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\S \\S*pts\\S* \\S+:\\S+\"):msg@>", + "msg_id" : "Linux_System:su_pts_something", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"init\"):daemon@>: <@REGEXP(\"Trying to re-exec init\"):msg@>", + "msg_id" : "Linux_System:trying_reexec_init", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> -- <@WORD:NULL@>[<@PID:pid@>]: <@REGEXP(\".*LOGIN ON .+\"):msg@> ", + "msg_id" : "Linux_System:login_on", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"(?:passwd|su)\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*could not recover authentication token\"):msg@>", + "msg_id" : "Linux_System:any_recover_authentication_token", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslogd\"):daemon@> <@REGEXP(\".+: restart.*remote reception.*\"):msg@>", + "msg_id" : "Linux_System:syslog_restart", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"chage\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"changed password expiry .+\"):msg@>", + "msg_id" : "Linux_System:change_password_expiry", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"shutdown\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"shutting down for system .+\"):msg@>", + "msg_id" : "Linux_System:shutdown", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"pam_.+: Permission denied\"):msg@> ", + "msg_id" : "Linux_System:pam_permission_denied", + "table" : "Message", + "taxonomy" : "Access.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"(?:ls|login|su)\"):daemon@>: <@REGEXP(\"\\w+_ldap: .+ Can't contact LDAP server\"):msg@>", + "msg_id" : "Linux_System:any_cant_contact_ldap", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@>[<@PID:pid@>]: <@REGEXP(\"ROOT LOGIN .+\"):msg@>", + "msg_id" : "Linux_System:root_login_on", + "table" : "Message", + "taxonomy" : "Access.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"VFS\"):daemon@>: <@REGEXP(\"busy inodes on changed media.\"):msg@> ", + "msg_id" : "Linux_System:vfs_busy_inodes", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@>[<@PID:pid@>]: <@REGEXP(\".+ RADIUS server .+ failed to respond\"):msg@> ", + "msg_id" : "Linux_System:radius_server_failed_respond", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@>[<@PID:pid@>]: <@REGEXP(\".*bad username .+\"):msg@>", + "msg_id" : "Linux_System:bad_username", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"network\"):daemon@>: <@REGEXP(\"Shutting down interface .+\"):msg@>", + "msg_id" : "Linux_System:shutting_down_interface", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"login\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"User not known to the underlying authentication module\"):msg@> ", + "msg_id" : "Linux_System:login_underlying_authentication_module", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"shutdown\"):daemon@>: <@REGEXP(\"shutting down for system reboot\"):msg@>", + "msg_id" : "Linux_System:shutdown_reboot", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Unknown UID: \\d+\"):msg@>", + "msg_id" : "Linux_System:su_unknown_uid", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"FAILED su for .+\"):msg@>", + "msg_id" : "Linux_System:su_failed", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"login\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*could not identify user .+\"):msg@>", + "msg_id" : "Linux_System:could_not_identify_user", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logrotate\"):daemon@>: <@REGEXP(\"ALERT exited abnormally with.+\"):msg@>", + "msg_id" : "Linux_System:logrotate_exited_abnormally", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"inetd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: Address already in use\"):msg@> ", + "msg_id" : "Linux_System:inetd_address_already_used", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"inetd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ server failing \\(looping\\), service terminated\"):msg@>", + "msg_id" : "Linux_System:inetd_service_terminated", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"LOGIN: Starting \\w+\"):msg@>", + "msg_id" : "Linux_System:login_starting_module", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"login\"):daemon@>: <@REGEXP(\"Authentication service cannot retrieve authentication info.\"):msg@> ", + "msg_id" : "Linux_System:cannot_retrieve_authentication_info", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"PAM adding faulty module: .+\"):msg@>", + "msg_id" : "Linux_System:supam_adding_faulty_module", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ls: nss_ldap: could not search LDAP server - Server is unavailable\"):msg@> ", + "msg_id" : "Linux_System:ls_couldnt_search_ldap", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"PAM unable to dlopen.+\"):msg@>", + "msg_id" : "Linux_System:su_pam_unable_dlopen", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:daemon@>[<@PID:pid@>]: <@REGEXP(\".*could not identify .+\"):msg@>", + "msg_id" : "Linux_System:could_not_identify", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"fsck\"):daemon@>: <@REGEXP(\".*has gone \\d+ days without being checked.*\"):msg@>", + "msg_id" : "Linux_System:fsck_days_without_checked", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"login.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ ignoring max retries.+\"):msg@>", + "msg_id" : "Linux_System:login_ignoring_max_retries", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"userdel\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"delete .+ from .*group .+\"):msg@>", + "msg_id" : "Linux_System:delete_user_from_group", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*password for user \\w+ will expire in \\d+ days\"):msg@>", + "msg_id" : "Linux_System:password_will_expire", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"passwd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"password for \\S+ changed by \\S+\"):msg@> ", + "msg_id" : "Linux_System:password_changed_by", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"passwd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*new password not acceptable\"):msg@> ", + "msg_id" : "Linux_System:new_password_not_acceptable", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"init\"):daemon@>: <@REGEXP(\"no more processes left in this runlevel\"):msg@>", + "msg_id" : "Linux_System:init_system_stop", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"[-+] tty\\d+ \\S+\"):msg@>", + "msg_id" : "Linux_System:tty", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"init\"):daemon@>: <@REGEXP(\"Re-reading inittab\"):msg@>", + "msg_id" : "Linux_System:init_rereading_inittab", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>: <@REGEXP(\".+ session closed for user \\S+\"):msg@>", + "msg_id" : "Linux_System:session_closed_for_user2", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>: <@REGEXP(\".*session opened for user .+\"):msg@>", + "msg_id" : "Linux_System:session_opened_for_user2", + "table" : "Message", + "taxonomy" : "Access.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"udevd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"add_to_rules: unknown key '.+' in .+\"):msg@>", + "msg_id" : "Linux_System:udevd_unknown_key", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"usermod\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"add .+ to group .+\"):msg@>", + "msg_id" : "Linux_System:usermod_add_to_group", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"passwd\"):daemon@>:<@REGEXP(\".* password changed for \\S+\"):msg@>", + "msg_id" : "Linux_System:password_changed2", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logrotate\"):daemon@>: <@REGEXP(\".+logrotate\\.d\\/mysql failed.+\"):msg@>", + "msg_id" : "Linux_System:logrotate_mysql_failed", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logrotate\"):daemon@>: <@REGEXP(\".+acount is protected by password.\"):msg@>", + "msg_id" : "Linux_System:logrotate_acount_protected_by_password", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logrotate\"):daemon@>: <@REGEXP(\"See comments in .+ on how to fix this\"):msg@>", + "msg_id" : "Linux_System:logrotate_see_comments_how_to_fix", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logrotate\"):daemon@>: <@REGEXP(\"error: .Access denied for user .+\"):msg@>", + "msg_id" : "Linux_System:logrotate_access_denied_for_user", + "table" : "Message", + "taxonomy" : "Access.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logrotate\"):daemon@>: <@REGEXP(\"error: error running .+ postrotate script for .+\"):msg@>", + "msg_id" : "Linux_System:logrotate_running_postrotate_script_error", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logrotate\"):daemon@>: <@REGEXP(\".+ connect to server at .+ failed\"):msg@>", + "msg_id" : "Linux_System:logrotate_server_connection_failed", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"checkproc\"):daemon@>: <@REGEXP(\"checkproc: can not get session id for process .+\"):msg@>", + "msg_id" : "Linux_System:checkproc_can_not_get_session_id_for_process", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"(?:groupadd|useradd|adduser)\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"account already exists - account=.+\"):msg@>", + "msg_id" : "Linux_System:account_already_exists", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".+\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"group already exists - group=.+\"):msg@>", + "msg_id" : "Linux_System:group_already_exists", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"su\"):daemon@>: <@REGEXP(\"\\(to .+\\) .+ on .+\"):msg@>", + "msg_id" : "Linux_System:su", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"kcheckpass\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Authentication failure for .+ \\(invoked by uid \\d+\\)\"):msg@>", + "msg_id" : "Linux_System:kcheckpass_auth_failure", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"groupadd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"group added to .+\"):msg@>", + "msg_id" : "Linux_System:group_added_to", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + } + ], + "version" : "201208090002", + "name" : "Linux_System", + "description" : "Linux System Service" +} diff --git a/conf/logmanagement/services/Logitech_Mouse_Control.json b/conf/logmanagement/services/Logitech_Mouse_Control.json new file mode 100644 index 0000000..8b33fc8 --- /dev/null +++ b/conf/logmanagement/services/Logitech_Mouse_Control.json @@ -0,0 +1,22 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"lomoco\"):daemon@>:", + "msg_id" : "Logitech_Mouse_Control:empty", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"lomoco\"):daemon@>: <@REGEXP(\".+: .+ Wheel Mouse Optical .+ Caps: .+\"):msg@>", + "msg_id" : "Logitech_Mouse_Control:wheel_mouse_optical_caps", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + } + ], + "website" : "http://www.lomoco.org/", + "version" : "201002100006", + "name" : "Logitech_Mouse_Control", + "description" : "Logitech Mouse Control" +} diff --git a/conf/logmanagement/services/Mac_OS_X_Installer.json b/conf/logmanagement/services/Mac_OS_X_Installer.json new file mode 100644 index 0000000..4ece7d2 --- /dev/null +++ b/conf/logmanagement/services/Mac_OS_X_Installer.json @@ -0,0 +1,114 @@ +{ + "icon" : "operating_systems/os_mac", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Installer\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Env: .+\"):msg@>", + "msg_id" : "Mac_OS_X_Installer:env", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Installer\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Hardware: .+\"):msg@>", + "msg_id" : "Mac_OS_X_Installer:hardware", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Installer\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"User picked Standard Install\"):msg@>", + "msg_id" : "Mac_OS_X_Installer:user_picked_standard_install", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Installer\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Running OS Build: .+\"):msg@>", + "msg_id" : "Mac_OS_X_Installer:running_os_build", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Installer\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s*Install: \\\".+\\\"\"):msg@>", + "msg_id" : "Mac_OS_X_Installer:install", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Installer\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"It took \\S+ seconds to summarize the package selections.\"):msg@>", + "msg_id" : "Mac_OS_X_Installer:took_seconds_summarize_package_selections", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Installer\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\@\\(#\\)PROGRAM:Install .+\"):msg@>", + "msg_id" : "Mac_OS_X_Installer:program_install", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Installer\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s*\\S+\\.pkg#\\S+\\.pkg .+\"):msg@>", + "msg_id" : "Mac_OS_X_Installer:pkg", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Installer\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"-\\[IFDInstallController\\(Private\\) _buildInstallPlan\\]: .+\"):msg@>", + "msg_id" : "Mac_OS_X_Installer:ifdinstallcontroller_buildinstallplan", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Installer\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Free space on .+\"):msg@>", + "msg_id" : "Mac_OS_X_Installer:free_space_on", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Installer\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Create temporary directory .+\"):msg@>", + "msg_id" : "Mac_OS_X_Installer:create_temporary_directory", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Installer\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Configuring volume .+\"):msg@>", + "msg_id" : "Mac_OS_X_Installer:configuring_volume", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Installer\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Set authorization level .+\"):msg@>", + "msg_id" : "Mac_OS_X_Installer:set_authorization_level", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"installd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"PackageKit: .+\"):msg@>", + "msg_id" : "Mac_OS_X_Installer:installd_packagekit_msgs", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"installd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"./pre(?:flight|install): .+\"):msg@>", + "msg_id" : "Mac_OS_X_Installer:installd_preinstall_preflight_msgs", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "", + "version" : "201111040006", + "name" : "Mac_OS_X_Installer", + "description" : "Mac OS X Installer Service" +} diff --git a/conf/logmanagement/services/Mac_OS_X_Kernel.json b/conf/logmanagement/services/Mac_OS_X_Kernel.json new file mode 100644 index 0000000..a4f663d --- /dev/null +++ b/conf/logmanagement/services/Mac_OS_X_Kernel.json @@ -0,0 +1,233 @@ +{ + "icon" : "operating_systems/os_mac", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"AppleACPICPU: ProcessorApicId=\\d+ LocalApicId=\\d+ Enabled\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:appleacpicpu_enabled", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\".+auditing.* present\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:auditing_present", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"USB caused wake event.+\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:usb_caused_wake_event", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"FireWire .+ now active.+\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:firewire_now_active", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"BSD root: .+\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:bsd_root", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"Got boot device = .+\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:got_boot_device", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"IOAPIC: Version .+\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:ioapic_version", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"AppleIntelCPUPowerManagement: ready\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:cpu_power_management_ready", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"CSRHIDTransitionDriver:.+\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:csrhid_transition_driver_msg", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"HFS: Removed \\d+ orphaned unlinked files\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:hfs_removed_orphaned_unlinked", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"Matching service count = \\d+\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:matching_service_count", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\".+: family specific matching fails\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:family_specific_matching_fails", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"ath_descdma_setup: .+\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:ath_descdma_setup", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"\\d+ bit mode enabled\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:nb_bit_mode_enabled", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"yukonosx: Ethernet address .+\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:yukonosx_ethernet_address", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"AirPort_\\S+: Ethernet address .+\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:airport_ethernet_address", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"hibernate_page_list_\\w+ .+\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:hibernate_page_list_msg", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"sleep\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:sleep", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"System SafeSleep\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:system_safesleep", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"System Wake\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:system_wake", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"hibernate image .+\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:hibernate_image_info", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"standard timeslicing quantum is \\d+ us\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:standard_timeslicing_quantum_is", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"writing \\d+ pages\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:writing_pages", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"pages \\d+, wire \\d+, act \\d+, inact \\d+, .+\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:pages_wire_act_inact", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"Enabling XMM register .+ opcodes\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:enabling_xmm_register_opcodes", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"\\d+ prelinked modules\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:prelinked_modules", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"image1Size \\d+\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:image1_size", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"image \\d+, uncompressed \\d+ \\(\\d+\\), compressed \\d+ \\(\\d+%\\), sum1 \\S+, sum2 \\S+\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:image_info", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"Started CPU \\d+\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:started_cpu", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel[<@PID:pid@>]: <@REGEXP(\"IPv6 packet filtering initialized.*\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:ipv6_packet_filtering_initialized", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"kernel\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"IOSurface: buffer allocation size is zero\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:iosurface_buffer_allocation_zero", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"kernel\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Apple\\S+Ethernet: .+\"):msg@>", + "msg_id" : "Mac_OS_X_Kernel:apple_ethernet_msgs", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + } + ], + "website" : "http://www.apple.com/macosx/", + "version" : "201111010001", + "name" : "Mac_OS_X_Kernel", + "description" : "Mac OS X Kernel" +} diff --git a/conf/logmanagement/services/Mac_OS_X_Software_Update.json b/conf/logmanagement/services/Mac_OS_X_Software_Update.json new file mode 100644 index 0000000..d7c6769 --- /dev/null +++ b/conf/logmanagement/services/Mac_OS_X_Software_Update.json @@ -0,0 +1,30 @@ +{ + "icon" : "operating_systems/os_mac", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Software Update\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Distribution: .+\"):msg@>", + "msg_id" : "Mac_OS_X_Software_Update:distribution", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Software Update\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"run (?:pre|post)flight script for .+\"):msg@>", + "msg_id" : "Mac_OS_X_Software_Update:run_postflight_script", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Software Update\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"(?:Configu|Prepa)ring volume .+\"):msg@>", + "msg_id" : "Mac_OS_X_Software_Update:configuring_preparing_volume", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "http://www.apple.com/macosx/", + "version" : "200911080008", + "name" : "Mac_OS_X_Software_Update", + "description" : "Mac OS X Software Update" +} diff --git a/conf/logmanagement/services/Mac_OS_X_Steam.json b/conf/logmanagement/services/Mac_OS_X_Steam.json new file mode 100644 index 0000000..5744feb --- /dev/null +++ b/conf/logmanagement/services/Mac_OS_X_Steam.json @@ -0,0 +1,30 @@ +{ + "icon" : "operating_systems/os_mac", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*com.valvesoftware.steam\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"unlinked \\d+ orphaned pipes\"):msg@>", + "msg_id" : "Mac_OS_X_Steam:unlinked_orphaned_pipes", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*com.valvesoftware.steam\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"CAsyncIOManager: .+\"):msg@>", + "msg_id" : "Mac_OS_X_Steam:casynciomanager_msgs", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*com.valvesoftware.steam.ipctool\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ipcserver .+\"):msg@>", + "msg_id" : "Mac_OS_X_Steam:ipcserver_msgs", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "http://store.steampowered.com/browse/mac", + "version" : "201110290004", + "name" : "Mac_OS_X_Steam", + "description" : "Mac OS X Steam Service" +} diff --git a/conf/logmanagement/services/Mac_OS_X_System.json b/conf/logmanagement/services/Mac_OS_X_System.json new file mode 100644 index 0000000..b07cfdd --- /dev/null +++ b/conf/logmanagement/services/Mac_OS_X_System.json @@ -0,0 +1,261 @@ +{ + "icon" : "operating_systems/os_mac", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"com.apple.SecurityServer\"):daemon@>: <@REGEXP(\"authinternal authenticated user .+\"):msg@>", + "msg_id" : "Mac_OS_X_System:authinternal_authenticated_user", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"com.apple.SecurityServer\"):daemon@>: <@REGEXP(\"authinternal failed to authenticate user .+\"):msg@>", + "msg_id" : "Mac_OS_X_System:authinternal_failed_authenticate_user", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"com.apple.SecurityServer\"):daemon@>: <@REGEXP(\"Entering service\"):msg@>", + "msg_id" : "Mac_OS_X_System:entering_service", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"SecurityAgent\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Showing Login Window\"):msg@>", + "msg_id" : "Mac_OS_X_System:showing_login_window", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"com.apple.SecurityServer\"):daemon@>: <@REGEXP(\"Succeeded authorizing right .+ by process .+ for authorization created by .+\"):msg@>", + "msg_id" : "Mac_OS_X_System:succeeded_authorizing_right_process", + "table" : "Message", + "taxonomy" : "Access.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"SecurityAgent\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"User Authenticated: continue login process\"):msg@>", + "msg_id" : "Mac_OS_X_System:user_authenticated_continue_login", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> SystemStarter[<@PID:pid@>]: <@REGEXP(\"The following StartupItems failed to properly start:\"):msg@>", + "msg_id" : "Mac_OS_X_System:startupitems_failed_properly_start", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> SystemStarter[<@PID:pid@>]: <@REGEXP(\".+ execution of Startup script failed\"):msg@>", + "msg_id" : "Mac_OS_X_System:execution_startup_script_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> SystemStarter[<@PID:pid@>]: <@REGEXP(\"/System/Library/StartupItems/.+\"):msg@>", + "msg_id" : "Mac_OS_X_System:system_library_startupitems", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> memberd[<@PID:pid@>]: <@REGEXP(\"memberd starting up\"):msg@>", + "msg_id" : "Mac_OS_X_System:memberd_starting_up", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mDNSResponder-.+: starting\"):msg@>", + "msg_id" : "Mac_OS_X_System:mdnsresponder_starting", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> lookupd[<@PID:pid@>]: <@REGEXP(\"lookupd.+starting.+\"):msg@>", + "msg_id" : "Mac_OS_X_System:lookupd_starting", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport: Could not find \".+\" on.+channel.+\"):msg@>", + "msg_id" : "Mac_OS_X_System:airport_couldnt_find_network", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport: Already scanned channels.+\"):msg@>", + "msg_id" : "Mac_OS_X_System:airport_already_scanned_channels", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> configd[<@PID:pid@>]: <@REGEXP(\"executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-network\"):msg@>", + "msg_id" : "Mac_OS_X_System:configd_enable_network", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> configd[<@PID:pid@>]: <@REGEXP(\"posting notification com.apple.system.config.network_change\"):msg@>", + "msg_id" : "Mac_OS_X_System:configd_posting_network_change", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport: Error: Apple80211Scan\\(\\) failed.+\"):msg@>", + "msg_id" : "Mac_OS_X_System:airport_apple80211_scan_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mDNSResponder: Adding browse domain local.\"):msg@>", + "msg_id" : "Mac_OS_X_System:mdnsresponder_adding_domain_local", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> configd[<@PID:pid@>]: <@REGEXP(\"setting hostname to .+\"):msg@>", + "msg_id" : "Mac_OS_X_System:configd_setting_hostname", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started\"):msg@>", + "msg_id" : "Mac_OS_X_System:login_window_application_started", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> loginwindow[<@PID:pid@>]: <@REGEXP(\"Login Window Started Security Agent\"):msg@>", + "msg_id" : "Mac_OS_X_System:loginwindow_started_security_agent", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".+: removeDisplayMapping: _CGSUnmapFramebuffer returns .+\"):msg@>", + "msg_id" : "Mac_OS_X_System:unmapframebuffer_returns", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> dashboardadivsoryd[<@PID:pid@>]: <@REGEXP(\"fetch.*: unable to fetch data.*\"):msg@>", + "msg_id" : "Mac_OS_X_System:dashboardadivsoryd_unable_fetch_data", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> [<@PID:pid@>] <@REGEXP(\"kCGErrorIllegalArgument: CGXGetWindow\\w+: Invalid window.+\"):msg@>", + "msg_id" : "Mac_OS_X_System:cgx_invalid_window", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"com.apple.SecurityServer\"):daemon@>: <@REGEXP(\"uid \\d+ succeeded authenticating as user .+ for right .+\"):msg@>", + "msg_id" : "Mac_OS_X_System:succeeded_authenticating_as_user", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> SystemStarter[<@PID:pid@>]: <@REGEXP(\"authentication service .+ did not complete successfully\"):msg@>", + "msg_id" : "Mac_OS_X_System:authentication_service_didnt_complete", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"(?:ath|AppleMobileDeviceHelper)\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"_AMDDeviceAttachedCallbackv3 \\(thread \\S+\\): Device '.+' attached.\"):msg@>", + "msg_id" : "Mac_OS_X_System:device_attached", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"AppleMobileDeviceHelper\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"_AMDDeviceDetached \\(thread \\S+\\): Device '.+' detached.\"):msg@>", + "msg_id" : "Mac_OS_X_System:device_detached", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"com.apple.usbmuxd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"_SendAttachNotification .+\"):msg@>", + "msg_id" : "Mac_OS_X_System:usbmuxd_sendattachnotification", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"com.apple.usbmuxd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"_SendDetachNotification .+\"):msg@>", + "msg_id" : "Mac_OS_X_System:usbmuxd_senddetachnotification", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"usbmuxd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"_AMDeviceConnectByAddressAndPort .+\"):msg@>", + "msg_id" : "Mac_OS_X_System:usbmuxd_connect_address_port", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"authorizationhost\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"in pam_sm_authenticate\\(\\): .+\"):msg@>", + "msg_id" : "Mac_OS_X_System:authorizationhost_pam_sm_authenticate", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"authorizationhost\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"in pam_sm_setcred\\(\\): .+\"):msg@>", + "msg_id" : "Mac_OS_X_System:authorizationhost_pam_sm_setcred", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"com.apple.SecurityServer\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Succeeded authorizing right .+ by client .+ for authorization created by .+\"):msg@>", + "msg_id" : "Mac_OS_X_System:succeeded_authorizing_right", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"com.apple.SecurityServer\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Failed to authorize right .+\"):msg@>", + "msg_id" : "Mac_OS_X_System:failed_to_authorize_right", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Dock\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"kCGErrorIllegalArgument: .+\"):msg@>", + "msg_id" : "Mac_OS_X_System:kcgerrorillegalargument", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Debug" + } + ], + "website" : "http://www.apple.com/macosx/", + "version" : "201111040002", + "name" : "Mac_OS_X_System", + "description" : "Mac OS X System" +} diff --git a/conf/logmanagement/services/Mac_OS_X_iTunes.json b/conf/logmanagement/services/Mac_OS_X_iTunes.json new file mode 100644 index 0000000..2f6e70b --- /dev/null +++ b/conf/logmanagement/services/Mac_OS_X_iTunes.json @@ -0,0 +1,30 @@ +{ + "icon" : "operating_systems/os_mac", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"iTunes\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"_AMDDeviceDetached \\(thread \\S+\\): Device '.+' detached.\"):msg@>", + "msg_id" : "Mac_OS_X_iTunes:device_detached", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"iTunes\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"_AMDDeviceAttachedCallbackv3 \\(thread \\S+\\): Device '.+' attached.\"):msg@>", + "msg_id" : "Mac_OS_X_iTunes:device_attached", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"iTunes\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"_NotificationSocketReadCallbackGCD .+: Unexpected connection closure...\"):msg@>", + "msg_id" : "Mac_OS_X_iTunes:unexpected_connection_closure", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + } + ], + "website" : "", + "version" : "201110290004", + "name" : "Mac_OS_X_iTunes", + "description" : "Mac OS X iTunes Service" +} diff --git a/conf/logmanagement/services/Mnogosearch.json b/conf/logmanagement/services/Mnogosearch.json new file mode 100644 index 0000000..8b3f20d --- /dev/null +++ b/conf/logmanagement/services/Mnogosearch.json @@ -0,0 +1,72 @@ +{ + "icon" : "software/logo_mnogosearch", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"indexer\"):module@>[<@PID:pid@>]: <@STRING:NULL@> URL: <@STRING:url@>", + "msg_id" : "Mnogosearch:indexer_url", + "table" : "Mnogosearch", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"indexer\"):module@>[<@PID:pid@>]: <@REGEXP(\".+ Unsupported Content-Type .+\"):msg@>", + "msg_id" : "Mnogosearch:indexer_unsupported_content_type", + "table" : "Mnogosearch", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"indexer\"):module@>[<@PID:pid@>]: <@REGEXP(\".+ No data received\"):msg@> ", + "msg_id" : "Mnogosearch:indexer_no_data_received", + "table" : "Mnogosearch", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"indexer\"):module@>[<@PID:pid@>]: <@REGEXP(\".+ Writing words .+\"):msg@>", + "msg_id" : "Mnogosearch:indexer_writing_words", + "table" : "Mnogosearch", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"indexer\"):module@>[<@PID:pid@>]: <@REGEXP(\".+ The words are written successfully.+\"):msg@>", + "msg_id" : "Mnogosearch:indexer_words_written_successfully", + "table" : "Mnogosearch", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"indexer\"):module@>[<@PID:pid@>]: <@REGEXP(\".+ Done .+ seconds, .+ documents, .+bytes, .+\"):msg@> ", + "msg_id" : "Mnogosearch:indexer_done", + "table" : "Mnogosearch", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"indexer\"):module@>[<@PID:pid@>]: <@REGEXP(\"indexer from mnogosearch-\\S+ started with .+\"):msg@>", + "msg_id" : "Mnogosearch:indexer_started", + "table" : "Mnogosearch", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"indexer\"):module@>[<@PID:pid@>]: <@REGEXP(\".+ Deleting .+\"):msg@>", + "msg_id" : "Mnogosearch:deleting_url", + "table" : "Mnogosearch", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"indexer\"):module@>[<@PID:pid@>]: <@REGEXP(\".+ No 'Server' command for url\"):msg@>", + "msg_id" : "Mnogosearch:no_server_command", + "table" : "Mnogosearch", + "taxonomy" : "System", + "loglevel" : "Notice" + } + ], + "website" : "http://www.mnogosearch.org/", + "version" : "200704260003", + "name" : "Mnogosearch", + "description" : "Mnogosearch Web Search Engine Service" +} diff --git a/conf/logmanagement/services/Monit.json b/conf/logmanagement/services/Monit.json new file mode 100644 index 0000000..087dcfc --- /dev/null +++ b/conf/logmanagement/services/Monit.json @@ -0,0 +1,177 @@ +{ + "icon" : "software/logo_monit", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"'.+' process PID changed to \\d+\"):msg@>", + "msg_id" : "Monit:process_pid_changed_to", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"'.+' PID has not changed\"):msg@> ", + "msg_id" : "Monit:pid_has_not_changed", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Starting monit daemon\"):msg@>", + "msg_id" : "Monit:starting_daemon", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Monit started\"):msg@> ", + "msg_id" : "Monit:started", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Monit has not changed\"):msg@> ", + "msg_id" : "Monit:has_not_changed", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"monit daemon with pid .+ killed\"):msg@> ", + "msg_id" : "Monit:monit_daemon_killed", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Monit stopped\"):msg@>", + "msg_id" : "Monit:stopped", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"'.+' process is not running\"):msg@> ", + "msg_id" : "Monit:process_is_not_running", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"'.+' trying to restart\"):msg@> ", + "msg_id" : "Monit:trying_to_restart", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"'.+' failed to start\"):msg@> ", + "msg_id" : "Monit:failed_to_start", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"'.+' process is running with pid \\d+\"):msg@>", + "msg_id" : "Monit:process_running_with_pid", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"'\\S+' start: .+\"):msg@>", + "msg_id" : "Monit:start", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ service timed out and will not be checked anymore\"):msg@>", + "msg_id" : "Monit:service_not_checked_anymore", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"monit: pidfile .+ does not contain a valid pidnumber\"):msg@>", + "msg_id" : "Monit:doesnt_contain_valid_pidnumber", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* started\"):msg@>", + "msg_id" : "Monit:application_started", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>: <@REGEXP(\".+Error: the executable does not exist .+\"):msg@>", + "msg_id" : "Monit:executable_doesnt_exist", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"'.+' process PPID changed to .+\"):msg@>", + "msg_id" : "Monit:process_ppid_changed_to", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"'.+' PPID has not changed\"):msg@>", + "msg_id" : "Monit:ppid_has_not_changed", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"monit: pidfile .+ is not a regular file\"):msg@>", + "msg_id" : "Monit:pidfile_not_regular_file", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"monit: Error opening the pidfile .+\"):msg@>", + "msg_id" : "Monit:error_opening_pidfile", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Aborting event\"):msg@>", + "msg_id" : "Monit:aborting_event", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"No mail servers are available\"):msg@>", + "msg_id" : "Monit:no_mail_servers_available", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Cannot open a connection to the mailserver .+\"):msg@>", + "msg_id" : "Monit:cannot_open_connection_mailserver", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"monit\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Cannot fork a new process\"):msg@>", + "msg_id" : "Monit:cannot_fork_new_process", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + } + ], + "website" : "http://www.tildeslash.com/monit/", + "version" : "200907020001", + "name" : "Monit", + "description" : "Monit Service" +} diff --git a/conf/logmanagement/services/MySQL.json b/conf/logmanagement/services/MySQL.json new file mode 100644 index 0000000..6061965 --- /dev/null +++ b/conf/logmanagement/services/MySQL.json @@ -0,0 +1,541 @@ +{ + "icon" : "software/logo_mysql", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> /etc/init.d/mysql[<@PID:pid@>]: <@REGEXP(\"error: 'Can't connect to local MySQL server through socket.+\"):msg@>", + "msg_id" : "MySQL:cant_connect_through_socket", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> /etc/init.d/mysql[<@PID:pid@>]: <@REGEXP(\"Check that mysqld is running and that the socket: .+ exists!\"):msg@>", + "msg_id" : "MySQL:check_mysqld_is_running", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> /etc/init.d/mysql[<@PID:pid@>]: <@REGEXP(\".+mysqladmin: connect to server at .+ failed\"):msg@>", + "msg_id" : "MySQL:mysqladmin_connect_server_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld_safe\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ended\"):msg@>", + "msg_id" : "MySQL:ended", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld_safe\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*started\"):msg@>", + "msg_id" : "MySQL:started", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>[<@PID:pid@>]: <@REGEXP(\"Checking for crashed MySQL tables.\"):msg@>", + "msg_id" : "MySQL:check_crashed_tables", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ Can't init databases\"):msg@>", + "msg_id" : "MySQL:cant_init_databases", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ InnoDB: Error: unable to create temporary file;.+\"):msg@>", + "msg_id" : "MySQL:unable_create_temporary_file", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>[<@PID:pid@>]: <@REGEXP(\"WARNING: mysqlcheck has found corrupt tables\"):msg@>", + "msg_id" : "MySQL:found_corrupt_tables", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*mysql.*\"):NULL@>[<@PID:pid@>]: <@REGEXP(\".+: ready for connections.\"):msg@>", + "msg_id" : "MySQL:ready_for_connections", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld_safe\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Number of processes running now: \\d+\"):msg@>", + "msg_id" : "MySQL:number_processes_running", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Version: '\\S+' socket: '\\S+' port: .+\"):msg@>", + "msg_id" : "MySQL:version_socket_port", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+InnoDB: Starting shutdown...\"):msg@>", + "msg_id" : "MySQL:innodb_starting_shutdown", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+InnoDB: Shutdown completed.*\"):msg@>", + "msg_id" : "MySQL:innodb_shutdown_completed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+mysqld: Shutdown Complete\"):msg@> ", + "msg_id" : "MySQL:shutdown_complete", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+mysqld: Normal shutdown\"):msg@> ", + "msg_id" : "MySQL:normal_shutdown", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+InnoDB: Database was not shut down normally.\"):msg@>", + "msg_id" : "MySQL:innodb_notshut_normally", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"InnoDB: Starting .+\"):msg@>", + "msg_id" : "MySQL:innodb_starting_something", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"/usr/sbin/mysqld: \\S+ pour des connections Source distribution\"):msg@>", + "msg_id" : "MySQL:pret_connection_source", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ \\[Error\\] DROP USER: Can't drop user: .+; Database privileges exists\"):msg@> ", + "msg_id" : "MySQL:cant_drop_user", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+mysqld: Can't create/write to file .+\"):msg@>", + "msg_id" : "MySQL:cant_write_file", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*mysql.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ERROR: The partition with .+ is too full!\"):msg@>", + "msg_id" : "MySQL:partition_is_too_full", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ Aborting\"):msg@>", + "msg_id" : "MySQL:aborting", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ InnoDB: Warning: shutting down a not properly started\"):msg@>", + "msg_id" : "MySQL:innodb_not_properly_started", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ \\[Note\\] Slave SQL thread initialized, starting replication .+\"):msg@>", + "msg_id" : "MySQL:slave_sql_thread_initialized", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: Sort aborted\"):msg@>", + "msg_id" : "MySQL:sort_aborted", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:NULL@> <@REGEXP(\".*mysql.*\"):NULL@>[<@PID:NULL@>]:", + "msg_id" : "MySQL:empty", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ERROR.+ Slave \\S+ thread.+\"):msg@>", + "msg_id" : "MySQL:slave_io_thread_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ERROR.+Error reading packet from server: .+\"):msg@>", + "msg_id" : "MySQL:error_reading_packet_server", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ERROR.+Got fatal error .+\"):msg@>", + "msg_id" : "MySQL:got_fatal_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ Failed to open log .+\"):msg@>", + "msg_id" : "MySQL:failed_to_open_log", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+Error reading relay log event: slave SQL thread was killed\"):msg@> ", + "msg_id" : "MySQL:error_reading_relay_log", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ /usr/sbin/mysqld: Shutdown complete\"):msg@> ", + "msg_id" : "MySQL:mysqld_shutdown_complete", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ Slave: received end packet from server, apparent master shutdown.+\"):msg@>", + "msg_id" : "MySQL:apparent_master_shutdown", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ERROR.+ \\(Errcode: 145\\)\"):msg@> ", + "msg_id" : "MySQL:unable_open_file", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*mysqld.*\"):NULL@>: <@REGEXP(\".*Disk is full writing .+\"):msg@>", + "msg_id" : "MySQL:disk_is_full_writing", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+Error writing file .+\"):msg@>", + "msg_id" : "MySQL:error_writing_file", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: unknown variable '.+'\"):msg@> ", + "msg_id" : "MySQL:unknown_variable", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+\\[Note\\] Slave I/O thread: .+\"):msg@>", + "msg_id" : "MySQL:slave_io_thread_note", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*InnoDB: .+\"):msg@>", + "msg_id" : "MySQL:innodb_message", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ \\[Error\\] The slave I/O thread stops because master and slave have equal MySQL server ids.+\"):msg@>", + "msg_id" : "MySQL:master_slave_equal_ids", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ Error running query.+\"):msg@>", + "msg_id" : "MySQL:error_running_query", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ Error 'Duplicate entry .+\"):msg@>", + "msg_id" : "MySQL:error_duplicate_entry", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ Slave: connected to master .+\"):msg@>", + "msg_id" : "MySQL:slave_connected_to_master", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>: <@REGEXP(\"Stopping MySQL:.*succeeded\"):msg@> ", + "msg_id" : "MySQL:stopping_mysql_succeeded", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ Forcing close of thread .+\"):msg@>", + "msg_id" : "MySQL:forcing_close_thread", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ \\[Warning\\] Found invalid password for user.+\"):msg@>", + "msg_id" : "MySQL:found_invalid_password_user", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ Can't change dir to .+\"):msg@>", + "msg_id" : "MySQL:cant_change_dir", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ \\[Error\\] Failed to open the relay log .+\"):msg@>", + "msg_id" : "MySQL:failed_open_relay_log", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ \\[Error\\] Could not find target log during relay log initialization\"):msg@> ", + "msg_id" : "MySQL:couldnt_find_target_log", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ \\[Error\\] Failed to initialize the master info structure\"):msg@> ", + "msg_id" : "MySQL:failed_initialize_master_info", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ \\[Error\\] Could not open log file\"):msg@> ", + "msg_id" : "MySQL:couldnt_open_log_file", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ \\[Error\\] Can't start server : Bind on unix socket: Permission denied\"):msg@> ", + "msg_id" : "MySQL:bind_socket_permission_denied", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> /etc/init.d/mysql[<@PID:pid@>]: <@REGEXP(\"\\d+ processes alive .+\"):msg@>", + "msg_id" : "MySQL:processes_alive", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ \\[Error\\] Failed to create a new master info file .+\"):msg@>", + "msg_id" : "MySQL:failed_create_master_info", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ \\[Error\\] Do you already have another mysqld server running on socket.+\"):msg@>", + "msg_id" : "MySQL:already_mysqld_server_running", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*\\[Note\\] Recovering after a crash using .+\"):msg@>", + "msg_id" : "MySQL:recovering_after_crash", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*\\[Note\\] Starting crash recovery...\"):msg@>", + "msg_id" : "MySQL:starting_crash_recovery", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*\\[Note\\] Crash recovery finished.\"):msg@>", + "msg_id" : "MySQL:crash_recovery_finished", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> /etc/init.d/mysql[<@PID:pid@>]: <@REGEXP(\"Fatal error in defaults handling. Program aborted\"):msg@>", + "msg_id" : "MySQL:fatal_error_defaults_handling", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld_safe\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Fatal error: Can't remove the pid file: .+\"):msg@>", + "msg_id" : "MySQL:cant_remove_pid_file", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> /etc/init.d/mysql[<@PID:pid@>]: <@REGEXP(\"Could not open required defaults file: .+\"):msg@>", + "msg_id" : "MySQL:couldnt_open_defaults_file", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"lock: 0x.+\"):msg@>", + "msg_id" : "MySQL:lock", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* \\[ERROR\\] .+: Incorrect information in file:.+\"):msg@>", + "msg_id" : "MySQL:incorrect_information_in_file", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld_safe\"):daemon@>: <@REGEXP(\"Starting mysqld daemon with databases from .+\"):msg@>", + "msg_id" : "MySQL:starting_with_databases", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld_safe\"):daemon@>: <@REGEXP(\"mysqld from pid file .+ ended\"):msg@>", + "msg_id" : "MySQL:mysqld_from_pidfile_ended", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>: <@REGEXP(\".*InnoDB: Started; .+\"):msg@>", + "msg_id" : "MySQL:innodb_started", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>: <@REGEXP(\".*Event Scheduler: .+\"):msg@>", + "msg_id" : "MySQL:event_scheduler_messages", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>: <@REGEXP(\".+InnoDB: Shutdown completed.*\"):msg@>", + "msg_id" : "MySQL:innodb_shutdown_completed2", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>: <@REGEXP(\".*InnoDB: Starting .+\"):msg@>", + "msg_id" : "MySQL:innodb_starting_something2", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>: <@REGEXP(\"Version: .+socket: .+ port: .+\"):msg@>", + "msg_id" : "MySQL:version_socket_port2", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>: <@REGEXP(\".+mysqld: Normal shutdown\"):msg@>", + "msg_id" : "MySQL:normal_shutdown2", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>: <@REGEXP(\".+mysqld: Shutdown complete\"):msg@>", + "msg_id" : "MySQL:shutdown_complete2", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"mysqld\"):daemon@>: <@REGEXP(\".*Plugin .+ is disabled.\"):msg@>", + "msg_id" : "MySQL:plugin_disabled", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".*mysql.*\"):NULL@>: <@REGEXP(\".+: ready for connections.\"):msg@>", + "msg_id" : "MySQL:ready_for_connections2", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:NULL@> <@WORD:NULL@> <@REGEXP(\".*mysql.*\"):NULL@>:", + "msg_id" : "MySQL:empty2", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + } + ], + "website" : "http://www.mysql.com", + "version" : "201208090005", + "name" : "MySQL", + "description" : "MySQL Service" +} diff --git a/conf/logmanagement/services/Nagios.json b/conf/logmanagement/services/Nagios.json new file mode 100644 index 0000000..62b31ca --- /dev/null +++ b/conf/logmanagement/services/Nagios.json @@ -0,0 +1,240 @@ +{ + "icon" : "software/logo_nagios", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:nagios_server@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;<@WORD:host@>;<@WORD:service@>;<@NUMBER:status@>;<@STRING:result@>", + "msg_id" : "Nagios:service_check_result", + "table" : "Nagios_Service_Check", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: SERVICE ALERT: <@WORD:host@>;<@WORD:service@>;<@WORD:status@>;<@WORD:criticity@>;<@NUMBER:nb_check@>;<@STRING:msg@>", + "msg_id" : "Nagios:service_alert", + "table" : "Nagios_service", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"EXTERNAL COMMAND: .+\"):msg@>", + "msg_id" : "Nagios:external_command", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@WORD:type@> NOTIFICATION: <@WORD:dest@>;<@WORD:host@>;<@WORD:service@>;<@WORD:status@>;<@WORD:notify_by@>;<@STRING:msg@>", + "msg_id" : "Nagios:service_notification", + "table" : "Nagios_notification", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@WORD:type@> NOTIFICATION: <@WORD:dest@>;<@WORD:host@>;<@STRING:status@>;<@WORD:notify_by@>;<@STRING:msg@>", + "msg_id" : "Nagios:host_notification", + "table" : "Nagios_notification", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Warning\"):criticity@>: <@REGEXP(\"Message queue contained results for service .+ on host .+. The service could not be found!\"):msg@>", + "msg_id" : "Nagios:message_queue_results", + "table" : "Nagios_service", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Auto-save of retention data completed successfully.\"):msg@> ", + "msg_id" : "Nagios:retention_data_saved", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Warning: Attempting to execute the command .+ resulted in a return code of 127.+\"):msg@>", + "msg_id" : "Nagios:warning_execute_command", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Warning: Host .+ has no services associated with it!\"):msg@> ", + "msg_id" : "Nagios:warning_host_services", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Warning: Host .+ is not a member of any host groups!\"):msg@>", + "msg_id" : "Nagios:warning_host_member", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Warning: Contact .+ is not a member of any contact groups!\"):msg@>", + "msg_id" : "Nagios:warning_contact_member", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: HOST ALERT: <@WORD:host@>;<@WORD:status@>;<@WORD:criticity@>;<@NUMBER:nb_check@>;<@STRING:msg@>", + "msg_id" : "Nagios:host_alert", + "table" : "Nagios_service", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"LOG ROTATION: \\S+\"):msg@>", + "msg_id" : "Nagios:log_rotation", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Nagios \\S+ starting... \\(PID=\\d+\\)\"):msg@> ", + "msg_id" : "Nagios:nagios_starting", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Caught SIGTERM, shutting down...\"):msg@> ", + "msg_id" : "Nagios:shutting_down", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Caught SIGHUP, restarting...\"):msg@> ", + "msg_id" : "Nagios:caught_sighup_restarting", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Warning: .+ is not used in any .+ definitions or .+ escalations!\"):msg@> ", + "msg_id" : "Nagios:not_used_in_any", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Warning: A system time change of \\d+ seconds .+ has been detected.+\"):msg@>", + "msg_id" : "Nagios:time_change_detected", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Successfully shutdown.+\"):msg@>", + "msg_id" : "Nagios:successfully_shutdown", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Error: Failed to grab configuration information for retention data\"):msg@> ", + "msg_id" : "Nagios:failed_grab_configuration_information", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Error: Unable to update status data file .+\"):msg@>", + "msg_id" : "Nagios:unable_update_status_data", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Error: Cannot open main configuration file .+\"):msg@>", + "msg_id" : "Nagios:cannot_open_main_configuration", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Error: Invalid .+\"):msg@>", + "msg_id" : "Nagios:invalid_param_configuration", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Error: Could not add object property in file .+\"):msg@>", + "msg_id" : "Nagios:couldnt_add_object_property", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Bailing out due to .+\"):msg@>", + "msg_id" : "Nagios:bailing_out_due_to", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Error: Could not create external command file .+\"):msg@>", + "msg_id" : "Nagios:couldnt_create_external_command", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Warning: Host check command .+ for host .+ timed out after \\d+ seconds\"):msg@> ", + "msg_id" : "Nagios:hostcheck_command_timed_out", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Error: Template .+ specified in service definition could not be not found.+\"):msg@>", + "msg_id" : "Nagios:template_couldnt_be_found", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Error: Could not register .+\"):msg@>", + "msg_id" : "Nagios:couldnt_register_object_configuration", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Error: .+ is NULL\"):msg@> ", + "msg_id" : "Nagios:object_configuration_is_null", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"nss_ldap: could not connect to any LDAP server .+\"):msg@>", + "msg_id" : "Nagios:couldnt_connect_ldap_server", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Warning: Return code .+ for check of service .+ was out of bounds.+\"):msg@>", + "msg_id" : "Nagios:returncode_out_of_bounds", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nagios(?:\\d)*\"):daemon@>: <@REGEXP(\"Error: Cannot open .+ file .+ for reading!\"):msg@>", + "msg_id" : "Nagios:cannot_open_file_reading", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + } + ], + "website" : "http://www.nagios.org", + "version" : "201002180009", + "name" : "Nagios", + "description" : "Nagios Service" +} diff --git a/conf/logmanagement/services/Nagios_NSCA.json b/conf/logmanagement/services/Nagios_NSCA.json new file mode 100644 index 0000000..766021d --- /dev/null +++ b/conf/logmanagement/services/Nagios_NSCA.json @@ -0,0 +1,93 @@ +{ + "icon" : "software/logo_nagios", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nsca\"):daemon@>[<@NUMBER:NULL@>]: SERVICE CHECK -> Host Name: <@SINGLE_QUOTED_STRING:host@>, Service Description: <@SINGLE_QUOTED_STRING:service@>, Return Code: <@SINGLE_QUOTED_STRING:status@>, Output: <@SINGLE_QUOTED_STRING:msg@> ", + "msg_id" : "Nagios_NSCA:service_check", + "table" : "Nagios_service", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nsca\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Connection from .+ port \\d+\"):msg@>", + "msg_id" : "Nagios_NSCA:connection_from", + "table" : "Message", + "taxonomy" : "Access", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nsca\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"connect from .+\"):msg@>", + "msg_id" : "Nagios_NSCA:connect_from", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nsca\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Host address checks out ok\"):msg@>", + "msg_id" : "Nagios_NSCA:host_address_ok", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nsca\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Handling the connection...\"):msg@> ", + "msg_id" : "Nagios_NSCA:handling_the_connection", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nsca\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"End of connection...\"):msg@> ", + "msg_id" : "Nagios_NSCA:end_of_connection", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nsca\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Host \\S+ is not allowed to talk to us!\"):msg@> ", + "msg_id" : "Nagios_NSCA:not_allowed_talk", + "table" : "Message", + "taxonomy" : "Access.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nsca\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Command file .+ does not exist, attempting to use alternate dump file .+ for output\"):msg@>", + "msg_id" : "Nagios_NSCA:command_file_doesnot_exist", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nsca\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Starting up daemon\"):msg@> ", + "msg_id" : "Nagios_NSCA:starting_up_daemon", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nsca\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Dropping packet with stale timestamp - packet was \\d+ seconds old.\"):msg@> ", + "msg_id" : "Nagios_NSCA:dropping_packet_stale_timestamp", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nsca\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Network server bind failure.+\"):msg@>", + "msg_id" : "Nagios_NSCA:network_server_bind_failure", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nsca\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Unknown option specified in config file .+\"):msg@>", + "msg_id" : "Nagios_NSCA:unknown_option_in_file", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + } + ], + "website" : "http://www.nagios.org", + "version" : "201002180001", + "name" : "Nagios_NSCA", + "description" : "Nagios NSCA Service" +} diff --git a/conf/logmanagement/services/Neoteris.json b/conf/logmanagement/services/Neoteris.json new file mode 100644 index 0000000..c464561 --- /dev/null +++ b/conf/logmanagement/services/Neoteris.json @@ -0,0 +1,233 @@ +{ + "icon" : "companies/logo_juniper", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Statistics Archive - \\S+ - \\S+ - .+\"):msg@>", + "msg_id" : "Neoteris:statistics_archive", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Connection from IP \\S+ not authenticated yet.+\"):msg@>", + "msg_id" : "Neoteris:not_authenticated_yet", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - \\S+ NIC down.\"):msg@>", + "msg_id" : "Neoteris:nic_down", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - VIP \\S+ deactivated on .+\"):msg@>", + "msg_id" : "Neoteris:vip_deactivated", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - \\S+ gateway '\\S+' unreachable.\"):msg@>", + "msg_id" : "Neoteris:gateway_unreachable", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Node '\\S+' activated in cluster '.+'.\"):msg@>", + "msg_id" : "Neoteris:node_activated", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Started syncing state\"):msg@>", + "msg_id" : "Neoteris:started_syncing_state", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - \\S+ gateway '\\S+' up.\"):msg@>", + "msg_id" : "Neoteris:gateway_up", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Node '\\S+' is now reachable from node '\\S+'\"):msg@>", + "msg_id" : "Neoteris:node_reachable", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - VIP \\S+ activated on .+\"):msg@>", + "msg_id" : "Neoteris:vip_activated", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - VIP \\S+ failed over to \\S+\"):msg@>", + "msg_id" : "Neoteris:vip_failed_over", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Detected duplicate IP address .+\"):msg@>", + "msg_id" : "Neoteris:detected_duplicate_ip", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Node '\\S+' is now unreachable from node '\\S+'\"):msg@>", + "msg_id" : "Neoteris:node_unreachable", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - \\S+ NIC up.\"):msg@>", + "msg_id" : "Neoteris:nic_up", + "table" : "Message", + "taxonomy" : "Hardware.Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Starting services: .+\"):msg@>", + "msg_id" : "Neoteris:starting_services", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Started system software version .+ successfully\"):msg@>", + "msg_id" : "Neoteris:started_system_successfully", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ Allow all users to sign in\"):msg@>", + "msg_id" : "Neoteris:allow_all_sign_in", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - SiteMinder server: Caches flushed.\"):msg@>", + "msg_id" : "Neoteris:siteminder_caches_flushed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Forming cluster: .+\"):msg@>", + "msg_id" : "Neoteris:forming_cluster", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Completed syncing state.+\"):msg@>", + "msg_id" : "Neoteris:completed_syncing_state", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Activated in cluster: .+\"):msg@>", + "msg_id" : "Neoteris:activated_in_cluster", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Number of concurrent .+\"):msg@>", + "msg_id" : "Neoteris:info_number_concurrent", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Caught signal 11 \\(Segmentation fault\\)\"):msg@>", + "msg_id" : "Neoteris:segmentation_fault", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - License for .+ activated\"):msg@>", + "msg_id" : "Neoteris:license_activated", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Node '.+' deactivated in cluster '.+'.\"):msg@>", + "msg_id" : "Neoteris:node_deactivated_in_cluster", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Server restart\"):msg@>", + "msg_id" : "Neoteris:server_restart", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Server reboot\"):msg@>", + "msg_id" : "Neoteris:server_reboot", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Server reboot requested.+\"):msg@>", + "msg_id" : "Neoteris:server_reboot_requested", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Trace Info : .+\"):msg@>", + "msg_id" : "Neoteris:trace_info", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Created statistics file.\"):msg@>", + "msg_id" : "Neoteris:created_statistics_file", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Server restart requested.+\"):msg@>", + "msg_id" : "Neoteris:server_restart_requested", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Juniper\"):daemon@>: <@REGEXP(\".+ - Node .+ is now unreachable from node .+\"):msg@>", + "msg_id" : "Neoteris:node_is_now_unreachable", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + } + ], + "website" : "http://www.juniper.net/products_and_services/ssl_vpn_secure_access/index.html", + "version" : "201002180001", + "name" : "Neoteris", + "description" : "Neoteris Service" +} diff --git a/conf/logmanagement/services/NetApp_NetCache.json b/conf/logmanagement/services/NetApp_NetCache.json new file mode 100644 index 0000000..5b5a157 --- /dev/null +++ b/conf/logmanagement/services/NetApp_NetCache.json @@ -0,0 +1,870 @@ +{ + "icon" : "companies/logo_netapp", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[kern.uptime.nc:info\\]: .+ \\d+ URLs, \\d+ streams\"):msg@> ", + "msg_id" : "NetApp_NetCache:uptime_info", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[kern.timed.adjust:info\\]: server \\S+ reports the appliance date is \\S+ by \\S+ seconds which is more than timed.min_skew .+. Adjusting date.\"):msg@> ", + "msg_id" : "NetApp_NetCache:timed_adjust", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[wwfilterWorker:error\\]: I/O error in communicating with WebWasher server.\"):msg@> ", + "msg_id" : "NetApp_NetCache:webwasher_communicating_server", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[wwfilterWorker:info\\]: wwfilter:Download to occur in \\d+ seconds\"):msg@> ", + "msg_id" : "NetApp_NetCache:webwasher_download", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[admin_backup_push_t:info\\]: Configuration backed up by user \\S+.\"):msg@> ", + "msg_id" : "NetApp_NetCache:backup_push", + "table" : "Message", + "taxonomy" : "Config.Backup", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sthread_loop:warning\\]: Client \\S+ trying to connect to appliance port \\d+ using the appliance\"):msg@> ", + "msg_id" : "NetApp_NetCache:trying_connect_appliance", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[telnet_0:info\\]: \\S+ logged in from host: \\S+\"):msg@>", + "msg_id" : "NetApp_NetCache:user_logged_in", + "table" : "Message", + "taxonomy" : "Access.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[wwfilterWorker:info\\]: WebWasher download successful.\"):msg@> ", + "msg_id" : "NetApp_NetCache:webwasher_download_successful", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[wwfilterWorker:info\\]: Current time: day:hr:min = .+\"):msg@>", + "msg_id" : "NetApp_NetCache:webwasher_current_time", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[wwfilterWorker:info\\]: Download time: day:hr:min = .+\"):msg@>", + "msg_id" : "NetApp_NetCache:webwasher_download_time", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[rc:info\\]: Configuration backed up by user \\S+.\"):msg@> ", + "msg_id" : "NetApp_NetCache:config_backed_up", + "table" : "Message", + "taxonomy" : "Config.Backup", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".+too many bad logins from host .+, IP address .+\"):msg@>", + "msg_id" : "NetApp_NetCache:too_many_bad_logins", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[admin.config.backup.push.fail:error\\]: config backup push failed for file: .+ to destination URL: .+ Error: \\[code=CANT_CONNECT\\] Could not connect because of networking problems. Contact your system administrator.+\"):msg@> ", + "msg_id" : "NetApp_NetCache:backup_failed_network", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[asup.smtp.sent:notice\\]: System Notification mail sent: .+\"):msg@>", + "msg_id" : "NetApp_NetCache:system_notification_mail_sent", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[kern.log.rotate:notice\\]: System .+ is running NetApp Release \\S+\"):msg@>", + "msg_id" : "NetApp_NetCache:running_netapp_release", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sthread_loop:warning\\]: \\[HTTP\\]: CONNECT request issued by client \\S+ to host .+ is being terminated to prevent routing loops\"):msg@> ", + "msg_id" : "NetApp_NetCache:prevent_routing_loops", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[mgr.stack.framename:notice\\]: Stack frame \\d+: .+\"):msg@>", + "msg_id" : "NetApp_NetCache:stack_frame", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".+ pktt: \\d+ packets seen, \\d+ dropped, \\d+ bytes written to \\S+\"):msg@>", + "msg_id" : "NetApp_NetCache:packet_trace", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sthread_loop:info\\]: File .+ deleted by host \\S+, user \\S+\"):msg@>", + "msg_id" : "NetApp_NetCache:file_deleted", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[admin.config.changed:info\\]: Configuration changed by .+\"):msg@>", + "msg_id" : "NetApp_NetCache:configuration_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[pktt:notice\\]: pktt: stopped writing packets to .+ because size exceeds \\d+\"):msg@>", + "msg_id" : "NetApp_NetCache:stopped_wrtiting_packets", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[raid.tetris.media.recommend.reassign.err:info\\]: Block recommended for reassignment on Disk .+\"):msg@>", + "msg_id" : "NetApp_NetCache:disk_recommended_reassignment", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sthread_loop:info\\]: DNS cache flushed by .+\"):msg@>", + "msg_id" : "NetApp_NetCache:dns_cache_flushed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[admin.login.failure:info\\]: Failed admin login attempt for .+\"):msg@>", + "msg_id" : "NetApp_NetCache:failed_login_attempt", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sthread_loop:warning\\]: \\S+: detected possible routing loop\"):msg@>", + "msg_id" : "NetApp_NetCache:detected_possible_routing_loop", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[ncldap_loop:warning\\]: \\[Auth/ldap\\]: Latency is high.+\"):msg@>", + "msg_id" : "NetApp_NetCache:ldap_latency_high", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[coredump.mini.completed:info\\]: .+ generation completed\"):msg@> ", + "msg_id" : "NetApp_NetCache:coredump_generation_completed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sthread_loop:warning\\]: Potential Routing loop detected in HTTP Via header: .+\"):msg@>", + "msg_id" : "NetApp_NetCache:routing_loop_detected", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[asup.smtp.sent.minicore:notice\\]: Core file .+ sent to Network Appliance\"):msg@> ", + "msg_id" : "NetApp_NetCache:core_file_sent_netapp", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[admin_worker:info\\]: SSH Setup: SSH Setup is done. Host keys are stored in .+\"):msg@>", + "msg_id" : "NetApp_NetCache:ssh_setup_done", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sthread_loop:info\\]: SSH keys generated by .+\"):msg@>", + "msg_id" : "NetApp_NetCache:ssh_keys_generated", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sthread_loop:info\\]: SSL certificate generated by .+\"):msg@>", + "msg_id" : "NetApp_NetCache:ssl_certificate_generated", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[mgr.boot.disk_done:info\\]: NetApp Release .+ boot complete. Last disk update written at .+\"):msg@>", + "msg_id" : "NetApp_NetCache:boot_complete", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[.+\\]: Listening for .+ requests on .+\"):msg@>", + "msg_id" : "NetApp_NetCache:listening_for_requests", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[rc:info\\]: Listening promiscuously for .+ requests on .+\"):msg@>", + "msg_id" : "NetApp_NetCache:listening_promiscuously_for_requests", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[kern.shutdown:notice\\]: System shut down because : .+\"):msg@>", + "msg_id" : "NetApp_NetCache:system_shutdown_because", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[console_login_mgr:info\\]: .+ logged in from console\"):msg@> ", + "msg_id" : "NetApp_NetCache:logged_in_from_console", + "table" : "Message", + "taxonomy" : "Access.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[.+\\]: Failed password for illegal user .+ from .+\"):msg@>", + "msg_id" : "NetApp_NetCache:failed_password_illegal_user", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[.+\\]: Failed none for illegal user .+ from .+\"):msg@>", + "msg_id" : "NetApp_NetCache:failed_none_illegal_user", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[.+\\]: input_userauth_request: illegal user .+\"):msg@>", + "msg_id" : "NetApp_NetCache:userauth_request_illegal_user", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[mgr.boot.reason_ok:notice\\]: System rebooted after running WAFL_check.\"):msg@> ", + "msg_id" : "NetApp_NetCache:system_rebooted_after_waflcheck", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sshd_\\d+:info\\]: Accepted password for .+\"):msg@>", + "msg_id" : "NetApp_NetCache:sshd_accepted_password", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sthread_loop:info\\]: File .+ uploaded by .+\"):msg@> ", + "msg_id" : "NetApp_NetCache:file_uploaded", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sthread_loop:info\\]: NetCache rebooted by .+\"):msg@>", + "msg_id" : "NetApp_NetCache:netcache_rebooted", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[ltm_services:info\\]: Ethernet \\S+: Link down, check cable\"):msg@> ", + "msg_id" : "NetApp_NetCache:ethernet_down_check_cable", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[ltm_services:info\\]: Ethernet \\S+: Link up\"):msg@> ", + "msg_id" : "NetApp_NetCache:ethernet_link_up", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[mgr.boot.new_OS2:notice\\]: This system is running a new version of NetCache .+\"):msg@>", + "msg_id" : "NetApp_NetCache:running_new_version", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[mgr.boot.reason_ok:notice\\]: System rebooted after a reboot command.\"):msg@> ", + "msg_id" : "NetApp_NetCache:rebooted_after_reboot_command", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sshd_\\d+:info\\]: Failed password for .+\"):msg@>", + "msg_id" : "NetApp_NetCache:sshd_failed_password", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sshd_\\d+:info\\]: .+ logged in from .+\"):msg@>", + "msg_id" : "NetApp_NetCache:sshd_logged_in", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[cache_entry_admin:notice\\]: Finished rebuilding objects:.+\"):msg@>", + "msg_id" : "NetApp_NetCache:cache_finished_rebuilding_objects", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sshd_\\d+:error\\]: error: Disconnecting: protocol error: .+\"):msg@>", + "msg_id" : "NetApp_NetCache:sshd_protocol_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sshd_\\d+:info\\]: dispatch_protocol_error: .+\"):msg@>", + "msg_id" : "NetApp_NetCache:sshd_dispatch_protocol_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[admin.software.installed:info\\]: Software installed by .+\"):msg@>", + "msg_id" : "NetApp_NetCache:software_installed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[download.request\\S+\\]: Operator requested download \\S+\"):msg@>", + "msg_id" : "NetApp_NetCache:operator_requested_download", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sthread_loop:info\\]: Log management scheduled by .+\"):msg@>", + "msg_id" : "NetApp_NetCache:log_management_scheduled", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[rc:info\\]: \\S+ time: day:hr:min = .+\"):msg@>", + "msg_id" : "NetApp_NetCache:time_info", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[admin_worker:info\\]: Starting SSL with new certificate.\"):msg@> ", + "msg_id" : "NetApp_NetCache:ssl_with_new_certificate", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[rc:ALERT\\]: timed: time daemon started\"):msg@> ", + "msg_id" : "NetApp_NetCache:time_daemon_started", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[mgr.stack.openFail:warning\\]: Unable to open function name/address mapping file .+\"):msg@>", + "msg_id" : "NetApp_NetCache:unable_open_mapping_file", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[admin_worker:info\\]: Closing \\(TCP\\) listen socket for .+\"):msg@>", + "msg_id" : "NetApp_NetCache:closing_listen_socket", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[rc:info\\]: wwfilter:Download to occur in \\d+ seconds\"):msg@> ", + "msg_id" : "NetApp_NetCache:wwfilter_download_occur", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[wafl.scan.typebits.done:info\\]: Type bit scan done on .+\"):msg@>", + "msg_id" : "NetApp_NetCache:type_bit_scan_done", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[cache_entry_admin:notice\\]: Cache flush complete.\"):msg@> ", + "msg_id" : "NetApp_NetCache:cache_flush_complete", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sthread_loop:info\\]: NetCache flushed by .+\"):msg@>", + "msg_id" : "NetApp_NetCache:netcache_flushed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sthread_loop:info\\]: File .+ sent to .+\"):msg@>", + "msg_id" : "NetApp_NetCache:file_sent_to", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[asup.general.queue.deleted:info\\]: All autosupport message queue entries have been deleted.\"):msg@> ", + "msg_id" : "NetApp_NetCache:autosupport_message_queue_deleted", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[admin_worker:notice\\]: WAFL revert to .+ completed\"):msg@> ", + "msg_id" : "NetApp_NetCache:wafl_revert_completed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[mgr.boot.reason_ok:notice\\]: System rebooted after revert.\"):msg@> ", + "msg_id" : "NetApp_NetCache:system_rebooted_after_revert", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[admin_worker:notice\\]: Starting revert to.+\"):msg@>", + "msg_id" : "NetApp_NetCache:starting_revert", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[rc:info\\]: wwfilter.+\"):msg@>", + "msg_id" : "NetApp_NetCache:wwfilter_info", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[telnetd:warning\\]: Failed Login from.+\"):msg@>", + "msg_id" : "NetApp_NetCache:telnet_failed_login", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[telnetd:debug\\]: unknown:AUTH:error:Failed Login from.+\"):msg@>", + "msg_id" : "NetApp_NetCache:telnet_failed_login2", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[wwfilterWorker:error\\]: Webwasher license has expired.\"):msg@> ", + "msg_id" : "NetApp_NetCache:webwasher_license_expired", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[mgr.boot.reason_abnormal:ALERT\\]: System rebooted after a panic.\"):msg@> ", + "msg_id" : "NetApp_NetCache:system_rebooted_after_panic", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[mgr.stack.at:notice\\]: Panic occurred at.+\"):msg@>", + "msg_id" : "NetApp_NetCache:panic_occured", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[mgr.stack.proc:notice\\]: Panic in process.+\"):msg@>", + "msg_id" : "NetApp_NetCache:panic_in_process", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[rc:ALERT\\]: relog syslog PANIC.+\"):msg@>", + "msg_id" : "NetApp_NetCache:relog_syslog_panic", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[wafl.vol.inconsistent:ALERT\\]: Volume .+ is inconsistent.+\"):msg@>", + "msg_id" : "NetApp_NetCache:volume_inconsistent", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[coredump.save.+\"):msg@>", + "msg_id" : "NetApp_NetCache:saving_coredump", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[mgr.stack.saved:notice\\]: Reboot with saved panic information in log file\"):msg@> ", + "msg_id" : "NetApp_NetCache:reboot_with_panic_information", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sthread_loop:info\\]: Download of .+\"):msg@>", + "msg_id" : "NetApp_NetCache:download", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sthread_loop:error\\]: Failed to download file: .+\"):msg@>", + "msg_id" : "NetApp_NetCache:failed_to_download_file", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sshd_0:info\\]: Did not receive identification string from .+\"):msg@>", + "msg_id" : "NetApp_NetCache:sshd_identification_string_error", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sshd_0:info\\]: Bad protocol version identification .+\"):msg@>", + "msg_id" : "NetApp_NetCache:sshd_bad_protocol_version", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[cecc_log.entry:warning\\]: .+ Correctable ECC error on DIMM .+\"):msg@>", + "msg_id" : "NetApp_NetCache:correctable_dimm_ecc_error", + "table" : "Message", + "taxonomy" : "Hardware.Memory", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[cecc_log.summary:warning\\]: .+ new correctable ecc errors just reported.+\"):msg@>", + "msg_id" : "NetApp_NetCache:correctable_ecc_error_reported", + "table" : "Message", + "taxonomy" : "Hardware.Memory", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[monitor.globalStatus.nonCritical:warning\\]: \\\"Memory\\\": Correctable error .+\"):msg@>", + "msg_id" : "NetApp_NetCache:memory_correctable_error", + "table" : "Message", + "taxonomy" : "Hardware.Memory", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".+: Ethernet \\S+: Link down, check cable\"):msg@> ", + "msg_id" : "NetApp_NetCache:link_down_check_cable", + "table" : "Message", + "taxonomy" : "Hardware.Network", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[raid.rg.recons.multidisk:warning\\]: .+: reconstruction encountered a multi-disk error\"):msg@>", + "msg_id" : "NetApp_NetCache:reconstruction_encountered_multidisk_error", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[monitor.globalStatus.nonCritical:warning\\]: .* There are not enough spare disks.\"):msg@> ", + "msg_id" : "NetApp_NetCache:not_enough_spare_disks", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[raid.rg.recons.aborted:notice\\]: .+ reconstruction aborted at disk block .+\"):msg@>", + "msg_id" : "NetApp_NetCache:reconstruction_aborted_disk_block", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[raid.rg.scrub..+\\]: Scrub found .+\"):msg@>", + "msg_id" : "NetApp_NetCache:scrub_found_something", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[raid.+\\]: Read error on Disk .+\"):msg@>", + "msg_id" : "NetApp_NetCache:read_error_on_disk", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[monitor.raid.reconstruct:warning\\]: Reconstructing broken data disk .+\"):msg@>", + "msg_id" : "NetApp_NetCache:reconstructing_broken_data_disk", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[download.inconsistency:info\\]: Inconsistent disk bootblock data detected\"):msg@> ", + "msg_id" : "NetApp_NetCache:inconsistent_bootblock_data_detected", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[raid.rg.recons.missing:notice\\]: RAID group .+ is missing \\d+ disk.+\"):msg@> ", + "msg_id" : "NetApp_NetCache:raid_group_missing_disk", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[raid.disk.inserted:info\\]: Disk .+ has been inserted into the system\"):msg@> ", + "msg_id" : "NetApp_NetCache:disk_inserted_into_system", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sfu.firmwareUpToDate:info\\]: Firmware is up-to-date on all disk shelves.\"):msg@> ", + "msg_id" : "NetApp_NetCache:firmware_uptodate_all_disk", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[coredump.mini.starting:info\\]: Generating mini-core.+\"):msg@>", + "msg_id" : "NetApp_NetCache:generating_minicore", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[raid.rg.recons.info:notice\\]: Spare disk .+ will be used to reconstruct one missing disk in RAID group .+\"):msg@>", + "msg_id" : "NetApp_NetCache:spare_disk_reconstruct_missing", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[raid.rg.recons.start:notice\\]: .+ starting reconstruction, using disk .+\"):msg@>", + "msg_id" : "NetApp_NetCache:starting_reconstruction_using_disk", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[monitor.globalStatus.ok:info\\]: The system's global status is normal.\"):msg@> ", + "msg_id" : "NetApp_NetCache:system_global_status_normal", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[raid.rg.recons.block.fail:error\\]: Block .+ can not be properly reconstructed on Disk .+\"):msg@>", + "msg_id" : "NetApp_NetCache:block_cannot_be_reconstructed", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[asup.smtp.host:info\\]: Autosupport cannot connect to .+\"):msg@>", + "msg_id" : "NetApp_NetCache:autosupport_cannot_connect_to", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\".+: duplicate IP address .+\"):msg@>", + "msg_id" : "NetApp_NetCache:duplicate_ip_address", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sshd_\\d+:info\\]: Failed publickey for illegal user .+\"):msg@>", + "msg_id" : "NetApp_NetCache:sshd_failed_publickey", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[asup.smtp.\\w+:error\\]: Autosupport mail was not sent because .+\"):msg@>", + "msg_id" : "NetApp_NetCache:autosupport_mail_not_sent", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sshd_\\d+:error\\]: error: Disconnecting: Too many authentication failures for .+\"):msg@>", + "msg_id" : "NetApp_NetCache:too_many_authentication_failures", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[mgr.stack.longrun.proc:notice\\]: Long running process: .+\"):msg@>", + "msg_id" : "NetApp_NetCache:long_running_process", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[adpch_timeoutd:warning\\]: adpch_timeoutd: .+ command timeout, quiescing bus to allow outstanding I/O to complete.+\"):msg@>", + "msg_id" : "NetApp_NetCache:adpch_command_timeout", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[adpch_intrd:warning\\]: adpch_timeoutd: .+ unquiescing bus\"):msg@> ", + "msg_id" : "NetApp_NetCache:adpch_unquiescing_bus", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[raid.read.media.recommend.reassign.err:info\\]: Block recommended for reassignment on Disk .+\"):msg@>", + "msg_id" : "NetApp_NetCache:block_recommended_for_reassignment", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[shm.threshold.allMediaErrors:error\\]: shm: Disk .+ has crossed the combination media error threshold in a \\d+ minute window and will be recommended for failure.\"):msg@> ", + "msg_id" : "NetApp_NetCache:disk_recommended_for_failure", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[adpch_asyncd:warning\\]: adpch asyncd: Resetting SCSI .+ to clear outstanding I/O.\"):msg@> ", + "msg_id" : "NetApp_NetCache:resetting_scsi_clear_outstanding", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[raid.fdr.reminder:warning\\]: Failed Disk .+ is still present in the system and should be removed.\"):msg@> ", + "msg_id" : "NetApp_NetCache:failed_disk_still_present", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[kern.cron.reschedDst:notice\\]: Daylight Savings Time change: .+\"):msg@>", + "msg_id" : "NetApp_NetCache:daylight_savings_time_change", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[mgr.stack.string:notice\\]: Panic string: wafl_inode_to_file_attr: unexpected file type .+\"):msg@>", + "msg_id" : "NetApp_NetCache:unexpected_file_type", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[raid.disk.missing:error\\]: Disk .+ is missing from the system\"):msg@>", + "msg_id" : "NetApp_NetCache:disk_missing_from_system", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[raid.config.filesystem.disk.failed:error\\]: File system Disk .+ failed.\"):msg@> ", + "msg_id" : "NetApp_NetCache:filesystem_disk_failed", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[raid.rg.readerr.repair.data:notice\\]: Fixing bad data on Disk .+\"):msg@>", + "msg_id" : "NetApp_NetCache:disk_fixing_bad_data", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[raid.fdr.update.error:warning\\]: Unable to write FDR to Disk .+\"):msg@>", + "msg_id" : "NetApp_NetCache:unable_write_fdr_disk", + "table" : "Message", + "taxonomy" : "Hardware.Disk", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\[sthread_loop:warning\\]: Potential routing loop detected for .+\"):msg@>", + "msg_id" : "NetApp_NetCache:potential_routing_loop_detected", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://www.netapp.com/", + "version" : "200811170001", + "name" : "NetApp_NetCache", + "description" : "NetApp NetCache Service" +} diff --git a/conf/logmanagement/services/NetFlow.json b/conf/logmanagement/services/NetFlow.json new file mode 100644 index 0000000..4cf9c61 --- /dev/null +++ b/conf/logmanagement/services/NetFlow.json @@ -0,0 +1,22 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> flow-capture[<@PID:pid@>]: STAT: now=<@SECONDS:now@> startup=<@SECONDS:startup@> src_ip=<@IP_ADDR:src_addr@> dst_ip=<@IP_ADDR:dst_addr@> d_ver=<@NUMBER:d_version@> pkts=<@NUMBER:pkts@> flows=<@NUMBER:flows@> lost=<@NUMBER:lost@> reset=<@NUMBER:reset@> filter_drops=<@NUMBER:filter_drops@>", + "msg_id" : "NetFlow:flow_capture_stat", + "table" : "NetFlow_Traffic", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> flow-capture[<@PID:pid@>]: ftpdu_seq_check(): src_ip=<@IP_ADDR:src_addr@> dst_ip=<@IP_ADDR:dst_addr@> d_version=<@NUMBER:d_version@> expecting=<@NUMBER:expecting@> received=<@NUMBER:received@> lost=<@NUMBER:lost@>", + "msg_id" : "NetFlow:flow_capture_stat_ftpdu_seq_check", + "table" : "NetFlow_Traffic", + "taxonomy" : "Network", + "loglevel" : "Notice" + } + ], + "website" : "http://en.wikipedia.org/wiki/Netflow", + "version" : "201109150002", + "name" : "NetFlow", + "description" : "NetFlow Network Protocol" +} diff --git a/conf/logmanagement/services/Netscreen_NSM_System.json b/conf/logmanagement/services/Netscreen_NSM_System.json new file mode 100644 index 0000000..ba89d98 --- /dev/null +++ b/conf/logmanagement/services/Netscreen_NSM_System.json @@ -0,0 +1,1045 @@ +{ + "icon" : "companies/logo_juniper", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+IP spoofing! From.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:ip_spoofing", + "table" : "Netscreen_NSM", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+Port scan! From.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:port_scan", + "table" : "Netscreen_NSM", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+Teardrop attack! From.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:teardrop_attack", + "table" : "Netscreen_NSM", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+ICMP flood! From.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:icmp_flood", + "table" : "Netscreen_NSM", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+SYN flood! From.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:syn_flood", + "table" : "Netscreen_NSM", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+Address sweep! From.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:address_sweep", + "table" : "Netscreen_NSM", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+UDP flood! From.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:udp_flood", + "table" : "Netscreen_NSM", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@REGEXP(\"info\"):category@>, <@REGEXP(\"snmp\"):subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"SNMP: NetScreen device has responded successfully to the SNMP request from .+\"):msg@>, <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:responded_successfully_snmp_request", + "table" : "Netscreen_NSM", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"System clock configurations have been changed by.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:clock_configurations_changed_by", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Log setting was modified to.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:log_setting_modified", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Syslog server.+was \\w+ed.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:syslog_server_added_removed", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"System configuration saved by.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:system_configuration_saved_by", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Backup", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Syslog has been \\w+ed.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:syslog_enabled_disabled", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Admin user .+ has been accepted via the Radius server .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:user_accepted_via_radius", + "table" : "Netscreen_NSM", + "taxonomy" : "Auth.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Syslog.*facility for .+ has been changed to .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:syslog_facility_changed", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Logging of dropped traffic to self.* has been \\w+ed\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:logging_dropped_traffic_modified", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Admin user .+ logged in for .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:user_logged_in", + "table" : "Netscreen_NSM", + "taxonomy" : "Auth.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Admin user .+ has logged on .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:user_logged_on", + "table" : "Netscreen_NSM", + "taxonomy" : "Auth.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Admin user .+ has been forced to log out .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:user_forced_log_out", + "table" : "Netscreen_NSM", + "taxonomy" : "Access.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"SNMP request from an unknown SNMP community .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:snmp_request_unknown_community", + "table" : "Netscreen_NSM", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"SSH: Password authentication successful for .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:ssh_password_authentication_successful", + "table" : "Netscreen_NSM", + "taxonomy" : "Auth.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"SSH: .+ attempted to be authenticated with no authentication methods enabled.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:attempted_authentication_no_methods", + "table" : "Netscreen_NSM", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Management session .+ has timed out\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:management_session_timed_out", + "table" : "Netscreen_NSM", + "taxonomy" : "Access.Failure", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Policy .+ was \\w+ed by .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:policy_added_deleted", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Service .+ has been \\w+ed by .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:service_added_deleted", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Rejected an IKE packet on .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:rejected_ike_packet", + "table" : "Netscreen_NSM", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Address .+ for \\w+ address .+ has been \\w+ed .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:address_added_deleted", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Lock configuration ended.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@> ", + "msg_id" : "Netscreen_NSM_System:lock_configuration_ended", + "table" : "Netscreen_NSM", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Admin user .+ logged out.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:admin_user_logged_out", + "table" : "Netscreen_NSM", + "taxonomy" : "Access", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Address group .+ has \\w+ed member .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:addressgroup_added_deleted_member", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+ device .+ changed state from .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:device_changed_state", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"The physical state of interface .+ has changed to .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:physical_state_interface_changed", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+Ping of Death! From.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:ping_of_death", + "table" : "Netscreen_NSM", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+Large ICMP packet! From.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:large_icmp_packet", + "table" : "Netscreen_NSM", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+Fragmented traffic! From.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:fragmented_traffic", + "table" : "Netscreen_NSM", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+ICMP fragment! From.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:icmp_fragment", + "table" : "Netscreen_NSM", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+ was added to policy .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:added_to_policy", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Policy .+ has been moved .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:policy_has_been_moved", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"System clock \\S+ changed manually.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:clock_changed_manually", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"SSH: Password authentication failed for .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@> ", + "msg_id" : "Netscreen_NSM_System:ssh_password_authentication_failed", + "table" : "Netscreen_NSM", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"SSH: Client .+ attempted to connect with invalid version string.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:ssh_invalid_version_string", + "table" : "Netscreen_NSM", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Trying primary server .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:trying_primary_server", + "table" : "Netscreen_NSM", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Address group .+ has been \\w+ed .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:addressgroup_added_deleted", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Admin user .+ has been rejected via the Radius server .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:user_rejected_via_radius", + "table" : "Netscreen_NSM", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Transport protocol for syslog server .+ was changed .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:syslog_protocol_was_changed", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Syslog server .+ host port number has been changed .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:syslog_port_number_changed", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Traffic logging for syslog server .+ has been \\w+ed.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:syslog_logging_enabled_disabled", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"SIP parser error Message: Cannot find CRLF\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:sip_cannot_find_crlf", + "table" : "Netscreen_NSM", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"SSH: Device failed to send initialization string .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:ssh_failed_initialization_string", + "table" : "Netscreen_NSM", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Source-based routing \\w+abled in .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:source_based_routing_modified", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Session utilization has reached .+ of the system capacity!\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:session_utilization_reached_capacity", + "table" : "Netscreen_NSM", + "taxonomy" : "System.Errors", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"NSRP: HA \\w+ channel change to .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:nsrp_ha_channel_changed", + "table" : "Netscreen_NSM", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"No NTP server could be contacted.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:ntp_server_not_contacted", + "table" : "Netscreen_NSM", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Source route(s) .+ \\w+ed.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:source_route_created_deleted", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+ was deleted from policy .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:deleted_from_policy", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Admin user .+ login attempt .+ failed.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:admin_login_attempt_failed", + "table" : "Netscreen_NSM", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"System clock configurations have been changed.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:system_clock_configurations_changed", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"NSM: Cannot connect to NSM server at .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@> ", + "msg_id" : "Netscreen_NSM_System:cannot_connect_nsm_server", + "table" : "Netscreen_NSM", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"NSM: Connection to NSM server .+ is down.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:nsm_server_connection_down", + "table" : "Netscreen_NSM", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Route(s) in virtual router .+ deleted.*\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:route_deleted", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Peer device \\d+ was discovered.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:peer_device_discovered", + "table" : "Netscreen_NSM", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Peer device .+ disappeared.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:peer_device_disappeared", + "table" : "Netscreen_NSM", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"A route .+ been created.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:route_created", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"NSM: Sent 2B message\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:nsm_sent_2b_message", + "table" : "Netscreen_NSM", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@REGEXP(\"config\"):category@>, <@REGEXP(\"policy load\"):subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, (NULL), (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:policy_load", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@REGEXP(\"self\"):category@>, <@REGEXP(\"self log\"):subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@STRING:severity@>, no, (NULL), (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:self_log", + "table" : "Netscreen_NSM", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"The system clock was updated from primary NTP server.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:clock_updated_from_ntp", + "table" : "Netscreen_NSM", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"NSM: Connected to NSM server .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:nsm_connected_to_server", + "table" : "Netscreen_NSM", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@REGEXP(\"screen\"):category@>, <@REGEXP(\"ids ip spoofing\"):subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@STRING:NULL@>", + "msg_id" : "Netscreen_NSM_System:screen_ids_ip_spoofing", + "table" : "Netscreen_NSM", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@REGEXP(\"info\"):category@>, <@REGEXP(\"clock\"):subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@STRING:NULL@>", + "msg_id" : "Netscreen_NSM_System:info_clock", + "table" : "Netscreen_NSM", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Lock configuration started .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:lock_configuration_started", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+Source Route IP option! From.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:source_route_ip_option", + "table" : "Netscreen_NSM", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Ping has been enabled on interface .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:ping_enabled_on_interface", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Environment variable .+ changed to .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:environment_variable_changed_to", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"PKI: Completed NSRP cold start sync after .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:nsrp_cold_start_sync", + "table" : "Netscreen_NSM", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Trying \\S+ server .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:trying_server", + "table" : "Netscreen_NSM", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Primary .+ servers failed.*\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:servers_failed", + "table" : "Netscreen_NSM", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Auth server .+ set to .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:auth_server_set_to", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Auth server .+ modified.*\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:auth_server_modified", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+ protection has been enabled on .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:protection_enabled", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+ detection has been enabled on .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:detection_enabled", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Daylight Saving Time ended.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:daylight_saving_time_ended", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+ threshold has been set to .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:threshold_set", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"PKI: Saved .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:pki_saved", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+ log was reviewed by .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:log_was_reviewed", + "table" : "Netscreen_NSM", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Zone .+ was .*bound .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:zone_bound_unbound", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Connection to device is restored\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:connection_to_device_restored", + "table" : "Netscreen_NSM", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Interface .+ was .*bound .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:interface_bound_unbound_to", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Interface .+ has been changed.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:interface_has_been_changed", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+ filtering has been enabled on .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:filtering_enabled", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Security Board \\d+ CPU \\d+ Packet Drop Counter \\d+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:security_board_packet_drop", + "table" : "Netscreen_NSM", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"802.1Q VLAN tag .+ \\S+ed.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:vlan_modification", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"MTU for interface.+ has been changed to .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:mtu_interface_been_changed", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Interface .+ removed by .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:interface_removed", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Extraneous exit is issued by .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:extraneous_exit_issued", + "table" : "Netscreen_NSM", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"IKE.+: .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:ike_any_message", + "table" : "Netscreen_NSM", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@REGEXP(\"alarm\"):category@>, <@REGEXP(\"vpn\"):subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"IPSec tunnel on interface .+ received a packet with a bad SPI.+\"):msg@>, <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:ipsec_tunnel_bad_spi", + "table" : "Netscreen_NSM", + "taxonomy" : "Network.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"NSM: Cannot connect to NSM server .+ Reason: .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:nsm_cannot_connect_server", + "table" : "Netscreen_NSM", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Interface .+ created by .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:interface_created", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Network Time Protocol settings changed.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:ntp_settings_changed", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Administrator .+ changed the Network Time Protocol .+ value .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:administrator_changed_ntp_value", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"The NSRP configuration is out of synchronization between .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:nsrp_configuration_outof_synchronization", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Syslog cannot connect to the TCP server .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:syslog_cant_connect_server", + "table" : "Netscreen_NSM", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"PKI: Cannot load .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:pki_cannot_load", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"PKI: .+ has been deleted. .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:pki_object_been_deleted", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Route in virtual router .+ created.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:route_created2", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"The local device .+ changed state from .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:local_device_changed_state", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"VPN .+ has been \\w+d .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:vpn_has_been_modified", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"VPN monitoring .+ has been disabled.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:vpn_monitoring_been_disabled", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"DNS proxy was disabled on .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:dns_proxy_disabled", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Device .+ has joined NSRP cluster .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:device_joined_nsrp_cluster", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"In policy \\d+, the application was modified to .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:in_policy_application_modified", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Gateway .+ has been \\w+ed .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:gateway_has_been_modified", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+ has been disabled on interface .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:service_disabled_on_interface", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Service group .+ has \\w+ed member .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:service_group_modified_member", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"ADM: Local admin authentication failed for .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:local_admin_authentication_failed", + "table" : "Netscreen_NSM", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Domain set to .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:domain_set_to", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Daily DNS lookup has been \\w+ed.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:daily_dns_lookup_modified", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"DHCP server IP address pool is changed.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:dhcp_address_pool_changed", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\".+ issued command .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:issued_command", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@REGEXP(\"info\"):category@>, <@REGEXP(\"snmp\"):subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"SNMP request from .+ has been received, but the SNMP version type is incorrect.\"):msg@>, <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:snmp_version_type_incorrect", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"All syslog servers were removed.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:all_syslog_servers_removed", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"All .+ were cleared by .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@> ", + "msg_id" : "Netscreen_NSM_System:all_were_cleared_by", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Trial keys are available to download .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:trial_keys_available", + "table" : "Netscreen_NSM", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"DIP IP pool .+ has been \\w+ed .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:dip_ip_pool_modified", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"PKI: Cannot build certificate.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:pki_cannot_build_certificate", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"web SSL certificate is changed .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:web_ssl_certificate_changed", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Interface \\S+ IP address cannot be used to manage .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:interface_cannot_manage", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Secondary IP address \\S+ has been added to interface .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:secondary_ip_address_added", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"The console page size changed .+\"):msg@>, <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:console_page_size_changed", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"SSH: PKA authentication successful for .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:ssh_pka_authentication_successful", + "table" : "Netscreen_NSM", + "taxonomy" : "Auth.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"SSH: .+ requested unsupported PKA algorithm .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:ssh_requested_unsupported_pka", + "table" : "Netscreen_NSM", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Multiple login failures occurred for .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:multiples_login_failures_occured", + "table" : "Netscreen_NSM", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"PKI: Cannot save .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:pki_cannot_save", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"SCP: .+ executed invalid scp command.+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:scp_executed_invalid_command", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"SSH: PKA key has been bound .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:ssh_pka_key_bound", + "table" : "Netscreen_NSM", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@REGEXP(\"alarm\"):category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Replay packet detected on IPSec tunnel.+\"):msg@>, <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:ipsec_replay_packet_detected", + "table" : "Netscreen_NSM", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Daylight Saving Time has started.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:daylight_saving_time_started", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Device disconnected from Data Collector .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:device_disconnected_data_collector", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Service group .+ has been changed to .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:service_group_changed", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Connection to device is lost\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:connection_to_device_lost", + "table" : "Netscreen_NSM", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Reporting of .+ has been enabled.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:reporting_been_enabled", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Vsys profile .+ has been set .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:vsys_profile_been_set", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"The power supply \\d+ is not functioning properly.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:power_supply_problem", + "table" : "Netscreen_NSM", + "taxonomy" : "Hardware.Power", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Interface .+ was removed from the monitoring list for NSRP.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:interface_removed_from_monitoring", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"SSH: PKA authentication failed for .+\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:ssh_pka_authentication_failed", + "table" : "Netscreen_NSM", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"HA: Synchronization file.+ sent to backup device in cluster.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:synchronization_file_cluster_sent", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@REGEXP(\"global.*\"):NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, SYSTEM, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, no, <@REGEXP(\"Zone .+ was \\w+ed.\"):msg@>, (NULL), (NULL), (NULL), <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_System:zone_modified", + "table" : "Netscreen_NSM", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + } + ], + "website" : "http://www.juniper.net/products_and_services/firewall_slash_ipsec_vpn/", + "version" : "200704300011", + "name" : "Netscreen_NSM_System", + "description" : "Netscreen NSM System Service" +} diff --git a/conf/logmanagement/services/Netscreen_NSM_Traffic.json b/conf/logmanagement/services/Netscreen_NSM_Traffic.json new file mode 100644 index 0000000..ccdfe56 --- /dev/null +++ b/conf/logmanagement/services/Netscreen_NSM_Traffic.json @@ -0,0 +1,30 @@ +{ + "icon" : "companies/logo_juniper", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@WORD:NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@REGEXP(\"traffic.*\"):category@>, <@REGEXP(\"traffic.*\"):subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, <@WORD:NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_Traffic:traffic", + "table" : "Netscreen_NSM", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@WORD:NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@REGEXP(\"self\"):category@>, <@REGEXP(\"self log\"):subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, <@WORD:NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@WORD:NULL@>, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_Traffic:self_log", + "table" : "Netscreen_NSM", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@NUMBER:NULL@>, <@NUMBER:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@DATE:NULL@> <@TIME:NULL@>, <@WORD:NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, <@IP_ADDR:NULL@>, <@STRING:category@>, <@STRING:subcategory@>, <@STRING:src_zone@>, (NULL), <@IP_ADDR:src_addr@>, <@NUMBER:src_port@>, <@IP_ADDR:src_nat_addr@>, <@NUMBER:NULL@>, <@STRING:dst_zone@>, (NULL), <@IP_ADDR:dst_addr@>, <@NUMBER:dst_port@>, <@IP_ADDR:dst_nat_addr@>, <@NUMBER:NULL@>, <@WORD:protocol@>, <@WORD:NULL@>, <@NUMBER:NULL@>, <@WORD:NULL@>, idp, <@NUMBER:rule@>, <@STRING:action@>, <@WORD:severity@>, <@REGEXP(\".+\"):NULL@>", + "msg_id" : "Netscreen_NSM_Traffic:idp", + "table" : "Netscreen_NSM", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + } + ], + "website" : "http://www.juniper.net/products_and_services/firewall_slash_ipsec_vpn/", + "version" : "200703120002", + "name" : "Netscreen_NSM_Traffic", + "description" : "Netscreen NSM Traffic Service" +} diff --git a/conf/logmanagement/services/Netscreen_System.json b/conf/logmanagement/services/Netscreen_System.json new file mode 100644 index 0000000..476012d --- /dev/null +++ b/conf/logmanagement/services/Netscreen_System.json @@ -0,0 +1,1486 @@ +{ + "icon" : "companies/logo_juniper", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SYN flood! .+\"):msg@>", + "msg_id" : "Netscreen_System:syn_flood", + "table" : "Message", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"IP spoofing! .+\"):msg@>", + "msg_id" : "Netscreen_System:ip_spoofing", + "table" : "Message", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SNMP: NetScreen device has responded successfully to the SNMP request from .+\"):msg@>", + "msg_id" : "Netscreen_System:responded_successfully_snmp_request", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Admin user \\S+ has been accepted via the Radius server at .+\"):msg@>", + "msg_id" : "Netscreen_System:admin_accepted_via_radius", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Address .+ in zone \\S+ has been \\S+ed by .+\"):msg@>", + "msg_id" : "Netscreen_System:address_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Admin user \\S+ logged in for Web.+ management .+ from .+\"):msg@>", + "msg_id" : "Netscreen_System:admin_logged_in_web", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Admin user \\S+ logged out for Web.+ management .+ from .+\"):msg@>", + "msg_id" : "Netscreen_System:admin_logged_out_web", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Management session via .+ for .+ has timed out .+\"):msg@>", + "msg_id" : "Netscreen_System:session_timed_out", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"System configuration saved .+\"):msg@>", + "msg_id" : "Netscreen_System:system_config_saved", + "table" : "Message", + "taxonomy" : "Config.Backup", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Policy .+ was \\S+ by .+\"):msg@>", + "msg_id" : "Netscreen_System:policy_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Address group .+ has \\S+ member .+ by .+\"):msg@>", + "msg_id" : "Netscreen_System:address_group_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SSH: Admin \\S+ at host \\S+ attempted to be authenticated with no authentication methods enabled.+\"):msg@>", + "msg_id" : "Netscreen_System:ssh_no_authentication_methods", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SSH: Password authentication successful for \\S+ user \\S+ at host .+\"):msg@>", + "msg_id" : "Netscreen_System:ssh_authent_successful", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Admin user \\S+ has logged on via .+\"):msg@>", + "msg_id" : "Netscreen_System:user_logged_on", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Admin user \\S+ has logged out via .+\"):msg@>", + "msg_id" : "Netscreen_System:user_logged_out", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Teardrop attack! .+\"):msg@>", + "msg_id" : "Netscreen_System:teardrop_attack", + "table" : "Message", + "taxonomy" : "Attack", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"FIN but no ACK bit! From \\S+ to .+. Occurred \\d+ times.+\"):msg@>", + "msg_id" : "Netscreen_System:fin_but_no_ack", + "table" : "Message", + "taxonomy" : "Attack", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"ICMP flood! .+\"):msg@>", + "msg_id" : "Netscreen_System:icmp_flood", + "table" : "Message", + "taxonomy" : "Attack", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Port scan! .+\"):msg@>", + "msg_id" : "Netscreen_System:port_scan", + "table" : "Message", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Address sweep! .+\"):msg@>", + "msg_id" : "Netscreen_System:address_sweep", + "table" : "Message", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"System clock was changed manually.+\"):msg@>", + "msg_id" : "Netscreen_System:system_clock_changed_manually", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Service .+ has been \\S+ by .+\"):msg@>", + "msg_id" : "Netscreen_System:service_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Service group .+ has \\w+ed member .+\"):msg@>", + "msg_id" : "Netscreen_System:service_group_member_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Policy \\d+ has been moved \\S+ \\d+ by .+\"):msg@>", + "msg_id" : "Netscreen_System:policy_been_moved", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Admin .+ has been forced to log out of the .+ session.+\"):msg@>", + "msg_id" : "Netscreen_System:forced_log_out", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"System clock configurations have been changed.+\"):msg@>", + "msg_id" : "Netscreen_System:system_clock_configurations_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Address group .+ ha\\w+ been \\w+ed .+\"):msg@>", + "msg_id" : "Netscreen_System:address_group_been_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\".+ \\w+abled on interface .+\"):msg@>", + "msg_id" : "Netscreen_System:en_disabled_on_interface", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Interface .+ operational mode has been changed to .+ by .+\"):msg@>", + "msg_id" : "Netscreen_System:interface_operational_mode_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Multiple login failures occurred for user \\S+ from IP address .+\"):msg@>", + "msg_id" : "Netscreen_System:multiple_login_failures", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SSH: Password authentication failed .+\"):msg@>", + "msg_id" : "Netscreen_System:ssh_authent_failed", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SSH: PKA authentication successful for .+ at host .+\"):msg@>", + "msg_id" : "Netscreen_System:ssh_pka_authentication_successful", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"The local device .+ in the Virtual Security Device group .+ changed state from .+\"):msg@>", + "msg_id" : "Netscreen_System:local_device_changed_state", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"A route in virtual router .+ that has IP address .+ through interface .+ and gateway .+ with metric \\d+ has been created.+\"):msg@>", + "msg_id" : "Netscreen_System:route_has_been_created", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Peer device .+ changed state from .+\"):msg@>", + "msg_id" : "Netscreen_System:peer_device_changed_state", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Save configuration to IP address .+ under filename .+ by .+\"):msg@>", + "msg_id" : "Netscreen_System:save_configuration_under_filename", + "table" : "Message", + "taxonomy" : "Config.Backup", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"NSM has been \\w+abled.+\"):msg@> ", + "msg_id" : "Netscreen_System:nsm_has_been_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"The physical state of interface \\S+ has changed to \\S+.+\"):msg@>", + "msg_id" : "Netscreen_System:physical_state_interface_changed", + "table" : "Message", + "taxonomy" : "Hardware.Network", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Admin user .+ has been rejected via the Radius server at .+\"):msg@>", + "msg_id" : "Netscreen_System:admin_rejected_via_radius", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Interface .+ has been changed from \\S+ to .+\"):msg@>", + "msg_id" : "Netscreen_System:interface_has_been_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"No NTP server could be contacted.+\"):msg@>", + "msg_id" : "Netscreen_System:ntp_couldnot_be_contacted", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Environment variable .+ changed to .+\"):msg@>", + "msg_id" : "Netscreen_System:environment_variable_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Trying \\S+ server.+\"):msg@>", + "msg_id" : "Netscreen_System:trying_server", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Peer device \\d+ disappeared.+\"):msg@>", + "msg_id" : "Netscreen_System:peer_device_disappeared", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Admin user .+ login attempt for Web.+ management .+ from .+ failed.+\"):msg@>", + "msg_id" : "Netscreen_System:login_attempt_web", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"UDP flood! .+\"):msg@>", + "msg_id" : "Netscreen_System:udp_flood", + "table" : "Message", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Address .+ for ip address \\S+ in zone .+ has been deleted by .+\"):msg@>", + "msg_id" : "Netscreen_System:address_has_been_deleted", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SYN and FIN bits! .+\"):msg@>", + "msg_id" : "Netscreen_System:syn_fin_bits", + "table" : "Message", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"No TCP flag! From \\S+ to \\S+, proto TCP.+\"):msg@>", + "msg_id" : "Netscreen_System:no_tcp_flag", + "table" : "Message", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Syslog has been \\w+abled.+\"):msg@>", + "msg_id" : "Netscreen_System:syslog_been_dis_enabled", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\".+ was added to policy .+\"):msg@>", + "msg_id" : "Netscreen_System:added_to_policy", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Lock configuration ended by task .+\"):msg@>", + "msg_id" : "Netscreen_System:lock_config_ended", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Lock configuration started by task .+\"):msg@>", + "msg_id" : "Netscreen_System:lock_config_started", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"PKI: Saved CA configuration.+\"):msg@>", + "msg_id" : "Netscreen_System:pki_saved_ca_configuration", + "table" : "Message", + "taxonomy" : "Config.Backup", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"PKI: OTHER PKI OBJECT has been deleted.+\"):msg@>", + "msg_id" : "Netscreen_System:pki_object_deleted", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"PKI: Saved \\w+ PUBLIC KEY .+\"):msg@>", + "msg_id" : "Netscreen_System:pki_saved_public_key", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\".+ was deleted from policy .+\"):msg@>", + "msg_id" : "Netscreen_System:was_deleted_from_policy", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Auth server .+ has been deleted.+\"):msg@>", + "msg_id" : "Netscreen_System:auth_server_been_deleted", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Ping of Death! .+\"):msg@>", + "msg_id" : "Netscreen_System:ping_of_death", + "table" : "Message", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"The \\S+ power supply is not functioning properly.+\"):msg@>", + "msg_id" : "Netscreen_System:power_supply_functioning_unproperly", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Interface \\S+ was unbound from zone .+ by .+\"):msg@>", + "msg_id" : "Netscreen_System:interface_unbound_from_zone", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"802.1Q VLAN tag \\d+ has been \\S+ed.+\"):msg@>", + "msg_id" : "Netscreen_System:8021q_vlan_tag_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"An optional ScreenOS feature has been activated via a software key.+\"):msg@>", + "msg_id" : "Netscreen_System:optional_feature_activated", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Interface \\S+ 802.1Q tag has been \\S+ed .+\"):msg@>", + "msg_id" : "Netscreen_System:interface_8021q_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SSH: Failed to retreive PKA key bound to SSH user .+\"):msg@>", + "msg_id" : "Netscreen_System:ssh_failed_retreive_pka", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Interface \\S+ was bound to zone .+ by .+\"):msg@>", + "msg_id" : "Netscreen_System:interface_bound_to_zone", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Interface \\S+ in .+ was \\S+ed by .+\"):msg@>", + "msg_id" : "Netscreen_System:interface_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Peer device \\d+ was discovered.+\"):msg@>", + "msg_id" : "Netscreen_System:peer_device_discovered", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"primary NTP server could not be contacted.+\"):msg@>", + "msg_id" : "Netscreen_System:ntp_couldnt_be_contacted", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Network Time Protocol settings changed.+\"):msg@>", + "msg_id" : "Netscreen_System:ntp_settings_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"ICMP fragment! .+\"):msg@>", + "msg_id" : "Netscreen_System:icmp_fragment", + "table" : "Message", + "taxonomy" : "Attack", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SIP parser error Message: Cannot find CRLF.+\"):msg@>", + "msg_id" : "Netscreen_System:sip_parser_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Large ICMP packet! .+\"):msg@>", + "msg_id" : "Netscreen_System:large_icmp_packet", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Source Route IP option! .+\"):msg@>", + "msg_id" : "Netscreen_System:source_route_ip_option", + "table" : "Message", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Administrator \\S+ issued command .+\"):msg@> ", + "msg_id" : "Netscreen_System:administrator_issued_command", + "table" : "Message", + "taxonomy" : "Config", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"The console page size changed from \\d+ to \\d+.*\"):msg@>", + "msg_id" : "Netscreen_System:console_pagesize_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Log setting was modified to \\S+able \\S+ level by .+\"):msg@>", + "msg_id" : "Netscreen_System:log_setting_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Interface \\S+ IP address can be used to manage .+\"):msg@>", + "msg_id" : "Netscreen_System:interface_can_manage", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Interface \\S+ IP address cannot be used to manage .+\"):msg@>", + "msg_id" : "Netscreen_System:interface_cannot_manage", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Rejected an IKE packet .+\"):msg@>", + "msg_id" : "Netscreen_System:rejected_ike_packet", + "table" : "Message", + "taxonomy" : "Access.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SNMP request from an unknown SNMP community \\S+ at \\S+ has been received.+\"):msg@>", + "msg_id" : "Netscreen_System:snmp_request_unknown_community", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SSH: Device failed to send initialization string to client at .+\"):msg@>", + "msg_id" : "Netscreen_System:ssh_failed_initialization_string", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\".+ protection has been disabled on zone .+\"):msg@>", + "msg_id" : "Netscreen_System:protection_disabled", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"The system configuration was not saved by .+\"):msg@>", + "msg_id" : "Netscreen_System:system_config_not_saved", + "table" : "Message", + "taxonomy" : "Config", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Interface .+ was added/updated to the monitoring list of NSRP.+\"):msg@>", + "msg_id" : "Netscreen_System:interface_monitoring_list", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"The system configuration was loaded from IP address \\S+ under filename \\S+ by .+\"):msg@>", + "msg_id" : "Netscreen_System:system_config_loaded", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"PKI: \\w+ PUBLIC KEY .+ has been deleted.+\"):msg@>", + "msg_id" : "Netscreen_System:pki_public_key_deleted", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"A route has been created in virtual router \\S+with an IP address \\S+ and next-hop as virtual router .+\"):msg@>", + "msg_id" : "Netscreen_System:route_created_vr", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"PKI: Completed NSRP cold start sync after \\d+ attempts.+\"):msg@>", + "msg_id" : "Netscreen_System:nsrp_completed_sync", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Route\\(s\\) in virtual router .+ with an IP address \\S+ and gateway \\S+ has been deleted.+\"):msg@>", + "msg_id" : "Netscreen_System:routes_deleted", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SCP: Admin .+ executed invalid \\S+ command:.+\"):msg@>", + "msg_id" : "Netscreen_System:executed_invalid", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Generating alarms without dropping pkts has been \\S+abled on zone .+\"):msg@>", + "msg_id" : "Netscreen_System:alarms_dropping_pkts", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SSH: Admin user .+ at host \\S+ requested unsupported PKA algorithm .+\"):msg@>", + "msg_id" : "Netscreen_System:unsupported_pka_algorithm", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"All power supplies are now functioning properly.+\"):msg@>", + "msg_id" : "Netscreen_System:power_functioning_properly", + "table" : "Message", + "taxonomy" : "Hardware", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Bad IP option! From \\S+ to \\S+, .+\"):msg@>", + "msg_id" : "Netscreen_System:bad_ip_option", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Fragmented traffic! .+\"):msg@>", + "msg_id" : "Netscreen_System:fragmented_traffic", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Request to retrieve license key failed to reach server by manual retrieval.+\"):msg@> ", + "msg_id" : "Netscreen_System:failed_retrieve_license_key", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"The virtual router .+ has been made default virtual router for virtual system .+\"):msg@>", + "msg_id" : "Netscreen_System:vr_made_default", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\".+ servers failed.+\"):msg@>", + "msg_id" : "Netscreen_System:servers_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Zone .+ was bound to virtual router .+\"):msg@>", + "msg_id" : "Netscreen_System:zone_bound_to_vr", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"All traffic logs were cleared by .+\"):msg@>", + "msg_id" : "Netscreen_System:all_traffic_logs_cleared", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"New zone .+ was created.+\"):msg@>", + "msg_id" : "Netscreen_System:new_zone_created", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"arp \\w+, detect IP conflict .+\"):msg@>", + "msg_id" : "Netscreen_System:detect_ip_conflict", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"HA: Synchronization file.+ sent to backup device in cluster.+\"):msg@>", + "msg_id" : "Netscreen_System:synchronization_file_cluster_sent", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Source-based routing \\S+ed in .+\"):msg@>", + "msg_id" : "Netscreen_System:source_based_routing_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Source route\\S+ in virtual router .+ with route addresses of .+ \\S+ed.+\"):msg@>", + "msg_id" : "Netscreen_System:source_route_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Secondary IP address .+ has been added to interface .+\"):msg@>", + "msg_id" : "Netscreen_System:secondary_ip_added", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"DIP IP pool .+ has been \\S+ed .+\"):msg@>", + "msg_id" : "Netscreen_System:dip_ip_pool_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"NSM Device ID was \\w+set.+\"):msg@>", + "msg_id" : "Netscreen_System:nsm_device_id_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"NSM \\S+ server with name .+ was \\w*set.+\"):msg@>", + "msg_id" : "Netscreen_System:nsm_server_set_unset", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SSH: Client .+ attempted to connect with invalid version string.+\"):msg@>", + "msg_id" : "Netscreen_System:ssh_invalid_version_string", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"PKI: CA CERT has been deleted.+\"):msg@>", + "msg_id" : "Netscreen_System:pki_ca_cert_deleted", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"PKI: Saved CA CERT with .+\"):msg@>", + "msg_id" : "Netscreen_System:pki_saved_ca_cert", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"PKI: Saved REFERENCES OF CA CERT with.+\"):msg@>", + "msg_id" : "Netscreen_System:pki_saved_ca_references", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"PKI: Saved CA config.+\"):msg@>", + "msg_id" : "Netscreen_System:pki_saved_ca_config", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"IKE.*: .+\"):msg@>", + "msg_id" : "Netscreen_System:ike_any_message", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Syslog server .+ was \\w+ed.+\"):msg@>", + "msg_id" : "Netscreen_System:syslog_server_added_removed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Logging of dropped traffic to self.* has been \\w+bled.+\"):msg@>", + "msg_id" : "Netscreen_System:logging_dropped_traffic_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"PKI: Cannot load certificate file.+\"):msg@>", + "msg_id" : "Netscreen_System:cannot_load_certificate_file", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"web SSL certificate changed to .+\"):msg@>", + "msg_id" : "Netscreen_System:web_ssl_certificate_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"NSRP: HA .+ channel change to .+\"):msg@>", + "msg_id" : "Netscreen_System:nsrp_ha_channel_change", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Network Time Protocol adjustment .+ from NTP server .+ exceeds the allowed adjustment .+\"):msg@>", + "msg_id" : "Netscreen_System:ntp_exceeds_allowed_adjustment", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"No acceptable time could be obtained from any NTP server.+\"):msg@>", + "msg_id" : "Netscreen_System:no_acceptable_time_ntp", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Gateway .+ has been \\w+ed .+\"):msg@>", + "msg_id" : "Netscreen_System:gateway_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"IPSec tunnel on interface .+ received a packet with a bad SPI.+\"):msg@>", + "msg_id" : "Netscreen_System:ipsec_tunnel_bad_spi", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"VPN .+ has been \\w+ed.+\"):msg@>", + "msg_id" : "Netscreen_System:vpn_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Route.+ \\w+ted.+\"):msg@>", + "msg_id" : "Netscreen_System:route_created_deleted", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"ADM: Local admin authentication failed for login name .+\"):msg@>", + "msg_id" : "Netscreen_System:local_admin_authentication_failed", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Session utilization has reached .+ of the system capacity!.+\"):msg@>", + "msg_id" : "Netscreen_System:session_utilization_reached_capacity", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Traffic log was reviewed by .+\"):msg@>", + "msg_id" : "Netscreen_System:traffic_log_reviewed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Auth server .+ has been \\w+ed.+\"):msg@>", + "msg_id" : "Netscreen_System:auth_server_been_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Auth server .+ .*set to .+\"):msg@>", + "msg_id" : "Netscreen_System:auth_server_set_unset", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Route-lookup preference changed to .+\"):msg@>", + "msg_id" : "Netscreen_System:route_lookup_preference_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Subnetwork conflict checking for interfaces .+ has been \\w+abled.+\"):msg@>", + "msg_id" : "Netscreen_System:subnetwork_conflict_checking_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Auth server .+ name is unset.+\"):msg@>", + "msg_id" : "Netscreen_System:auth_server_name_unset", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Auth server .+ is \\w+ed.+\"):msg@>", + "msg_id" : "Netscreen_System:auth_server_is_modified_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Replay packet detected on IPSec tunnel.+\"):msg@>", + "msg_id" : "Netscreen_System:ipsec_replay_packet_detected", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Source route\\(s\\) .+ created.+\"):msg@>", + "msg_id" : "Netscreen_System:source_routes_created", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Number of .+ retries for auth server .+ is set to .+\"):msg@>", + "msg_id" : "Netscreen_System:set_authserver_number_retries", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Forced timeout for Auth server .+ is unset to its default value.+\"):msg@>", + "msg_id" : "Netscreen_System:timeoutauthserver_unset_default", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\".+ protection has been enabled on .+\"):msg@>", + "msg_id" : "Netscreen_System:protection_enabled", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\".+ detection has been enabled on .+\"):msg@>", + "msg_id" : "Netscreen_System:detection_enabled", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\".+ flood threshold has been set to .+\"):msg@>", + "msg_id" : "Netscreen_System:flood_threshold_set", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"DHCP server .+ is changed.+\"):msg@>", + "msg_id" : "Netscreen_System:dhcp_server_conf_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Management restriction .+ has been added.+\"):msg@>", + "msg_id" : "Netscreen_System:management_restriction_added", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Reporting .+ to NSM has been enabled.+\"):msg@>", + "msg_id" : "Netscreen_System:reporting_to_nsm_enabled", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"All logged events or alarms were cleared by .+\"):msg@>", + "msg_id" : "Netscreen_System:all_logged_events_cleared", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Daylight Saving Time ended.+\"):msg@>", + "msg_id" : "Netscreen_System:daylight_saving_time_ended", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Administrator .+ changed the Network Time Protocol.+\"):msg@>", + "msg_id" : "Netscreen_System:administrator_changed_ntp_config", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\".+ filtering has been enabled on .+\"):msg@>", + "msg_id" : "Netscreen_System:filtering_enabled", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Intra-zone block for .+ was set .+\"):msg@>", + "msg_id" : "Netscreen_System:intrazone_block_set", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"VPN .+ has been bound to tunnel .+\"):msg@>", + "msg_id" : "Netscreen_System:vpn_bound_to_tunnel", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"MTU for interface.*has been changed to .+\"):msg@>", + "msg_id" : "Netscreen_System:mtu_interface_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Zone .+ was deleted.+\"):msg@>", + "msg_id" : "Netscreen_System:zone_deleted", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"NSM: Connection to NSM server at .+ is down.+\"):msg@>", + "msg_id" : "Netscreen_System:nsm_server_connection_down", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"NSM: Cannot connect to NSM server at .+\"):msg@>", + "msg_id" : "Netscreen_System:nsm_cannot_connect_server", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"NSM: Connected to NSM server at .+\"):msg@>", + "msg_id" : "Netscreen_System:nsm_connected_to_server", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"NSM: Sent \\S+ message.+\"):msg@>", + "msg_id" : "Netscreen_System:nsm_sent_message", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"The NSRP configuration is out of synchronization between the local device and the peer device.+\"):msg@>", + "msg_id" : "Netscreen_System:nsrp_config_outof_synchronization", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Extraneous exit is issued by .+\"):msg@>", + "msg_id" : "Netscreen_System:extraneous_exit_issued", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Security Board \\d+ CPU \\d+ Packet Drop Counter .+\"):msg@>", + "msg_id" : "Netscreen_System:security_board_packet_drop", + "table" : "Message", + "taxonomy" : "Hardware.Network", + "loglevel" : "Emergency" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"VPN .+ is up.+\"):msg@>", + "msg_id" : "Netscreen_System:vpn_is_up", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Transport protocol for syslog server .+ was changed .+\"):msg@>", + "msg_id" : "Netscreen_System:syslog_transport_protocol_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Event log was reviewed by .+\"):msg@>", + "msg_id" : "Netscreen_System:event_log_reviewed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Syslog .+ has been changed .+\"):msg@>", + "msg_id" : "Netscreen_System:syslog_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Traffic logging .+ has been \\w+abled.+\"):msg@>", + "msg_id" : "Netscreen_System:traffic_logging_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"PKI: Cannot build certificate .+\"):msg@>", + "msg_id" : "Netscreen_System:pki_cannot_build_certificate", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"All syslog servers were removed.+\"):msg@>", + "msg_id" : "Netscreen_System:all_syslog_servers_removed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"PKI: Cannot save .+\"):msg@>", + "msg_id" : "Netscreen_System:pki_cannot_save", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"The system clock was updated from .+ NTP server type .+ with .+ adjustment of .+ ms. Authentication was .+. Update mode was .+\"):msg@>", + "msg_id" : "Netscreen_System:clock_updated_from_ntp", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SSH: PKA authentication failed for .+\"):msg@>", + "msg_id" : "Netscreen_System:ssh_pka_authentication_failed", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Multiple login failures occurred for .+\"):msg@>", + "msg_id" : "Netscreen_System:multiples_login_failures_occured", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"System log was reviewed by .+\"):msg@>", + "msg_id" : "Netscreen_System:system_log_was_reviewed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"NSM Device ID was set to .+\"):msg@>", + "msg_id" : "Netscreen_System:nsm_deviceid_was_set", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"NSM .+ \\w*set. .+\"):msg@>", + "msg_id" : "Netscreen_System:nsm_configuration_set_unset", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Service group .+ has been changed to .+\"):msg@>", + "msg_id" : "Netscreen_System:service_group_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"NSM keys were deleted.+\"):msg@>", + "msg_id" : "Netscreen_System:nsm_keys_were_deleted", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Daylight Saving Time has started.+\"):msg@>", + "msg_id" : "Netscreen_System:daylight_saving_time_started", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Vsys profile .+ has been set to .+\"):msg@>", + "msg_id" : "Netscreen_System:vsys_profile_been_set", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Trial keys are available to download to enable advanced features.+\"):msg@>", + "msg_id" : "Netscreen_System:trial_keys_available", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Interface .+ was removed from the monitoring list for NSRP.*\"):msg@>", + "msg_id" : "Netscreen_System:interface_removed_from_monitoring", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"PKI: A configurable item .+ field has changed from.+\"):msg@>", + "msg_id" : "Netscreen_System:pki_configurable_item_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Reporting of .+ has been .+\"):msg@>", + "msg_id" : "Netscreen_System:reporting_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"An administrator set the SIP .+\"):msg@>", + "msg_id" : "Netscreen_System:administrator_set_sip_parameter", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"PIMSM Error in initializing .+\"):msg@>", + "msg_id" : "Netscreen_System:pimsm_error_initializing", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SSH: Failed to negotiate .+\"):msg@>", + "msg_id" : "Netscreen_System:ssh_failed_to_negotiate", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Web filtering .+ has been changed.*\"):msg@>", + "msg_id" : "Netscreen_System:web_filtering_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"DHCP client .*has been .+\"):msg@>", + "msg_id" : "Netscreen_System:dhcp_client_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"CLI logging has been .+\"):msg@>", + "msg_id" : "Netscreen_System:cli_logging_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"IGMP .+ was changed to .+\"):msg@>", + "msg_id" : "Netscreen_System:igmp_parameter_was_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Track IP .+ changed from .+\"):msg@>", + "msg_id" : "Netscreen_System:track_ip_parameter_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"L2TP default .+ changed .+\"):msg@>", + "msg_id" : "Netscreen_System:l2tp_default_parameter_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"The NetScreen device was unable to upgrade .+\"):msg@>", + "msg_id" : "Netscreen_System:netscreen_device_unable_upgrade", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"web SSL .+ has been changed .+\"):msg@>", + "msg_id" : "Netscreen_System:web_ssl_parameter_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SNMP .+ has been changed .+\"):msg@>", + "msg_id" : "Netscreen_System:snmp_parameter_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"ADSL line failed .+\"):msg@>", + "msg_id" : "Netscreen_System:adsl_line_failed", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"ADSL Line UP .+\"):msg@>", + "msg_id" : "Netscreen_System:adsl_line_up", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"License key .+ is due to expire .+\"):msg@>", + "msg_id" : "Netscreen_System:licence_key_expire", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"\\w+ watermark for early aging has been changed .+\"):msg@>", + "msg_id" : "Netscreen_System:watermark_been_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Admin account \\w+ed for .+\"):msg@>", + "msg_id" : "Netscreen_System:admin_account_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Attack group \\w+ was \\w+ed .+\"):msg@>", + "msg_id" : "Netscreen_System:attack_group_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SSH: SSH user .+ has been authenticated using .+\"):msg@>", + "msg_id" : "Netscreen_System:ssh_user_authenticated_using", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SCP: Admin user .+ transferred file .+\"):msg@>", + "msg_id" : "Netscreen_System:scp_admin_transferred_file", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"VPN monitoring .+ has been \\w*set.*\"):msg@>", + "msg_id" : "Netscreen_System:vpn_monitoring_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"PPPoE session shut\\w* down.+\"):msg@>", + "msg_id" : "Netscreen_System:pppoe_session_shut_down", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"PPPoA .+ failed to .+\"):msg@>", + "msg_id" : "Netscreen_System:pppoa_failed_to", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"Interface .+ switching to .+ mode.\"):msg@>", + "msg_id" : "Netscreen_System:interface_switching_to_mode", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"The NetScreen device is attempting to contact the .+ NTP server .+\"):msg@>", + "msg_id" : "Netscreen_System:attempting_contact_ntp_server", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"PKI: Unable to decrypt .+\"):msg@>", + "msg_id" : "Netscreen_System:pki_unable_to_decrypt", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\".+ blocked! From .+ to .+\"):msg@>", + "msg_id" : "Netscreen_System:content_blocked", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"PKI: Cannot generate .+\"):msg@>", + "msg_id" : "Netscreen_System:pki_cannot_generate", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://www.juniper.net/products_and_services/firewall_slash_ipsec_vpn/", + "version" : "200902160002", + "name" : "Netscreen_System", + "description" : "Netscreen System Service" +} diff --git a/conf/logmanagement/services/Netscreen_System_Antivirus.json b/conf/logmanagement/services/Netscreen_System_Antivirus.json new file mode 100644 index 0000000..8e2fb92 --- /dev/null +++ b/conf/logmanagement/services/Netscreen_System_Antivirus.json @@ -0,0 +1,72 @@ +{ + "icon" : "companies/logo_juniper", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SCAN-MGR: Internal error occurred .+\"):msg@>", + "msg_id" : "Netscreen_System_Antivirus:scanmgr_internal_error_occured", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"AV: Content from .+ was not scanned .+\"):msg@>", + "msg_id" : "Netscreen_System_Antivirus:content_was_not_scanned", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SCAN-MGR: New AV pattern file has been updated.+\"):msg@>", + "msg_id" : "Netscreen_System_Antivirus:scanmgr_pattern_file_updated", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"AV .+ has been set to .+\"):msg@>", + "msg_id" : "Netscreen_System_Antivirus:av_parameter_been_set", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SCAN-MGR: URL for AV pattern update server has been .+\"):msg@>", + "msg_id" : "Netscreen_System_Antivirus:scanmgr_update_server_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"SCAN-MGR: .+ has been set to .+\"):msg@>", + "msg_id" : "Netscreen_System_Antivirus:scanmgr_parameter_been_set", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"AV: Content from .+ is passed due to scan-engine error or constraint with code 5 for exceeding max decompress layer limit.+\"):msg@> (<@DATE_TIME_NS:NULL@>)", + "msg_id" : "Netscreen_System_Antivirus:exceeding_max_decompress_layer", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"AV: Content from .+ is passed because maximum content size is exceeded.+\"):msg@> (<@DATE_TIME_NS:NULL@>)", + "msg_id" : "Netscreen_System_Antivirus:max_size_exceeded", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:NULL@><@WORD:msg_id@>: <@REGEXP(\"AV: VIRUS FOUND:.+\"):msg@>(<@DATE_TIME_NS:NULL@>)", + "msg_id" : "Netscreen_System_Antivirus:virus_found", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + } + ], + "website" : "http://www.juniper.net/products_and_services/firewall_slash_ipsec_vpn/", + "version" : "201002250006", + "name" : "Netscreen_System_Antivirus", + "description" : "Netscreen System Antivirus Service" +} diff --git a/conf/logmanagement/services/Netscreen_Traffic.json b/conf/logmanagement/services/Netscreen_Traffic.json new file mode 100644 index 0000000..95d0718 --- /dev/null +++ b/conf/logmanagement/services/Netscreen_Traffic.json @@ -0,0 +1,100 @@ +{ + "icon" : "companies/logo_juniper", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:vrouter@><@WORD:NULL@>: start_time=<@STRING:NULL@> duration=<@NUMBER:duration@> policy_id=<@NUMBER:policy_id@> service=<@STRING:service@> proto=<@NUMBER:ip_protocol@> src zone=<@STRING:src_zone@> dst zone=<@STRING:dst_zone@> action=<@STRING:status@> sent=<@BYTES:sent_bytes@> rcvd=<@BYTES:rcvd_bytes@> src=<@IP_ADDR:src_addr@> dst=<@IP_ADDR:dst_addr@> src_port=<@NUMBER:src_port@> dst_port=<@NUMBER:dst_port@>", + "msg_id" : "Netscreen_Traffic:traffic", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:vrouter@><@WORD:NULL@>: start_time=<@STRING:NULL@> duration=<@NUMBER:duration@> policy_id=<@NUMBER:policy_id@> service=<@STRING:service@> proto=<@NUMBER:ip_protocol@> src zone=<@STRING:src_zone@> dst zone=<@STRING:dst_zone@> action=<@STRING:status@> sent=<@BYTES:sent_bytes@> rcvd=<@BYTES:rcvd_bytes@> src=<@IP_ADDR:src_addr@> dst=<@STRING:dst_addr@> src_port=<@NUMBER:src_port@> dst_port=<@NUMBER:dst_port@> session_id=<@NUMBER:NULL@>", + "msg_id" : "Netscreen_Traffic:traffic_session", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:vrouter@><@WORD:NULL@>: start_time=<@STRING:NULL@> duration=<@NUMBER:duration@> policy_id=<@NUMBER:policy_id@> service=<@STRING:service@> proto=<@NUMBER:ip_protocol@> src zone=<@STRING:src_zone@> dst zone=<@STRING:dst_zone@> action=<@STRING:status@> sent=<@WORD:sent_bytes@> rcvd=<@WORD:rcvd_bytes@> src=<@IP_ADDR:src_addr@> dst=<@STRING:dst_addr@> src_port=<@NUMBER:NULL@> dst_port=<@NUMBER:NULL@> src_port=<@NUMBER:src_port@> dst_port=<@NUMBER:dst_port@> dst-xlated ip=<@IP_ADDR:NULL@> port=<@NUMBER:NULL@> session_id=<@WORD:NULL@> reason=<@STRING:NULL@>", + "msg_id" : "Netscreen_Traffic:traffic_age_out", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:vrouter@><@WORD:NULL@>: start_time=<@STRING:NULL@> duration=<@NUMBER:duration@> policy_id=<@NUMBER:policy_id@> service=<@STRING:service@> proto=<@NUMBER:ip_protocol@> src zone=<@STRING:src_zone@> dst zone=<@STRING:dst_zone@> action=<@STRING:status@> sent=<@BYTES:sent_bytes@> rcvd=<@BYTES:rcvd_bytes@> src=<@IP_ADDR:src_addr@> dst=<@IP_ADDR:dst_addr@> src_port=<@NUMBER:src_port@> dst_port=<@NUMBER:dst_port@> src-xlated ip=<@IP_ADDR:NULL@> port=<@NUMBER:NULL@> session_id=<@NUMBER:NULL@>", + "msg_id" : "Netscreen_Traffic:traffic_src_xlated", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:vrouter@><@WORD:NULL@>: start_time=<@STRING:NULL@> duration=<@NUMBER:duration@> policy_id=<@NUMBER:policy_id@> service=<@STRING:service@> proto=<@NUMBER:ip_protocol@> src zone=<@STRING:src_zone@> dst zone=<@STRING:dst_zone@> action=<@STRING:status@> sent=<@BYTES:sent_bytes@> rcvd=<@BYTES:rcvd_bytes@> src=<@IP_ADDR:src_addr@> dst=<@IP_ADDR:dst_addr@> src_port=<@NUMBER:src_port@> dst_port=<@NUMBER:dst_port@> src-xlated ip=<@IP_ADDR:NULL@> port=<@NUMBER:NULL@>", + "msg_id" : "Netscreen_Traffic:traffic_src_xlated2", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:vrouter@><@WORD:NULL@>: start_time=<@STRING:NULL@> duration=<@NUMBER:duration@> policy_id=<@NUMBER:policy_id@> service=<@STRING:service@> proto=<@NUMBER:ip_protocol@> src zone=<@STRING:src_zone@> dst zone=<@STRING:dst_zone@> action=<@STRING:status@> sent=<@BYTES:sent_bytes@> rcvd=<@BYTES:rcvd_bytes@> src=<@IP_ADDR:src_addr@> dst=<@IP_ADDR:dst_addr@> icmp type=<@NUMBER:NULL@>", + "msg_id" : "Netscreen_Traffic:traffic_icmp", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:vrouter@><@WORD:NULL@>: start_time=<@STRING:NULL@> duration=<@NUMBER:duration@> policy_id=<@NUMBER:policy_id@> service=<@STRING:service@> proto=<@NUMBER:ip_protocol@> src zone=<@STRING:src_zone@> dst zone=<@STRING:dst_zone@> action=<@STRING:status@> sent=<@BYTES:sent_bytes@> rcvd=<@BYTES:rcvd_bytes@> src=<@IP_ADDR:src_addr@> dst=<@STRING:dst_addr@> icmp type=<@NUMBER:NULL@> session_id=<@NUMBER:NULL@>", + "msg_id" : "Netscreen_Traffic:traffic_icmp_session", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:vrouter@><@WORD:NULL@>: start_time=<@STRING:NULL@> duration=<@NUMBER:duration@> policy_id=<@NUMBER:policy_id@> service=<@STRING:service@> proto=<@NUMBER:ip_protocol@> src zone=<@STRING:src_zone@> dst zone=<@STRING:dst_zone@> action=<@STRING:status@> sent=<@BYTES:sent_bytes@> rcvd=<@BYTES:rcvd_bytes@> src=<@STRING:src_addr@> dst=<@STRING:dst_addr@> icmp type=<@NUMBER:NULL@> session_id=<@WORD:NULL@> reason=<@STRING:NULL@>", + "msg_id" : "Netscreen_Traffic:traffic_close_resp", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:vrouter@><@WORD:NULL@>: start_time=<@STRING:NULL@> duration=<@NUMBER:duration@> policy_id=<@NUMBER:policy_id@> service=<@STRING:service@> proto=<@NUMBER:ip_protocol@> src zone=<@STRING:src_zone@> dst zone=<@STRING:dst_zone@> action=<@STRING:status@> sent=<@BYTES:sent_bytes@> rcvd=<@BYTES:rcvd_bytes@> src=<@IP_ADDR:src_addr@> dst=<@STRING:dst_addr@> session_id=<@NUMBER:NULL@>", + "msg_id" : "Netscreen_Traffic:traffic_without_port_session", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:vrouter@><@WORD:NULL@>: start_time=<@STRING:NULL@> duration=<@NUMBER:duration@> policy_id=<@NUMBER:policy_id@> service=<@STRING:service@> proto=<@NUMBER:ip_protocol@> src zone=<@STRING:src_zone@> dst zone=<@STRING:dst_zone@> action=<@STRING:status@> sent=<@BYTES:sent_bytes@> rcvd=<@BYTES:rcvd_bytes@> src=<@IP_ADDR:src_addr@> dst=<@IP_ADDR:dst_addr@>", + "msg_id" : "Netscreen_Traffic:traffic_without_port", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:vrouter@><@WORD:NULL@>: start_time=<@STRING:NULL@> duration=<@NUMBER:duration@> policy_id=<@NUMBER:policy_id@> service=<@REGEXP(\"gre\"):service@> proto=<@NUMBER:ip_protocol@> src zone=<@STRING:src_zone@> dst zone=<@STRING:dst_zone@> action=<@STRING:status@> sent=<@WORD:sent_bytes@> rcvd=<@WORD:rcvd_bytes@> src=<@IP_ADDR:src_addr@> dst=<@STRING:dst_addr@> session_id=<@WORD:NULL@> reason=<@STRING:NULL@>", + "msg_id" : "Netscreen_Traffic:gre_traffic", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:vrouter@><@WORD:NULL@>: start_time=<@STRING:NULL@> duration=<@NUMBER:duration@> policy_id=<@NUMBER:policy_id@> service=<@STRING:service@> proto=<@NUMBER:ip_protocol@> src zone=<@STRING:src_zone@> dst zone=<@STRING:dst_zone@> action=<@STRING:status@> sent=<@WORD:sent_bytes@> rcvd=<@WORD:rcvd_bytes@> src=<@IP_ADDR:src_addr@> dst=<@STRING:dst_addr@> src_port=<@NUMBER:NULL@> dst_port=<@NUMBER:NULL@> src-xlated ip=<@IP_ADDR:NULL@> port=<@NUMBER:dst_port@> dst-xlated ip=<@IP_ADDR:NULL@> port=<@NUMBER:NULL@> session_id=<@WORD:NULL@> reason=<@STRING:NULL@>", + "msg_id" : "Netscreen_Traffic:traffic_close_resp2", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:NULL@>: NetScreen device_id=<@WORD:NULL@> <@BRACKETED_STRING:vrouter@><@WORD:NULL@>: start_time=<@STRING:NULL@> duration=<@NUMBER:duration@> policy_id=<@NUMBER:policy_id@> service=<@STRING:service@> proto=<@NUMBER:ip_protocol@> src zone=<@STRING:src_zone@> dst zone=<@STRING:dst_zone@> action=<@STRING:status@> sent=<@BYTES:sent_bytes@> rcvd=<@BYTES:rcvd_bytes@> src=<@STRING:src_addr@> dst=<@STRING:dst_addr@> icmp type=<@NUMBER:NULL@> src-xlated ip=<@IP_ADDR:NULL@> dst-xlated ip=<@IP_ADDR:NULL@> session_id=<@WORD:NULL@> reason=<@STRING:NULL@>", + "msg_id" : "Netscreen_Traffic:traffic_icmp_session2", + "table" : "Firewall_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + } + ], + "website" : "http://www.juniper.net/products_and_services/firewall_slash_ipsec_vpn/", + "version" : "200902050001", + "name" : "Netscreen_Traffic", + "description" : "Netscreen Firewall Traffic Service" +} diff --git a/conf/logmanagement/services/Nfs.json b/conf/logmanagement/services/Nfs.json new file mode 100644 index 0000000..7028ee9 --- /dev/null +++ b/conf/logmanagement/services/Nfs.json @@ -0,0 +1,43 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> nfsd[<@PID:pid@>]: <@REGEXP(\"Could not bind .+\"):msg@> ", + "msg_id" : "Nfs:could_not_bind", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: nfs: <@REGEXP(\"server \\S+ not responding, still trying\"):msg@> ", + "msg_id" : "Nfs:server_not_responding", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: nfs: <@REGEXP(\"server \\S+ OK\"):msg@> ", + "msg_id" : "Nfs:server_ok", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"lockd: cannot monitor .+\"):msg@>", + "msg_id" : "Nfs:lockd_cannot_monitor", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"lockd: failed to monitor .+\"):msg@> ", + "msg_id" : "Nfs:lockd_failed_to_monitor", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://nfs.sourceforge.net/", + "version" : "200703020002", + "name" : "Nfs", + "description" : "Nfs Service" +} diff --git a/conf/logmanagement/services/Nscd.json b/conf/logmanagement/services/Nscd.json new file mode 100644 index 0000000..359e6e3 --- /dev/null +++ b/conf/logmanagement/services/Nscd.json @@ -0,0 +1,56 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nscd\"):daemon@>: <@REGEXP(\"nscd shutdown succeeded\"):msg@>", + "msg_id" : "Nscd:shutdown_succeeded", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nscd\"):daemon@>: <@REGEXP(\"nss_ldap: reconnecting to LDAP server.+\"):msg@>", + "msg_id" : "Nscd:reconnecting_ldap_server", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nscd\"):daemon@>: <@REGEXP(\"nss_ldap: reconnected to LDAP server.*\"):msg@>", + "msg_id" : "Nscd:reconnected_ldap_server", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nscd\"):daemon@>: <@REGEXP(\"nscd shutdown failed\"):msg@>", + "msg_id" : "Nscd:shutdown_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nscd\"):daemon@>: <@REGEXP(\"nss_ldap: .+ Can't contact LDAP server\"):msg@>", + "msg_id" : "Nscd:cant_contact_ldap_server", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nscd\"):daemon@>: <@REGEXP(\"nss_ldap: could not search LDAP server - Server is unavailable\"):msg@>", + "msg_id" : "Nscd:could_not_search_ldap", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nscd\"):daemon@>: <@REGEXP(\"nscd startup succeeded\"):msg@>", + "msg_id" : "Nscd:startup_succeeded", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + } + ], + "version" : "201002180007", + "name" : "Nscd", + "description" : "Nscd Service" +} diff --git a/conf/logmanagement/services/Ntop.json b/conf/logmanagement/services/Ntop.json new file mode 100644 index 0000000..35f014e --- /dev/null +++ b/conf/logmanagement/services/Ntop.json @@ -0,0 +1,84 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntop\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*THREADMGMT\\[\\S+\\]: RRD: Throughput data collection: Thread starting .+\"):msg@>", + "msg_id" : "Ntop:rrd_data_collection_starting", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntop\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*THREADMGMT\\[\\S+\\]: RRD: Started thread for throughput data collection\"):msg@>", + "msg_id" : "Ntop:rrd_data_collection_started", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntop\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*THREADMGMT\\[\\S+\\]: RRD: .+ata collection.+hread running.+\"):msg@>", + "msg_id" : "Ntop:rrd_data_collection_running", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntop\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*\\*\\*WARNING\\*\\* RRD: rrd_update\\(.+\\) error: illegal attempt to update using time .+\"):msg@>", + "msg_id" : "Ntop:rrd_illegal_attempt_update", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntop\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s*THREADMGMT\\[\\S+\\]: ntop RUNSTATE:.+\"):msg@>", + "msg_id" : "Ntop:runstate", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntop\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s*ASN: .+\"):msg@>", + "msg_id" : "Ntop:asn", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntop\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s*INITWEB: .+\"):msg@>", + "msg_id" : "Ntop:initweb", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntop\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s*I18N: .+\"):msg@>", + "msg_id" : "Ntop:i18n", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntop\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s*IP2CC: .+\"):msg@>", + "msg_id" : "Ntop:ip2cc", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntop\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s*VENDOR: Checking for MAC address table file\"):msg@>", + "msg_id" : "Ntop:checking_mac_address_file", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntop\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s*\\w+: Welcome to .+\"):msg@>", + "msg_id" : "Ntop:welcome_to", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + } + ], + "version" : "201002180011", + "name" : "Ntop", + "description" : "Ntop Service" +} diff --git a/conf/logmanagement/services/Ntp.json b/conf/logmanagement/services/Ntp.json new file mode 100644 index 0000000..e8ae665 --- /dev/null +++ b/conf/logmanagement/services/Ntp.json @@ -0,0 +1,287 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpdate\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"step time server \\S+ offset \\S+ sec\"):msg@>", + "msg_id" : "Ntp:step_time_server", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"kernel time discipline status .+\"):msg@> ", + "msg_id" : "Ntp:kernel_time_discipline_status", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"frequency initialized .+ from .+\"):msg@>", + "msg_id" : "Ntp:frequency_initialized_from", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"signal_no_reset:.+\"):NULL@>", + "msg_id" : "Ntp:signal_no_reset", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"synchronisation lost\"):msg@> ", + "msg_id" : "Ntp:synchronisation_lost", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"precision = .+\"):msg@>", + "msg_id" : "Ntp:precision", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>: <@REGEXP(\"^I^I.+\"):msg@> ", + "msg_id" : "Ntp:usage2", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>: <@REGEXP(\"usage: ntpd.+\"):NULL@>", + "msg_id" : "Ntp:usage1", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"getnetnum: .+ invalid host number, line ignored\"):msg@> ", + "msg_id" : "Ntp:invalid_host_number", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ntpd exiting on signal \\d+\"):msg@>", + "msg_id" : "Ntp:exiting_on_signal", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ntpd \\S+@\\S+ .+\"):msg@>", + "msg_id" : "Ntp:info", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"time reset .+\"):msg@> ", + "msg_id" : "Ntp:time_reset", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"running as .+\"):msg@>", + "msg_id" : "Ntp:running_as", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Listening on interface .+\"):msg@> ", + "msg_id" : "Ntp:listening_on_interface", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"kernel time sync status .+\"):msg@>", + "msg_id" : "Ntp:kernel_time_sync_status", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+Address already in use\"):msg@> ", + "msg_id" : "Ntp:address_already_in_use", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"configure: keyword .+ unknown, line ignored\"):msg@> ", + "msg_id" : "Ntp:configure_unknown_line_ignored", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Connection re-established to .+\"):msg@>", + "msg_id" : "Ntp:connection_reestablished", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"process_private: INFO_ERR_FMT: .+\"):msg@>", + "msg_id" : "Ntp:process_private_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"sendto\\(.+\\): Invalid argument\"):msg@> ", + "msg_id" : "Ntp:sendto_invalid_argument", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"kernel time sync \\S+abled.+\"):msg@>", + "msg_id" : "Ntp:kernel_time_sync_modified", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"synchronized to .+\"):msg@>", + "msg_id" : "Ntp:synchronized_to", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"no servers reachable\"):msg@>", + "msg_id" : "Ntp:no_servers_reachable", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd_initres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"parent died before we finished, exiting\"):msg@> ", + "msg_id" : "Ntp:parent_died_before_finished", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"getaddrinfo: .+ invalid host address, ignored\"):msg@> ", + "msg_id" : "Ntp:invalid_host_address_ignored", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpdate\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"no server suitable for synchronization found\"):msg@> ", + "msg_id" : "Ntp:no_server_synchronization_found", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: Operation not permitted\"):msg@>", + "msg_id" : "Ntp:operation_not_permitted", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"can't open .+peerstats.+: Permission denied\"):msg@> ", + "msg_id" : "Ntp:cant_open_peerstats", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"can't open .+: Permission denied\"):msg@>", + "msg_id" : "Ntp:cant_open_permission_denied", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"logging to file .+\"):msg@>", + "msg_id" : "Ntp:logging_file", + "table" : "Message", + "taxonomy" : "Config", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"kernel time sync error.*\"):msg@>", + "msg_id" : "Ntp:kernel_time_sync_error", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpdate\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"the NTP socket is in use, exiting\"):msg@>", + "msg_id" : "Ntp:ntp_socket_in_use", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Deleting interface .+\"):msg@>", + "msg_id" : "Ntp:deleting_interface", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpdate\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"no servers can be used, exiting\"):msg@>", + "msg_id" : "Ntp:no_servers_be_used", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"failed to initialize interface for address .+\"):msg@>", + "msg_id" : "Ntp:failed_initialize_interface", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"unable to create socket on .+\"):msg@>", + "msg_id" : "Ntp:unable_create_socket", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ntp_io:.+ max descriptors:.+ initial socket boundary:.+\"):msg@>", + "msg_id" : "Ntp:max_descriptors_initial_socket_boundary", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"new interface.+ found: waking up resolver\"):msg@>", + "msg_id" : "Ntp:new_interface_resolver_wake_up", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"unable to bind to wildcard socket address .+ EXITING\"):msg@>", + "msg_id" : "Ntp:unable_bin_wildcard_socket_address", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ntpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"frequency file .+: Permission denied\"):msg@>", + "msg_id" : "Ntp:frequecy_file_permission_denied", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + } + ], + "version" : "201404110001", + "name" : "Ntp", + "description" : "Ntp Service" +} diff --git a/conf/logmanagement/services/OSSEC.json b/conf/logmanagement/services/OSSEC.json new file mode 100644 index 0000000..836c087 --- /dev/null +++ b/conf/logmanagement/services/OSSEC.json @@ -0,0 +1,16 @@ +{ + "icon" : "software/logo_ossec", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ossec\"):daemon@>: <@REGEXP(\"Alert Level: \\d+;\"):level@> <@REGEXP(\"Rule: \\d+ -\"):module@> <@REGEXP(\"Ossec server started.; Location: .+ ossec: Ossec started.\"):msg@>", + "msg_id" : "OSSEC:server_started", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + } + ], + "website" : "http://www.ossec.net/", + "version" : "201002100002", + "name" : "OSSEC", + "description" : "Open Source Security Host-Based Intrusion Detection System" +} diff --git a/conf/logmanagement/services/Octopussy.json b/conf/logmanagement/services/Octopussy.json new file mode 100644 index 0000000..b4079af --- /dev/null +++ b/conf/logmanagement/services/Octopussy.json @@ -0,0 +1,485 @@ +{ + "icon" : "software/logo_octopussy", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: Device: <@WORD:server@> - Service: <@STRING:service@> Date: <@DATE_TIME_STD:filedate@> - Events: <@NUMBER:nb_events@> / <@NUMBER:NULL@>", + "msg_id" : "Octopussy:parser_service_events", + "table" : "Octopussy", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"\\d+ files to parse for Device \\S+\"):msg@>", + "msg_id" : "Octopussy:parser_device_files", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: Device: <@WORD:server@> Date: <@DATE_TIME_STD:filedate@> Time: <@NUMBER:seconds@> seconds", + "msg_id" : "Octopussy:parser_device_seconds", + "table" : "Octopussy", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: Device: <@WORD:server@> - Events: <@NUMBER:nb_events@>", + "msg_id" : "Octopussy:dispatcher_device_events", + "table" : "Octopussy", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Init Service: .+ - \\d+ messages\"):msg@>", + "msg_id" : "Octopussy:init_service", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Device: \\S+ Started !\"):msg@>", + "msg_id" : "Octopussy:module_device_started", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Report Generation: D=\\[.+\\] S=\\[.+\\] T=\\[\\S+\\]\"):msg@>", + "msg_id" : "Octopussy:report_device_service_taxonomy", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Report Generation: B=\\[\\d+\\] E=\\[\\d+\\]\"):msg@>", + "msg_id" : "Octopussy:report_generation_datetime", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Report Generation: type=\\[.+\\] title=\\[.+\\]\"):msg@>", + "msg_id" : "Octopussy:report_generation_type", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Report Generation Completed !\"):msg@>", + "msg_id" : "Octopussy:report_gen_completed", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"\\d+ file\\(s\\) to parse with \\d+ message\\(s\\).\"):msg@>", + "msg_id" : "Octopussy:files_to_parse", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Load Devices Configuration\"):msg@>", + "msg_id" : "Octopussy:dispatcher_load_devices_configuration", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Delete \\d+ logfiles for device .+\"):msg@>", + "msg_id" : "Octopussy:logrotate_delete_device_logfiles", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Report Generation Aborted !\"):msg@>", + "msg_id" : "Octopussy:report_generation_aborted", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"User .+ succesfully logged in.\"):msg@>", + "msg_id" : "Octopussy:user_logged_in", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"User Preferences has been modified by .+\"):msg@>", + "msg_id" : "Octopussy:user_preferences_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"System Configuration has been modified by .+\"):msg@>", + "msg_id" : "Octopussy:system_configuration_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Alert '.+' has been \\S+ed by .+\"):msg@>", + "msg_id" : "Octopussy:alert_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Contact .+ has been \\S+ed by .+\"):msg@>", + "msg_id" : "Octopussy:contact_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"DeviceGroup '.+' has been \\S+ed by .+\"):msg@>", + "msg_id" : "Octopussy:devicegroup_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Location .+ '.+' has been \\S+ed by .+\"):msg@>", + "msg_id" : "Octopussy:location_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Timeperiod '.+' has been \\S+ed by .+\"):msg@>", + "msg_id" : "Octopussy:timeperiod_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"User '.+' has been \\S+ed by .+\"):msg@>", + "msg_id" : "Octopussy:user_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Table '.+' has been \\S+ed by .+\"):msg@>", + "msg_id" : "Octopussy:table_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Schedule '.+' has been \\S+ed by .+\"):msg@>", + "msg_id" : "Octopussy:schedule_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Report '.+' has been \\S+ed by .+\"):msg@>", + "msg_id" : "Octopussy:report_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Table Field '.+' has been \\S+ed \\S+ Table '.+' by .+\"):msg@>", + "msg_id" : "Octopussy:tablefield_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Device '.+' has been \\S+ed by .+\"):msg@>", + "msg_id" : "Octopussy:device_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Parsing \\S+d for device '.+' by .+\"):msg@>", + "msg_id" : "Octopussy:parsing_device_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Message .+ has been \\S+ed by .+\"):msg@>", + "msg_id" : "Octopussy:message_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"User .+ logged out.\"):msg@>", + "msg_id" : "Octopussy:user_logged_out", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"User .+ failed to login.\"):msg@>", + "msg_id" : "Octopussy:user_failed_to_login", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Message '.*' has been moved \\S+ in Service '.*' by .+\"):msg@>", + "msg_id" : "Octopussy:message_moved", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Service '.+' has been \\S+ed by .+\"):msg@>", + "msg_id" : "Octopussy:service_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Statistic Report '.+' has been \\S+ed by .+\"):msg@>", + "msg_id" : "Octopussy:statistic_report_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Device: \\S+ Stopped !\"):msg@>", + "msg_id" : "Octopussy:module_stopped", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@REGEXP(\"DBI\"):module@>: <@REGEXP(\".+ Access denied for user .+\"):msg@>", + "msg_id" : "Octopussy:dbi_access_denied", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"octopussy\"):module@>: <@REGEXP(\"ERROR: pid file '.+' doesn't match octopussy uid/gid !\"):msg@>", + "msg_id" : "Octopussy:error_pid_file", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Started !\"):msg@>", + "msg_id" : "Octopussy:module_started", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"ServiceGroup '.+' has been \\S+ed by .+\"):msg@>", + "msg_id" : "Octopussy:servicegroup_modification", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Storage '.+' has been created by .+.\"):msg@>", + "msg_id" : "Octopussy:storage_created", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Storage '.+' has been deleted by .+.\"):msg@>", + "msg_id" : "Octopussy:storage_deleted", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Default Storages have been modified by .+.\"):msg@>", + "msg_id" : "Octopussy:default_storages_modified", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Device .+ hasn't sent any logs for \\d+ minutes !\"):msg@>", + "msg_id" : "Octopussy:hasnt_sent_logs_for", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"AAT_SMTP\"):module@>: <@REGEXP(\"Invalid SMTP Configuration. Can't send any mail !\"):msg@>", + "msg_id" : "Octopussy:invalid_smtp_configuration", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"AAT_XMPP\"):module@>: <@REGEXP(\"Invalid XMPP Configuration. Can't send any message !\"):msg@>", + "msg_id" : "Octopussy:invalid_xmpp_configuration", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"AAT_XML\"):module@>: <@REGEXP(\"XML File Read Error: .+\"):msg@>", + "msg_id" : "Octopussy:xml_file_read_error", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"AAT_XML\"):module@>: <@REGEXP(\"XML File Write Error: .+\"):msg@>", + "msg_id" : "Octopussy:xml_file_write_error", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Logs Search on Device\\[.*\\] Service\\[.*\\] Period\\[.+\\] by \\S+ takes \\d+ seconds.\"):msg@>", + "msg_id" : "Octopussy:logs_search", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@REGEXP(\"extractor\"):module@>: <@REGEXP(\"Logs Extraction Aborted !\"):msg@>", + "msg_id" : "Octopussy:logs_extraction_aborted", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:module@>: <@REGEXP(\"Unable to open file .+\"):msg@>", + "msg_id" : "Octopussy:unable_to_open_file", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Octopussy World Statistics have been \\S+ed by \\S+.\"):msg@>", + "msg_id" : "Octopussy:world_statistics_status_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@REGEXP(\"world_stats\"):module@>: <@REGEXP(\"Octopussy World Statistics have been sent.\"):msg@>", + "msg_id" : "Octopussy:world_statistics_sent", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@REGEXP(\"logrotate\"):module@>: <@REGEXP(\"Delete logs from device \\S+ service .+ older than \\d+ days\"):msg@>", + "msg_id" : "Octopussy:delete_logs_older_than", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Delete logs directory .+\"):msg@>", + "msg_id" : "Octopussy:delete_logs_directory", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:module@>: <@REGEXP(\"Failed to download '.+'\"):msg@>", + "msg_id" : "Octopussy:failed_to_download", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Removing Unknown Logs at '.+' for device '.+' by \\S+.\"):msg@>", + "msg_id" : "Octopussy:removing_unknown_logs_minute", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Removing Unknown Logs with pattern '.+' for device '.+' by \\S+.\"):msg@>", + "msg_id" : "Octopussy:removing_unknown_logs_pattern", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Invalid Regexp for Message \\S+ ! \\(Error: .+\\)\"):msg@>", + "msg_id" : "Octopussy:invalid_regexp_for_message", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"\\[CRITICAL\\] .+\"):msg@>", + "msg_id" : "Octopussy:msg_critical", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"You have to be Octopussy user to use .+\"):msg@>", + "msg_id" : "Octopussy:to_be_octopussy_user", + "table" : "Message", + "taxonomy" : "Access.Failure", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Load Contacts Configuration .+\"):msg@>", + "msg_id" : "Octopussy:sender_load_contacts_configuration", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Logs from Device '.+' have been dropped because 'Automatic Device Creation' is disabled.\"):msg@>", + "msg_id" : "Octopussy:automatic_device_creation_disabled", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Logs from Device '.+' have been dropped because it didn't match the device regexp criteria.\"):msg@>", + "msg_id" : "Octopussy:didnt_match_device_criteria", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Delete empty logs directory .+\"):msg@>", + "msg_id" : "Octopussy:delete_empty_logs_directory", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"\\d+ new unknown logs received from Device \\S+\"):msg@>", + "msg_id" : "Octopussy:new_unknown_logs_received", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@WORD:module@>: <@REGEXP(\"Unable to load plugin module '.+'\"):msg@>", + "msg_id" : "Octopussy:unable_to_load_plugin", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> octo_<@WORD:module@>: <@REGEXP(\"Logs from Device '.+' have been dropped because of invalid devicename.\"):msg@>", + "msg_id" : "Octopussy:dropped_because_invalid_devicename", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + } + ], + "website" : "http://www.octopussy.pm", + "version" : "201304180001", + "name" : "Octopussy", + "description" : "Octopussy Service" +} diff --git a/conf/logmanagement/services/OpenVZ.json b/conf/logmanagement/services/OpenVZ.json new file mode 100644 index 0000000..b143e0a --- /dev/null +++ b/conf/logmanagement/services/OpenVZ.json @@ -0,0 +1,79 @@ +{ + "icon" : "software/logo_openvz", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: VE: <@WORD:id@>: <@WORD:action@>", + "msg_id" : "OpenVZ:VE_Action", + "table" : "OpenVZ", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> ManageVE[<@PID:pid@>]: <@REGEXP(\".*ERROR: vzctl .+\"):msg@>", + "msg_id" : "OpenVZ:error_vzctl", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> ManageVE[<@PID:pid@>]: <@REGEXP(\".*ERROR: \\S+ not set or not a number.\"):msg@>", + "msg_id" : "OpenVZ:not_set_not_number", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*Fatal resource shortage: .+, UB .+\"):msg@>", + "msg_id" : "OpenVZ:fatal_resource_shortage", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Alert" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"UBC: preparing to turn dcache accounting on.*\"):msg@>", + "msg_id" : "OpenVZ:preparing_dcache_accounting", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"UBC: turning dcache accounting on succeeded.*\"):msg@>", + "msg_id" : "OpenVZ:turning_dcache_accounting_on", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel:<@STRING:NULL@>CT: <@WORD:id@>: <@REGEXP(\"stopped\"):action@>", + "msg_id" : "OpenVZ:ct_stopped", + "table" : "OpenVZ", + "taxonomy" : "Application.Stop", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel:<@STRING:NULL@>CT: <@WORD:id@>: <@REGEXP(\"started\"):action@>", + "msg_id" : "OpenVZ:ct_started", + "table" : "OpenVZ", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*Dropped packet, source wrong veid=\\S+ src-IP=\\S+ dst-IP=\\S+\"):msg@>", + "msg_id" : "OpenVZ:dropped_packet_source_wrong", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*warning: `vzctl' uses deprecated v2 capabilities .+\"):msg@>", + "msg_id" : "OpenVZ:vzctl_uses_deprecated_capabilities", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://www.openvz.org", + "version" : "200905250002", + "name" : "OpenVZ", + "description" : "OpenVZ" +} diff --git a/conf/logmanagement/services/Pcscd.json b/conf/logmanagement/services/Pcscd.json new file mode 100644 index 0000000..f9c5bb8 --- /dev/null +++ b/conf/logmanagement/services/Pcscd.json @@ -0,0 +1,239 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\"ifdhandler.+IFDHTransmitToICC.+\"):msg@>", + "msg_id" : "Pcscd:apdu_exchange_with_smartcard_or_cardreader", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+get_data_rates.+declared.+bps\"):msg@>", + "msg_id" : "Pcscd:data_rates", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+Preparing for suicide\"):msg@>", + "msg_id" : "Pcscd:preparing_for_suicide", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+daemon ready.\"):msg@>", + "msg_id" : "Pcscd:deamon_ready", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+Adding USB device.+\"):msg@>", + "msg_id" : "Pcscd:adding_usb_device", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+InitializeReader.+\"):msg@>", + "msg_id" : "Pcscd:initialize_reader", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+Loading IFD Handler.+\"):msg@>", + "msg_id" : "Pcscd:loading_ifd_handler", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+init_driver.+\"):msg@>", + "msg_id" : "Pcscd:init_driver", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+CreateChannelByName.+\"):msg@>", + "msg_id" : "Pcscd:create_channel_by_name", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+OpenUSBByName.+\"):msg@>", + "msg_id" : "Pcscd:open_usb_by_name", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+GetCapabilities.+\"):msg@>", + "msg_id" : "Pcscd:get_capabilities", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+AddReader.+\"):msg@>", + "msg_id" : "Pcscd:add_reader", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+PowerICC.+PowerUp\"):msg@>", + "msg_id" : "Pcscd:power_up", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\"Card ATR.+\"):msg@>", + "msg_id" : "Pcscd:card_atr", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+EstablishUSBNotifications.+\"):msg@>", + "msg_id" : "Pcscd:establish_usb_notifications", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+SetProtocol.+\"):msg@>", + "msg_id" : "Pcscd:set_protocol", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+Hotplug stopped\"):msg@>", + "msg_id" : "Pcscd:hotplug_stopped", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+Stopping reader:.+\"):msg@>", + "msg_id" : "Pcscd:reader_stop", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+Stomping thread.\"):msg@>", + "msg_id" : "Pcscd:stomping_thread", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+Thread stomped.\"):msg@>", + "msg_id" : "Pcscd:thread_stomped", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+entering cleaning function\"):msg@>", + "msg_id" : "Pcscd:entering_cleaning_function", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+CloseChannel.+\"):msg@>", + "msg_id" : "Pcscd:close_channel", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+Unloading reader driver.\"):msg@>", + "msg_id" : "Pcscd:unloading_reader_driver", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+at_exit.+ cleaning.+.\"):msg@>", + "msg_id" : "Pcscd:at_exit_cleaning", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+Card inserted into.+\"):msg@>", + "msg_id" : "Pcscd:card_inserted_into_reader", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+ Card Removed From .+\"):msg@>", + "msg_id" : "Pcscd:card_removed_from_reader", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\"APDU:.+\"):msg@>", + "msg_id" : "Pcscd:apdu_message", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\"SW:.+\"):msg@>", + "msg_id" : "Pcscd:sw_message", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+annot create public shared file.+Permission denied\"):msg@>", + "msg_id" : "Pcscd:cannot_create_public_shared_file", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+annot create.+Permission denied\"):msg@>", + "msg_id" : "Pcscd:cannot_create_file_or_directory_permission_denied", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+LogSetLevel.+level=.+\"):msg@>", + "msg_id" : "Pcscd:log_level_set", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+annot remove.+No such file or directory\"):msg@>", + "msg_id" : "Pcscd:cannot_remove_no_such_file_or_directory", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pcscd\"):daemon@>: <@REGEXP(\".+annot remove.+Permission denied\"):msg@>", + "msg_id" : "Pcscd:cannot_remove_file_or_directory_permission_denied", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://pcsclite.alioth.debian.org/", + "version" : "201002220010", + "name" : "Pcscd", + "description" : "PC Smart Card Service" +} diff --git a/conf/logmanagement/services/Postfix.json b/conf/logmanagement/services/Postfix.json new file mode 100644 index 0000000..78cc844 --- /dev/null +++ b/conf/logmanagement/services/Postfix.json @@ -0,0 +1,709 @@ +{ + "icon" : "software/logo_postfix", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtpd[<@PID:pid@>]: <@REGEXP(\".+onnect from .+\"):msg@>", + "msg_id" : "Postfix:connect_disconnect_from", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>: <@REGEXP(\"postalias hash:.+ failed\"):msg@>", + "msg_id" : "Postfix:postalias_hash_failed", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/postfix-script: <@REGEXP(\"warning: not owned by group \\S+: .+\"):msg@>", + "msg_id" : "Postfix:not_owned_by_group", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/postfix-script: <@REGEXP(\"warning: not set-gid or not owner\\+group\\+world executable: .+\"):msg@>", + "msg_id" : "Postfix:not_setgid_executable", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/postfix-script: <@REGEXP(\"starting the Postfix mail system\"):msg@>", + "msg_id" : "Postfix:starting_postfix_mail_system", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/cleanup[<@NUMBER:NULL@>]: <@WORD:mail_id@>: message-id=<@WORD:msg_id@>", + "msg_id" : "Postfix:traffic_messageid", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtp[<@PID:pid@>]: <@REGEXP(\"warning: .+ configuration problem\"):msg@> ", + "msg_id" : "Postfix:conf_problem", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix:\\s+succeeded\"):msg@>", + "msg_id" : "Postfix:succeeded", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/postfix-script: <@REGEXP(\"stopping the Postfix mail system\"):msg@> ", + "msg_id" : "Postfix:stopping_postfix_mail_system", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/postqueue[<@PID:pid@>]: <@REGEXP(\"fatal: Cannot flush mail queue - mail system is down\"):msg@> ", + "msg_id" : "Postfix:cannot_flush_mailq", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/master[<@PID:pid@>]: <@REGEXP(\"terminating on signal \\d+\"):msg@>", + "msg_id" : "Postfix:terminating_on_signal", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"fatal: config variable .+\"):msg@>", + "msg_id" : "Postfix:config_variable_error", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/postsuper[<@PID:pid@>]: <@REGEXP(\"Deleted: \\d+ message.*\"):msg@> ", + "msg_id" : "Postfix:deleted_message", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/qmgr[<@NUMBER:NULL@>]: <@WORD:mail_id@>: from=<<@EMAIL:sender@>>, size=<@NUMBER:size@>, nrcpt=<@NUMBER:nrcpt@> <@STRING:NULL@> ", + "msg_id" : "Postfix:traffic_from", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:NULL@>[<@NUMBER:NULL@>]: <@WORD:mail_id@>: to=<<@EMAIL:recipient@>>, relay=<@WORD:relay@>, delay=<@FLOAT_NUMBER:delay@>, status=<@STRING:status@> ", + "msg_id" : "Postfix:traffic_to", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:NULL@>[<@NUMBER:NULL@>]: <@WORD:mail_id@>: <@REGEXP(\"removed\"):status@> ", + "msg_id" : "Postfix:traffic_removed", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/anvil[<@PID:pid@>]: <@REGEXP(\"statistics: .+\"):msg@>", + "msg_id" : "Postfix:anvil_statistics", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtpd[<@NUMBER:NULL@>]: <@WORD:mail_id@>: client=<@WORD:client@>", + "msg_id" : "Postfix:traffic_client", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"fatal: parameter \\S+: .+\"):msg@>", + "msg_id" : "Postfix:fatal_parameter_error", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/scache[<@PID:pid@>]: <@REGEXP(\"statistics: .+\"):msg@>", + "msg_id" : "Postfix:scache_statistics", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix: failed\"):msg@> ", + "msg_id" : "Postfix:failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/postqueue[<@PID:pid@>]: <@REGEXP(\"fatal: usage: .+\"):msg@>", + "msg_id" : "Postfix:fatal_error_usage", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/cleanup[<@PID:pid@>]: <@REGEXP(\"\\S+: resent-message-id=.+\"):msg@>", + "msg_id" : "Postfix:cleanup_resent_messageid", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtpd[<@PID:pid@>]: <@REGEXP(\"timeout after END-OF-MESSAGE from .+\"):msg@>", + "msg_id" : "Postfix:timeout_after_eom", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtpd[<@PID:pid@>]: <@REGEXP(\"NOQUEUE: reject: RCPT from .+: Relay access denied;.+\"):msg@>", + "msg_id" : "Postfix:relay_access_denied", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtpd[<@PID:pid@>]: <@REGEXP(\"lost connection after \\S+ from .+\"):msg@>", + "msg_id" : "Postfix:lost_connection_after_cmd", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtpd[<@PID:pid@>]: <@REGEXP(\"warning: Illegal address syntax from .+ in \\S+ command: .+\"):msg@>", + "msg_id" : "Postfix:illegal_address_syntax", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/postalias[<@PID:pid@>]: <@REGEXP(\"fatal: file .+: parameter .+\"):msg@>", + "msg_id" : "Postfix:postalias_error_file_parameter", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/master[<@PID:pid@>]: <@REGEXP(\"daemon started -- version \\S+, configuration .+\"):msg@>", + "msg_id" : "Postfix:daemon_started", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/postfix-script: <@REGEXP(\"fatal: the Postfix mail system is \\S+ running\"):msg@> ", + "msg_id" : "Postfix:mail_system_running", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/postdrop[<@PID:pid@>]: <@REGEXP(\"warning:.+: No space left on device\"):msg@> ", + "msg_id" : "Postfix:no_space_left_device", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/sendmail[<@PID:pid@>]: <@REGEXP(\"fatal:.+: Error writing message file\"):msg@> ", + "msg_id" : "Postfix:error_writing_message", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtpd[<@PID:pid@>]: <@REGEXP(\"warning: .+ address not listed for hostname .+\"):msg@>", + "msg_id" : "Postfix:address_not_listed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtpd[<@PID:pid@>]: <@REGEXP(\"warning: premature end-of-input on private/rewrite socket while reading input attribute name\"):msg@> ", + "msg_id" : "Postfix:premature_end_of_input", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtpd[<@PID:pid@>]: <@REGEXP(\"warning: problem talking to service rewrite: .+\"):msg@>", + "msg_id" : "Postfix:problem_talking_service_rewrite", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/trivial-rewrite[<@PID:pid@>]: <@REGEXP(\"fatal: .+ table lookup problem\"):msg@> ", + "msg_id" : "Postfix:table_lookup_problem", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/master[<@PID:pid@>]: <@REGEXP(\"warning: process .+ exit status .+\"):msg@> ", + "msg_id" : "Postfix:process_exit_status", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/trivial-rewrite[<@PID:pid@>]: <@REGEXP(\"warning: dict_ldap_connect: Unable to bind to server.+\"):msg@> ", + "msg_id" : "Postfix:unable_bind_ldap_server", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/master[<@PID:pid@>]: <@REGEXP(\"warning: .+ bad command .+\"):msg@>", + "msg_id" : "Postfix:bad_command", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtpd[<@PID:pid@>]: <@REGEXP(\"warning: Connection concurrency limit exceeded: .+\"):msg@> ", + "msg_id" : "Postfix:connection_concurrency_limit_exceeded", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtpd[<@PID:pid@>]: <@REGEXP(\"fatal: watchdog timeout\"):msg@> ", + "msg_id" : "Postfix:watchdog_timeout", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtpd[<@PID:pid@>]: <@REGEXP(\"warning: timeout on private/rewrite socket while reading input attribute name\"):msg@> ", + "msg_id" : "Postfix:timeout_socket", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/trivial-rewrite[<@PID:pid@>]: <@REGEXP(\"warning: dict_ldap_lookup: .+\"):msg@>", + "msg_id" : "Postfix:dict_ldap_lookup_error", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/trivial-rewrite[<@PID:pid@>]: <@REGEXP(\"warning: write rewrite reply: Broken pipe\"):msg@> ", + "msg_id" : "Postfix:reply_broken_pipe", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/master[<@PID:pid@>]: <@REGEXP(\"reload .*configuration .+\"):msg@>", + "msg_id" : "Postfix:reload_configuration", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:NULL@>[<@NUMBER:NULL@>]: <@WORD:mail_id@>: to=<<@EMAIL:recipient@>>, relay=<@WORD:relay@>, delay=<@FLOAT_NUMBER:delay@>, <@STRING:NULL@>, dsn=<@WORD:NULL@>, status=<@STRING:status@> ", + "msg_id" : "Postfix:traffic_to2", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtpd[<@PID:pid@>]: <@REGEXP(\"warning: support for restriction .+ will be removed from Postfix; use .+ instead\"):msg@> ", + "msg_id" : "Postfix:support_will_be_removed", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/pickup[<@NUMBER:NULL@>]: <@WORD:mail_id@>: uid=<@NUMBER:NULL@> from=<<@EMAIL:sender@>> ", + "msg_id" : "Postfix:traffic_from2", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtp[<@NUMBER:NULL@>]: <@WORD:mail_id@>: to=<<@EMAIL:recipient@>>, relay=<@WORD:relay@>, conn_use=<@NUMBER:NULL@>, delay=<@FLOAT_NUMBER:delay@>, <@STRING:NULL@>, status=<@STRING:status@> ", + "msg_id" : "Postfix:traffic_to3", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:NULL@>[<@NUMBER:NULL@>]: <@WORD:mail_id@>: to=<<@EMAIL:recipient@>>, orig_to=<@WORD:NULL@>, relay=<@WORD:relay@>, delay=<@FLOAT_NUMBER:delay@>, <@STRING:NULL@>, status=<@STRING:status@>", + "msg_id" : "Postfix:traffic_orig_to", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/sendmail[<@PID:pid@>]: <@REGEXP(\"fatal: open /etc/postfix/.+: No such file or directory\"):msg@> ", + "msg_id" : "Postfix:fatal_open_file_directory", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/postmap[<@PID:pid@>]: <@REGEXP(\"fatal: .+ No such file or directory\"):msg@>", + "msg_id" : "Postfix:postmap_fatal_open_file", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/local[<@PID:pid@>]: <@REGEXP(\"warning: database .+ is older than source file .+\"):msg@>", + "msg_id" : "Postfix:database_older_source_file", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/postmap[<@PID:pid@>]: <@REGEXP(\"warning: .+aliases.+\"):msg@>", + "msg_id" : "Postfix:etc_aliases", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:NULL@>[<@NUMBER:NULL@>]: <@WORD:mail_id@>: to=<<@EMAIL:recipient@>>, relay=<@WORD:relay@>, delay=<@NUMBER:delay@>, <@STRING:NULL@>, dsn=<@WORD:NULL@>, status=<@STRING:status@> ", + "msg_id" : "Postfix:traffic_to4", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtp[<@NUMBER:NULL@>]: <@WORD:mail_id@>: to=<<@EMAIL:recipient@>>, relay=<@WORD:relay@>, conn_use=<@NUMBER:NULL@>, delay=<@NUMBER:delay@>, <@STRING:NULL@>, status=<@STRING:status@> ", + "msg_id" : "Postfix:traffic_to5", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:NULL@>[<@NUMBER:NULL@>]: <@WORD:mail_id@>: to=<<@EMAIL:recipient@>>, orig_to=<@WORD:NULL@>, relay=<@WORD:relay@>, delay=<@NUMBER:delay@>, <@STRING:NULL@>, status=<@STRING:status@> ", + "msg_id" : "Postfix:traffic_orig_to3", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/pickup[<@PID:pid@>]: <@REGEXP(\"warning: .+ message has been queued for \\d+ days\"):msg@>", + "msg_id" : "Postfix:message_queued_n_days", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtp[<@PID:pid@>]: <@REGEXP(\"connect to .+: No route to host.*\"):msg@>", + "msg_id" : "Postfix:no_route_to_host", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtp[<@PID:pid@>]: <@REGEXP(\"connect to .+: Connection timed out.*\"):msg@>", + "msg_id" : "Postfix:connection_timed_out", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtpd[<@PID:pid@>]: <@REGEXP(\"\\S+: reject: RCPT from .+: Recipient address rejected:.+\"):msg@>", + "msg_id" : "Postfix:recipient_address_rejected", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtp[<@PID:pid@>]: <@REGEXP(\"connect to .+: Connection refused.*\"):msg@>", + "msg_id" : "Postfix:connection_refused", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/sendmail[<@PID:pid@>]: <@REGEXP(\"fatal: open .+: Permission denied\"):msg@>", + "msg_id" : "Postfix:open_permission_denied", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/pickup[<@NUMBER:NULL@>]: <@WORD:mail_id@>: uid=<@NUMBER:NULL@> from=<<@WORD:sender@>> ", + "msg_id" : "Postfix:from_no_email", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"fatal: open database .+\"):msg@>", + "msg_id" : "Postfix:fatal_open_database", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"fatal: watchdog timeout\"):msg@>", + "msg_id" : "Postfix:fatal_wtachdog_timeout", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"warning: SASL authentication problem: unknown password verifier\"):msg@>", + "msg_id" : "Postfix:sasl_unknown_password_verifier", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"dict_eval: .+\"):msg@>", + "msg_id" : "Postfix:dict_eval", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"fatal: no SASL authentication mechanisms\"):msg@>", + "msg_id" : "Postfix:no_sasl_authentication_mechanisms", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"warning: .+: SASL \\w+ authentication failed: no mechanism available\"):msg@>", + "msg_id" : "Postfix:sasl_no_mechanism_available", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"warning: .+: SASL \\w+ authentication failed: generic failure\"):msg@>", + "msg_id" : "Postfix:sasl_generic_failure", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"warning: .+: SASL \\w+ authentication failed: another step is needed in authentication\"):msg@>", + "msg_id" : "Postfix:sasl_another_step_needed", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"timeout after \\w+ from .+\"):msg@>", + "msg_id" : "Postfix:timeout_after", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"warning: .+: SASL \\w+ authentication failed: .+\"):msg@>", + "msg_id" : "Postfix:sasl_authentication_failed", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"warning: SASL authentication failure: .+\"):msg@>", + "msg_id" : "Postfix:sasl_authentication_failure", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:module@>: <@REGEXP(\"refreshing the Postfix mail system\"):msg@>", + "msg_id" : "Postfix:refreshing_postfix_mail_system", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"warning: \\w+: no applicable SASL mechanisms\"):msg@>", + "msg_id" : "Postfix:no_applicable_sasl_mechanisms", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtp[<@PID:pid@>]: <@REGEXP(\"connect to .+: Network is unreachable.*\"):msg@>", + "msg_id" : "Postfix:network_is_unreachable", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtpd[<@PID:pid@>]: <@REGEXP(\"warning: not enough free space in mail queue:.+\"):msg@>", + "msg_id" : "Postfix:not_enough_free_space", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/cleanup[<@PID:pid@>]: <@REGEXP(\"warning: .+: write queue file: No space left on device\"):msg@>", + "msg_id" : "Postfix:no_space_left", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtpd[<@PID:pid@>]: <@REGEXP(\"NOQUEUE: reject: MAIL from .+ Insufficient system storage.+\"):msg@>", + "msg_id" : "Postfix:insufficient_system_storage", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/smtp[<@PID:pid@>]: <@REGEXP(\"\\S+: lost connection with .+ while receiving the initial server greeting\"):msg@>", + "msg_id" : "Postfix:lost_connection_server_greeting", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:NULL@>[<@NUMBER:NULL@>]: <@WORD:mail_id@>: to=<<@WORD:recipient@>>, orig_to=<@WORD:NULL@>, relay=<@WORD:relay@>, delay=<@FLOAT_NUMBER:delay@>, <@STRING:NULL@>, status=<@STRING:status@>", + "msg_id" : "Postfix:traffic_orig_to2", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix/qmgr\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"fatal: scan_dir_push: .+\"):msg@>", + "msg_id" : "Postfix:fatal_scan_dir_push", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\\/smtp\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\S+: conversation with .+ timed out while receiving the initial server greeting\"):msg@>", + "msg_id" : "Postfix:timeout_initial_server_greeting", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\\/smtpd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"warning: non-SMTP command from .+\"):msg@>", + "msg_id" : "Postfix:non_smtp_command_from", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* Unable to accept message because the server is out of disk space.*\"):msg@>", + "msg_id" : "Postfix:out_of_disk_space", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* Insufficient system storage.*\"):msg@>", + "msg_id" : "Postfix:insufficient_system_storage2", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\".*No buffer space available\"):msg@>", + "msg_id" : "Postfix:no_buffer_space_available", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"fatal: config variable .+\"):msg@>", + "msg_id" : "Postfix:fatal_config_variable", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"warning: .*malformed response\"):msg@>", + "msg_id" : "Postfix:warning_malformed_response", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"warning: transport (?:relay|smtp) failure.*\"):msg@>", + "msg_id" : "Postfix:transport_failure", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"warning: file system clock is \\d+ seconds behind local clock\"):msg@>", + "msg_id" : "Postfix:filesystem_clock_behind_local", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:module@>[<@PID:pid@>]: <@REGEXP(\"warning: .+: fork: Cannot allocate memory.*\"):msg@>", + "msg_id" : "Postfix:fork_cannot_allocate_memory", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\\/smtp\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\S+: conversation with .+ timed out while sending end of data -- message may be sent more than once\"):msg@>", + "msg_id" : "Postfix:timeout_end_of_data", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/qmgr[<@NUMBER:NULL@>]: <@WORD:mail_id@>: from=<@REGEXP(\"<>\"):sender@>, size=<@NUMBER:size@>, nrcpt=<@NUMBER:nrcpt@> <@STRING:NULL@>", + "msg_id" : "Postfix:from_sender_empty", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/bounce[<@NUMBER:NULL@>]: <@WORD:mail_id@>: <@REGEXP(\"sender non-delivery notification: .+\"):status@>", + "msg_id" : "Postfix:sender_nondelivery_notification", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:NULL@>[<@NUMBER:NULL@>]: <@WORD:mail_id@>: from=<<@EMAIL:sender@>>, status=<@REGEXP(\"expired, returned to sender\"):status@>", + "msg_id" : "Postfix:expired_returned_to_sender", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix\"):daemon@>/<@WORD:NULL@>[<@NUMBER:NULL@>]: <@WORD:mail_id@>: from=<@REGEXP(\"<>\"):sender@>, status=<@REGEXP(\"expired, returned to sender\"):status@>", + "msg_id" : "Postfix:expired_returned_to_sender2", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postfix.+\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"starting the Postfix mail system\"):msg@>", + "msg_id" : "Postfix:starting_postfix_mail_system2", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Notice" + } + ], + "website" : "http://www.postfix.org/", + "version" : "201002100004", + "name" : "Postfix", + "description" : "Postfix Service" +} diff --git a/conf/logmanagement/services/PostgreSQL.json b/conf/logmanagement/services/PostgreSQL.json new file mode 100644 index 0000000..838c68a --- /dev/null +++ b/conf/logmanagement/services/PostgreSQL.json @@ -0,0 +1,590 @@ +{ + "icon" : "software/logo_postgresql", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*LOG:\\s+automatic vacuum of table\"):msg@> \"<@WORD:db@>.<@WORD:table@>\": index scans: \\d+", + "msg_id" : "PostgreSQL:autovacuum_start", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@REGEXP(\"LOG: autovacuum: processing database\"):msg@> \"<@WORD:db@>\"", + "msg_id" : "PostgreSQL:autovacuum_processing_database", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"LOG: unexpected EOF on client connection\"):msg@> ", + "msg_id" : "PostgreSQL:unexpected_eof_client_connection", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"LOG: could not receive data from client: .+\"):msg@>", + "msg_id" : "PostgreSQL:couldnt_receive_data_client", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"ERROR: invalid byte sequence for encoding .+\"):msg@>", + "msg_id" : "PostgreSQL:invalid_byte_sequence_encoding", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"HINT: This error can also happen if the byte sequence .+\"):msg@> ", + "msg_id" : "PostgreSQL:invalid_byte_sequence_encoding2", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*expected by the server, which is controlled by .+\"):msg@>", + "msg_id" : "PostgreSQL:invalid_byte_sequence_encoding3", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"ERROR: column .+ does not exist\"):msg@> ", + "msg_id" : "PostgreSQL:column_does_not_exist", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@REGEXP(\"reset by peer\"):msg@>", + "msg_id" : "PostgreSQL:reset_by_peer", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULLL@> <@REGEXP(\"LOG: received SIGHUP, reloading configuration files\"):msg@> ", + "msg_id" : "PostgreSQL:sighup_reloading_configuration_files", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@REGEXP(\".*pgSQL function .+ line \\d+ at perform\"):msg@> ", + "msg_id" : "PostgreSQL:function_at_perform", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"ERROR: duplicate key .*violates unique constraint .+\"):msg@>", + "msg_id" : "PostgreSQL:duplicate_key_unique_constraint", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: checkpoints are occurring too frequently .+\"):msg@>", + "msg_id" : "PostgreSQL:checkpoints_occuring_too_frequently", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* HINT: Consider increasing the configuration parameter \\\"checkpoint_segments\\\".\"):msg@> ", + "msg_id" : "PostgreSQL:checkpoints_occuring_too_frequently2", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"FATAL: terminating connection due to administrator command\"):msg@>", + "msg_id" : "PostgreSQL:terminating_connection_administrator_command", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: checkpoint record is at .+\"):msg@>", + "msg_id" : "PostgreSQL:checkpoint_record_is_at", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: database system is ready\"):msg@> ", + "msg_id" : "PostgreSQL:database_system_is_ready", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: database system was shut down at .+\"):msg@>", + "msg_id" : "PostgreSQL:database_system_was_shut", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: redo record is at .+ undo record is at .+\"):msg@>", + "msg_id" : "PostgreSQL:redo_record_undo_record", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: next transaction ID: \\d+; next OID: \\d+\"):msg@>", + "msg_id" : "PostgreSQL:next_transaction_id", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: transaction ID wrap limit is \\d+, limited by database .+\"):msg@>", + "msg_id" : "PostgreSQL:transaction_id_wrap_limit", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: received fast shutdown request\"):msg@> ", + "msg_id" : "PostgreSQL:received_fast_shutdown_request", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: aborting any active transactions\"):msg@> ", + "msg_id" : "PostgreSQL:aborting_any_active_transactions", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: shutting down\"):msg@> ", + "msg_id" : "PostgreSQL:shutting_down", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: database system is shut down\"):msg@> ", + "msg_id" : "PostgreSQL:database_system_shut_down", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"ERROR: value too long for type .+\"):msg@>", + "msg_id" : "PostgreSQL:value_too_long", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"CONTEXT: SQL statement .+\"):msg@>", + "msg_id" : "PostgreSQL:sql_statement", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"FATAL: the database system is shutting down\"):msg@> ", + "msg_id" : "PostgreSQL:fatal_database_shutting_down", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"LOG: could not send data to client: No route to host\"):msg@> ", + "msg_id" : "PostgreSQL:no_route_to_host", + "table" : "Database_Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"LOG: incomplete message from client\"):msg@> ", + "msg_id" : "PostgreSQL:incomplete_message_from_client", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@REGEXP(\"LOG: next MultiXactId: \\d+; next MultiXactOffset: \\d+\"):msg@>", + "msg_id" : "PostgreSQL:next_multixactid_next_multixactoffset", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"WARNING: there is already a transaction in progress\"):msg@> ", + "msg_id" : "PostgreSQL:already_transaction_in_progress", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"WARNING: there is no transaction in progress\"):msg@> ", + "msg_id" : "PostgreSQL:no_transaction_in_progress", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"ERROR: operator does not exist: .+\"):msg@>", + "msg_id" : "PostgreSQL:operator_does_not_exist", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"HINT: No operator matches the given name and argument .+\"):msg@>", + "msg_id" : "PostgreSQL:operator_does_not_exist2", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@REGEXP(\" explicit type casts.\"):msg@>", + "msg_id" : "PostgreSQL:operator_does_not_exist3", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"ERROR: syntax error at .+\"):msg@>", + "msg_id" : "PostgreSQL:syntax_error", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"ERROR: invalid input syntax for .+\"):msg@>", + "msg_id" : "PostgreSQL:invalid_input_syntax_for", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"ERROR: column reference .+ is ambiguous\"):msg@>", + "msg_id" : "PostgreSQL:column_reference_is_ambiguous", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"ERROR: relation .+ does not exist\"):msg@>", + "msg_id" : "PostgreSQL:relation_does_not_exist", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"(?:ERROR|FATAL): database .+ does not exist\"):msg@>", + "msg_id" : "PostgreSQL:database_does_not_exist", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"ERROR: unterminated quoted identifier .+\"):msg@>", + "msg_id" : "PostgreSQL:unterminated_quoted_identifier", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: logger shutting down\"):msg@> ", + "msg_id" : "PostgreSQL:logger_shutting_down", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: could not create IPv6 socket: Address family not supported by protocol\"):msg@> ", + "msg_id" : "PostgreSQL:couldnt_create_ipv6_socket", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"FATAL: no pg_hba.conf entry for .+\"):msg@>", + "msg_id" : "PostgreSQL:no_conf_entry", + "table" : "Database_Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*subscriber node\"):msg@>", + "msg_id" : "PostgreSQL:subscriber_node", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"NOTICE: Slony-I: cleanup stale .+\"):msg@>", + "msg_id" : "PostgreSQL:cleanup_stale_entry", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"FATAL: \\w+ authentication failed for .+\"):msg@>", + "msg_id" : "PostgreSQL:authentication_failed", + "table" : "Database_Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"ERROR: canceling statement due to user request\"):msg@>", + "msg_id" : "PostgreSQL:canceling_statement", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"LOG: could not send data to client: Broken pipe\"):msg@>", + "msg_id" : "PostgreSQL:broken_pipe", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"ERROR: schema .+ does not exist\"):msg@>", + "msg_id" : "PostgreSQL:schema_does_not_exist", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ number of page slots needed \\(\\d+\\) exceeds max_fsm_pages \\(\\d+\\)\"):msg@>", + "msg_id" : "PostgreSQL:number_page_slots_exceeds", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+Consider \\w+ing the configuration parameter .+\"):msg@>", + "msg_id" : "PostgreSQL:consider_changing_configuration_parameter", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"ERROR: function .+ does not exist\"):msg@>", + "msg_id" : "PostgreSQL:function_does_not_exist", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"ERROR: Previous logswitch still in progress\"):msg@>", + "msg_id" : "PostgreSQL:logswitch_still_in_progress", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+could not write temporary statistics file .+: No space left on device\"):msg@>", + "msg_id" : "PostgreSQL:couldnt_write_temporary_statistics", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+could not write to file .+: No space left on device\"):msg@>", + "msg_id" : "PostgreSQL:couldnt_write_to_file", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+could not access status of transaction .+\"):msg@>", + "msg_id" : "PostgreSQL:couldnt_access_status_transaction", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"ERROR: current transaction is aborted, commands ignored until end of transaction block\"):msg@>", + "msg_id" : "PostgreSQL:current_transaction_aborted", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"HINT: Check free disk space.\"):msg@>", + "msg_id" : "PostgreSQL:check_free_disk_space", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"FATAL: the database system is starting up\"):msg@>", + "msg_id" : "PostgreSQL:database_system_starting_up", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"NOTICE: truncate of .+ succeeded\"):msg@>", + "msg_id" : "PostgreSQL:truncate_succeeded", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"NOTICE:\\s+drop cascades to .+\"):msg@>", + "msg_id" : "PostgreSQL:drop_cascades_to", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"FATAL: could not write init file\"):msg@>", + "msg_id" : "PostgreSQL:couldnt_write_init_file", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"LOG: incomplete startup packet\"):msg@> ", + "msg_id" : "PostgreSQL:incomplete_startup_packet", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"NOTICE: truncate of .+ failed - doing delete\"):msg@>", + "msg_id" : "PostgreSQL:truncate_failed_doing_delete", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@REGEXP(\"LOG:\\s*autovacuum launcher started\"):msg@>", + "msg_id" : "PostgreSQL:autovacuum_launcher_started", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@REGEXP(\"LOG:\\s*checkpoint complete: .+\"):msg@>", + "msg_id" : "PostgreSQL:checkpoint_complete", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@REGEXP(\"LOG:\\s*checkpoint starting: .+\"):msg@>", + "msg_id" : "PostgreSQL:checkpoint_starting", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@REGEXP(\"LOG:\\s*automatic analyze of table .+\"):msg@>", + "msg_id" : "PostgreSQL:automatic_analyze_of_table", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"FATAL:\\s+connection limit exceeded for non-superusers\"):msg@>", + "msg_id" : "PostgreSQL:connection_limit_exceeded", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@REGEXP(\"LOG:\\s+database system was interrupted at .+\"):msg@>", + "msg_id" : "PostgreSQL:database_system_was_interrupted", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@REGEXP(\"LOG:\\s+database system was not properly shut down.*\"):msg@>", + "msg_id" : "PostgreSQL:database_not_properly_shut", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@REGEXP(\"LOG:\\s+redo starts at .+\"):msg@>", + "msg_id" : "PostgreSQL:redo_starts", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@REGEXP(\"LOG:\\s+redo done at .+\"):msg@>", + "msg_id" : "PostgreSQL:redo_done", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"FATAL:\\s+sorry, too many clients already\"):msg@>", + "msg_id" : "PostgreSQL:too_many_clients_already", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*pages: \\d+ removed, \\d+ remain\"):msg@>", + "msg_id" : "PostgreSQL:autovacuum_pages_removed", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*tuples: \\d+ removed, \\d+ remain\"):msg@>", + "msg_id" : "PostgreSQL:autovacuum_tuples_removed", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*system usage: CPU .*\"):msg@>", + "msg_id" : "PostgreSQL:autovacuum_system_usage", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: [.*] <@REGEXP(\"\\d+\\.\\d+\\.\\d+\\.\\d+\\(\\d+\\)\"):client@> webcomptes <@WORD:db@> <@REGEXP(\".*process .* acquired ShareLock on transaction.*\"):msg@>", + "msg_id" : "PostgreSQL:acquired_sharelock", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: [.*] <@REGEXP(\"\\d+\\.\\d+\\.\\d+\\.\\d+\\(\\d+\\)\"):client@> webcomptes <@WORD:db@> <@REGEXP(\".*process .* still waiting for ShareLock on transaction.*\"):msg@>", + "msg_id" : "PostgreSQL:waiting_acquired_sharelock", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"STATEMENT:\\s*INSERT .+\"):msg@>", + "msg_id" : "PostgreSQL:statement_insert", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"STATEMENT:\\s*UPDATE .+\"):msg@>", + "msg_id" : "PostgreSQL:statement_update", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "http://www.postgresql.org", + "version" : "201002240003", + "name" : "PostgreSQL", + "description" : "PostgreSQL Service" +} diff --git a/conf/logmanagement/services/PostgreSQL_FR.json b/conf/logmanagement/services/PostgreSQL_FR.json new file mode 100644 index 0000000..4753051 --- /dev/null +++ b/conf/logmanagement/services/PostgreSQL_FR.json @@ -0,0 +1,128 @@ +{ + "icon" : "software/logo_postgresql", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: autovacuum : traitement de la base de données .+\"):msg@>", + "msg_id" : "PostgreSQL_FR:autovacuum_traitement_base", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: La limite de réinitialisation de l'ID de transaction est .+, limité par la base de données .+\"):msg@>", + "msg_id" : "PostgreSQL_FR:limite_reinitialisation_transaction", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: prochain identifiant de transaction : \\d+ ; prochain OID : \\d+\"):msg@>", + "msg_id" : "PostgreSQL_FR:prochain_identifiant_transaction", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: prochain MultiXactId: \\d+; prochain MultiXactOffset: \\d+\"):msg@>", + "msg_id" : "PostgreSQL_FR:prochain_multixactid_multixactoffset", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: Paquet de démarrage incomplet\"):msg@>", + "msg_id" : "PostgreSQL_FR:paquet_demarrage_incomplet", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ LOG: Réception d'une demande d'arrêt rapide\"):msg@>", + "msg_id" : "PostgreSQL_FR:reception_demande_arret_rapide", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: Annulation des transactions actives\"):msg@>", + "msg_id" : "PostgreSQL_FR:annulation_transactions_actives", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: n'a pas pu charger le fichier du certificat racine .+\"):msg@>", + "msg_id" : "PostgreSQL_FR:pas_charger_certificat_racine", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* DÉTAIL: Ne vérifiera pas les certificats du client.\"):msg@>", + "msg_id" : "PostgreSQL_FR:verifiera_pas_certificats_client", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: l'enregistrement du point de vérification est à .+\"):msg@>", + "msg_id" : "PostgreSQL_FR:enregistrement_point_verification", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: ré-exécution de l'enregistrement à .+\"):msg@>", + "msg_id" : "PostgreSQL_FR:reexecution_enregistrement", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: arrêt en cours\"):msg@>", + "msg_id" : "PostgreSQL_FR:arret_en_cours", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: le système de bases de données a été arrêté à .+\"):msg@>", + "msg_id" : "PostgreSQL_FR:systeme_a_ete_arrete", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: le système de bases de données est prêt\"):msg@>", + "msg_id" : "PostgreSQL_FR:systeme_est_pret", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: n'a pas pu écrire le fichier temporaire des statistiques .+: Aucun espace disponible sur le\"):msg@> ", + "msg_id" : "PostgreSQL_FR:pas_pu_ecrire_statistiques", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@NUMBER:NULL@>]: <@REGEXP(\".* périphérique\"):NULL@> ", + "msg_id" : "PostgreSQL_FR:pas_pu_ecrire_statistiques2", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"postgres\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* LOG: le système de base de données est arrêté\"):msg@> ", + "msg_id" : "PostgreSQL_FR:systeme_est_arrete", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Notice" + } + ], + "website" : "http://www.postgresql.org", + "version" : "200802210003", + "name" : "PostgreSQL_FR", + "description" : "PostgreSQL Service (FR version)" +} diff --git a/conf/logmanagement/services/Printer_HP_LaserJet.json b/conf/logmanagement/services/Printer_HP_LaserJet.json new file mode 100644 index 0000000..3ce258e --- /dev/null +++ b/conf/logmanagement/services/Printer_HP_LaserJet.json @@ -0,0 +1,99 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"printer: paper out\"):msg@>", + "msg_id" : "Printer_HP_LaserJet:out_of_paper", + "table" : "Message", + "taxonomy" : "Printer.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"printer: error cleared\"):msg@>", + "msg_id" : "Printer_HP_LaserJet:error_cleared", + "table" : "Message", + "taxonomy" : "Printer", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"printer: peripheral low-power state\"):msg@>", + "msg_id" : "Printer_HP_LaserJet:peripheral_low_power_state", + "table" : "Message", + "taxonomy" : "Printer", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"printer: offline or intervention needed\"):msg@>", + "msg_id" : "Printer_HP_LaserJet:offline_or_intervention_needed", + "table" : "Message", + "taxonomy" : "Printer.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"printer: powered up\"):msg@>", + "msg_id" : "Printer_HP_LaserJet:powered_up", + "table" : "Message", + "taxonomy" : "Printer", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"printer: ready to print\"):msg@>", + "msg_id" : "Printer_HP_LaserJet:ready_to_print", + "table" : "Message", + "taxonomy" : "Printer", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"printer: registered system name .+ with WINS server .+\"):msg@>", + "msg_id" : "Printer_HP_LaserJet:register_system_name", + "table" : "Message", + "taxonomy" : "Printer", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"printer: peripheral is disconnected\"):msg@>", + "msg_id" : "Printer_HP_LaserJet:peripheral_disconnected", + "table" : "Message", + "taxonomy" : "Printer.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"printer: connection with .+ aborted\"):msg@>", + "msg_id" : "Printer_HP_LaserJet:connection_aborted", + "table" : "Message", + "taxonomy" : "Printer.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"printer: paper jam\"):msg@>", + "msg_id" : "Printer_HP_LaserJet:paper_jam", + "table" : "Message", + "taxonomy" : "Printer.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"printer: cover\\/door open\"):msg@>", + "msg_id" : "Printer_HP_LaserJet:cover_open", + "table" : "Message", + "taxonomy" : "Printer.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"printer: paper problem\"):msg@>", + "msg_id" : "Printer_HP_LaserJet:paper_problem", + "table" : "Message", + "taxonomy" : "Printer.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"printer: toner\\/ink low\"):msg@>", + "msg_id" : "Printer_HP_LaserJet:toner_low", + "table" : "Message", + "taxonomy" : "Printer.Errors", + "loglevel" : "Notice" + } + ], + "website" : "www.hp.com", + "version" : "200901080016", + "name" : "Printer_HP_LaserJet", + "description" : "HP LaserJet Printer Service" +} diff --git a/conf/logmanagement/services/PulseAudio.json b/conf/logmanagement/services/PulseAudio.json new file mode 100644 index 0000000..6c6b3ce --- /dev/null +++ b/conf/logmanagement/services/PulseAudio.json @@ -0,0 +1,57 @@ +{ + "icon" : "", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pulseaudio\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+Daemon already running.\"):msg@>", + "msg_id" : "PulseAudio:daemon_already_running", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pulseaudio\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+High-priority scheduling enabled in configuration but not allowed by policy.\"):msg@>", + "msg_id" : "PulseAudio:high_priority_scheduling_not_allowed_by_policy", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pulseaudio\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+Increasing wakeup watermark to.+\"):msg@>", + "msg_id" : "PulseAudio:increasing_wakeup_watermark", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pulseaudio\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+Most likely this is an ALSA driver bug. Please report this issue to the PulseAudio developers.\"):msg@>", + "msg_id" : "PulseAudio:alsa_driver_bug", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pulseaudio\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+Stale PID file, overwriting.\"):msg@>", + "msg_id" : "PulseAudio:stale_pid_file_overwriting", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pulseaudio\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ Error opening .+ Device or resource busy\"):msg@>", + "msg_id" : "PulseAudio:error_opening_device_or_resource_busy", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"pulseaudio\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+Failed to load.+\"):msg@>", + "msg_id" : "PulseAudio:failed_to_load", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + } + ], + "version" : "201006040001", + "name" : "PulseAudio", + "description" : "PulseAudio Service" +} diff --git a/conf/logmanagement/services/Radius.json b/conf/logmanagement/services/Radius.json new file mode 100644 index 0000000..31d15ac --- /dev/null +++ b/conf/logmanagement/services/Radius.json @@ -0,0 +1,14 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"radiusd: .+ : Info: Starting - reading configuration files ...\"):msg@>", + "msg_id" : "Radius:starting", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + } + ], + "version" : "200802210002", + "name" : "Radius", + "description" : "Radius Service" +} diff --git a/conf/logmanagement/services/Rpc_statd.json b/conf/logmanagement/services/Rpc_statd.json new file mode 100644 index 0000000..1241403 --- /dev/null +++ b/conf/logmanagement/services/Rpc_statd.json @@ -0,0 +1,36 @@ +{ + "icon" : "", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rpc.statd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"statd running as.+chown.+to choose different user\"):msg@>", + "msg_id" : "Rpc_statd:running_as_chown_to_choose_different_user", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rpc.statd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Flags:.+\"):msg@>", + "msg_id" : "Rpc_statd:flags", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rpc.statd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Version.+Starting\"):msg@>", + "msg_id" : "Rpc_statd:version_starting", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rpc.statd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Caught signal \\d+, un-registering and exiting.\"):msg@>", + "msg_id" : "Rpc_statd:unregistering_exiting", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Information" + } + ], + "version" : "201006040001", + "name" : "Rpc_statd", + "description" : "Rpc.statd Service" +} diff --git a/conf/logmanagement/services/Rsync.json b/conf/logmanagement/services/Rsync.json new file mode 100644 index 0000000..c41842c --- /dev/null +++ b/conf/logmanagement/services/Rsync.json @@ -0,0 +1,72 @@ +{ + "icon" : "software/logo_rsync", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyncd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"opendir\"):action@>(<@STRING:object@>): <@REGEXP(\"Permission denied\"):status@>", + "msg_id" : "Rsync:opendir_permission_denied", + "table" : "Rsync_error", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyncd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"send_files failed to open\"):action@> <@STRING:object@>: <@REGEXP(\"Permission denied\"):status@>", + "msg_id" : "Rsync:send_files_failed_open", + "table" : "Rsync_error", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyncd\"):daemon@>[<@PID:pid@>]: rsync <@WORD:status@>: <@REGEXP(\"some files could not be transferred.+\"):action@>", + "msg_id" : "Rsync:files_couldnt_be_transferred", + "table" : "Rsync_error", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyncd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"rsync on .+ from .+\"):msg@>", + "msg_id" : "Rsync:rsync_on", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyncd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"wrote \\d+ bytes read \\d+ bytes total size \\d+\"):msg@>", + "msg_id" : "Rsync:wrote_bytes_read_bytes", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyncd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"auth failed on module .+ from .+\"):msg@>", + "msg_id" : "Rsync:auth_failed_module", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyncd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"rsync: connection unexpectedly closed.+\"):msg@>", + "msg_id" : "Rsync:connection_unexpectedly_closed", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyncd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"rsync error: error in rsync protocol data stream.+\"):msg@>", + "msg_id" : "Rsync:error_protocol_data_stream", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyncd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"rsync: read error: Connection reset by peer\"):msg@>", + "msg_id" : "Rsync:connection_reset_by_peer", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://samba.org/rsync/", + "version" : "201002180009", + "name" : "Rsync", + "description" : "Rsync Service" +} diff --git a/conf/logmanagement/services/Rsyslog.json b/conf/logmanagement/services/Rsyslog.json new file mode 100644 index 0000000..7da55f0 --- /dev/null +++ b/conf/logmanagement/services/Rsyslog.json @@ -0,0 +1,155 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyslogd\"):daemon@>: <@REGEXP(\"\\[origin software=\\\"rsyslogd\\\" .+\\] \\(re\\)start\"):msg@>", + "msg_id" : "Rsyslog:start_restart", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyslogd\"):daemon@>: <@REGEXP(\"\\[origin software=\\\"rsyslogd\\\" .+\\] restart\"):msg@>", + "msg_id" : "Rsyslog:restart", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"rklogd .+ started.\"):msg@>", + "msg_id" : "Rsyslog:rklogd_started", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyslogd\"):daemon@>: <@REGEXP(\"\\[origin software=\\\"rsyslogd\\\" .+\\] exiting on signal \\d+.\"):msg@>", + "msg_id" : "Rsyslog:exiting_on_signal", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyslogd\"):daemon@>: <@REGEXP(\"-- MARK --\"):msg@>", + "msg_id" : "Rsyslog:mark", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"imklog .+ started.\"):msg@>", + "msg_id" : "Rsyslog:imklog_started", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyslogd.*\"):daemon@>: <@REGEXP(\"invalid or yet-unknown config file command.*\"):msg@>", + "msg_id" : "Rsyslog:invalid_config_file_command", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyslogd\"):daemon@>: <@REGEXP(\"the last error occured in .+\"):msg@>", + "msg_id" : "Rsyslog:last_error_occured_in", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyslogd\"):daemon@>: <@REGEXP(\"\\[origin software=\\\"rsyslogd\\\" .+\\] rsyslogd was HUPed.*\"):msg@>", + "msg_id" : "Rsyslog:rsyslogd_was_huped", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyslogd.*\"):daemon@>: <@REGEXP(\"CONFIG ERROR:.+\"):msg@>", + "msg_id" : "Rsyslog:config_error", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyslogd.*\"):daemon@>: <@REGEXP(\"Option value must be.+\"):msg@>", + "msg_id" : "Rsyslog:config_value_error", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyslogd.*\"):daemon@>: <@REGEXP(\"error: extra characters in config line ignored:.+\"):msg@>", + "msg_id" : "Rsyslog:config_extra_characters_ignored", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyslogd.*\"):daemon@>: <@REGEXP(\"unknown priority name.+\"):msg@>", + "msg_id" : "Rsyslog:unknown_priority_name", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyslogd.*\"):daemon@>: <@REGEXP(\"warning: selector line without actions will be discarded\"):msg@>", + "msg_id" : "Rsyslog:selector_line_without_actions_will_be_discarded", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyslogd.*\"):daemon@>: <@REGEXP(\"No character available.+\"):msg@>", + "msg_id" : "Rsyslog:no_character_available", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyslogd\"):daemon@>: <@REGEXP(\"Framing Error in received TCP message: .+\"):msg@>", + "msg_id" : "Rsyslog:framing_error_tcp_message", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyslogd\"):daemon@>: <@REGEXP(\"rsyslogd's userid changed to .+\"):msg@>", + "msg_id" : "Rsyslog:userid_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyslogd\"):daemon@>: <@REGEXP(\"rsyslogd's groupid changed to .+\"):msg@>", + "msg_id" : "Rsyslog:goupid_changed", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyslogd\"):daemon@>: <@REGEXP(\".+ swVersion=.+ start\"):msg@>", + "msg_id" : "Rsyslog:swversion_start", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyslogd.*\"):daemon@>: <@REGEXP(\"Could not create \\S+ listener, .+\"):msg@>", + "msg_id" : "Rsyslog:could_not_create_listener", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"rsyslogd.*\"):daemon@>: <@REGEXP(\"Could not open output .+\"):msg@>", + "msg_id" : "Rsyslog:could_not_open_output", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://www.rsyslog.com/", + "version" : "201211060006", + "name" : "Rsyslog", + "description" : "Rsyslog Service" +} diff --git a/conf/logmanagement/services/Samba.json b/conf/logmanagement/services/Samba.json new file mode 100644 index 0000000..5678cc7 --- /dev/null +++ b/conf/logmanagement/services/Samba.json @@ -0,0 +1,93 @@ +{ + "icon" : "software/logo_samba", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smbd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"nss_ldap: reconnecting to LDAP server.+\"):msg@>", + "msg_id" : "Samba:reconnecting_ldap_server", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smbd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"nss_ldap: reconnected to LDAP server after \\d+ attempt\\(s\\)\"):msg@>", + "msg_id" : "Samba:reconnected_ldap_server", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smb: \\S+ shutdown failed\"):msg@> ", + "msg_id" : "Samba:shutdown_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smbd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"nss_ldap: could not hard reconnect to LDAP server.+\"):msg@>", + "msg_id" : "Samba:couldnt_hard_reconnect_ldap", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nmbd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ current master browser = .+\"):msg@>", + "msg_id" : "Samba:current_master_browser", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nmbd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s*dump workgroup on subnet .+\"):msg@>", + "msg_id" : "Samba:dump_workgroup_on_subnet", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nmbd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ \\(Samba Server Version \\S+\\)\"):msg@>", + "msg_id" : "Samba:nmbd_samba_server_version", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smbd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s*Unable to connect to CUPS server .+\"):msg@>", + "msg_id" : "Samba:unable_connect_cups_server", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nmbd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s*Samba name server .+ has stopped being a local master browser for .+\"):msg@>", + "msg_id" : "Samba:stopped_being_local_master", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nmbd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s*Samba name server .+ is now a local master browser for .+\"):msg@>", + "msg_id" : "Samba:now_local_master", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nmbd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*nmbd\\/nmbd_\\S+.c:\\S+\"):msg@>", + "msg_id" : "Samba:nmbd_debug_c_file", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"nmbd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* [Ff]ailed to register\\S* name .+ on subnet .+\"):msg@>", + "msg_id" : "Samba:failed_to_register_name", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + } + ], + "website" : "http://samba.org", + "version" : "200906020006", + "name" : "Samba", + "description" : "Samba Service" +} diff --git a/conf/logmanagement/services/Samhain.json b/conf/logmanagement/services/Samhain.json new file mode 100644 index 0000000..cfa2d4d --- /dev/null +++ b/conf/logmanagement/services/Samhain.json @@ -0,0 +1,226 @@ +{ + "icon" : "software/logo_samhain", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"File check completed.\"):msg@>\" <@STRING:NULL@> />", + "msg_id" : "Samhain:file_check_completed", + "table" : "Samhain", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" <@REGEXP(\".+No such group.+\"):msg@>\" />", + "msg_id" : "Samhain:no_such_group", + "table" : "Samhain", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" <@REGEXP(\".+No such user.+\"):msg@>\" /> ", + "msg_id" : "Samhain:no_such_user", + "table" : "Samhain", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"POLICY [<@WORD:policy@>] <@REGEXP(\".+\"):msg@>\" /> ", + "msg_id" : "Samhain:policy", + "table" : "Samhain", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"---- TIMESTAMP ----\"):msg@>\" /> ", + "msg_id" : "Samhain:timestamp", + "table" : "Samhain", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"EXIT.+\"):msg@>\" /> ", + "msg_id" : "Samhain:exit", + "table" : "Samhain", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"START.+\"):msg@>\" /> ", + "msg_id" : "Samhain:start", + "table" : "Samhain", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"POLICY <@WORD:policy@>\" <@REGEXP(\"path=.+\"):msg@>\" /> ", + "msg_id" : "Samhain:policy_added", + "table" : "Samhain", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"samhain\"):daemon@>: \" tstamp=\"<@WORD:NULL@>\" <@REGEXP(\"interface=.+No such file or directory.+\"):msg@>\" />", + "msg_id" : "Samhain:no_such_file", + "table" : "Samhain", + "taxonomy" : "Config.Changes", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"Service failure.+\"):msg@>\" /> ", + "msg_id" : "Samhain:service_failure", + "table" : "Samhain", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"Connection error: .+\"):msg@>\" /> ", + "msg_id" : "Samhain:connection_error", + "table" : "Samhain", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"Unexpected reply\"):msg@>\" /> ", + "msg_id" : "Samhain:unexpected_reply", + "table" : "Samhain", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"Invalid connection state.+\"):msg@>\" /> ", + "msg_id" : "Samhain:invalid_connection_state", + "table" : "Samhain", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"Checking.+\"):msg@>\" />", + "msg_id" : "Samhain:checking", + "table" : "Samhain", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"Connection refused.+\"):msg@>\" /> ", + "msg_id" : "Samhain:connection_refused", + "table" : "Samhain", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"d: .+\"):msg@>\" />", + "msg_id" : "Samhain:UNKNOWN", + "table" : "Samhain", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"Check failed.+\"):msg@>\" /> ", + "msg_id" : "Samhain:check_failed", + "table" : "Samhain", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"Queue full, messages may get lost.+\"):msg@>\" /> ", + "msg_id" : "Samhain:queue_full", + "table" : "Samhain", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"Session key negotiated\"):msg@>\" />", + "msg_id" : "Samhain:session_key_negotiated", + "table" : "Samhain", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"Connection timed out.+\"):msg@>\" />", + "msg_id" : "Samhain:connection_timed_out", + "table" : "Samhain", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"samhain\"):daemon@>: \" tstamp=\"<@WORD:NULL@>\" interface=\"glob\" msg=\"<@REGEXP(\"No matches found.+\"):msg@>\" /> ", + "msg_id" : "Samhain:no_matches_found", + "table" : "Samhain", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"samhain\"):daemon@>: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"File download completed\"):msg@>\" /> ", + "msg_id" : "Samhain:file_download_complete", + "table" : "Samhain", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"samhain\"):daemon@>: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"Session key negotiated\"):msg@>\" />", + "msg_id" : "Samhain:session_key_negotiated2", + "table" : "Samhain", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"samhain\"):daemon@>: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"Downloading configuration file\"):msg@>\" /> ", + "msg_id" : "Samhain:downloading_configuration_file", + "table" : "Samhain", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"PANIC Error initializing the application\"):msg@>\" program=\"Samhain\" />", + "msg_id" : "Samhain:error_initializing_application", + "table" : "Samhain", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"File download failed\"):msg@>\" /> ", + "msg_id" : "Samhain:file_download_failed", + "table" : "Samhain", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"Signature database exists.+\"):msg@>\" />", + "msg_id" : "Samhain:signature_database_exists", + "table" : "Samhain", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"Message delivery not confirmed\"):msg@>\" /> ", + "msg_id" : "Samhain:message_delivery_not_confirmed", + "table" : "Samhain", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"No route to host,.+\"):msg@>\" />", + "msg_id" : "Samhain:no_route_to_host", + "table" : "Samhain", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" msg=\"<@REGEXP(\"Session key negotiation failed\"):msg@>\" />", + "msg_id" : "Samhain:session_key_negotiation_failed", + "table" : "Samhain", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"Samhain\"):daemon@>[<@NUMBER:NULL@>]: \" tstamp=\"<@WORD:NULL@>\" <@REGEXP(\"interface=.+No such file or directory.+\"):msg@>\" />", + "msg_id" : "Samhain:no_such_file2", + "table" : "Samhain", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + } + ], + "website" : "http://www.la-samhna.de/samhain/", + "version" : "200703060001", + "name" : "Samhain", + "description" : "Samhain Service" +} diff --git a/conf/logmanagement/services/Saslauthd.json b/conf/logmanagement/services/Saslauthd.json new file mode 100644 index 0000000..9485d3a --- /dev/null +++ b/conf/logmanagement/services/Saslauthd.json @@ -0,0 +1,64 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"saslauthd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ipc_init.*: listening on socket: .+\"):msg@>", + "msg_id" : "Saslauthd:listening_on_socket", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"saslauthd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"detach_tty.*: master pid is: \\d+\"):msg@>", + "msg_id" : "Saslauthd:detach_tty", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"saslauthd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"server_exit.*: master exited: \\d+\"):msg@>", + "msg_id" : "Saslauthd:server_exit", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"saslauthd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"PAM unable to dlopen.+\"):msg@>", + "msg_id" : "Saslauthd:pam_unable_to_dlopen", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"saslauthd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"PAM adding faulty module:.+\"):msg@>", + "msg_id" : "Saslauthd:pam_adding_faulty_module", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"saslauthd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"PAM \\(smtp\\) illegal module type: .+\"):msg@>", + "msg_id" : "Saslauthd:pam_illegal_module_type", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"saslauthd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"do_auth.*: auth failure: .+\"):msg@>", + "msg_id" : "Saslauthd:auth_failure", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"saslpasswd2\"):daemon@>: <@REGEXP(\"error deleting entry from sasldb.*\"):msg@>", + "msg_id" : "Saslauthd:error_deleting_entry_sasldb", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + } + ], + "website" : "", + "version" : "200901210001", + "name" : "Saslauthd", + "description" : "SASL Authentication Server Service" +} diff --git a/conf/logmanagement/services/Sendmail.json b/conf/logmanagement/services/Sendmail.json new file mode 100644 index 0000000..f791aac --- /dev/null +++ b/conf/logmanagement/services/Sendmail.json @@ -0,0 +1,198 @@ +{ + "icon" : "software/logo_sendmail", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>]: <@WORD:mail_id@>: from=<@EMAIL:sender@>, size=<@NUMBER:size@>, class=<@NUMBER:NULL@>, nrcpts=<@NUMBER:NULL@>, msgid=<@WORD:msg_id@>, relay=<@STRING:relay@> ", + "msg_id" : "Sendmail:from", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>]: <@WORD:mail_id@>: from=<@EMAIL:sender@>, size=<@NUMBER:size@>, class=<@NUMBER:NULL@>, nrcpts=<@NUMBER:NULL@>, msgid=<@WORD:msg_id@>, proto=<@WORD:NULL@>, daemon=<@WORD:NULL@>, relay=<@STRING:relay@>", + "msg_id" : "Sendmail:from_proto", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>]: <@WORD:mail_id@>: to=<@EMAIL:recipient@> ctladdr=<@STRING:NULL@>, delay=<@WORD:NULL@> xdelay=<@WORD:NULL@> mailer=<@WORD:NULL@> pri=<@WORD:NULL@> relay=<@STRING:relay@>, dsn=<@WORD:NULL@> stat=<@STRING:status@>", + "msg_id" : "Sendmail:to_relay", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>]: <@WORD:mail_id@>: to=<@EMAIL:recipient@> ctladdr=<@STRING:NULL@>, delay=<@WORD:NULL@> xdelay=<@WORD:NULL@> mailer=<@WORD:NULL@> pri=<@WORD:NULL@>, dsn=<@WORD:NULL@> stat=<@STRING:status@> ", + "msg_id" : "Sendmail:to", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"NOQUEUE: SYSERR\\(\\S+\\): can not chdir\\(.+\\): Permission denied\"):msg@>", + "msg_id" : "Sendmail:can_not_chdir", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"alias database .+ rebuilt by .+\"):msg@>", + "msg_id" : "Sendmail:alias_database_rebuilt_by", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"starting daemon.+\"):msg@>", + "msg_id" : "Sendmail:starting_daemon", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sm-msp-queue\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"starting daemon .+\"):msg@>", + "msg_id" : "Sendmail:msp_queue_starting_daemon", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sm-msp-queue\"):daemon@>[<@PID:pid@>]: <@WORD:mail_id@>: to=<@EMAIL:recipient@> ctladdr=<@STRING:NULL@>, delay=<@WORD:NULL@> xdelay=<@WORD:NULL@> mailer=<@WORD:NULL@> pri=<@WORD:NULL@> relay=<@STRING:relay@>, dsn=<@WORD:NULL@> stat=<@STRING:status@>", + "msg_id" : "Sendmail:msp_queue_relay", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sm-msp-queue\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"grew WorkList for .+\"):msg@>", + "msg_id" : "Sendmail:grew_worklist", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: sender notify: Warning: could not send message for past \\d+ hours\"):msg@> ", + "msg_id" : "Sendmail:couldnt_send_past_hours", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>]: <@WORD:mail_id@>: to=<@EMAIL:recipient@>, delay=<@STRING:NULL@>, xdelay=<@STRING:NULL@>, mailer=<@WORD:NULL@>, pri=<@WORD:NULL@>, dsn=<@WORD:NULL@>, stat=<@STRING:status@>", + "msg_id" : "Sendmail:to2", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: sender notify: Cannot send message for .+\"):msg@>", + "msg_id" : "Sendmail:cannot_send_message_for", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>]: <@WORD:mail_id@>: from=<@WORD:sender@>, size=<@NUMBER:size@>, class=<@NUMBER:NULL@>, nrcpts=<@NUMBER:NULL@>, msgid=<@WORD:msg_id@>, relay=<@STRING:relay@>", + "msg_id" : "Sendmail:from_user", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"(?:sendmail|sm-msp-queue)\"):daemon@>[<@PID:pid@>]: <@WORD:mail_id@>: to=<@WORD:recipient@> ctladdr=<@STRING:NULL@>, delay=<@WORD:NULL@> xdelay=<@WORD:NULL@> mailer=<@WORD:NULL@> pri=<@WORD:NULL@>, relay=<@STRING:relay@>, dsn=<@WORD:NULL@> stat=<@STRING:status@>", + "msg_id" : "Sendmail:to_user", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"(?:sendmail|sm-msp-queue)\"):daemon@>[<@PID:pid@>]: <@WORD:mail_id@>: to=<@WORD:recipient@>, delay=<@WORD:NULL@> xdelay=<@WORD:NULL@> mailer=<@WORD:NULL@> pri=<@WORD:NULL@> relay=<@STRING:relay@>, dsn=<@WORD:NULL@> stat=<@STRING:status@>", + "msg_id" : "Sendmail:to_user2", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"alias .+ out of date\"):msg@>", + "msg_id" : "Sendmail:alias_out_of_date", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\S+: \\S+: DSN: Host unknown .*\"):msg@>", + "msg_id" : "Sendmail:dsn_host_unknown", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\S+: \\S+: return to sender: Host unknown .*\"):msg@>", + "msg_id" : "Sendmail:return_sender_host_unknown", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"(?:sendmail|sm-msp-queue)\"):daemon@>[<@PID:pid@>]: <@WORD:mail_id@>: to=<@WORD:recipient@>, delay=<@WORD:NULL@> xdelay=<@WORD:NULL@> mailer=<@WORD:NULL@> pri=<@WORD:NULL@> dsn=<@WORD:NULL@> stat=<@STRING:status@>", + "msg_id" : "Sendmail:to_user3", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>]: <@WORD:mail_id@>: from=<@WORD:sender@>, size=<@NUMBER:size@>, class=<@NUMBER:NULL@>, nrcpts=<@NUMBER:nrcpt@>, msgid=<@WORD:msg_id@>, <@REGEXP(\"bodytype=\\S+, proto=\\S+, daemon=\\S+\"):status@>, relay=<@STRING:relay@>", + "msg_id" : "Sendmail:bodytype_proto_daemon", + "table" : "Mail_Traffic", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>]: <@WORD:mail_id@>: from=<@WORD:sender@>, size=<@NUMBER:size@>, class=<@NUMBER:NULL@>, nrcpts=<@NUMBER:nrcpt@>, msgid=<@WORD:msg_id@>, <@REGEXP(\"proto=\\S+, daemon=\\S+\"):status@>, relay=<@STRING:relay@>", + "msg_id" : "Sendmail:proto_daemon", + "table" : "Mail_Traffic", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>]: <@WORD:mail_id@>: <@REGEXP(\".*User unknown\"):status@>", + "msg_id" : "Sendmail:user_unknown", + "table" : "Mail_Traffic", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>] <@WORD:mail_id@>: to=<@EMAIL:recipient@>, ctladdr=<@STRING:NULL@>, delay=<@WORD:NULL@>, xdelay=<@WORD:NULL@>, mailer=<@WORD:NULL@>, pri=<@WORD:NULL@>, relay=<@STRING:relay@>, dsn=<@WORD:NULL@>, stat=<@STRING:status@>", + "msg_id" : "Sendmail:to_relay2", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>] <@WORD:mail_id@>: to=<@WORD:recipient@> ctladdr=<@STRING:NULL@>, delay=<@WORD:NULL@>, xdelay=<@WORD:NULL@>, mailer=<@WORD:NULL@>, pri=<@WORD:NULL@>, relay=<@STRING:relay@>, dsn=<@WORD:NULL@> stat=<@STRING:status@>", + "msg_id" : "Sendmail:to_user4", + "table" : "Mail_Traffic", + "taxonomy" : "Email.Traffic", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"unable to qualify my own domain name .+\"):msg@>", + "msg_id" : "Sendmail:unable_qualify_own_domain", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sendmail\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"My unqualified host name .+ unknown; sleeping for retry\"):msg@>", + "msg_id" : "Sendmail:my_unqualified_host_name", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://www.sendmail.org/", + "version" : "201208290002", + "name" : "Sendmail", + "description" : "Sendmail Service" +} diff --git a/conf/logmanagement/services/Slony-I.json b/conf/logmanagement/services/Slony-I.json new file mode 100644 index 0000000..e7fa982 --- /dev/null +++ b/conf/logmanagement/services/Slony-I.json @@ -0,0 +1,79 @@ +{ + "icon" : "software/logo_slony-i", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> postgres[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"NOTICE: Slony-I: Logswitch to .+ initiated\"):msg@> ", + "msg_id" : "Slony-I:logswitch_initiated", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> postgres[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"NOTICE: Slony-I: log switch to .+ still in progress.*\"):msg@>", + "msg_id" : "Slony-I:logswitch_still_in_progress", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> postgres[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"NOTICE: Slony-I: log switch to .+ complete.*\"):msg@>", + "msg_id" : "Slony-I:logswitch_complete", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> postgres[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"CONTEXT: SQL statement \\\"SELECT \\\".+\\\".logswitch_start\\(\\)\\\"\"):msg@> ", + "msg_id" : "Slony-I:context_logswitch_start", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> postgres[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"NOTICE: Consider adding partial index .+\"):msg@>", + "msg_id" : "Slony-I:consider_adding_partial_index", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> postgres[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"CONTEXT: SQL statement \\\"SELECT \\\".*\\\".addPartialLogIndices\\(\\)\\\"\"):msg@> ", + "msg_id" : "Slony-I:context_add_partial_index", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> postgres[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"NOTICE: Index .+ already present - skipping\"):msg@> ", + "msg_id" : "Slony-I:index_already_present", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> postgres[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"NOTICE: schema: .+ tablename:.+\"):msg@>", + "msg_id" : "Slony-I:schema_tablename", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> postgres[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"ERROR: Slony-I: Table \\S+ is replicated and cannot be modified .+\"):msg@>", + "msg_id" : "Slony-I:table_replicated_cant_modified", + "table" : "Database_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> postgres[<@PID:pid@>]: <@STRING:NULL@> <@WORD:client@> <@WORD:user@> <@WORD:db@> <@REGEXP(\"NOTICE: Slony-I: cleanup stale .+\"):msg@>", + "msg_id" : "Slony-I:cleanup_stale_entry", + "table" : "Database_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "http://slony.info/", + "version" : "200811170001", + "name" : "Slony-I", + "description" : "Slony-I replication system Service" +} diff --git a/conf/logmanagement/services/Smartd.json b/conf/logmanagement/services/Smartd.json new file mode 100644 index 0000000..88da24e --- /dev/null +++ b/conf/logmanagement/services/Smartd.json @@ -0,0 +1,162 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Device: .+ SMART Usage Attribute:.+ Airflow_Temperature_Cel changed from \\d+ to \\d+\"):msg@>", + "msg_id" : "Smartd:airflow_temperature_cel_changed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Device: .+ SMART Usage Attribute:.+ Temperature_Celsius changed from \\d+ to \\d+\"):msg@>", + "msg_id" : "Smartd:temperature_celsius_changed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"smartd received signal \\d+: Terminated\"):msg@>", + "msg_id" : "Smartd:terminated", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"smartd is exiting \\(exit status \\d+\\)\"):msg@>", + "msg_id" : "Smartd:exiting", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Device: .+ state (?:written|read) (?:to|from) .+\"):msg@>", + "msg_id" : "Smartd:written_or_read_device_state", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"smartd .+ http://smartmontools.sourceforge.net.+\"):msg@>", + "msg_id" : "Smartd:copyright_information", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Opened configuration file .+\"):msg@>", + "msg_id" : "Smartd:opened_config_file", + "table" : "Message", + "taxonomy" : "Config", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Drive: .+ implied .+ Directive on line \\d+ of file .+\"):msg@>", + "msg_id" : "Smartd:implied_directive", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Device: .+ opened\"):msg@>", + "msg_id" : "Smartd:device_opened", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Configuration file .+ was parsed.+ found .+ scanning devices\"):msg@>", + "msg_id" : "Smartd:config_file_parsed_scanning_devices", + "table" : "Message", + "taxonomy" : "Config", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Unable to monitor any SMART enabled devices. Try debug .+ option. Exiting.+\"):msg@>", + "msg_id" : "Smartd:unable_to_monitor_devices", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Device: .+ not enabled.+ skip device.+\"):msg@>", + "msg_id" : "Smartd:smart_disabled_device_skip", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Device: .+ is SMART capable.+ Adding to .+ list.\"):msg@>", + "msg_id" : "Smartd:capable_device_adding_to_list", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Device: .+ type changed from .+ to .+\"):msg@>", + "msg_id" : "Smartd:device_type_changed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Device: .+ found in .+ database.\"):msg@>", + "msg_id" : "Smartd:device_found_in_database", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Monitoring .+ devices\"):msg@>", + "msg_id" : "Smartd:monitoring_devices", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"smartd has .+ into \\w+ground mode. New PID=.+\"):msg@>", + "msg_id" : "Smartd:background_foreground_mode", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Device: .+ SMART Prefailure Attribute: .+ Raw_Read_Error_Rate changed from \\d+ to \\d+\"):msg@>", + "msg_id" : "Smartd:raw_read_error_rate_changed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Device: .+ SMART Usage Attribute: .+ Hardware_ECC_Recovered changed from \\d+ to \\d+\"):msg@>", + "msg_id" : "Smartd:hardware_ecc_recovered_changed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Device: .+ SMART Usage Attribute: .+ Power_On_Hours changed from \\d+ to \\d+\"):msg@>", + "msg_id" : "Smartd:power_on_hours_changed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Device:.+state read from.+\"):msg@>", + "msg_id" : "Smartd:read_device_state", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"smartd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Device: .+ SMART Prefailure Attribute:.+ Seek_Error_Rate changed from \\d+ to \\d+\"):msg@>", + "msg_id" : "Smartd:seek_error_rate_changed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + } + ], + "website" : "http://sourceforge.net/projects/smartmontools/", + "version" : "201004090006", + "name" : "Smartd", + "description" : "Smart Monitoring Service" +} diff --git a/conf/logmanagement/services/Snmpd.json b/conf/logmanagement/services/Snmpd.json new file mode 100644 index 0000000..398027c --- /dev/null +++ b/conf/logmanagement/services/Snmpd.json @@ -0,0 +1,148 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Connection from .+\"):msg@>", + "msg_id" : "Snmpd:connection_from", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Received SNMP packet\\(s\\) from .+\"):msg@>", + "msg_id" : "Snmpd:received_snmp_packets_from", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>: <@REGEXP(\"snmpd shutdown failed\"):msg@> ", + "msg_id" : "Snmpd:shutdown_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\S+-SNMP version .+\"):msg@>", + "msg_id" : "Snmpd:version", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Received TERM or STOP signal.+\"):msg@>", + "msg_id" : "Snmpd:receiving_stop_signal", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Error opening specified endpoint .+\"):msg@>", + "msg_id" : "Snmpd:error_opening_endpoint", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"cache has existing timer id.\"):msg@> ", + "msg_id" : "Snmpd:cache_has_timer_id", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"/proc/stat buffer increased to \\d+\"):msg@>", + "msg_id" : "Snmpd:proc_stat_buffer_increased", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Creating directory: .+\"):msg@>", + "msg_id" : "Snmpd:creating_directory", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Received .+ signal... shutting down...\"):msg@> ", + "msg_id" : "Snmpd:received_signal_shutting_down", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ bind failed: Address already in use\"):msg@> ", + "msg_id" : "Snmpd:address_already_in_use", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Turning on AgentX master support.+\"):msg@> ", + "msg_id" : "Snmpd:turning_on_agentx", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Note this is still experimental and shouldn't be used on critical systems.\"):msg@> ", + "msg_id" : "Snmpd:agentx_shouldnt_be_used", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ accepted fd \\d+ from .+\"):msg@>", + "msg_id" : "Snmpd:accepted_fd_from", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Received broken packet. Closing session.\"):msg@> ", + "msg_id" : "Snmpd:received_broken_packet", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: line \\d+: Error: .+\"):msg@>", + "msg_id" : "Snmpd:configuration_error", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Reconfiguring daemon\"):msg@> ", + "msg_id" : "Snmpd:reconfiguring_daemon", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: line \\d+: Warning: Unknown token: .+\"):msg@>", + "msg_id" : "Snmpd:config_unknown_token", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"error getting netmask for interface .+\"):msg@>", + "msg_id" : "Snmpd:error_getting_netmask_interface", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"\\S*snmp\\w*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"cannot open .+\"):msg@>", + "msg_id" : "Snmpd:cannot_open", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://net-snmp.sourceforge.net/", + "version" : "201002180001", + "name" : "Snmpd", + "description" : "Snmpd Service" +} diff --git a/conf/logmanagement/services/SpamAssassin.json b/conf/logmanagement/services/SpamAssassin.json new file mode 100644 index 0000000..1ee6465 --- /dev/null +++ b/conf/logmanagement/services/SpamAssassin.json @@ -0,0 +1,58 @@ +{ + "icon" : "software/logo_spamassassin", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"spamd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"spamd: server started on port .+\"):msg@>", + "msg_id" : "SpamAssassin:server_started_on_port", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"spamd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"spamd: server successfully spawned child process.+\"):msg@>", + "msg_id" : "SpamAssassin:successfully_spawned_child_process", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"spamd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"spamd: server pid: \\d+\"):msg@>", + "msg_id" : "SpamAssassin:server_pid", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"spamd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"rules: .+ has undefined dependency .+\"):msg@>", + "msg_id" : "SpamAssassin:rules_undefined_dependency", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"spamd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"logger: removing .+ method\"):msg@>", + "msg_id" : "SpamAssassin:logger_removing_method", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"spamd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"prefork: child states:.+\"):msg@>", + "msg_id" : "SpamAssassin:prefork_child_states", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"spamd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"spamd: server killed by SIGTERM, shutting down\"):msg@>", + "msg_id" : "SpamAssassin:server_killed_shutting_down", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Notice" + } + ], + "website" : "http://spamassassin.apache.org/", + "version" : "201002180007", + "name" : "SpamAssassin", + "description" : "SpamAssassin Service" +} diff --git a/conf/logmanagement/services/Squid_System.json b/conf/logmanagement/services/Squid_System.json new file mode 100644 index 0000000..96ae130 --- /dev/null +++ b/conf/logmanagement/services/Squid_System.json @@ -0,0 +1,632 @@ +{ + "icon" : "software/logo_squid", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"urlParse: URL too large .+\"):msg@>", + "msg_id" : "Squid_System:url_too_large", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"logfileRotate.*: .+\"):msg@>", + "msg_id" : "Squid_System:logfile_rotate", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"storeDirWriteCleanLogs: Starting...\"):msg@> ", + "msg_id" : "Squid_System:clean_logs_starting", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Accepting proxy .+ connections at .+\"):msg@>", + "msg_id" : "Squid_System:accepting_proxy_connections_at", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Starting Squid Cache version .+\"):msg@>", + "msg_id" : "Squid_System:starting_squid_cache_version", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Ready to serve requests.\"):msg@> ", + "msg_id" : "Squid_System:ready_to_serve_requests", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"WARNING: Closing client .+ connection due to lifetime timeout\"):msg@> ", + "msg_id" : "Squid_System:closing_connection_lifetime_timeout", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ is disabled.\"):msg@> ", + "msg_id" : "Squid_System:some_option_is_disabled", + "table" : "Message", + "taxonomy" : "Config", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ Disabled.\"):msg@> ", + "msg_id" : "Squid_System:some_protocol_disabled", + "table" : "Message", + "taxonomy" : "Config", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*\\d+ Objects \\w+ed.\"):msg@> ", + "msg_id" : "Squid_System:objects_status", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Rebuilding storage in .+\"):msg@>", + "msg_id" : "Squid_System:rebuilding_storage_in", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Finished rebuilding storage from disk.\"):msg@> ", + "msg_id" : "Squid_System:finished_rebuilding_storage", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*\\d+ Entries scanned\"):msg@> ", + "msg_id" : "Squid_System:entries_scanned", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s*store_swap_size = .+\"):msg@>", + "msg_id" : "Squid_System:store_swap_size", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"temporary disabling .* digest from .+\"):msg@>", + "msg_id" : "Squid_System:temporary_disabling_digest", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Local cache digest enabled; .+\"):msg@>", + "msg_id" : "Squid_System:local_cache_digest_enabled", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Detected DEAD Parent:.+\"):msg@>", + "msg_id" : "Squid_System:detected_dead_parent", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"TCP connection to .+ failed\"):msg@> ", + "msg_id" : "Squid_System:tcp_connection_failed", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Max Mem size: .+\"):msg@>", + "msg_id" : "Squid_System:max_mem_size", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Max Swap size: .+\"):msg@>", + "msg_id" : "Squid_System:max_swap_size", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Failed to select source for .+\"):msg@> ", + "msg_id" : "Squid_System:failed_select_source_for", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Waiting \\d+ seconds for active connections to finish\"):msg@> ", + "msg_id" : "Squid_System:waiting_active_connections_finish", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Using epoll for the IO loop\"):msg@> ", + "msg_id" : "Squid_System:epoll_for_io_loop", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s*Validated \\d+ Entries\"):msg@> ", + "msg_id" : "Squid_System:validated_entries", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Detected REVIVED Parent: .+\"):msg@>", + "msg_id" : "Squid_System:detected_revived_parent", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Adding .+ from .+resolv.conf\"):msg@> ", + "msg_id" : "Squid_System:adding_from_resolv_conf", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Squid Cache .+: Exiting normally.\"):msg@> ", + "msg_id" : "Squid_System:squid_cache_exiting_normally", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Set Current Directory to .+\"):msg@>", + "msg_id" : "Squid_System:set_current_directory_to", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".* Took .+ seconds .+\"):msg@> ", + "msg_id" : "Squid_System:took_seconds", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Squid Parent: child process \\d+ exited with status \\d+\"):msg@> ", + "msg_id" : "Squid_System:squid_parent_child_status", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ Validation Procedure\"):msg@> ", + "msg_id" : "Squid_System:validation_procedure", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>: <@REGEXP(\"Could not determine fully qualified hostname.+\"):msg@>", + "msg_id" : "Squid_System:couldnt_determine_qualified_hostname", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"clientReadRequest: .+ Invalid Request\"):msg@> ", + "msg_id" : "Squid_System:invalid_request", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Preparing for shutdown after \\d+ requests\"):msg@> ", + "msg_id" : "Squid_System:preparing_shutdown_after_requests", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"DNS Socket created at .+\"):msg@>", + "msg_id" : "Squid_System:dns_socket_created", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Squid Parent: child process \\d+ started\"):msg@>", + "msg_id" : "Squid_System:chlid_process_start", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Process ID .+\"):msg@>", + "msg_id" : "Squid_System:pid", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"With \\d+ file descriptors available\"):msg@>", + "msg_id" : "Squid_System:file_drescriptors", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s+Finished.\\s+Wrote \\d+ entries.\"):msg@>", + "msg_id" : "Squid_System:wrote_entries_number", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*Connection reset by peer.*\"):msg@> ", + "msg_id" : "Squid_System:connection_reset_by_peer", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Configuring Parent .+\"):msg@>", + "msg_id" : "Squid_System:configuring_parent", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Using \\d+ Store buckets\"):msg@> ", + "msg_id" : "Squid_System:using_store_buckets", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Target number of buckets: \\d+\"):msg@>", + "msg_id" : "Squid_System:target_number_of_buckets", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Loaded Icons.\"):msg@> ", + "msg_id" : "Squid_System:loaded_icons", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Done reading .+ swaplog .+\"):msg@>", + "msg_id" : "Squid_System:done_reading_swaplog", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Closing unlinkd pipe on .+\"):msg@>", + "msg_id" : "Squid_System:closing_unlinkd_pipe", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Unlinkd pipe opened on .+\"):msg@>", + "msg_id" : "Squid_System:unlinkd_pipe_opened", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s*\\d+ Duplicate URLs purged.\"):msg@> ", + "msg_id" : "Squid_System:nb_duplicate_urls_purged", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s*\\d+ Invalid entries.\"):msg@> ", + "msg_id" : "Squid_System:nb_invalid_entries", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s*\\d+ Swapfile clashes avoided.\"):msg@> ", + "msg_id" : "Squid_System:nb_swapfile_clashes_avoided", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s*\\d+ With invalid flags.\"):msg@> ", + "msg_id" : "Squid_System:nb_with_invalid_flags", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Shutting down...\"):msg@> ", + "msg_id" : "Squid_System:shutting_down", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Using Least Load store dir selection\"):msg@> ", + "msg_id" : "Squid_System:using_least_load", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ Closing HTTP connection\"):msg@> ", + "msg_id" : "Squid_System:closing_http_connection", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Extension method .+ added.+\"):msg@>", + "msg_id" : "Squid_System:extension_method_added", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Swap maxSize .+, estimated \\d+ objects\"):msg@> ", + "msg_id" : "Squid_System:swap_maxsize_estimated_objects", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Warning: Could not find any nameservers. Trying to use localhost\"):msg@> ", + "msg_id" : "Squid_System:couldnt_find_any_nameservers", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Please check your .+resolv.conf file\"):msg@> ", + "msg_id" : "Squid_System:couldnt_find_any_nameservers2", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"or use the 'dns_nameservers' option in squid.conf.\"):msg@> ", + "msg_id" : "Squid_System:couldnt_find_any_nameservers3", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"storeLateRelease: released \\d+ objects\"):msg@> ", + "msg_id" : "Squid_System:storelaterelease_release_objects", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s+\\w+_direct = .+\"):msg@>", + "msg_id" : "Squid_System:debug_info", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"\\s+timedout = .+\"):msg@>", + "msg_id" : "Squid_System:debug_info2", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Reconfiguring Squid Cache .+\"):msg@>", + "msg_id" : "Squid_System:reconfiguring_squid_cache", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Done scanning .+\"):msg@>", + "msg_id" : "Squid_System:done_scanning", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>: <@REGEXP(\"aclParseAclLine: Invalid ACL type .+\"):msg@>", + "msg_id" : "Squid_System:invalid_acl_type", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*resolv.conf.*No such file or directory.*\"):msg@>", + "msg_id" : "Squid_System:no_resolv_conf", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*Disk space over limit:.+\"):msg@>", + "msg_id" : "Squid_System:disk_space_over_limit", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"storeLocateVary: Not our vary marker object, .+\"):msg@>", + "msg_id" : "Squid_System:not_vary_marker_object", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Exiting due to repeated, frequent failures\"):msg@> ", + "msg_id" : "Squid_System:exiting_due_to_failures", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Bungled squid.conf line .+\"):msg@>", + "msg_id" : "Squid_System:bungled_squid_conf_line", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> (squid): <@REGEXP(\"Bungled squid.conf line \\d+: .+\"):msg@>", + "msg_id" : "Squid_System:bungled_squid_conf_line2", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"storeUfsDirOpenSwapLog: Failed to open swap log.\"):msg@> ", + "msg_id" : "Squid_System:failed_open_swap_log", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Squid Parent: child process \\d+ exited due to signal \\d+\"):msg@>", + "msg_id" : "Squid_System:child_process_exited_signal", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+: .*Permission denied\"):msg@> ", + "msg_id" : "Squid_System:file_permission_denied", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"decode_addr: Invalid IP address .+\"):msg@>", + "msg_id" : "Squid_System:invalid_ip_address", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>: <@REGEXP(\"decode_addr: Invalid IP address .+\"):msg@>", + "msg_id" : "Squid_System:invalid_ip_address2", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> (<@REGEXP(\"squid\"):daemon@>): <@REGEXP(\"decode_addr: Invalid IP address .+\"):msg@>", + "msg_id" : "Squid_System:invalid_ip_address3", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"aclParseAclLine: WARNING: empty ACL: .+\"):msg@>", + "msg_id" : "Squid_System:empty_acl", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>: <@REGEXP(\"aclParseAclLine: WARNING: empty ACL: .+\"):msg@>", + "msg_id" : "Squid_System:empty_acl2", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> (<@REGEXP(\"squid\"):daemon@>): <@REGEXP(\"aclParseAclLine: WARNING: empty ACL: .+\"):msg@>", + "msg_id" : "Squid_System:empty_acl3", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"parseHttpRequest: Unsupported method .+\"):msg@>", + "msg_id" : "Squid_System:parsehttprequest_unsupported_method", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"urlParse: Illegal hostname .+\"):msg@>", + "msg_id" : "Squid_System:illegal_hostname", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"urlParse: Illegal character .+\"):msg@>", + "msg_id" : "Squid_System:urlparse_illegal_character", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>: <@REGEXP(\"ACL name '.+' not defined!\"):msg@>", + "msg_id" : "Squid_System:acl_name_not_defined", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>: <@REGEXP(\"Bungled squid.conf line \\d+: .+\"):msg@>", + "msg_id" : "Squid_System:bungled_squid_conf", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"logfileOpen: opening log .+\"):msg@>", + "msg_id" : "Squid_System:logfileopen_opening_log", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"logfileClose: closing log .+\"):msg@>", + "msg_id" : "Squid_System:logfileclose_closing_log", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Accepting ICP messages at .+\"):msg@>", + "msg_id" : "Squid_System:accepting_icp_messages_at", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"squid\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"FD \\d+ Closing ICP connection\"):msg@>", + "msg_id" : "Squid_System:closing_icp_connection", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "http://www.squid-cache.org/", + "version" : "201002180009", + "name" : "Squid_System", + "description" : "Squid System Service" +} diff --git a/conf/logmanagement/services/Squid_Traffic.json b/conf/logmanagement/services/Squid_Traffic.json new file mode 100644 index 0000000..685ece3 --- /dev/null +++ b/conf/logmanagement/services/Squid_Traffic.json @@ -0,0 +1,16 @@ +{ + "icon" : "software/logo_squid", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> squid[<@NUMBER:NULL@>]: <@NUMBER:NULL@>.<@NUMBER:duration@> <@STRING:NULL@> <@IP_ADDR:client_ip@> <@WORD:squid_code@>/<@NUMBER:http_code@> <@BYTES:bytes@> <@WORD:http_method@> <@STRING:url@> - <@STRING:hierarchy_code@> <@STRING:type@>", + "msg_id" : "Squid_Traffic:traffic", + "table" : "Squid_Traffic", + "taxonomy" : "Traffic", + "loglevel" : "Information" + } + ], + "website" : "http://www.squid-cache.org/", + "version" : "200802110001", + "name" : "Squid_Traffic", + "description" : "Squid Traffic Service" +} diff --git a/conf/logmanagement/services/Sshd.json b/conf/logmanagement/services/Sshd.json new file mode 100644 index 0000000..825b9fb --- /dev/null +++ b/conf/logmanagement/services/Sshd.json @@ -0,0 +1,623 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S+\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*session .+ for user .+\"):msg@>", + "msg_id" : "Sshd:session_for_user", + "table" : "Message", + "taxonomy" : "Auth", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S+\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Accepted publickey for .+\"):msg@>", + "msg_id" : "Sshd:accepted_publickey", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S+\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*authentication failure;.+\"):msg@>", + "msg_id" : "Sshd:authentication_failure", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S+\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Accepted password for .+\"):msg@>", + "msg_id" : "Sshd:accepted_password", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S+\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"nss_ldap: .+\"):msg@>", + "msg_id" : "Sshd:nss_ldap_msg", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S+\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ more authentication failure.+\"):msg@>", + "msg_id" : "Sshd:more_authentication_failure", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S+\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Accepted keyboard-interactive/pam for \\S+ from \\S+ port .+\"):msg@>", + "msg_id" : "Sshd:accepted_keyboard_interactive", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"error: PAM: Authentication failure for .+\"):msg@>", + "msg_id" : "Sshd:pam_auth_failure", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Could not reverse map address \\S+\"):msg@>", + "msg_id" : "Sshd:couldnt_reverse_address", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"subsystem request for sftp\"):msg@> ", + "msg_id" : "Sshd:subsystem_request_sftp", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Connection closed by \\S+\"):msg@>", + "msg_id" : "Sshd:connection_closed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ POSSIBLE BREAKIN ATTEMPT!\"):msg@>", + "msg_id" : "Sshd:possible_breakin_attempt", + "table" : "Message", + "taxonomy" : "Attack", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"error: PAM: Have exhasted maximum number of retries for service.+\"):msg@>", + "msg_id" : "Sshd:pam_maximum_retries", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"pam_ldap: error trying to bind as user .+\"):msg@>", + "msg_id" : "Sshd:pam_error_trying_bind", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S+\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Failed password for .+ from .+\"):msg@>", + "msg_id" : "Sshd:failed_password", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"lastlog_filetype: Couldn't stat .+: No such file or directory\"):msg@> ", + "msg_id" : "Sshd:lastlog_filetype_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Illegal user .+\"):msg@>", + "msg_id" : "Sshd:illegal_user", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S+\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Failed publickey for .+ from .+\"):msg@>", + "msg_id" : "Sshd:failed_publickey", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Received disconnect from .+\"):msg@> ", + "msg_id" : "Sshd:received_disconnect_from", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Did not receive identification string from .+\"):msg@>", + "msg_id" : "Sshd:didnot_receive_identification_string", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Bad protocol version identification .+\"):msg@>", + "msg_id" : "Sshd:bad_protocol_version_identification", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S+\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Failed \\S+ for invalid user .+\"):msg@>", + "msg_id" : "Sshd:failed_for_invalid_user", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S+\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Invalid user .+\"):msg@>", + "msg_id" : "Sshd:invalid_user", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Failed keyboard-interactive.+\"):msg@>", + "msg_id" : "Sshd:failed_keyboard_interactive", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"error: PAM: Authentication service cannot retrieve authentication info.+\"):msg@>", + "msg_id" : "Sshd:pam_cannot_retrieve_info", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S+\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*service(ssh.*) ignoring max retries;.+\"):msg@>", + "msg_id" : "Sshd:ignoring_max_retries", + "table" : "Message", + "taxonomy" : "Auth", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Received signal \\d+; terminating.\"):msg@> ", + "msg_id" : "Sshd:received_signal_terminating", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Server listening on \\S+ port \\d+.\"):msg@> ", + "msg_id" : "Sshd:server_listening_on", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>: <@REGEXP(\"sshd -TERM succeeded\"):msg@>", + "msg_id" : "Sshd:sshd_term_succeeded", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>: <@REGEXP(\".+succeeded\"):msg@>", + "msg_id" : "Sshd:succeeded", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>: <@REGEXP(\"Starting sshd:.*\"):msg@> ", + "msg_id" : "Sshd:starting_sshd", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Failed \\S+ for \\S+ from .+\"):msg@>", + "msg_id" : "Sshd:failed_from", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>: <@REGEXP(\"...60G.\"):msg@> ", + "msg_id" : "Sshd:60G", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Cannot release PAM authentication\\[\\d+\\]: System error\"):msg@> ", + "msg_id" : "Sshd:cannot_release_pam", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"pam_ldap: ldap_result Timed out\"):msg@>", + "msg_id" : "Sshd:ldap_result_timed_out", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"pam_ldap: .+ Can't contact LDAP server\"):msg@>", + "msg_id" : "Sshd:cant_contact_ldap_server", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"fatal: PAM session setup failed\\S+: Cannot make/remove an entry for the specified session\"):msg@>", + "msg_id" : "Sshd:cannot_make_entry_session", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"PAM rejected by account configuration.+\"):msg@>", + "msg_id" : "Sshd:pam_rejected", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"fatal: .+\"):msg@>", + "msg_id" : "Sshd:fatal_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Authentication refused: .+\"):msg@>", + "msg_id" : "Sshd:authentication_refused", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"ROOT LOGIN REFUSED FROM .+\"):msg@>", + "msg_id" : "Sshd:root_login_refused_from", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"PAM unable to resolve symbol: .+\"):msg@>", + "msg_id" : "Sshd:pam_unable_resolve_symbol", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"error: PAM: Permission denied for .+\"):msg@>", + "msg_id" : "Sshd:pam_permission_denied", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"error: PAM: Module is unknown for .+\"):msg@>", + "msg_id" : "Sshd:pam_module_unknown", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"error: subsystem: cannot stat .+ No such file or directory\"):msg@> ", + "msg_id" : "Sshd:no_such_file", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S+\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*check pass; user unknown\"):msg@>", + "msg_id" : "Sshd:check_pass_user_unknown", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"error: PAM: Success for .+\"):msg@>", + "msg_id" : "Sshd:pam_success", + "table" : "Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"lastlog_openseek: .+ is not a file or directory!\"):msg@> ", + "msg_id" : "Sshd:lastlog_openseek_error", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"User .+ not allowed because account is locked\"):msg@> ", + "msg_id" : "Sshd:account_is_locked", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"fatal: Timeout before authentication .+\"):msg@>", + "msg_id" : "Sshd:timeout_before_authentication", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"reverse mapping checking .+ failed - POSSIBLE BREAKIN ATTEMPT!\"):msg@> ", + "msg_id" : "Sshd:reverse_mapping_checking_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"error: PAM: User not known to the underlying authentication module for illegal user.+\"):msg@>", + "msg_id" : "Sshd:underlying_authentication_module_error", + "table" : "Message", + "taxonomy" : "Access.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"error: PAM: Authentication information cannot be recovered .+\"):msg@>", + "msg_id" : "Sshd:authentication_information_cannot_recovered", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"PAM adding faulty module: .+\"):msg@>", + "msg_id" : "Sshd:pam_adding_faulty_module", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"PAM unable to dlopen.+\"):msg@>", + "msg_id" : "Sshd:pam_unable_to_dlopen", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Failed \\w+ for illegal user .+\"):msg@>", + "msg_id" : "Sshd:failed_for_illegal_user", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"error: Bind to port .+ failed:.*\"):msg@>", + "msg_id" : "Sshd:bind_to_port_failed", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*auth could not identify password for .+\"):msg@>", + "msg_id" : "Sshd:auth_couldnt_identify_password", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Disconnecting: Timeout, your session not responding.\"):msg@> ", + "msg_id" : "Sshd:disconnecting_session_not_responding", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"pam_ldap: missing file .+\"):msg@>", + "msg_id" : "Sshd:pam_ldap_missing_file", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>: <@REGEXP(\".+error trying to bind as user .+\"):msg@>", + "msg_id" : "Sshd:error_trying_bind_user", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Received SIGHUP; restarting.\"):msg@> ", + "msg_id" : "Sshd:received_sighup_restarting", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"ssh\\S*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"fatal: Cannot bind any address.\"):msg@> ", + "msg_id" : "Sshd:cannot_bind_any_address", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"User \\S+ not allowed because /etc/nologin exists\"):msg@> ", + "msg_id" : "Sshd:user_denied_nologin_exists", + "table" : "Message", + "taxonomy" : "Access.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*password for user \\w+ will expire in \\d+ days\"):msg@> ", + "msg_id" : "Sshd:password_will_expire", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Protocol major versions differ for .+\"):msg@>", + "msg_id" : "Sshd:protocol_major_versions_differ", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*expired password for user .+\"):msg@>", + "msg_id" : "Sshd:expired_password_for_user", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Public key .+ blacklisted.*\"):msg@>", + "msg_id" : "Sshd:public_key_blacklisted", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"error: Host key .+ blacklisted.*\"):msg@>", + "msg_id" : "Sshd:host_key_blacklisted", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Could not write ident string to .+\"):msg@>", + "msg_id" : "Sshd:couldnt_write_ident_string", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"error: Could not load host key: .+\"):msg@>", + "msg_id" : "Sshd:couldnt_load_host_key", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*Password for .+ was changed\"):msg@>", + "msg_id" : "Sshd:pam_password_for_user_changed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"warning: can't get client address: Connection reset by peer\"):msg@>", + "msg_id" : "Sshd:cannot_get_client_address_connection_reset_by_peer", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@WORD:level@>: <@REGEXP(\"ssh_msg_send: write\"):msg@>", + "msg_id" : "Sshd:ssh_msg_send_write", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"error writing \\/proc\\/self\\/oom_adj: Operation not permitted\"):msg@>", + "msg_id" : "Sshd:error_writing_oom_adj", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*: conversation failed\"):msg@>", + "msg_id" : "Sshd:conversation_failed", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Postponed publickey for .+\"):msg@>", + "msg_id" : "Sshd:postponed_publickey", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Excess permission or bad ownership on file .+\"):msg@>", + "msg_id" : "Sshd:excess_permission_bad_ownership", + "table" : "Message", + "taxonomy" : "Access.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Disconnecting: Too many authentication failures for .+\"):msg@>", + "msg_id" : "Sshd:too_many_authentication_failures", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*error retrieving information about user .+\"):msg@>", + "msg_id" : "Sshd:error_retrieving_information", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"input_userauth_request: invalid user .+\"):msg@>", + "msg_id" : "Sshd:input_userauth_invalid_user", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Timeout, client not responding.\"):msg@>", + "msg_id" : "Sshd:timeout_client_not_responding", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*bad id: channel free\"):msg@>", + "msg_id" : "Sshd:bad_id_channel_free", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Disconnecting: Received oclose for nonexistent channel.+\"):msg@>", + "msg_id" : "Sshd:disconnecting_received_oclose", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"PAM .+ ignoring max retries.+\"):msg@>", + "msg_id" : "Sshd:pam_ignoring_max_retries", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"error: fork: Cannot allocate memory\"):msg@>", + "msg_id" : "Sshd:fork_cannot_allocate_memory", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"error: PAM: authentication error for .+ from\"):msg@> <@IP_ADDR:client_ip@>", + "msg_id" : "Sshd:pam_auth_error", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sshd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"SSH: Server;Ltype: .+\"):msg@>", + "msg_id" : "Sshd:server_ltype", + "table" : "Message", + "taxonomy" : "Auth", + "loglevel" : "Notice" + } + ], + "version" : "201211060004", + "name" : "Sshd", + "description" : "SSH Daemon Service" +} diff --git a/conf/logmanagement/services/Stunnel.json b/conf/logmanagement/services/Stunnel.json new file mode 100644 index 0000000..9e6e742 --- /dev/null +++ b/conf/logmanagement/services/Stunnel.json @@ -0,0 +1,393 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG5\\[\\S+\\]: .+ connected from .+\"):msg@>", + "msg_id" : "Stunnel:connected_from", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG5\\[\\S+\\]: Connection reset: -?\\d+ bytes sent to SSL, \\d+ bytes sent to socket\"):msg@>", + "msg_id" : "Stunnel:connection_reset", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG5\\[\\S+\\]: Connection closed: -?\\d+ bytes sent to SSL, \\d+ bytes sent to socket\"):msg@>", + "msg_id" : "Stunnel:connection_closed", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG5\\[\\S+\\]: \\d+ clients allowed\"):msg@>", + "msg_id" : "Stunnel:nb_clients_allowed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG5\\[\\S+\\]: VERIFY OK: .+\"):msg@>", + "msg_id" : "Stunnel:verify_ok", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG5\\[\\S+\\]: Threading:PTHREAD SSL:ENGINE .+\"):msg@>", + "msg_id" : "Stunnel:threading_pthread_ssl_engine", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG5\\[\\S+\\]: stunnel \\S+ on \\S+ with OpenSSL .+\"):msg@>", + "msg_id" : "Stunnel:on_with_openssl", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG3\\[\\S+\\]: SSL_read: Connection reset by peer .*\"):msg@>", + "msg_id" : "Stunnel:ssl_connection_reset_by_peer", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG3\\[\\S+\\]: .*Connection refused.*\"):msg@>", + "msg_id" : "Stunnel:connection_refused", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG5\\[\\S+\\]: Received signal 15; terminating\"):msg@>", + "msg_id" : "Stunnel:terminating_signal_15", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG3\\[\\S+\\]: connect_wait: getsockopt: No route to host.*\"):msg@>", + "msg_id" : "Stunnel:no_route_to_host", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG3\\[\\S+\\]: SSL socket closed with \\d+ byte\\(s\\) in buffer\"):msg@>", + "msg_id" : "Stunnel:SSL_socket_closed", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG5\\[\\S+\\]: Connection closed: .+ bytes sent to SSL, .+ bytes sent to socket\"):msg@>", + "msg_id" : "Stunnel:Connection_closed", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG5\\[\\S+\\]: .+ connected remote server from .+\"):msg@>", + "msg_id" : "Stunnel:connected_remote_server_from", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG5\\[\\S+\\]: .+ accepted connection from .+\"):msg@>", + "msg_id" : "Stunnel:accepted_connection_from", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG5\\[\\S+\\]: CRL: verification passed\"):msg@>", + "msg_id" : "Stunnel:crl_verification_passed", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"warning: can't get client address:.+\"):msg@>", + "msg_id" : "Stunnel:cant_het_client_address", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG3\\[\\S+\\]: remote connect .+: Network is unreachable.+\"):msg@>", + "msg_id" : "Stunnel:remote_connect_network_unreachable", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG3\\[\\S+\\]: SSL_read: Connection timed out.*\"):msg@>", + "msg_id" : "Stunnel:sslread_connection_timed_out", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: SSL state .+\"):msg@>", + "msg_id" : "Stunnel:ssl_state", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: .+ libwrap process.*\"):msg@>", + "msg_id" : "Stunnel:libwrap_process_msgs", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG6\\[\\S+\\]: SSL accepted: .+\"):msg@>", + "msg_id" : "Stunnel:ssl_accepted", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG6\\[\\S+\\]: Negotiated ciphers: .+\"):msg@>", + "msg_id" : "Stunnel:negotiated_ciphers", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: connect_wait: .+\"):msg@>", + "msg_id" : "Stunnel:connect_wait_msgs", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]:\\s+\\d+ server connects .+\"):msg@>", + "msg_id" : "Stunnel:server_connects_msgs", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: SSL alert.+\"):msg@>", + "msg_id" : "Stunnel:ssl_alert", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]:\\s+\\d+ session cache \\w+\"):msg@>", + "msg_id" : "Stunnel:session_cache_msgs", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]:\\s+\\d+ \\w+ renegotiations requested\"):msg@>", + "msg_id" : "Stunnel:client_server_renegotiations_requested", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]:\\s+\\d+ items in the session cache\"):msg@>", + "msg_id" : "Stunnel:items_in_session_cache", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: \\S+ option set on \\w+ socket\"):msg@>", + "msg_id" : "Stunnel:option_set_on_socket", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]:\\s+\\d+ client connects .+\"):msg@>", + "msg_id" : "Stunnel:client_connects_msgs", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: FD \\d+ in non-blocking mode\"):msg@>", + "msg_id" : "Stunnel:fd_non_blocking_mode", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: \\w+ pid file .+\"):msg@>", + "msg_id" : "Stunnel:pid_file_msgs", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: \\w+ write shutdown\"):msg@>", + "msg_id" : "Stunnel:write_shutdown", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: \\S+ permitted by libwrap from .+\"):msg@>", + "msg_id" : "Stunnel:permitted_by_libwrap_from", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: \\S+ accepted FD=\\d+ from .+\"):msg@>", + "msg_id" : "Stunnel:accepted_fd", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG6\\[\\S+\\]: Compression enabled using \\S+ method\"):msg@>", + "msg_id" : "Stunnel:compression_enabled", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: Private key loaded\"):msg@>", + "msg_id" : "Stunnel:private_key_loaded", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: \\S+ started\"):msg@>", + "msg_id" : "Stunnel:something_started", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: \\S+ finished.*\"):msg@>", + "msg_id" : "Stunnel:something_finished", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: \\S+ connecting \\S+\"):msg@>", + "msg_id" : "Stunnel:something_connecting", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: PRNG seeded successfully\"):msg@>", + "msg_id" : "Stunnel:prng_seeded_successfully", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: \\S+ bound to \\S+\"):msg@>", + "msg_id" : "Stunnel:something_bound_to", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: Certificate loaded\"):msg@>", + "msg_id" : "Stunnel:certificate_loaded", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: SSL .*closed on SSL_read\"):msg@>", + "msg_id" : "Stunnel:ssl_closed_on_sslread", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG6\\[\\S+\\]: SSL_shutdown successfully sent close_notify\"):msg@>", + "msg_id" : "Stunnel:sslshutdown_successfully_sent_closenotify", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: Remote FD=\\d+ initialized\"):msg@>", + "msg_id" : "Stunnel:remote_fd_initialized", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: Loaded verify certificates from .+\"):msg@>", + "msg_id" : "Stunnel:loaded_verify_certificates_from", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: Loaded .+ revocation lookup file\"):msg@>", + "msg_id" : "Stunnel:loaded_revocation_lookup_file", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: Snagged \\d+ random bytes from .+\"):msg@>", + "msg_id" : "Stunnel:snagged_random_bytes_from", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: Wrote \\d+ new random bytes to .+\"):msg@>", + "msg_id" : "Stunnel:wrote_new_random_bytes_to", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: Certificate: .+\"):msg@>", + "msg_id" : "Stunnel:certificate", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: Key file: .+\"):msg@>", + "msg_id" : "Stunnel:key_file", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: SSL context initialized for service .+\"):msg@>", + "msg_id" : "Stunnel:sslcontext_initialized_for_service", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"stunnel\"):daemon@>: <@REGEXP(\"LOG7\\[\\S+\\]: \\S+ claims sufficient entropy for the \\S+\"):msg@>", + "msg_id" : "Stunnel:claims_sufficient_entropy", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Debug" + } + ], + "website" : "http://www.stunnel.org/", + "version" : "201002240012", + "name" : "Stunnel", + "description" : "Stunnel Service" +} diff --git a/conf/logmanagement/services/Subversion.json b/conf/logmanagement/services/Subversion.json new file mode 100644 index 0000000..8cb6b79 --- /dev/null +++ b/conf/logmanagement/services/Subversion.json @@ -0,0 +1,15 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"svn\"):daemon@>: <@REGEXP(\"No worthy mechs found\"):msg@>", + "msg_id" : "Subversion:no_worthy_mechs_found", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "", + "version" : "200901080002", + "name" : "Subversion", + "description" : "Subversion Service" +} diff --git a/conf/logmanagement/services/Sudo.json b/conf/logmanagement/services/Sudo.json new file mode 100644 index 0000000..ec921e7 --- /dev/null +++ b/conf/logmanagement/services/Sudo.json @@ -0,0 +1,161 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo\"):daemon@>: <@REGEXP(\".+: TTY=\\S+ ; PWD=.+ ; USER=\\S+ ; COMMAND=.+\"):msg@>", + "msg_id" : "Sudo:user_command", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*check pass; user unknown\"):msg@>", + "msg_id" : "Sudo:check_pass_user_unknown", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo\"):daemon@>: <@STRING:NULL@><@WORD:user@> : <@REGEXP(\"\\d+ incorrect password attempt.+\"):msg@>", + "msg_id" : "Sudo:incorrect_password_attempt", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo.*\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*authentication failure; logname=.+\"):msg@>", + "msg_id" : "Sudo:authentication_failure", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo\"):daemon@>: <@REGEXP(\".+ /etc/sudoers is mode \\d+, should be \\d+ ;.+; COMMAND=.+\"):msg@>", + "msg_id" : "Sudo:sudoers_wrong_mode", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo\"):daemon@>: <@REGEXP(\".+: no passwd entry for \\S+!\"):msg@>", + "msg_id" : "Sudo:no_password_entry_for", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo\"):daemon@>: <@REGEXP(\".+ : can't stat /etc/sudoers: No such file or directory ; .+\"):msg@>", + "msg_id" : "Sudo:cant_stat_sudoers", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo\"):daemon@>: <@STRING:user@> : <@REGEXP(\"user NOT in sudoers ;.+\"):msg@>", + "msg_id" : "Sudo:user_not_in_sudoers", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo\"):daemon@>: <@REGEXP(\".+ : uid \\d+ does not exist in the passwd file!.+\"):msg@>", + "msg_id" : "Sudo:doesnt_exist_in_pwdfile", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"pam_ldap: error trying to bind as user .+\"):msg@>", + "msg_id" : "Sudo:error_trying_bind", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo\"):daemon@>: <@REGEXP(\"pam_ldap: error trying to bind as user.+\"):msg@>", + "msg_id" : "Sudo:error_trying_bind2", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo\"):daemon@>: <@WORD:user@> : <@REGEXP(\"pam_authenticate: Authentication service cannot retrieve authentication info.+\"):msg@>", + "msg_id" : "Sudo:cannot_retrieve_authent_info", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"pam_ldap: .+ Can't contact LDAP server\"):msg@>", + "msg_id" : "Sudo:cant_contact_ldap_server", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo\"):daemon@>: <@REGEXP(\".* command not allowed .*\"):msg@>", + "msg_id" : "Sudo:command_not_allowed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo\"):daemon@>: <@REGEXP(\".+: conversation failed\"):msg@>", + "msg_id" : "Sudo:converstion_failed", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo\"):daemon@>: <@REGEXP(\".+: auth could not identify password for .+\"):msg@>", + "msg_id" : "Sudo:auth_couldnt_identify_password", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo.*\"):daemon@>: <@REGEXP(\".*: Conversation error.+\"):msg@>", + "msg_id" : "Sudo:conversation_error", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo\"):daemon@>: <@REGEXP(\".*authentication failure; logname=.+\"):msg@>", + "msg_id" : "Sudo:authentication_failure2", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo\"):daemon@>: <@REGEXP(\".*session opened for user .+\"):msg@>", + "msg_id" : "Sudo:session_opened_for_user", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo\"):daemon@>: <@REGEXP(\".*session closed for user .+\"):msg@>", + "msg_id" : "Sudo:session_closed_for_user", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo\"):daemon@>: <@REGEXP(\".*Too many open files in system.*\"):msg@>", + "msg_id" : "Sudo:too_many_open_files", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"sudo\"):daemon@>: <@REGEXP(\".+: unable to resolve host .+\"):msg@>", + "msg_id" : "Sudo:unable_to_resolve_host", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + } + ], + "version" : "201001270002", + "name" : "Sudo", + "description" : "Sudo Service" +} diff --git a/conf/logmanagement/services/Syslog-ng.json b/conf/logmanagement/services/Syslog-ng.json new file mode 100644 index 0000000..70826ee --- /dev/null +++ b/conf/logmanagement/services/Syslog-ng.json @@ -0,0 +1,219 @@ +{ + "icon" : "software/logo_syslog-ng", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"syslog-ng version \\S+ going down\"):msg@> ", + "msg_id" : "Syslog-ng:going_down", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"AF_INET client connected from .+\"):msg@>", + "msg_id" : "Syslog-ng:client_connected_from", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"AF_INET client dropped connection from .+\"):msg@>", + "msg_id" : "Syslog-ng:client_dropped_connection", + "table" : "Message", + "taxonomy" : "Network", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Connection broken.+\"):msg@>", + "msg_id" : "Syslog-ng:connection_broken", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"new configuration initialized\"):msg@> ", + "msg_id" : "Syslog-ng:new_configuration_initialized", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"STATS: dropped \\d+\"):msg@>", + "msg_id" : "Syslog-ng:stats_dropped", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"SIGHUP received, restarting syslog-ng\"):msg@> ", + "msg_id" : "Syslog-ng:sighup_received_restarting", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ No space left on device\"):msg@> ", + "msg_id" : "Syslog-ng:no_space_left", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"syslog-ng version \\S+ starting\"):msg@>", + "msg_id" : "Syslog-ng:starting", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ Error flushing data\"):msg@> ", + "msg_id" : "Syslog-ng:error_flushing_data", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+, Connection refused\"):msg@> ", + "msg_id" : "Syslog-ng:connection_refused", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ Broken pipe\"):msg@>", + "msg_id" : "Syslog-ng:broken_pipe", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"SIGHUP received, reloading configuration;\"):msg@> ", + "msg_id" : "Syslog-ng:sighup_received_reloading_configuration", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"syslog-ng starting up.+\"):msg@>", + "msg_id" : "Syslog-ng:starting_up", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Log statistics; .+\"):msg@>", + "msg_id" : "Syslog-ng:log_statistics", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".+ error occurred while writing; .+\"):msg@>", + "msg_id" : "Syslog-ng:io_error_while_writing", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Cannot open file .+\"):msg@>", + "msg_id" : "Syslog-ng:cannot_open_file", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Error resolving .+\"):msg@>", + "msg_id" : "Syslog-ng:error_resolving", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"SIGTERM received, terminating;\"):msg@> ", + "msg_id" : "Syslog-ng:sigterm_received_terminating", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"syslog-ng shutting down.+\"):msg@>", + "msg_id" : "Syslog-ng:shutting_down", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Connection failed;.+\"):msg@>", + "msg_id" : "Syslog-ng:connection_failed", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"EOF occurred while idle;.*\"):msg@> ", + "msg_id" : "Syslog-ng:eof_occured_while_idle", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"EOF occurred while idle; fd=.*\"):msg@>", + "msg_id" : "Syslog-ng:cannot_connect_to_stunnel", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"I/O error occurred while reading.*\"):msg@>", + "msg_id" : "Syslog-ng:io_error_while_reading", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Configuration reload request received, reloading configuration;\"):msg@> ", + "msg_id" : "Syslog-ng:configuration_reload_request_received", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Termination requested via signal, terminating;\"):msg@>", + "msg_id" : "Syslog-ng:termination_request_via_signal", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Error accepting new connection.*\"):msg@>", + "msg_id" : "Syslog-ng:error_accepting_new_connection", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Initiating connection failed, reconnecting.*\"):msg@>", + "msg_id" : "Syslog-ng:initiating_connection_failed", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Error creating socket.*\"):msg@>", + "msg_id" : "Syslog-ng:error_creating_socket", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"syslog-ng\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Number of allowed concurrent connections exceeded.*\"):msg@>", + "msg_id" : "Syslog-ng:allowed_concurrent_connections_exceeded", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://www.balabit.com/network-security/syslog-ng/", + "version" : "201001190001", + "name" : "Syslog-ng", + "description" : "Syslog-ng Service" +} diff --git a/conf/logmanagement/services/Tftpd.json b/conf/logmanagement/services/Tftpd.json new file mode 100644 index 0000000..cf34c0e --- /dev/null +++ b/conf/logmanagement/services/Tftpd.json @@ -0,0 +1,35 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"tftpd\"):daemon@>[<@NUMBER:NULL@>]: <@REGEXP(\"tftpd: trying to get file: .+\"):msg@>", + "msg_id" : "Tftpd:trying_get_file", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"tftpd\"):daemon@>[<@NUMBER:NULL@>]: <@REGEXP(\"tftpd: serving file from .+\"):msg@>", + "msg_id" : "Tftpd:serving_file_from", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"in.tftpd\"):daemon@>[<@NUMBER:NULL@>]: <@REGEXP(\"connect from .+\"):msg@>", + "msg_id" : "Tftpd:connect_from", + "table" : "Message", + "taxonomy" : "Access", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"in.tftpd\"):daemon@>[<@NUMBER:NULL@>]: <@REGEXP(\"cannot set groups for user .+\"):msg@>", + "msg_id" : "Tftpd:cannot_set_groups", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + } + ], + "version" : "200701110001", + "name" : "Tftpd", + "description" : "Tftpd Service" +} diff --git a/conf/logmanagement/services/Vsftpd.json b/conf/logmanagement/services/Vsftpd.json new file mode 100644 index 0000000..f789d9d --- /dev/null +++ b/conf/logmanagement/services/Vsftpd.json @@ -0,0 +1,21 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"vsftpd\"):daemon@>: (pam_unix) <@REGEXP(\"authentication failure; logname=.+\"):msg@>", + "msg_id" : "Vsftpd:authentication_failure", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"vsftpd\"):daemon@>: (pam_unix) <@REGEXP(\"check pass; user unknown\"):msg@> ", + "msg_id" : "Vsftpd:user_unknown", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + } + ], + "version" : "200801250001", + "name" : "Vsftpd", + "description" : "Vsftpd Service" +} diff --git a/conf/logmanagement/services/Windows_ADUC.json b/conf/logmanagement/services/Windows_ADUC.json new file mode 100644 index 0000000..b4c5d6a --- /dev/null +++ b/conf/logmanagement/services/Windows_ADUC.json @@ -0,0 +1,107 @@ +{ + "icon" : "operating_systems/os_windows", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Management\"):category@>;;<@REGEXP(\"Domain Policy Changed:.+\"):msg@>", + "msg_id" : "Windows_ADUC:domain_policy_changed", + "table" : "Windows_Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Policy Change\"):category@>;;<@REGEXP(\"Kerberos Policy Changed:.+\"):msg@>", + "msg_id" : "Windows_ADUC:kerberos_policy_changed", + "table" : "Windows_Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Security policy in the Group policy objects are applied successfully.+\"):msg@>", + "msg_id" : "Windows_ADUC:policy_objects_applied_successfully", + "table" : "Windows_Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Management\"):category@>;;<@REGEXP(\"User Account Deleted:.+\"):msg@>", + "msg_id" : "Windows_ADUC:User_Account_Deleted", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\".+ Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Management\"):category@>;;<@REGEXP(\"User Account Created:.+\"):msg@>", + "msg_id" : "Windows_ADUC:User_Account_Created", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\".+ Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Management\"):category@>;;<@REGEXP(\"Security Enabled .+ Group Created:.+\"):msg@>", + "msg_id" : "Windows_ADUC:Group_Created", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\".+ Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Management\"):category@> ;;<@REGEXP(\"Security Enabled .+ Group Deleted: .+\"):msg@>", + "msg_id" : "Windows_ADUC:Group_Deleted", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\".+ Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Management\"):category@>;;<@REGEXP(\"Security Enabled .+ Group Member Added:.+\"):msg@>", + "msg_id" : "Windows_ADUC:Group_Member_Added", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\".+ Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Management\"):category@> ;;<@REGEXP(\"Security Enabled .+ Group Member Removed: .+\"):msg@>", + "msg_id" : "Windows_ADUC:Group_Member_Removed", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\".+ Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Management\"):category@> ;;<@REGEXP(\"Computer Account Created: .+\"):msg@>", + "msg_id" : "Windows_ADUC:Computer_Account_Created", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\".+ Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Management\"):category@> ;;<@REGEXP(\"Computer Account Deleted: .*\"):msg@>", + "msg_id" : "Windows_ADUC:Computer_Account_Deleted", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Security policy in the Group policy objects has been applied successfully.+\"):msg@>", + "msg_id" : "Windows_ADUC:security_policy_in_group_policy_objects_applied_successfully", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Management\"):category@>;;<@REGEXP(\"User Account Changed.+\"):msg@>", + "msg_id" : "Windows_ADUC:User_Account_Changed", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Management\"):category@>;;<@REGEXP(\"User Account password set.+\"):msg@>", + "msg_id" : "Windows_ADUC:User_Account_password_set", + "table" : "Windows_Message", + "taxonomy" : "Auth", + "loglevel" : "Information" + } + ], + "website" : "http://www.intersectalliance.com/projects/SnareWindows/index.html", + "version" : "201005190018", + "name" : "Windows_ADUC", + "description" : "Windows Active Directory Users and Computers" +} diff --git a/conf/logmanagement/services/Windows_Applications_Citrix_Presentation_Server.json b/conf/logmanagement/services/Windows_Applications_Citrix_Presentation_Server.json new file mode 100644 index 0000000..d747e2d --- /dev/null +++ b/conf/logmanagement/services/Windows_Applications_Citrix_Presentation_Server.json @@ -0,0 +1,51 @@ +{ + "icon" : "operating_systems/os_windows", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Citrix Presentation Server has successfully contacted the license server.+\"):msg@>", + "msg_id" : "Windows_Applications_Citrix_Presentation_Server:contacted_license_server_successfully", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Warning\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Citrix Presentation Server has entered the grace period.+\"):msg@>", + "msg_id" : "Windows_Applications_Citrix_Presentation_Server:entered_grace_period", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\".+Citrix License Error.+\"):msg@>", + "msg_id" : "Windows_Applications_Citrix_Presentation_Server:license_error", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"The server running Citrix Presentation Server failed to connect to the data store.+\"):msg@>", + "msg_id" : "Windows_Applications_Citrix_Presentation_Server:failed_to_connect_to_data_store", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Warning\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Error 0 received while obtaining a license for a Citrix Presentation Server client connection. A grace license has been granted.+\"):msg@>", + "msg_id" : "Windows_Applications_Citrix_Presentation_Server:error_0_client_connection", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\".+ Citrix Presentation Server cannot contact the license server.+\"):msg@>", + "msg_id" : "Windows_Applications_Citrix_Presentation_Server:cannot_contact_license_server", + "table" : "Windows_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://www.intersectalliance.com/projects/SnareWindows/index.html", + "version" : "201005190018", + "name" : "Windows_Applications_Citrix_Presentation_Server", + "description" : "Windows Applications Citrix Presentation Server" +} diff --git a/conf/logmanagement/services/Windows_Applications_McAfee_GER.json b/conf/logmanagement/services/Windows_Applications_McAfee_GER.json new file mode 100644 index 0000000..d8d0ddc --- /dev/null +++ b/conf/logmanagement/services/Windows_Applications_McAfee_GER.json @@ -0,0 +1,23 @@ +{ + "icon" : "operating_systems/os_windows", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\".+Zugriff auf Objekt.+wurde blockiert durch Regel.+\"):msg@>", + "msg_id" : "Windows_Applications_McAfee_GER:Zugriff_auf_Objekt_blockiert_durch_Regel", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\".+Standardschutz:Ausf�hren von Dateien im Temp-Ordner f�r h�ufig genutzte Programme verhindern.+\"):msg@>", + "msg_id" : "Windows_Applications_McAfee_GER:Standardschutz_Ausfuehrung_Dateien_Temp_Ordner_verhindern", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "http://www.intersectalliance.com/projects/SnareWindows/index.html", + "version" : "201006010002", + "name" : "Windows_Applications_McAfee_GER", + "description" : "Windows Applications McAfee (GERMAN Version)" +} diff --git a/conf/logmanagement/services/Windows_SQLServer.json b/conf/logmanagement/services/Windows_SQLServer.json new file mode 100644 index 0000000..8a7e6b7 --- /dev/null +++ b/conf/logmanagement/services/Windows_SQLServer.json @@ -0,0 +1,58 @@ +{ + "icon" : "operating_systems/os_windows", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;Application;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@REGEXP(\"MSSQLServer\"):source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Devices\"):category@>;<@STRING:NULL@>;<@REGEXP(\"\\d+ : Microsoft SQL Server .*\"):msg@>;<@NUMBER:NULL@>", + "msg_id" : "Windows_SQLServer:microsoft_sql_server", + "table" : "Windows_Message", + "taxonomy" : "Application.Start", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;Application;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@REGEXP(\"MSSQLServer\"):source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Devices\"):category@>;<@STRING:NULL@>;<@REGEXP(\"\\d+ : SQL Server is starting at priority class .+\"):msg@>;<@NUMBER:NULL@>", + "msg_id" : "Windows_SQLServer:sql_server_is_starting", + "table" : "Windows_Message", + "taxonomy" : "Application.Start", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;Application;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@REGEXP(\"MSSQLServer\"):source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Network\"):category@>;;<@REGEXP(\"MS SQL SNMP Extension Agent starting.+\"):msg@>;<@NUMBER:NULL@>", + "msg_id" : "Windows_SQLServer:sql_snmp_agent_starting", + "table" : "Windows_Message", + "taxonomy" : "Application.Start", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;Application;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@REGEXP(\"MSSQLServer\"):source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Not enough storage is available to process this command.\"):category@>;;<@REGEXP(\"RPC Net-Library listening on: .+\"):msg@>;<@NUMBER:NULL@>", + "msg_id" : "Windows_SQLServer:rpc_listening_on", + "table" : "Windows_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;Application;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@REGEXP(\"MSSQLServer\"):source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@WORD:category@>;<@STRING:NULL@>;<@REGEXP(\".*Using '.+.DLL'.+\"):msg@>;<@NUMBER:NULL@>", + "msg_id" : "Windows_SQLServer:using_dll", + "table" : "Windows_Message", + "taxonomy" : "Application.Start", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;Application;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@REGEXP(\"MSSQLServer\"):source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Disk\"):category@>;<@STRING:NULL@>;<@REGEXP(\".*\\d+ transactions rolled \\w+ in database .+\"):msg@>;<@NUMBER:NULL@>", + "msg_id" : "Windows_SQLServer:transactions_rolled_in_database", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;Application;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@REGEXP(\"MSSQLServer\"):source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Devices\"):category@>;<@STRING:NULL@>;<@REGEXP(\"\\d+ :.*SQL Server is terminating due to 'stop' request from Service Control Manager.*\"):msg@>;<@NUMBER:NULL@>", + "msg_id" : "Windows_SQLServer:terminating_due_to_request", + "table" : "Windows_Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Warning" + } + ], + "website" : "http://www.intersectalliance.com/projects/SnareWindows/index.html", + "version" : "201002100003", + "name" : "Windows_SQLServer", + "description" : "Windows SQL Server" +} diff --git a/conf/logmanagement/services/Windows_Services.json b/conf/logmanagement/services/Windows_Services.json new file mode 100644 index 0000000..ef73a7e --- /dev/null +++ b/conf/logmanagement/services/Windows_Services.json @@ -0,0 +1,100 @@ +{ + "icon" : "operating_systems/os_windows", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@STRING:event_type@>;<@WORD:computer@>;<@STRING:category@>;;<@REGEXP(\"(s|S)ervic.+stopped.+|.+(s|S)ervic.+stopped.+|(s|S)ervice stopped.+\"):msg@>", + "msg_id" : "Windows_Services:service_stopped", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@STRING:event_type@>;<@WORD:computer@>;<@STRING:category@>;;<@REGEXP(\"(s|S)ervic.+started.+|.+(s|S)ervic.+started.+|(s|S)ervice started.+\"):msg@>", + "msg_id" : "Windows_Services:service_started", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@STRING:NULL@>;<@REGEXP(\"Performance counters for the .+ service were \\w+ed successfully.+\"):msg@>", + "msg_id" : "Windows_Services:performance_counters_modified", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"The .+ service reported a change of status to.+\"):msg@>", + "msg_id" : "Windows_Services:reported_change_of_status", + "table" : "Windows_Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\".+service was successfully sent a stop control.+\"):msg@>", + "msg_id" : "Windows_Services:service_successfully_sent_stop_control", + "table" : "Windows_Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\".+service was successfully sent a start control.+\"):msg@>", + "msg_id" : "Windows_Services:service_successfully_sent_start_control", + "table" : "Windows_Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\".+service entered the stopped state.+\"):msg@>", + "msg_id" : "Windows_Services:service_entered_stopped_state", + "table" : "Windows_Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\".+service entered the running state.+\"):msg@>", + "msg_id" : "Windows_Services:service_entered_running_state", + "table" : "Windows_Message", + "taxonomy" : "Application.Start", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Service\"):category@>;;<@REGEXP(\"(The.+Agent.+has started.+|Started the.+Agent.+)\"):msg@>", + "msg_id" : "Windows_Services:agent_started", + "table" : "Windows_Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@STRING:event_type@>;<@WORD:computer@>;<@STRING:category@>;;<@REGEXP(\"Servic.+start.+successfully.+|.+Servic.+start.+successfully.+|servic.+start.+successfully|.+servic.+start.+successfully\"):msg@>", + "msg_id" : "Windows_Services:service_started_successfully", + "table" : "Windows_Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\".+Servic.+idle for.+it will be shut down.+\"):msg@>", + "msg_id" : "Windows_Services:idle_service_will_shut_down", + "table" : "Windows_Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\".+Servic.+suspended operation.+\"):msg@>", + "msg_id" : "Windows_Services:service_suspended_operation", + "table" : "Windows_Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\".+start type of the.+service was changed.+\"):msg@>", + "msg_id" : "Windows_Services:service_start_type_changed", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + } + ], + "website" : "http://www.intersectalliance.com/projects/SnareWindows/index.html", + "version" : "201005190018", + "name" : "Windows_Services", + "description" : "Windows Services" +} diff --git a/conf/logmanagement/services/Windows_System.json b/conf/logmanagement/services/Windows_System.json new file mode 100644 index 0000000..f05d716 --- /dev/null +++ b/conf/logmanagement/services/Windows_System.json @@ -0,0 +1,471 @@ +{ + "icon" : "operating_systems/os_windows", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"The product Windows Server is out of licenses.+\"):msg@>", + "msg_id" : "Windows_System:out_of_licenses", + "table" : "Windows_Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Devices\"):category@>;;<@REGEXP(\"Master merge has completed on .+\"):msg@>", + "msg_id" : "Windows_System:master_merge_has_completed", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Detailed Tracking\"):category@>;;<@REGEXP(\"A new process has been created:.+\"):msg@>", + "msg_id" : "Windows_System:new_process_created", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Warning\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Error reading log event record.+\"):msg@>", + "msg_id" : "Windows_System:error_reading_event_record", + "table" : "Windows_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Warning\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Illegal format used for commands received from .+\"):msg@>", + "msg_id" : "Windows_System:illegal_format_used", + "table" : "Windows_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Product: .+ -- Installation operation completed successfully.+\"):msg@>", + "msg_id" : "Windows_System:installation_operation_completed_successfully", + "table" : "Windows_Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Product: .+ -- Removal completed successfully.+\"):msg@>", + "msg_id" : "Windows_System:removal_completed_successfully", + "table" : "Windows_Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"System Event\"):category@>;;<@REGEXP(\"Windows NT is starting up.+\"):msg@>", + "msg_id" : "Windows_System:windows_nt_starting_up", + "table" : "Windows_Message", + "taxonomy" : "System.Boot", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Disk\"):category@>;;<@REGEXP(\"Internal error: .+ Description: Overlapped I/O operation is in progress.+\"):msg@>", + "msg_id" : "Windows_System:overlapped_io_operation", + "table" : "Windows_Message", + "taxonomy" : "System.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Failure Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Detailed Tracking\"):category@>;;<@REGEXP(\".+ Windows Firewall.+ detected an application listening for incoming traffic.+\"):msg@>", + "msg_id" : "Windows_System:windows_firewall_application_listening_incoming_traffic", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Detailed Tracking\"):category@>;;<@REGEXP(\"A process has exited:.+\"):msg@>", + "msg_id" : "Windows_System:process_exited", + "table" : "Windows_Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"General\"):category@>;;<@REGEXP(\"wuau.+The database engine.+started.+\"):msg@>", + "msg_id" : "Windows_System:windows_update_client_database_engine_started", + "table" : "Windows_Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"General\"):category@>;;<@REGEXP(\"wuau.+The database engine.+stopped.+\"):msg@>", + "msg_id" : "Windows_System:windows_update_client_database_engine_stopped", + "table" : "Windows_Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Software Sync\"):category@>;<@REGEXP(\".+Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.+\"):msg@>", + "msg_id" : "Windows_System:windows_update_client_unable_to_connect_to_automatic_updates_service", + "table" : "Windows_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Detailed Tracking\"):category@>;;<@REGEXP(\"A process was assigned a primary token.+\"):msg@>", + "msg_id" : "Windows_System:process_assigned_primary_token", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@REGEXP(\".+The process.+has initiated the restart of computer.+on behalf of user.+for the following reason:.+\"):msg@>", + "msg_id" : "Windows_System:computer_restart_by_user_for_reason", + "table" : "Windows_Message", + "taxonomy" : "System.Boot", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\".+The system is shutting down.+\"):msg@>", + "msg_id" : "Windows_System:system_shutdown", + "table" : "Windows_Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@REGEXP(\".+The Event log service was stopped.+\"):msg@>", + "msg_id" : "Windows_System:eventlog_service_was_stopped", + "table" : "Windows_Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Microsoft.+Windows.+\"):msg@>", + "msg_id" : "Windows_System:Windows_Version_Information", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@REGEXP(\".+The Event log service was started.+\"):msg@>", + "msg_id" : "Windows_System:eventlog_service_was_started", + "table" : "Windows_Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@REGEXP(\".+Driver initialized successfully.+\"):msg@>", + "msg_id" : "Windows_System:driver_initialized_successfully", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@REGEXP(\".+The.+driver.+has started.+\"):msg@>", + "msg_id" : "Windows_System:driver_started", + "table" : "Windows_Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@REGEXP(\".+The.+Driver.+is starting.+\"):msg@>", + "msg_id" : "Windows_System:driver_starting", + "table" : "Windows_Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@REGEXP(\".+driver.+entered.+mode.+\"):msg@>", + "msg_id" : "Windows_System:driver_entered_mode", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"The.+sub system is suppressing duplicate event log entries.+\"):msg@>", + "msg_id" : "Windows_System:suppressing_duplicate_eventlog_entries", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"The time provider NtpClient is currently receiving valid time data from.+\"):msg@>", + "msg_id" : "Windows_System:ntp_receiving_data", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@REGEXP(\".+The CPUs in this multiprocessor system are not all the same revision level.+\"):msg@>", + "msg_id" : "Windows_System:CPUs_are_not_all_the_same_revision_level", + "table" : "Windows_Message", + "taxonomy" : "Hardware", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"The time service is now synchronizing the system time with.+\"):msg@>", + "msg_id" : "Windows_System:ntp_synchronizing", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"TM\"):category@>;;<@REGEXP(\"MS DTC started with the following settings.+\"):msg@>", + "msg_id" : "Windows_System:MS_DTC_started", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Warning\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Alerter\"):category@>;<@REGEXP(\".+The Host Remote Alerter detected an error while attempting.+to retrieve data from key.+\"):msg@>", + "msg_id" : "Windows_System:host_remote_alerter_error_detected", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"General\"):category@>;;<@REGEXP(\"svchost.+The database engine.+started.+\"):msg@>", + "msg_id" : "Windows_System:svchost_database_engine_started", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"General\"):category@>;;<@REGEXP(\"svchost.+The database engine.+stopped.+\"):msg@>", + "msg_id" : "Windows_System:svchost_database_engine_stopped", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@REGEXP(\".+The system uptime is \\d+ seconds.+\"):msg@>", + "msg_id" : "Windows_System:system_uptime_seconds", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"System Event\"):category@>;;<@REGEXP(\"Windows is shutting down.+\"):msg@>", + "msg_id" : "Windows_System:windows_shutting_down", + "table" : "Windows_Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"DNS signature failed to verify.+\"):msg@>", + "msg_id" : "Windows_System:DNS_signature_failed_to_verify", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@REGEXP(\".+Network controller configured for.+\"):msg@>", + "msg_id" : "Windows_System:network_controller_configuration", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Failed to load the.+library.+\"):msg@>", + "msg_id" : "Windows_System:library_load_failed", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"System Event\"):category@>;;<@REGEXP(\"Windows is starting up.+\"):msg@>", + "msg_id" : "Windows_System:windows_starting_up", + "table" : "Windows_Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"DNS signature validity expired.+\"):msg@>", + "msg_id" : "Windows_System:DNS_signature_validity_expired", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Successful auto update retrieval of third-party root list sequence number from:.+\"):msg@>", + "msg_id" : "Windows_System:successful_auto_update_third_party_root_list_sequence_number", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@STRING:category@>;<@REGEXP(\".+Hanging application.+\"):msg@>", + "msg_id" : "Windows_System:hanging_application", + "table" : "Windows_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"about:blank.+\"):msg@>", + "msg_id" : "Windows_System:about_blank", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"DCOM got error.+\"):msg@>", + "msg_id" : "Windows_System:DCOM_got_error", + "table" : "Windows_Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Failed extract of third-party root list from auto update cab.+\"):msg@>", + "msg_id" : "Windows_System:failed_extract_of_third_party_root_list_from_auto_update_cab", + "table" : "Windows_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Successful auto update retrieval of third-party root list cab.+\"):msg@>", + "msg_id" : "Windows_System:successful_auto_update_retrieval_of_third_party_root_list_cab", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\".+ At least one service or driver failed during system startup. .+\"):msg@>", + "msg_id" : "Windows_System:service_or_driver_failed_during_system_startup", + "table" : "Windows_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Warning\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Windows saved user .+ registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.+\"):msg@>", + "msg_id" : "Windows_System:registry_used_during_log_off", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Beginning a Windows Installer transaction.+\"):msg@>", + "msg_id" : "Windows_System:beginning_windows_installer_transaction", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Ending a Windows Installer transaction.+\"):msg@>", + "msg_id" : "Windows_System:ending_windows_installer_transaction", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@REGEXP(\".+Windows Installer reconfigured the product. Product Name:.+\"):msg@>", + "msg_id" : "Windows_System:windows_installer_reconfigured_product", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Generic\"):category@>;;<@REGEXP(\"Soap error: Host not found.+\"):msg@>", + "msg_id" : "Windows_System:soap_error_host_not_found", + "table" : "Windows_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Client\"):category@>;;<@REGEXP(\"Soap error: An unanticipated error occurred during the processing of this request.+\"):msg@>", + "msg_id" : "Windows_System:soap_error_unanticipated_error_during_request_processing", + "table" : "Windows_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Client\"):category@>;;<@REGEXP(\"Soap error: Sending the Soap message failed or no recognizable response was received.+\"):msg@>", + "msg_id" : "Windows_System:soap_error_sending_soap_message_failed_or_no_response", + "table" : "Windows_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Client\"):category@>;;<@REGEXP(\"Soap error: Unspecified client error.+\"):msg@>", + "msg_id" : "Windows_System:soap_error_unspecified_client_error", + "table" : "Windows_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@REGEXP(\".+Product:.+ Configuration failed.+\"):msg@>", + "msg_id" : "Windows_System:product_configuration_failed", + "table" : "Windows_Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Windows unloaded user .+ registry when it received a notification that no other applications or services were using the profile.+\"):msg@>", + "msg_id" : "Windows_System:windows_unloaded_user_registry", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\".+You are about to install a certificate from a certification authority \\(CA\\) claiming to represent:.+\"):msg@>", + "msg_id" : "Windows_System:certificate_installation", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\".+Other people are logged on to this computer.+ Do you want to continue restarting?.+\"):msg@>", + "msg_id" : "Windows_System:restarting_windows", + "table" : "Windows_Message", + "taxonomy" : "System.Boot", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"A fatal error occurred when attempting to access the SSL client credential private key.+\"):msg@>", + "msg_id" : "Windows_System:error_accessing_ssl_client_credential_private_key", + "table" : "Windows_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@REGEXP(\".+Product:.+ Configuration completed successfully.+\"):msg@>", + "msg_id" : "Windows_System:product_configuration_completed_successfully", + "table" : "Windows_Message", + "taxonomy" : "Config", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Warning\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Windows cannot unload your classes registry file .+\"):msg@>", + "msg_id" : "Windows_System:windows_cannot_unload_classes_registry_file", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@STRING:category@>;<@REGEXP(\".+Faulting application.+\"):msg@>", + "msg_id" : "Windows_System:faulting_application", + "table" : "Windows_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Kernel Rule\"):category@>;;<@REGEXP(\"The current application .+ attempted to execute the new application .+\"):msg@>", + "msg_id" : "Windows_System:current_application_attempted_to_execute_new_application", + "table" : "Windows_Message", + "taxonomy" : "Application", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Successful auto update of third-party root certificate.+\"):msg@>", + "msg_id" : "Windows_System:successful_auto_update_of_third_party_root_certificate", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\".+The application failed to initialize because the window station is shutting down.+\"):msg@>", + "msg_id" : "Windows_System:application_failed_to_initialize_because_window_station_is_shutting_down", + "table" : "Windows_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Rejected Safe Mode action.+\"):msg@>", + "msg_id" : "Windows_System:application_rejected_safe_mode_action", + "table" : "Windows_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Information" + } + ], + "website" : "http://www.intersectalliance.com/projects/SnareWindows/index.html", + "version" : "201005190018", + "name" : "Windows_System", + "description" : "Windows System" +} diff --git a/conf/logmanagement/services/Windows_System_Logon_Logoff.json b/conf/logmanagement/services/Windows_System_Logon_Logoff.json new file mode 100644 index 0000000..b38a7c4 --- /dev/null +++ b/conf/logmanagement/services/Windows_System_Logon_Logoff.json @@ -0,0 +1,177 @@ +{ + "icon" : "operating_systems/os_windows", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Logon/Logoff\"):category@>;;<@REGEXP(\"Successful Network Logon:.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:successful_network_logon", + "table" : "Windows_Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Logon/Logoff\"):category@>;;<@REGEXP(\"User Logoff:.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:user_logoff", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Logon\"):category@>;;<@REGEXP(\"Service Ticket Granted:.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:service_ticket_granted", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Failure Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Logon\"):category@>;;<@REGEXP(\"Service Ticket Request Failed:.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:service_ticket_request_failed", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Logon\"):category@>;;<@REGEXP(\"Authentication Ticket Granted:.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:authentication_ticket_granted", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Logon\"):category@>;;<@REGEXP(\"Ticket Granted Renewed:.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:ticket_granted_renewed", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Logon\"):category@>;;<@REGEXP(\"Account Used for Logon by:.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:account_used_for_logon", + "table" : "Windows_Message", + "taxonomy" : "Auth", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Logon/Logoff\"):category@>;;<@REGEXP(\"Session disconnected from winstation:.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:session_disconnected_from_winstation", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Logon/Logoff\"):category@>;;<@REGEXP(\"Session reconnected to winstation:.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:session_reconnected_to_winstation", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Logon/Logoff\"):category@>;;<@REGEXP(\"Successful Logon:.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:successful_logon", + "table" : "Windows_Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Failure Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Logon\"):category@>;;<@REGEXP(\"The logon to account: .+ failed.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:logon_to_account_failed", + "table" : "Windows_Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Failure Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Logon/Logoff\"):category@>;;<@REGEXP(\"Logon Failure:.+Unknown user name or bad password.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:unknown_user_bad_password", + "table" : "Windows_Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Failure Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Logon\"):category@>;;<@REGEXP(\"Pre-authentication failed: .+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:pre_authentication_failed", + "table" : "Windows_Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Failure Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Logon\"):category@>;;<@REGEXP(\"Authentication Ticket Request Failed:.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:authentication_ticket_request_failed", + "table" : "Windows_Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@STRING:category@>;;<@REGEXP(\"Special privileges assigned to new logon:.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:special_privileges_assigned_to_new_logon", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"System Event\"):category@>;;<@REGEXP(\"A trusted logon process has registered with the Local Security Authority.+This logon process will be trusted to submit logon requests.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:trusted_logon_process_registered_with_local_security_authority", + "table" : "Windows_Message", + "taxonomy" : "Auth", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Logon\"):category@>;;<@REGEXP(\"Logon attempt by:.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:logon_attempt", + "table" : "Windows_Message", + "taxonomy" : "Auth", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Logon/Logoff\"):category@>;;<@REGEXP(\"User initiated logoff:.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:user_initiated_logoff", + "table" : "Windows_Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Success Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Logon/Logoff\"):category@>;;<@REGEXP(\"Logon attempt using explicit credentials.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:logon_using_explicit_credentials", + "table" : "Windows_Message", + "taxonomy" : "Auth.Success", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\".+ Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Logon\"):category@>;;<@REGEXP(\"Service Ticket Request:.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:service_ticket_request", + "table" : "Windows_Message", + "taxonomy" : "Auth", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\".+ Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Logon\"):category@>;;<@REGEXP(\"Authentication Ticket Request:.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:authentication_ticket_request", + "table" : "Windows_Message", + "taxonomy" : "Auth", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\".+ Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Account Logon\"):category@>;;<@REGEXP(\"Service Ticket Renewed:.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:service_ticket_renewed", + "table" : "Windows_Message", + "taxonomy" : "Auth", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Failure Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Logon/Logoff\"):category@>;;<@REGEXP(\"Logon Failure:.+An error occurred during logon.+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:logon_failure_error_occured", + "table" : "Windows_Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Failure Audit\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"Logon/Logoff\"):category@>;;<@REGEXP(\".+The specified account's password has expired .+\"):msg@>", + "msg_id" : "Windows_System_Logon_Logoff:logon_failure_password_expired", + "table" : "Windows_Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Information" + } + ], + "website" : "http://www.intersectalliance.com/projects/SnareWindows/index.html", + "version" : "201005190018", + "name" : "Windows_System_Logon_Logoff", + "description" : "Windows System Logon Logoff" +} diff --git a/conf/logmanagement/services/Windows_System_Printer.json b/conf/logmanagement/services/Windows_System_Printer.json new file mode 100644 index 0000000..dd940a0 --- /dev/null +++ b/conf/logmanagement/services/Windows_System_Printer.json @@ -0,0 +1,93 @@ +{ + "icon" : "operating_systems/os_windows", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Document .+ owned by .+ was printed on .+\"):msg@>", + "msg_id" : "Windows_System_Printer:document_was_printed", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Document .+ owned by .+ was moved to position .+\"):msg@>", + "msg_id" : "Windows_System_Printer:document_was_moved", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Printer.+in session.+was set.+\"):msg@>", + "msg_id" : "Windows_System_Printer:printer_in_session_was_set", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Printer.+in session.+was created.+\"):msg@>", + "msg_id" : "Windows_System_Printer:printer_in_session_was_created", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Printer.+in session.+was successfully unpublished.+\"):msg@>", + "msg_id" : "Windows_System_Printer:printer_in_session_was_successfully_unpublished", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@REGEXP(\".+Driver.+required for printer.+is unknown.+\"):msg@>", + "msg_id" : "Windows_System_Printer:printer_required_driver_is_unknown", + "table" : "Windows_Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Warning\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Printer.+in session.+was purged.+\"):msg@>", + "msg_id" : "Windows_System_Printer:printer_in_session_was_purged", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Warning\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Printer.+in session.+was deleted.+\"):msg@>", + "msg_id" : "Windows_System_Printer:printer_in_session_was_deleted", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Warning\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Printer.+in session.+is pending deletion.+\"):msg@>", + "msg_id" : "Windows_System_Printer:printer_in_session_is_pending_deletion", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@REGEXP(\".+ printer could not be set as the default printer. .+\"):msg@>", + "msg_id" : "Windows_System_Printer:set_default_printer_error", + "table" : "Windows_Message", + "taxonomy" : "Printer.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Information\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Form .+ was added.+\"):msg@>", + "msg_id" : "Windows_System_Printer:print_form_was_added", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Warning\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;;<@REGEXP(\"Printer Driver .+ was added or updated.+\"):msg@>", + "msg_id" : "Windows_System_Printer:printer_driver_added_or_updated", + "table" : "Windows_Message", + "taxonomy" : "System", + "loglevel" : "Warning" + } + ], + "website" : "http://www.intersectalliance.com/projects/SnareWindows/index.html", + "version" : "201005190018", + "name" : "Windows_System_Printer", + "description" : "Windows System Printer" +} diff --git a/conf/logmanagement/services/Windows_System_SmartCard.json b/conf/logmanagement/services/Windows_System_SmartCard.json new file mode 100644 index 0000000..12d4204 --- /dev/null +++ b/conf/logmanagement/services/Windows_System_SmartCard.json @@ -0,0 +1,37 @@ +{ + "icon" : "operating_systems/os_windows", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@REGEXP(\".+An error occurred while retrieving a digital certificate from the inserted smart card.+\"):msg@>", + "msg_id" : "Windows_System_SmartCard:error_retrieving_digital_certificate", + "table" : "Windows_Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@REGEXP(\".+An error occurred while signing a message using the inserted smart card: An unexpected card error has occurred.+\"):msg@>", + "msg_id" : "Windows_System_SmartCard:unexpected_error", + "table" : "Windows_Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@REGEXP(\".+An error occurred while signing a message using the inserted smart card: The supplied PIN is incorrect.+\"):msg@>", + "msg_id" : "Windows_System_SmartCard:pin_error", + "table" : "Windows_Message", + "taxonomy" : "System.Errors", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> MSWinEventLog;<@NUMBER:criticity@>;<@WORD:src@>;<@NUMBER:event_count@>;<@DATE_TIME_APACHE_ERROR:datetime2@>;<@NUMBER:event_id@>;<@STRING:source@>;<@STRING:user@>;<@WORD:sid_type@>;<@REGEXP(\"Error\"):event_type@>;<@WORD:computer@>;<@REGEXP(\"None\"):category@>;<@REGEXP(\".+An error occurred while signing a message using the inserted smart card: The card cannot be accessed because the wrong PIN was presented.+\"):msg@>", + "msg_id" : "Windows_System_SmartCard:wrong_pin", + "table" : "Windows_Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Notice" + } + ], + "website" : "http://www.intersectalliance.com/projects/SnareWindows/index.html", + "version" : "201005190018", + "name" : "Windows_System_SmartCard", + "description" : "Windows System Smart Card" +} diff --git a/conf/logmanagement/services/Xen.json b/conf/logmanagement/services/Xen.json new file mode 100644 index 0000000..194d6cf --- /dev/null +++ b/conf/logmanagement/services/Xen.json @@ -0,0 +1,618 @@ +{ + "icon" : "software/logo_xen", + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"Nothing to flush.\"):msg@> ", + "msg_id" : "Xen:nothing_to_flush", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\".*not setting .+\"):msg@>", + "msg_id" : "Xen:not_setting", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ is missing. recreate is confused, trying our best to recover\"):msg@> ", + "msg_id" : "Xen:xend_domain_is_missing", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ Storing \\w+ details: .+\"):msg@>", + "msg_id" : "Xen:xend_storing_details", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ Opening Unix domain socket .+\"):msg@>", + "msg_id" : "Xen:opening_domain_socket", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ XendDomainInfo.create\\(.+\\)\"):msg@> ", + "msg_id" : "Xen:xend_domaininfo_create", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ Recreating domain .+\"):msg@>", + "msg_id" : "Xen:xend_recreating_domain", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ XendDomainInfo.recreate\\(.+\\)\"):msg@> ", + "msg_id" : "Xen:xend_domaininfo_recreate", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"elf_\\S+: .+\"):msg@>", + "msg_id" : "Xen:elf", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"xc_dom_\\S+ .+\"):msg@>", + "msg_id" : "Xen:xc_dom", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"\\s*File .+, line \\d+, in .+\"):msg@>", + "msg_id" : "Xen:error_file_line_in", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\".*virt_\\S+ .+\"):msg@>", + "msg_id" : "Xen:virt", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"nr_page_tables: .+\"):msg@>", + "msg_id" : "Xen:nr_page_tables", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"clear_page: .+\"):msg@>", + "msg_id" : "Xen:clear_page", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"IOError: \\[Errno \\d+\\] No such file or directory: .+\"):msg@>", + "msg_id" : "Xen:no_such_file_directory", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"Cannot .+: Operation not supported\"):msg@> ", + "msg_id" : "Xen:operation_not_supported", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"\\s*\\S+\\s*mmap\\s*:\\s*.+\"):msg@>", + "msg_id" : "Xen:mmap", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"arch_\\S+: .+\"):msg@>", + "msg_id" : "Xen:arch", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"vcpu_\\S+: .+\"):msg@>", + "msg_id" : "Xen:vcpu", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"shared_info_\\S+: .+\"):msg@>", + "msg_id" : "Xen:shared_info", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"launch_vm: .+\"):msg@>", + "msg_id" : "Xen:launch_vm", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ XendDomainInfo.constructDomain\"):msg@> ", + "msg_id" : "Xen:xend_domaininfo_construct", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ XendDomainInfo.initDomain:.+\"):msg@>", + "msg_id" : "Xen:xend_domaininfo_init", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"IndexError: string index out of range\"):msg@> ", + "msg_id" : "Xen:string_index_out_range", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"\\s*response = .+\"):msg@>", + "msg_id" : "Xen:response", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"\\s*info = .+\"):msg@>", + "msg_id" : "Xen:info", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"\\s*dominfo = .+\"):msg@>", + "msg_id" : "Xen:dominfo", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@REGEXP(\"DEBUG\"):level@> <@REGEXP(\"\\(__init__:\\d+\\) \\S+\\s+=.*\"):msg@> ", + "msg_id" : "Xen:xend_debug_init", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ createDevice: vif : .+\"):msg@> ", + "msg_id" : "Xen:xend_domaininfo_createdevice_vif", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ createDevice: vbd : .+\"):msg@>", + "msg_id" : "Xen:xend_domaininfo_createdevice_vbd", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ DevController: writing {.+} to .+\"):msg@>", + "msg_id" : "Xen:xend_devcontroller_writing", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\"\\(__init__:\\d+\\) hotplugStatusCallback.*\"):msg@>", + "msg_id" : "Xen:xend_debug_init_hotplugstatuscallback", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\"\\(__init__:\\d+\\) Waiting for .+\"):msg@>", + "msg_id" : "Xen:xend_debug_init_waitingfor", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ Domain .+ unpaused.\"):msg@> ", + "msg_id" : "Xen:xend_domain_unpaused", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ Setting memory \\w+ of domain .+ to .+\"):msg@>", + "msg_id" : "Xen:xend_domaininfo_setting_memory", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\"\\(__init__:\\d+\\) Balloon: .+\"):msg@>", + "msg_id" : "Xen:xend_debug_init_balloon", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\"\\(__init__:\\d+\\) buildDomain os=.+\"):msg@>", + "msg_id" : "Xen:xend_info_init_builddomain", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ XendDomainInfo.handleShutdownWatch\"):msg@> ", + "msg_id" : "Xen:xend_domaininfo_handleshutdownwatch", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ XendDomainInfo.destroy.+\"):msg@>", + "msg_id" : "Xen:xend_domaininfo_destroy", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\"\\(__init__:\\d+\\) Unconverted key: .+\"):msg@>", + "msg_id" : "Xen:xend_config_unconverted_key", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ Adding Domain: .+\"):msg@>", + "msg_id" : "Xen:xend_adding_domain", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ XendDomainInfo.shutdown\"):msg@> ", + "msg_id" : "Xen:xend_domaininfo_shutdown", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ Domain has shutdown: .+\"):msg@>", + "msg_id" : "Xen:xend_domaininfo_has_shutdown", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"Xend\"):module@> <@REGEXP(\"started at .+\"):msg@>", + "msg_id" : "Xen:xend_started", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ python-pam is required for XenAPI support.\"):msg@> ", + "msg_id" : "Xen:xend_python_pam_required", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"x86_compat: .+\"):msg@>", + "msg_id" : "Xen:x86_compat", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ API call: .+ not found\"):msg@> ", + "msg_id" : "Xen:api_call_not_found", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\"\\(__init__:\\d+\\) .+.cleanup\\(\\)\"):msg@> ", + "msg_id" : "Xen:init_cleanup", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"\\s*malloc\\s*:.+\"):msg@>", + "msg_id" : "Xen:malloc", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ Xend Daemon started\"):msg@> ", + "msg_id" : "Xen:xend_daemon_started", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"\\s*mapped\"):msg@> ", + "msg_id" : "Xen:mapped", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"setup_hypercall_page: .+\"):msg@>", + "msg_id" : "Xen:setup_hypercall_page", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ Xend changeset: unavailable.\"):msg@> ", + "msg_id" : "Xen:xend_changeset_unavailable", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"domain builder memory footprint\"):msg@> ", + "msg_id" : "Xen:domain_builder_memory_footprint", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"start_info_x86_32: called\"):msg@> ", + "msg_id" : "Xen:start_info_x86_called", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ Xend version: Unknown.\"):msg@> ", + "msg_id" : "Xen:xend_version_unknown", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>:<@REGEXP(\"\\s*allocated\"):msg@>", + "msg_id" : "Xen:allocated", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ number of vcpus to use is .+\"):msg@>", + "msg_id" : "Xen:number_vcpus_is", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ Set VCPU count on domain .+ to .+\"):msg@>", + "msg_id" : "Xen:number_vcpus_count", + "table" : "Message", + "taxonomy" : "Config.Changes", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ Xend exited with status \\d+.\"):msg@>", + "msg_id" : "Xen:xend_exited", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ cleanup_domains\"):msg@>", + "msg_id" : "Xen:cleanup_domains", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ Failed to determine SR UUID\"):msg@>", + "msg_id" : "Xen:xend_failed_determine_sr_uuid", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+ string index out of range\"):msg@>", + "msg_id" : "Xen:xend_string_index_out_of_range", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: [<@STRING:NULL@>] <@WORD:level@> <@REGEXP(\".+shadow_memory.+memory_static.+\"):msg@> ", + "msg_id" : "Xen:memory_shadow_static", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> BLKTAPCTRL<@STRING:NULL@>", + "msg_id" : "Xen:blktapctrl", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"\\s+return func\\(.+\"):msg@>", + "msg_id" : "Xen:return_func", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xen\"):daemon@>: <@REGEXP(\"postconf: fatal: open .+: No such file or directory\"):msg@>", + "msg_id" : "Xen:postconf_fatal_open", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*xenbr\\d+: topology change detected, propagating\"):msg@>", + "msg_id" : "Xen:topology_change_detected", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\".*xenbr\\d+: port .+ entering \\w+ state\"):msg@>", + "msg_id" : "Xen:port_entering_state", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logger: /etc/xen/scripts/.+: remove XENBUS_PATH=.+\"):msg@>", + "msg_id" : "Xen:remove_xenbus_path", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logger: /etc/xen/scripts/.+: add XENBUS_PATH=.+\"):msg@>", + "msg_id" : "Xen:add_xenbus_path", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logger: /etc/xen/scripts/.+: Writing .+ to xenstore.\"):msg@> ", + "msg_id" : "Xen:writing_to_xenstore", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logger: /etc/xen/scripts/xen-hotplug-cleanup: XENBUS_PATH=.+\"):msg@>", + "msg_id" : "Xen:hotplug_cleanup_xenbus_path", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logger: /etc/xen/scripts/vif-bridge: Successful vif-bridge online for .+\"):msg@>", + "msg_id" : "Xen:successful_vif_bridge_online", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logger: /etc/xen/scripts/vif-bridge: offline XENBUS_PATH=.+\"):msg@>", + "msg_id" : "Xen:offline_xenbus_path", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logger: /etc/xen/scripts/vif-bridge: ifconfig .+ down failed\"):msg@> ", + "msg_id" : "Xen:ifconfig_down_failed", + "table" : "Message", + "taxonomy" : "System.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logger: /etc/xen/scripts/vif-bridge: online XENBUS_PATH=.+\"):msg@>", + "msg_id" : "Xen:vif_bridge_online", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logger: /etc/xen/scripts/vif-bridge: Successful vif-bridge offline for .+\"):msg@>", + "msg_id" : "Xen:successful_vif_bridge_offline", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"blkfront: \\w+: barriers enabled\"):msg@> ", + "msg_id" : "Xen:blkfront_barriers_enabled", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Xen virtual console successfully installed as .+\"):msg@>", + "msg_id" : "Xen:virtual_console_successfully_installed", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"Xen reported: .+ MHz processor.\"):msg@> ", + "msg_id" : "Xen:reported_processor", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"xen_mem: Initialising balloon driver.\"):msg@> ", + "msg_id" : "Xen:mem_initialising_balloon_driver", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"netfront: Initialising virtual ethernet driver.\"):msg@> ", + "msg_id" : "Xen:netfront_initialising_virtual_ethernet", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> kernel: <@REGEXP(\"netfront: device \\w+ has copying receive path.\"):msg@> ", + "msg_id" : "Xen:netfront_copying_receive_path", + "table" : "Message", + "taxonomy" : "System.Boot", + "loglevel" : "Debug" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xenstored: Checking store.*\"):msg@>", + "msg_id" : "Xen:xenstored_checking_store", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logger: /etc/xen/scripts/vif-bridge: .+ failed\"):msg@>", + "msg_id" : "Xen:vif_bridge_failed", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"logger: /etc/xen/scripts/.+: Forced to steal lock on .+\"):msg@>", + "msg_id" : "Xen:forced_to_steal_lock", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + } + ], + "website" : "http://www.xensource.com/", + "version" : "200901280003", + "name" : "Xen", + "description" : "Xen Service" +} diff --git a/conf/logmanagement/services/Xinetd.json b/conf/logmanagement/services/Xinetd.json new file mode 100644 index 0000000..b5bec47 --- /dev/null +++ b/conf/logmanagement/services/Xinetd.json @@ -0,0 +1,70 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xinetd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"START: \\S+ pid=\\d+ from=\\S+\"):msg@>", + "msg_id" : "Xinetd:start_service", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xinetd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Reading included configuration file: .+\"):msg@>", + "msg_id" : "Xinetd:reading_included_configuration", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xinetd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"removing \\S+\"):msg@>", + "msg_id" : "Xinetd:removing_service", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xinetd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"missing service keyword.+\"):msg@>", + "msg_id" : "Xinetd:missing_service_keyword", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xinetd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Started working: \\d+ available service.*\"):msg@>", + "msg_id" : "Xinetd:started_available_services", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xinetd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"Exiting...\"):msg@>", + "msg_id" : "Xinetd:exiting", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xinetd\"):daemon@>: <@REGEXP(\"xinetd \\S+ succeeded\"):msg@>", + "msg_id" : "Xinetd:xinetd_startup_shutdown_succeeded", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xinetd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"xinetd Version .+\"):msg@>", + "msg_id" : "Xinetd:version", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xinetd\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"EXIT: \\S+ status=\\d+ pid=\\d+ .+\"):msg@>", + "msg_id" : "Xinetd:exit_service", + "table" : "Message", + "taxonomy" : "System", + "loglevel" : "Notice" + } + ], + "version" : "201002190009", + "name" : "Xinetd", + "description" : "Xinetd Service" +} diff --git a/conf/logmanagement/services/Xscreensaver.json b/conf/logmanagement/services/Xscreensaver.json new file mode 100644 index 0000000..e806645 --- /dev/null +++ b/conf/logmanagement/services/Xscreensaver.json @@ -0,0 +1,50 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xscreensaver\"):daemon@>: <@REGEXP(\".*conversation failed\"):msg@> ", + "msg_id" : "Xscreensaver:conversation_failed", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xscreensaver\"):daemon@>: <@REGEXP(\".*auth could not identify password for .+\"):msg@> ", + "msg_id" : "Xscreensaver:auth_couldnt_identify_password", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xscreensaver\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*conversation failed\"):msg@> ", + "msg_id" : "Xscreensaver:conversation_failed2", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Notice" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xscreensaver\"):daemon@>: <@REGEXP(\".*authentication failure; logname=.+\"):msg@> ", + "msg_id" : "Xscreensaver:authentication_failure", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xscreensaver\"):daemon@>[<@PID:pid@>]: <@REGEXP(\".*authentication failure; logname=.+\"):msg@> ", + "msg_id" : "Xscreensaver:authentication_failure2", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"xscreensaver\"):daemon@>[<@PID:pid@>]: <@REGEXP(\"FAILED LOGIN .+ ON DISPLAY .+\"):msg@> ", + "msg_id" : "Xscreensaver:failed_login_on_display", + "table" : "Message", + "taxonomy" : "Auth.Failure", + "loglevel" : "Warning" + } + ], + "website" : "", + "version" : "200810310007", + "name" : "Xscreensaver", + "description" : "Screen Saver Session Locker" +} diff --git a/conf/logmanagement/services/Zabbix.json b/conf/logmanagement/services/Zabbix.json new file mode 100644 index 0000000..8f9a318 --- /dev/null +++ b/conf/logmanagement/services/Zabbix.json @@ -0,0 +1,183 @@ +{ + "messages" : [ + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Parameter .+ is not supported by agent on host .+\"):msg@>", + "msg_id" : "Zabbix:parameter_not_supported", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Parameter .+ will be checked after \\d+ seconds on host .+\"):msg@>", + "msg_id" : "Zabbix:parameter_will_be_checked", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Get value from agent failed. Error: .+\"):msg@>", + "msg_id" : "Zabbix:get_agent_value_failed", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Host .+ will be checked after \\d+ seconds\"):msg@> ", + "msg_id" : "Zabbix:host_will_be_checked", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Expression .+ cannot be evaluated .+\"):msg@>", + "msg_id" : "Zabbix:expression_cannot_be_evaluated", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Host .+: \\w+ network error, wait for \\d+ seconds\"):msg@>", + "msg_id" : "Zabbix:network_error_wait_for", + "table" : "Message", + "taxonomy" : "Network.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*server #\\d+ started.*\"):msg@>", + "msg_id" : "Zabbix:server_started", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Error doing .+\"):msg@>", + "msg_id" : "Zabbix:error_doing_something", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Parameter .+ became supported by agent on host .+\"):msg@>", + "msg_id" : "Zabbix:parameter_became_supported", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Deleted \\d+ records from history and trends\"):msg@> ", + "msg_id" : "Zabbix:delete_records_history_trends", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Starting zabbix_server. ZABBIX .+\"):msg@>", + "msg_id" : "Zabbix:starting_zabbix_server", + "table" : "Message", + "taxonomy" : "Application.Start", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*ZABBIX Server stopped\"):msg@> ", + "msg_id" : "Zabbix:zabbix_server_stopped", + "table" : "Message", + "taxonomy" : "Application.Stop", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Executing housekeeper\"):msg@> ", + "msg_id" : "Zabbix:executing_housekeeper", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Enabling host .+\"):msg@>", + "msg_id" : "Zabbix:enabling_host", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Failed to connect to database:.+\"):msg@>", + "msg_id" : "Zabbix:failed_connect_database", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Critical" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*\\w+ monitoring: .+\"):msg@>", + "msg_id" : "Zabbix:feature_monitoring_status", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Jabber notifications: .+\"):msg@> ", + "msg_id" : "Zabbix:feature_jabber_notifications_status", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*IPv6 support: .+\"):msg@> ", + "msg_id" : "Zabbix:feature_ipv6_support_status", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Type of received value .+ is not sutable for .+\"):msg@>", + "msg_id" : "Zabbix:received_value_not_sutable", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Query [select .+]\"):msg@> ", + "msg_id" : "Zabbix:query_select", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Query [update .+]\"):msg@> ", + "msg_id" : "Zabbix:query_update", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Query [delete .+]\"):msg@> ", + "msg_id" : "Zabbix:query_delete", + "table" : "Message", + "taxonomy" : "Application", + "loglevel" : "Information" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*One child process died. Exiting ...\"):msg@> ", + "msg_id" : "Zabbix:one_child_process_died", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Returning NOTSUPPORTED\"):msg@>", + "msg_id" : "Zabbix:returning_notsupported", + "table" : "Message", + "taxonomy" : "Config.Errors", + "loglevel" : "Warning" + }, + { + "pattern" : "<@DATE_TIME_ISO:datetime@> <@WORD:device@> <@REGEXP(\"zabbix\"):daemon@>: <@REGEXP(\".*Timeout while answering request\"):msg@>", + "msg_id" : "Zabbix:timeout_while_answering_request", + "table" : "Message", + "taxonomy" : "Application.Errors", + "loglevel" : "Warning" + } + ], + "website" : "http://www.zabbix.com/", + "version" : "200809170003", + "name" : "Zabbix", + "description" : "Zabbix" +} diff --git a/scripts/xml2json.pl b/scripts/xml2json.pl new file mode 100755 index 0000000..ea9def8 --- /dev/null +++ b/scripts/xml2json.pl @@ -0,0 +1,91 @@ +#!/usr/bin/perl + +=head1 NAME + +xml2json.pl - Script to migrate Octopussy XML configuration files to JSON + +=head1 SYNOPSIS + +xml2json.pl +find /var/lib/octopussy/conf -iname *.xml | xml2json.pl + +=cut + +use strict; +use warnings; + +use English qw( -no_match_vars ); +use File::Slurp; +use JSON; +use XML::Simple; + +my %action = ( + octopussy_device => \&json_device, + octopussy_service => \&json_service, + ); + +sub json_device +{ + printf "Device\n"; +} + +sub json_service +{ + my $conf = shift; + + my @messages = (); + foreach my $m (sort { $a->{rank} cmp $b->{rank} } @{$conf->{message}}) + { + delete $m->{rank}; + push @messages, $m; + } + delete $conf->{message}; + delete $conf->{nb_messages}; + $conf->{messages} = \@messages; + + return (to_json($conf, {pretty => 1})); +} + +=head2 xml_read($filename) + +Read XML file '$filename' + +=cut + +sub xml_read +{ + my $filename = shift; + + my %XML_INPUT_OPTIONS = (KeepRoot => 1, KeyAttr => [], ForceArray => 1); + + if ((defined $filename) && (-f $filename)) + { + my $conf = eval { XMLin($filename, %XML_INPUT_OPTIONS); }; + die "[ERROR] Unable to read XML file $filename" if ($EVAL_ERROR); + + return ($conf) + } + die "[ERROR] XML file $filename doesn't exist"; +} + +# loop on each file from command line +my @files = (@ARGV ? @ARGV : ); +my $count = 0; +foreach my $filename (@files) +{ + chomp $filename; + my $conf = xml_read($filename); + my $type = (keys %{$conf})[0]; + my $str_json = $action{$type}($conf->{$type}->[0]); + my $filename_json = $filename; + $filename_json =~ s/\.xml$/\.json/i; + $count++; + printf "[%03d] %s: %s => %s\n", $count, $type, $filename, $filename_json; + write_file($filename_json, { binmode => ':utf8' }, $str_json); +} + +=head1 AUTHOR + +Sebastien Thebert + +=cut diff --git a/var/lib/octopussy/conf/services/ACPI.xml b/var/lib/octopussy/conf/services/ACPI.xml deleted file mode 100644 index f65a252..0000000 --- a/var/lib/octopussy/conf/services/ACPI.xml +++ /dev/null @@ -1,73 +0,0 @@ - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/ARPWatch.xml b/var/lib/octopussy/conf/services/ARPWatch.xml deleted file mode 100644 index c32a0d5..0000000 --- a/var/lib/octopussy/conf/services/ARPWatch.xml +++ /dev/null @@ -1,79 +0,0 @@ - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Anacron.xml b/var/lib/octopussy/conf/services/Anacron.xml deleted file mode 100644 index 7dee195..0000000 --- a/var/lib/octopussy/conf/services/Anacron.xml +++ /dev/null @@ -1,49 +0,0 @@ - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Ansible.xml b/var/lib/octopussy/conf/services/Ansible.xml deleted file mode 100644 index c2268e9..0000000 --- a/var/lib/octopussy/conf/services/Ansible.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - diff --git a/var/lib/octopussy/conf/services/Apache.xml b/var/lib/octopussy/conf/services/Apache.xml deleted file mode 100644 index de60ab5..0000000 --- a/var/lib/octopussy/conf/services/Apache.xml +++ /dev/null @@ -1,80 +0,0 @@ - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Apache2.xml b/var/lib/octopussy/conf/services/Apache2.xml deleted file mode 100644 index 0484232..0000000 --- a/var/lib/octopussy/conf/services/Apache2.xml +++ /dev/null @@ -1,86 +0,0 @@ - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Apache_Mod_Proxy.xml b/var/lib/octopussy/conf/services/Apache_Mod_Proxy.xml deleted file mode 100644 index 9a9cb51..0000000 --- a/var/lib/octopussy/conf/services/Apache_Mod_Proxy.xml +++ /dev/null @@ -1,55 +0,0 @@ - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Apache_Mod_Security.xml b/var/lib/octopussy/conf/services/Apache_Mod_Security.xml deleted file mode 100644 index d13d951..0000000 --- a/var/lib/octopussy/conf/services/Apache_Mod_Security.xml +++ /dev/null @@ -1,38 +0,0 @@ - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Apache_Traffic.xml b/var/lib/octopussy/conf/services/Apache_Traffic.xml deleted file mode 100644 index 035413c..0000000 --- a/var/lib/octopussy/conf/services/Apache_Traffic.xml +++ /dev/null @@ -1,43 +0,0 @@ - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Audispd.xml b/var/lib/octopussy/conf/services/Audispd.xml deleted file mode 100644 index 9f488ae..0000000 --- a/var/lib/octopussy/conf/services/Audispd.xml +++ /dev/null @@ -1,30 +0,0 @@ - - - - - - - diff --git a/var/lib/octopussy/conf/services/Audit.xml b/var/lib/octopussy/conf/services/Audit.xml deleted file mode 100644 index 9082b20..0000000 --- a/var/lib/octopussy/conf/services/Audit.xml +++ /dev/null @@ -1,61 +0,0 @@ - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Automount.xml b/var/lib/octopussy/conf/services/Automount.xml deleted file mode 100644 index 3469bc4..0000000 --- a/var/lib/octopussy/conf/services/Automount.xml +++ /dev/null @@ -1,49 +0,0 @@ - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Avahi.xml b/var/lib/octopussy/conf/services/Avahi.xml deleted file mode 100644 index f81d62c..0000000 --- a/var/lib/octopussy/conf/services/Avahi.xml +++ /dev/null @@ -1,134 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Bind.xml b/var/lib/octopussy/conf/services/Bind.xml deleted file mode 100644 index 3e62107..0000000 --- a/var/lib/octopussy/conf/services/Bind.xml +++ /dev/null @@ -1,511 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Blue_Coat_System.xml b/var/lib/octopussy/conf/services/Blue_Coat_System.xml deleted file mode 100644 index a4d568a..0000000 --- a/var/lib/octopussy/conf/services/Blue_Coat_System.xml +++ /dev/null @@ -1,380 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/CVS.xml b/var/lib/octopussy/conf/services/CVS.xml deleted file mode 100644 index 4632c67..0000000 --- a/var/lib/octopussy/conf/services/CVS.xml +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Cisco_ACS.xml b/var/lib/octopussy/conf/services/Cisco_ACS.xml deleted file mode 100644 index 288cb4c..0000000 --- a/var/lib/octopussy/conf/services/Cisco_ACS.xml +++ /dev/null @@ -1,271 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Cisco_ASA.xml b/var/lib/octopussy/conf/services/Cisco_ASA.xml deleted file mode 100644 index e4bc833..0000000 --- a/var/lib/octopussy/conf/services/Cisco_ASA.xml +++ /dev/null @@ -1,1034 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Cisco_Pix.xml b/var/lib/octopussy/conf/services/Cisco_Pix.xml deleted file mode 100644 index 21f76f1..0000000 --- a/var/lib/octopussy/conf/services/Cisco_Pix.xml +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Cisco_Router.xml b/var/lib/octopussy/conf/services/Cisco_Router.xml deleted file mode 100644 index 4c26d06..0000000 --- a/var/lib/octopussy/conf/services/Cisco_Router.xml +++ /dev/null @@ -1,161 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Cisco_Router_Traffic.xml b/var/lib/octopussy/conf/services/Cisco_Router_Traffic.xml deleted file mode 100644 index 45d648c..0000000 --- a/var/lib/octopussy/conf/services/Cisco_Router_Traffic.xml +++ /dev/null @@ -1,29 +0,0 @@ - - - - - - diff --git a/var/lib/octopussy/conf/services/Cisco_Switch.xml b/var/lib/octopussy/conf/services/Cisco_Switch.xml deleted file mode 100644 index bec0d54..0000000 --- a/var/lib/octopussy/conf/services/Cisco_Switch.xml +++ /dev/null @@ -1,468 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Cisco_VPN_Client.xml b/var/lib/octopussy/conf/services/Cisco_VPN_Client.xml deleted file mode 100644 index 68dcd2f..0000000 --- a/var/lib/octopussy/conf/services/Cisco_VPN_Client.xml +++ /dev/null @@ -1,19 +0,0 @@ - - - - - diff --git a/var/lib/octopussy/conf/services/ClamAV.xml b/var/lib/octopussy/conf/services/ClamAV.xml deleted file mode 100644 index 42996d4..0000000 --- a/var/lib/octopussy/conf/services/ClamAV.xml +++ /dev/null @@ -1,109 +0,0 @@ - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Cracklib.xml b/var/lib/octopussy/conf/services/Cracklib.xml deleted file mode 100644 index 8e08d99..0000000 --- a/var/lib/octopussy/conf/services/Cracklib.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - diff --git a/var/lib/octopussy/conf/services/Cron.xml b/var/lib/octopussy/conf/services/Cron.xml deleted file mode 100644 index 33b1b26..0000000 --- a/var/lib/octopussy/conf/services/Cron.xml +++ /dev/null @@ -1,205 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Cyclades.xml b/var/lib/octopussy/conf/services/Cyclades.xml deleted file mode 100644 index e50e00c..0000000 --- a/var/lib/octopussy/conf/services/Cyclades.xml +++ /dev/null @@ -1,73 +0,0 @@ - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Cyrus_Mail.xml b/var/lib/octopussy/conf/services/Cyrus_Mail.xml deleted file mode 100644 index 47d6e7d..0000000 --- a/var/lib/octopussy/conf/services/Cyrus_Mail.xml +++ /dev/null @@ -1,85 +0,0 @@ - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/DB2.xml b/var/lib/octopussy/conf/services/DB2.xml deleted file mode 100644 index 19efa9f..0000000 --- a/var/lib/octopussy/conf/services/DB2.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - diff --git a/var/lib/octopussy/conf/services/DHCP.xml b/var/lib/octopussy/conf/services/DHCP.xml deleted file mode 100644 index 2a0dea6..0000000 --- a/var/lib/octopussy/conf/services/DHCP.xml +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Dell_Switch.xml b/var/lib/octopussy/conf/services/Dell_Switch.xml deleted file mode 100644 index 7a69d0e..0000000 --- a/var/lib/octopussy/conf/services/Dell_Switch.xml +++ /dev/null @@ -1,61 +0,0 @@ - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/DenyAll_Filtering.xml b/var/lib/octopussy/conf/services/DenyAll_Filtering.xml deleted file mode 100644 index a42f93e..0000000 --- a/var/lib/octopussy/conf/services/DenyAll_Filtering.xml +++ /dev/null @@ -1,91 +0,0 @@ - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/DenyAll_System.xml b/var/lib/octopussy/conf/services/DenyAll_System.xml deleted file mode 100644 index 75f9adc..0000000 --- a/var/lib/octopussy/conf/services/DenyAll_System.xml +++ /dev/null @@ -1,217 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/DenyAll_Traffic.xml b/var/lib/octopussy/conf/services/DenyAll_Traffic.xml deleted file mode 100644 index 311cf3e..0000000 --- a/var/lib/octopussy/conf/services/DenyAll_Traffic.xml +++ /dev/null @@ -1,187 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Dhclient.xml b/var/lib/octopussy/conf/services/Dhclient.xml deleted file mode 100644 index 182fe63..0000000 --- a/var/lib/octopussy/conf/services/Dhclient.xml +++ /dev/null @@ -1,24 +0,0 @@ - - - - - - diff --git a/var/lib/octopussy/conf/services/Dhcpcd.xml b/var/lib/octopussy/conf/services/Dhcpcd.xml deleted file mode 100644 index c1694f3..0000000 --- a/var/lib/octopussy/conf/services/Dhcpcd.xml +++ /dev/null @@ -1,43 +0,0 @@ - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Dnsmasq.xml b/var/lib/octopussy/conf/services/Dnsmasq.xml deleted file mode 100644 index 7210b80..0000000 --- a/var/lib/octopussy/conf/services/Dnsmasq.xml +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Dovecot.xml b/var/lib/octopussy/conf/services/Dovecot.xml deleted file mode 100644 index 786563c..0000000 --- a/var/lib/octopussy/conf/services/Dovecot.xml +++ /dev/null @@ -1,240 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/DragonFly_Mail_Agent.xml b/var/lib/octopussy/conf/services/DragonFly_Mail_Agent.xml deleted file mode 100644 index 0b203a3..0000000 --- a/var/lib/octopussy/conf/services/DragonFly_Mail_Agent.xml +++ /dev/null @@ -1,43 +0,0 @@ - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Drbd.xml b/var/lib/octopussy/conf/services/Drbd.xml deleted file mode 100644 index d6de5ca..0000000 --- a/var/lib/octopussy/conf/services/Drbd.xml +++ /dev/null @@ -1,446 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Exim.xml b/var/lib/octopussy/conf/services/Exim.xml deleted file mode 100644 index 64cf58a..0000000 --- a/var/lib/octopussy/conf/services/Exim.xml +++ /dev/null @@ -1,38 +0,0 @@ - - - - - - - - diff --git a/var/lib/octopussy/conf/services/F5_BigIP.xml b/var/lib/octopussy/conf/services/F5_BigIP.xml deleted file mode 100644 index 5e8f9e2..0000000 --- a/var/lib/octopussy/conf/services/F5_BigIP.xml +++ /dev/null @@ -1,781 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/F5_BigIP_ASM.xml b/var/lib/octopussy/conf/services/F5_BigIP_ASM.xml deleted file mode 100644 index cf7a352..0000000 --- a/var/lib/octopussy/conf/services/F5_BigIP_ASM.xml +++ /dev/null @@ -1,43 +0,0 @@ - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/F5_BigIP_ASM_Filtering.xml b/var/lib/octopussy/conf/services/F5_BigIP_ASM_Filtering.xml deleted file mode 100644 index 3a6b676..0000000 --- a/var/lib/octopussy/conf/services/F5_BigIP_ASM_Filtering.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - diff --git a/var/lib/octopussy/conf/services/Fam.xml b/var/lib/octopussy/conf/services/Fam.xml deleted file mode 100644 index e2a873f..0000000 --- a/var/lib/octopussy/conf/services/Fam.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - diff --git a/var/lib/octopussy/conf/services/Fortigate_System.xml b/var/lib/octopussy/conf/services/Fortigate_System.xml deleted file mode 100644 index be4282b..0000000 --- a/var/lib/octopussy/conf/services/Fortigate_System.xml +++ /dev/null @@ -1,349 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Fortigate_Traffic.xml b/var/lib/octopussy/conf/services/Fortigate_Traffic.xml deleted file mode 100644 index a9a9ca8..0000000 --- a/var/lib/octopussy/conf/services/Fortigate_Traffic.xml +++ /dev/null @@ -1,31 +0,0 @@ - - - - - - - diff --git a/var/lib/octopussy/conf/services/FreeRADIUS.xml b/var/lib/octopussy/conf/services/FreeRADIUS.xml deleted file mode 100644 index ddc7449..0000000 --- a/var/lib/octopussy/conf/services/FreeRADIUS.xml +++ /dev/null @@ -1,43 +0,0 @@ - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Ftpd.xml b/var/lib/octopussy/conf/services/Ftpd.xml deleted file mode 100644 index c3dd23b..0000000 --- a/var/lib/octopussy/conf/services/Ftpd.xml +++ /dev/null @@ -1,43 +0,0 @@ - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/HPLIP.xml b/var/lib/octopussy/conf/services/HPLIP.xml deleted file mode 100644 index 7219c8f..0000000 --- a/var/lib/octopussy/conf/services/HPLIP.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - diff --git a/var/lib/octopussy/conf/services/Hald.xml b/var/lib/octopussy/conf/services/Hald.xml deleted file mode 100644 index f45047f..0000000 --- a/var/lib/octopussy/conf/services/Hald.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - diff --git a/var/lib/octopussy/conf/services/Heartbeat.xml b/var/lib/octopussy/conf/services/Heartbeat.xml deleted file mode 100644 index f07f4a0..0000000 --- a/var/lib/octopussy/conf/services/Heartbeat.xml +++ /dev/null @@ -1,331 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/IBM_Cognos.xml b/var/lib/octopussy/conf/services/IBM_Cognos.xml deleted file mode 100644 index 5384dc6..0000000 --- a/var/lib/octopussy/conf/services/IBM_Cognos.xml +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/IPVS.xml b/var/lib/octopussy/conf/services/IPVS.xml deleted file mode 100644 index 13294fe..0000000 --- a/var/lib/octopussy/conf/services/IPVS.xml +++ /dev/null @@ -1,44 +0,0 @@ - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/IP_Tables.xml b/var/lib/octopussy/conf/services/IP_Tables.xml deleted file mode 100644 index 1315bea..0000000 --- a/var/lib/octopussy/conf/services/IP_Tables.xml +++ /dev/null @@ -1,122 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Incron.xml b/var/lib/octopussy/conf/services/Incron.xml deleted file mode 100644 index 638c3e6..0000000 --- a/var/lib/octopussy/conf/services/Incron.xml +++ /dev/null @@ -1,48 +0,0 @@ - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/IronPort.xml b/var/lib/octopussy/conf/services/IronPort.xml deleted file mode 100644 index ea91a58..0000000 --- a/var/lib/octopussy/conf/services/IronPort.xml +++ /dev/null @@ -1,421 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/IronPort_S-Series_System.xml b/var/lib/octopussy/conf/services/IronPort_S-Series_System.xml deleted file mode 100644 index 939a675..0000000 --- a/var/lib/octopussy/conf/services/IronPort_S-Series_System.xml +++ /dev/null @@ -1,780 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/IronPort_S-Series_Traffic.xml b/var/lib/octopussy/conf/services/IronPort_S-Series_Traffic.xml deleted file mode 100644 index c03e24c..0000000 --- a/var/lib/octopussy/conf/services/IronPort_S-Series_Traffic.xml +++ /dev/null @@ -1,66 +0,0 @@ - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/IronPort_System.xml b/var/lib/octopussy/conf/services/IronPort_System.xml deleted file mode 100644 index e7c118d..0000000 --- a/var/lib/octopussy/conf/services/IronPort_System.xml +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Juniper_DX_System.xml b/var/lib/octopussy/conf/services/Juniper_DX_System.xml deleted file mode 100644 index 36d378f..0000000 --- a/var/lib/octopussy/conf/services/Juniper_DX_System.xml +++ /dev/null @@ -1,145 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Juniper_DX_Traffic.xml b/var/lib/octopussy/conf/services/Juniper_DX_Traffic.xml deleted file mode 100644 index 879ed4a..0000000 --- a/var/lib/octopussy/conf/services/Juniper_DX_Traffic.xml +++ /dev/null @@ -1,20 +0,0 @@ - - - - - \ No newline at end of file diff --git a/var/lib/octopussy/conf/services/Keepalived.xml b/var/lib/octopussy/conf/services/Keepalived.xml deleted file mode 100644 index 47a791a..0000000 --- a/var/lib/octopussy/conf/services/Keepalived.xml +++ /dev/null @@ -1,338 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Ldap.xml b/var/lib/octopussy/conf/services/Ldap.xml deleted file mode 100644 index c222387..0000000 --- a/var/lib/octopussy/conf/services/Ldap.xml +++ /dev/null @@ -1,464 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Linux_Debian_System.xml b/var/lib/octopussy/conf/services/Linux_Debian_System.xml deleted file mode 100644 index ff216d5..0000000 --- a/var/lib/octopussy/conf/services/Linux_Debian_System.xml +++ /dev/null @@ -1,104 +0,0 @@ - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Linux_Gnome_Desktop.xml b/var/lib/octopussy/conf/services/Linux_Gnome_Desktop.xml deleted file mode 100644 index 84a4faf..0000000 --- a/var/lib/octopussy/conf/services/Linux_Gnome_Desktop.xml +++ /dev/null @@ -1,55 +0,0 @@ - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Linux_Gnome_Desktop_FR.xml b/var/lib/octopussy/conf/services/Linux_Gnome_Desktop_FR.xml deleted file mode 100644 index 4e820d0..0000000 --- a/var/lib/octopussy/conf/services/Linux_Gnome_Desktop_FR.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - diff --git a/var/lib/octopussy/conf/services/Linux_HA_Attr.xml b/var/lib/octopussy/conf/services/Linux_HA_Attr.xml deleted file mode 100644 index c074cd2..0000000 --- a/var/lib/octopussy/conf/services/Linux_HA_Attr.xml +++ /dev/null @@ -1,61 +0,0 @@ - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Linux_HA_Crm.xml b/var/lib/octopussy/conf/services/Linux_HA_Crm.xml deleted file mode 100644 index bee537c..0000000 --- a/var/lib/octopussy/conf/services/Linux_HA_Crm.xml +++ /dev/null @@ -1,50 +0,0 @@ - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Linux_HA_Ipfail.xml b/var/lib/octopussy/conf/services/Linux_HA_Ipfail.xml deleted file mode 100644 index 86a9565..0000000 --- a/var/lib/octopussy/conf/services/Linux_HA_Ipfail.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - - - - diff --git a/var/lib/octopussy/conf/services/Linux_HA_Log.xml b/var/lib/octopussy/conf/services/Linux_HA_Log.xml deleted file mode 100644 index d96e0cc..0000000 --- a/var/lib/octopussy/conf/services/Linux_HA_Log.xml +++ /dev/null @@ -1,80 +0,0 @@ - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Linux_HA_Stonith.xml b/var/lib/octopussy/conf/services/Linux_HA_Stonith.xml deleted file mode 100644 index dbb56c5..0000000 --- a/var/lib/octopussy/conf/services/Linux_HA_Stonith.xml +++ /dev/null @@ -1,43 +0,0 @@ - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Linux_Kernel.xml b/var/lib/octopussy/conf/services/Linux_Kernel.xml deleted file mode 100644 index 6ef4b2c..0000000 --- a/var/lib/octopussy/conf/services/Linux_Kernel.xml +++ /dev/null @@ -1,1466 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Linux_Kernel_Audit.xml b/var/lib/octopussy/conf/services/Linux_Kernel_Audit.xml deleted file mode 100644 index 9174d6f..0000000 --- a/var/lib/octopussy/conf/services/Linux_Kernel_Audit.xml +++ /dev/null @@ -1,43 +0,0 @@ - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Linux_Kernel_Bluetooth.xml b/var/lib/octopussy/conf/services/Linux_Kernel_Bluetooth.xml deleted file mode 100644 index 434e0f9..0000000 --- a/var/lib/octopussy/conf/services/Linux_Kernel_Bluetooth.xml +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Linux_Kernel_FS_Ext3.xml b/var/lib/octopussy/conf/services/Linux_Kernel_FS_Ext3.xml deleted file mode 100644 index 49ea610..0000000 --- a/var/lib/octopussy/conf/services/Linux_Kernel_FS_Ext3.xml +++ /dev/null @@ -1,49 +0,0 @@ - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Linux_Kernel_FS_Reiser.xml b/var/lib/octopussy/conf/services/Linux_Kernel_FS_Reiser.xml deleted file mode 100644 index 94f1b04..0000000 --- a/var/lib/octopussy/conf/services/Linux_Kernel_FS_Reiser.xml +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Linux_Kernel_Network_Bonding.xml b/var/lib/octopussy/conf/services/Linux_Kernel_Network_Bonding.xml deleted file mode 100644 index 1976ede..0000000 --- a/var/lib/octopussy/conf/services/Linux_Kernel_Network_Bonding.xml +++ /dev/null @@ -1,74 +0,0 @@ - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Linux_Kernel_RAID.xml b/var/lib/octopussy/conf/services/Linux_Kernel_RAID.xml deleted file mode 100644 index 2aaec96..0000000 --- a/var/lib/octopussy/conf/services/Linux_Kernel_RAID.xml +++ /dev/null @@ -1,43 +0,0 @@ - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Linux_Kernel_USB.xml b/var/lib/octopussy/conf/services/Linux_Kernel_USB.xml deleted file mode 100644 index b7437ce..0000000 --- a/var/lib/octopussy/conf/services/Linux_Kernel_USB.xml +++ /dev/null @@ -1,145 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/var/lib/octopussy/conf/services/Linux_Network_Interface.xml b/var/lib/octopussy/conf/services/Linux_Network_Interface.xml deleted file mode 100644 index c0092fb..0000000 --- a/var/lib/octopussy/conf/services/Linux_Network_Interface.xml +++ /dev/null @@ -1,36 +0,0 @@ - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Linux_PAM.xml b/var/lib/octopussy/conf/services/Linux_PAM.xml deleted file mode 100644 index 38822de..0000000 --- a/var/lib/octopussy/conf/services/Linux_PAM.xml +++ /dev/null @@ -1,122 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Linux_Red_Hat_System.xml b/var/lib/octopussy/conf/services/Linux_Red_Hat_System.xml deleted file mode 100644 index a50cbba..0000000 --- a/var/lib/octopussy/conf/services/Linux_Red_Hat_System.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - diff --git a/var/lib/octopussy/conf/services/Linux_System.xml b/var/lib/octopussy/conf/services/Linux_System.xml deleted file mode 100644 index c59fe16..0000000 --- a/var/lib/octopussy/conf/services/Linux_System.xml +++ /dev/null @@ -1,505 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Logitech_Mouse_Control.xml b/var/lib/octopussy/conf/services/Logitech_Mouse_Control.xml deleted file mode 100644 index 6adfde8..0000000 --- a/var/lib/octopussy/conf/services/Logitech_Mouse_Control.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - diff --git a/var/lib/octopussy/conf/services/Mac_OS_X_Installer.xml b/var/lib/octopussy/conf/services/Mac_OS_X_Installer.xml deleted file mode 100644 index 5a68f13..0000000 --- a/var/lib/octopussy/conf/services/Mac_OS_X_Installer.xml +++ /dev/null @@ -1,98 +0,0 @@ - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Mac_OS_X_Kernel.xml b/var/lib/octopussy/conf/services/Mac_OS_X_Kernel.xml deleted file mode 100644 index 4d5b4a7..0000000 --- a/var/lib/octopussy/conf/services/Mac_OS_X_Kernel.xml +++ /dev/null @@ -1,200 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Mac_OS_X_Software_Update.xml b/var/lib/octopussy/conf/services/Mac_OS_X_Software_Update.xml deleted file mode 100644 index 1be0fa6..0000000 --- a/var/lib/octopussy/conf/services/Mac_OS_X_Software_Update.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - - - - diff --git a/var/lib/octopussy/conf/services/Mac_OS_X_Steam.xml b/var/lib/octopussy/conf/services/Mac_OS_X_Steam.xml deleted file mode 100644 index 916f779..0000000 --- a/var/lib/octopussy/conf/services/Mac_OS_X_Steam.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - - - - diff --git a/var/lib/octopussy/conf/services/Mac_OS_X_System.xml b/var/lib/octopussy/conf/services/Mac_OS_X_System.xml deleted file mode 100644 index 2d92261..0000000 --- a/var/lib/octopussy/conf/services/Mac_OS_X_System.xml +++ /dev/null @@ -1,224 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Mac_OS_X_iTunes.xml b/var/lib/octopussy/conf/services/Mac_OS_X_iTunes.xml deleted file mode 100644 index 16591ac..0000000 --- a/var/lib/octopussy/conf/services/Mac_OS_X_iTunes.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - - - - diff --git a/var/lib/octopussy/conf/services/Mnogosearch.xml b/var/lib/octopussy/conf/services/Mnogosearch.xml deleted file mode 100644 index 0624300..0000000 --- a/var/lib/octopussy/conf/services/Mnogosearch.xml +++ /dev/null @@ -1,60 +0,0 @@ - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Monit.xml b/var/lib/octopussy/conf/services/Monit.xml deleted file mode 100644 index 21af0d9..0000000 --- a/var/lib/octopussy/conf/services/Monit.xml +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/MySQL.xml b/var/lib/octopussy/conf/services/MySQL.xml deleted file mode 100644 index c4a6e29..0000000 --- a/var/lib/octopussy/conf/services/MySQL.xml +++ /dev/null @@ -1,464 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Nagios.xml b/var/lib/octopussy/conf/services/Nagios.xml deleted file mode 100644 index 6f3b875..0000000 --- a/var/lib/octopussy/conf/services/Nagios.xml +++ /dev/null @@ -1,205 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Nagios_NSCA.xml b/var/lib/octopussy/conf/services/Nagios_NSCA.xml deleted file mode 100644 index 4e4a142..0000000 --- a/var/lib/octopussy/conf/services/Nagios_NSCA.xml +++ /dev/null @@ -1,80 +0,0 @@ - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Neoteris.xml b/var/lib/octopussy/conf/services/Neoteris.xml deleted file mode 100644 index f021ea0..0000000 --- a/var/lib/octopussy/conf/services/Neoteris.xml +++ /dev/null @@ -1,199 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/NetApp_NetCache.xml b/var/lib/octopussy/conf/services/NetApp_NetCache.xml deleted file mode 100644 index d0da4c4..0000000 --- a/var/lib/octopussy/conf/services/NetApp_NetCache.xml +++ /dev/null @@ -1,744 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/NetFlow.xml b/var/lib/octopussy/conf/services/NetFlow.xml deleted file mode 100644 index 60c6af4..0000000 --- a/var/lib/octopussy/conf/services/NetFlow.xml +++ /dev/null @@ -1,19 +0,0 @@ - - - - - diff --git a/var/lib/octopussy/conf/services/Netscreen_NSM_System.xml b/var/lib/octopussy/conf/services/Netscreen_NSM_System.xml deleted file mode 100644 index 5d5c4ab..0000000 --- a/var/lib/octopussy/conf/services/Netscreen_NSM_System.xml +++ /dev/null @@ -1,894 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Netscreen_NSM_Traffic.xml b/var/lib/octopussy/conf/services/Netscreen_NSM_Traffic.xml deleted file mode 100644 index caea949..0000000 --- a/var/lib/octopussy/conf/services/Netscreen_NSM_Traffic.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - diff --git a/var/lib/octopussy/conf/services/Netscreen_System.xml b/var/lib/octopussy/conf/services/Netscreen_System.xml deleted file mode 100644 index 1b04d6f..0000000 --- a/var/lib/octopussy/conf/services/Netscreen_System.xml +++ /dev/null @@ -1,1273 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Netscreen_System_Antivirus.xml b/var/lib/octopussy/conf/services/Netscreen_System_Antivirus.xml deleted file mode 100644 index b7c48f5..0000000 --- a/var/lib/octopussy/conf/services/Netscreen_System_Antivirus.xml +++ /dev/null @@ -1,61 +0,0 @@ - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Netscreen_Traffic.xml b/var/lib/octopussy/conf/services/Netscreen_Traffic.xml deleted file mode 100644 index 89499df..0000000 --- a/var/lib/octopussy/conf/services/Netscreen_Traffic.xml +++ /dev/null @@ -1,85 +0,0 @@ - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Nfs.xml b/var/lib/octopussy/conf/services/Nfs.xml deleted file mode 100644 index 47fffad..0000000 --- a/var/lib/octopussy/conf/services/Nfs.xml +++ /dev/null @@ -1,36 +0,0 @@ - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Nscd.xml b/var/lib/octopussy/conf/services/Nscd.xml deleted file mode 100644 index 5f57d0e..0000000 --- a/var/lib/octopussy/conf/services/Nscd.xml +++ /dev/null @@ -1,48 +0,0 @@ - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Ntop.xml b/var/lib/octopussy/conf/services/Ntop.xml deleted file mode 100644 index 14be261..0000000 --- a/var/lib/octopussy/conf/services/Ntop.xml +++ /dev/null @@ -1,72 +0,0 @@ - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Ntp.xml b/var/lib/octopussy/conf/services/Ntp.xml deleted file mode 100644 index 27c0d88..0000000 --- a/var/lib/octopussy/conf/services/Ntp.xml +++ /dev/null @@ -1,246 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/OSSEC.xml b/var/lib/octopussy/conf/services/OSSEC.xml deleted file mode 100644 index 592eb94..0000000 --- a/var/lib/octopussy/conf/services/OSSEC.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - diff --git a/var/lib/octopussy/conf/services/Octopussy.xml b/var/lib/octopussy/conf/services/Octopussy.xml deleted file mode 100644 index 618c4d6..0000000 --- a/var/lib/octopussy/conf/services/Octopussy.xml +++ /dev/null @@ -1,416 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/OpenVZ.xml b/var/lib/octopussy/conf/services/OpenVZ.xml deleted file mode 100644 index 6c45d02..0000000 --- a/var/lib/octopussy/conf/services/OpenVZ.xml +++ /dev/null @@ -1,68 +0,0 @@ - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Pcscd.xml b/var/lib/octopussy/conf/services/Pcscd.xml deleted file mode 100644 index afd60d7..0000000 --- a/var/lib/octopussy/conf/services/Pcscd.xml +++ /dev/null @@ -1,205 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/var/lib/octopussy/conf/services/Postfix.xml b/var/lib/octopussy/conf/services/Postfix.xml deleted file mode 100644 index b5edd08..0000000 --- a/var/lib/octopussy/conf/services/Postfix.xml +++ /dev/null @@ -1,608 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/PostgreSQL.xml b/var/lib/octopussy/conf/services/PostgreSQL.xml deleted file mode 100644 index f21e390..0000000 --- a/var/lib/octopussy/conf/services/PostgreSQL.xml +++ /dev/null @@ -1,506 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/PostgreSQL_FR.xml b/var/lib/octopussy/conf/services/PostgreSQL_FR.xml deleted file mode 100644 index 28e4714..0000000 --- a/var/lib/octopussy/conf/services/PostgreSQL_FR.xml +++ /dev/null @@ -1,110 +0,0 @@ - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Printer_HP_LaserJet.xml b/var/lib/octopussy/conf/services/Printer_HP_LaserJet.xml deleted file mode 100644 index 6fd99f3..0000000 --- a/var/lib/octopussy/conf/services/Printer_HP_LaserJet.xml +++ /dev/null @@ -1,85 +0,0 @@ - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/PulseAudio.xml b/var/lib/octopussy/conf/services/PulseAudio.xml deleted file mode 100644 index 7c73ec8..0000000 --- a/var/lib/octopussy/conf/services/PulseAudio.xml +++ /dev/null @@ -1,49 +0,0 @@ - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Radius.xml b/var/lib/octopussy/conf/services/Radius.xml deleted file mode 100644 index 6778502..0000000 --- a/var/lib/octopussy/conf/services/Radius.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - diff --git a/var/lib/octopussy/conf/services/Rpc_statd.xml b/var/lib/octopussy/conf/services/Rpc_statd.xml deleted file mode 100644 index 97938fc..0000000 --- a/var/lib/octopussy/conf/services/Rpc_statd.xml +++ /dev/null @@ -1,31 +0,0 @@ - - - - - - - diff --git a/var/lib/octopussy/conf/services/Rsync.xml b/var/lib/octopussy/conf/services/Rsync.xml deleted file mode 100644 index 59137c5..0000000 --- a/var/lib/octopussy/conf/services/Rsync.xml +++ /dev/null @@ -1,62 +0,0 @@ - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Rsyslog.xml b/var/lib/octopussy/conf/services/Rsyslog.xml deleted file mode 100644 index 78ea49c..0000000 --- a/var/lib/octopussy/conf/services/Rsyslog.xml +++ /dev/null @@ -1,133 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Samba.xml b/var/lib/octopussy/conf/services/Samba.xml deleted file mode 100644 index c60adef..0000000 --- a/var/lib/octopussy/conf/services/Samba.xml +++ /dev/null @@ -1,80 +0,0 @@ - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Samhain.xml b/var/lib/octopussy/conf/services/Samhain.xml deleted file mode 100644 index 0813cb4..0000000 --- a/var/lib/octopussy/conf/services/Samhain.xml +++ /dev/null @@ -1,193 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Saslauthd.xml b/var/lib/octopussy/conf/services/Saslauthd.xml deleted file mode 100644 index 20f1871..0000000 --- a/var/lib/octopussy/conf/services/Saslauthd.xml +++ /dev/null @@ -1,55 +0,0 @@ - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Sendmail.xml b/var/lib/octopussy/conf/services/Sendmail.xml deleted file mode 100644 index 2c2b90f..0000000 --- a/var/lib/octopussy/conf/services/Sendmail.xml +++ /dev/null @@ -1,170 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Slony-I.xml b/var/lib/octopussy/conf/services/Slony-I.xml deleted file mode 100644 index 0292119..0000000 --- a/var/lib/octopussy/conf/services/Slony-I.xml +++ /dev/null @@ -1,68 +0,0 @@ - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Smartd.xml b/var/lib/octopussy/conf/services/Smartd.xml deleted file mode 100644 index 26bbc82..0000000 --- a/var/lib/octopussy/conf/services/Smartd.xml +++ /dev/null @@ -1,138 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Snmpd.xml b/var/lib/octopussy/conf/services/Snmpd.xml deleted file mode 100644 index 0b73552..0000000 --- a/var/lib/octopussy/conf/services/Snmpd.xml +++ /dev/null @@ -1,127 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/SpamAssassin.xml b/var/lib/octopussy/conf/services/SpamAssassin.xml deleted file mode 100644 index b219919..0000000 --- a/var/lib/octopussy/conf/services/SpamAssassin.xml +++ /dev/null @@ -1,50 +0,0 @@ - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Squid_System.xml b/var/lib/octopussy/conf/services/Squid_System.xml deleted file mode 100644 index fe4bf0b..0000000 --- a/var/lib/octopussy/conf/services/Squid_System.xml +++ /dev/null @@ -1,542 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Squid_Traffic.xml b/var/lib/octopussy/conf/services/Squid_Traffic.xml deleted file mode 100644 index 00731d0..0000000 --- a/var/lib/octopussy/conf/services/Squid_Traffic.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - diff --git a/var/lib/octopussy/conf/services/Sshd.xml b/var/lib/octopussy/conf/services/Sshd.xml deleted file mode 100644 index 4195647..0000000 --- a/var/lib/octopussy/conf/services/Sshd.xml +++ /dev/null @@ -1,534 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Stunnel.xml b/var/lib/octopussy/conf/services/Stunnel.xml deleted file mode 100644 index 5c91145..0000000 --- a/var/lib/octopussy/conf/services/Stunnel.xml +++ /dev/null @@ -1,337 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Subversion.xml b/var/lib/octopussy/conf/services/Subversion.xml deleted file mode 100644 index 12db295..0000000 --- a/var/lib/octopussy/conf/services/Subversion.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - diff --git a/var/lib/octopussy/conf/services/Sudo.xml b/var/lib/octopussy/conf/services/Sudo.xml deleted file mode 100644 index fa8276a..0000000 --- a/var/lib/octopussy/conf/services/Sudo.xml +++ /dev/null @@ -1,138 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Syslog-ng.xml b/var/lib/octopussy/conf/services/Syslog-ng.xml deleted file mode 100644 index 12a113f..0000000 --- a/var/lib/octopussy/conf/services/Syslog-ng.xml +++ /dev/null @@ -1,188 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Tftpd.xml b/var/lib/octopussy/conf/services/Tftpd.xml deleted file mode 100644 index 248eeac..0000000 --- a/var/lib/octopussy/conf/services/Tftpd.xml +++ /dev/null @@ -1,28 +0,0 @@ - - - - - - diff --git a/var/lib/octopussy/conf/services/Vsftpd.xml b/var/lib/octopussy/conf/services/Vsftpd.xml deleted file mode 100644 index 5837860..0000000 --- a/var/lib/octopussy/conf/services/Vsftpd.xml +++ /dev/null @@ -1,16 +0,0 @@ - - - - diff --git a/var/lib/octopussy/conf/services/Windows_ADUC.xml b/var/lib/octopussy/conf/services/Windows_ADUC.xml deleted file mode 100644 index a08efd2..0000000 --- a/var/lib/octopussy/conf/services/Windows_ADUC.xml +++ /dev/null @@ -1,91 +0,0 @@ - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Windows_Applications_Citrix_Presentation_Server.xml b/var/lib/octopussy/conf/services/Windows_Applications_Citrix_Presentation_Server.xml deleted file mode 100644 index fa5c58e..0000000 --- a/var/lib/octopussy/conf/services/Windows_Applications_Citrix_Presentation_Server.xml +++ /dev/null @@ -1,43 +0,0 @@ - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Windows_Applications_McAfee_GER.xml b/var/lib/octopussy/conf/services/Windows_Applications_McAfee_GER.xml deleted file mode 100644 index e8cbbe0..0000000 --- a/var/lib/octopussy/conf/services/Windows_Applications_McAfee_GER.xml +++ /dev/null @@ -1,19 +0,0 @@ - - - - - diff --git a/var/lib/octopussy/conf/services/Windows_SQLServer.xml b/var/lib/octopussy/conf/services/Windows_SQLServer.xml deleted file mode 100644 index a637ddb..0000000 --- a/var/lib/octopussy/conf/services/Windows_SQLServer.xml +++ /dev/null @@ -1,49 +0,0 @@ - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Windows_Services.xml b/var/lib/octopussy/conf/services/Windows_Services.xml deleted file mode 100644 index 96295ad..0000000 --- a/var/lib/octopussy/conf/services/Windows_Services.xml +++ /dev/null @@ -1,85 +0,0 @@ - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Windows_System.xml b/var/lib/octopussy/conf/services/Windows_System.xml deleted file mode 100644 index 43ef4e0..0000000 --- a/var/lib/octopussy/conf/services/Windows_System.xml +++ /dev/null @@ -1,403 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Windows_System_Logon_Logoff.xml b/var/lib/octopussy/conf/services/Windows_System_Logon_Logoff.xml deleted file mode 100644 index de7442c..0000000 --- a/var/lib/octopussy/conf/services/Windows_System_Logon_Logoff.xml +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Windows_System_Printer.xml b/var/lib/octopussy/conf/services/Windows_System_Printer.xml deleted file mode 100644 index a0849ac..0000000 --- a/var/lib/octopussy/conf/services/Windows_System_Printer.xml +++ /dev/null @@ -1,79 +0,0 @@ - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Windows_System_SmartCard.xml b/var/lib/octopussy/conf/services/Windows_System_SmartCard.xml deleted file mode 100644 index 637a3fd..0000000 --- a/var/lib/octopussy/conf/services/Windows_System_SmartCard.xml +++ /dev/null @@ -1,31 +0,0 @@ - - - - - - - diff --git a/var/lib/octopussy/conf/services/Xen.xml b/var/lib/octopussy/conf/services/Xen.xml deleted file mode 100644 index 6a2249c..0000000 --- a/var/lib/octopussy/conf/services/Xen.xml +++ /dev/null @@ -1,530 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Xinetd.xml b/var/lib/octopussy/conf/services/Xinetd.xml deleted file mode 100644 index 7735c51..0000000 --- a/var/lib/octopussy/conf/services/Xinetd.xml +++ /dev/null @@ -1,60 +0,0 @@ - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Xscreensaver.xml b/var/lib/octopussy/conf/services/Xscreensaver.xml deleted file mode 100644 index 77bff97..0000000 --- a/var/lib/octopussy/conf/services/Xscreensaver.xml +++ /dev/null @@ -1,44 +0,0 @@ - - - - - - - - - diff --git a/var/lib/octopussy/conf/services/Zabbix.xml b/var/lib/octopussy/conf/services/Zabbix.xml deleted file mode 100644 index 853a383..0000000 --- a/var/lib/octopussy/conf/services/Zabbix.xml +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - From dc4646853755efe64a077d3058953d2fe46808b7 Mon Sep 17 00:00:00 2001 From: Sebastien Thebert Date: Mon, 10 Nov 2014 13:30:47 +0100 Subject: [PATCH 06/47] Update xml2json.pl --- scripts/xml2json.pl | 48 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 39 insertions(+), 9 deletions(-) diff --git a/scripts/xml2json.pl b/scripts/xml2json.pl index ea9def8..1926668 100755 --- a/scripts/xml2json.pl +++ b/scripts/xml2json.pl @@ -6,7 +6,7 @@ =head1 NAME =head1 SYNOPSIS -xml2json.pl +xml2json.pl [ ... ] find /var/lib/octopussy/conf -iname *.xml | xml2json.pl =cut @@ -22,22 +22,33 @@ =head1 SYNOPSIS my %action = ( octopussy_device => \&json_device, octopussy_service => \&json_service, + octopussy_table => \&json_table, ); +=head1 SUBROUTINES + +=head2 json_device($conf) + +=cut + sub json_device { printf "Device\n"; } +=head2 json_service($conf) + +=cut + sub json_service { my $conf = shift; my @messages = (); - foreach my $m (sort { $a->{rank} cmp $b->{rank} } @{$conf->{message}}) - { - delete $m->{rank}; - push @messages, $m; + foreach my $m (sort { $a->{rank} cmp $b->{rank} } @{$conf->{message}}) + { + delete $m->{rank}; + push @messages, $m; } delete $conf->{message}; delete $conf->{nb_messages}; @@ -46,6 +57,25 @@ sub json_service return (to_json($conf, {pretty => 1})); } +=head2 json_table($conf) + +=cut + +sub json_table +{ + my $conf = shift; + + my @fields = (); + foreach my $f (sort { $a->{title} cmp $b->{title} } @{$conf->{field}}) + { + push @fields, $f; + } + delete $conf->{field}; + $conf->{fields} = \@fields; + + return (to_json($conf, {pretty => 1})); +} + =head2 xml_read($filename) Read XML file '$filename' @@ -55,11 +85,11 @@ =head2 xml_read($filename) sub xml_read { my $filename = shift; + + my %XML_INPUT_OPTIONS = (KeepRoot => 1, KeyAttr => [], ForceArray => 1); - my %XML_INPUT_OPTIONS = (KeepRoot => 1, KeyAttr => [], ForceArray => 1); - - if ((defined $filename) && (-f $filename)) - { + if ((defined $filename) && (-f $filename)) + { my $conf = eval { XMLin($filename, %XML_INPUT_OPTIONS); }; die "[ERROR] Unable to read XML file $filename" if ($EVAL_ERROR); From 4c237de9f2178944717d6b033fe7d40bb10ddf1e Mon Sep 17 00:00:00 2001 From: Sebastien Thebert Date: Mon, 10 Nov 2014 13:44:38 +0100 Subject: [PATCH 07/47] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ef6e16e..5ecc7da 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ Octopussy 2.0 # What's new ? - * Complete rewriting of the Web Interface, moving from Apache::ASP to Mojolicious. + * Complete rewriting of the Web Interface, moving from [Apache::ASP](https://metacpan.org/pod/Apache::ASP) to [Mojolicious](https://metacpan.org/pod/Mojolicious). * API in order to have many Octopussy servers managed with the same web interface. # TODO List @@ -14,6 +14,8 @@ See [Issue #610](https://github.com/sebthebert/Octopussy/issues/610) ## Server Daemon publishing API +See [Issue #611](https://github.com/sebthebert/Octopussy/issues/611) + ## Mojolicious Web Interface connected with many Server Daemon publishing API From 279e7b3f0872dc48e0ddc9032c299382a9668b7c Mon Sep 17 00:00:00 2001 From: Sebastien Thebert Date: Tue, 11 Nov 2014 00:14:19 +0100 Subject: [PATCH 08/47] xml2json Tables configuration files completed --- conf/logmanagement/tables/ARPWatch.json | 31 ++++ conf/logmanagement/tables/Ansible.json | 23 +++ .../tables/Apache_Mod_Security.json | 51 +++++++ conf/logmanagement/tables/Bind_query.json | 35 +++++ conf/logmanagement/tables/Bind_zone.json | 39 +++++ conf/logmanagement/tables/Cisco_ASA.json | 135 ++++++++++++++++++ .../tables/Cisco_Pix_traffic.json | 39 +++++ .../tables/Cisco_Pix_url_access.json | 35 +++++ .../tables/Cisco_Router_traffic.json | 51 +++++++ conf/logmanagement/tables/Cyclades.json | 39 +++++ conf/logmanagement/tables/DHCP_Event.json | 35 +++++ .../tables/Database_Message.json | 47 ++++++ .../tables/DenyAll_Filtering.json | 47 ++++++ conf/logmanagement/tables/DenyAll_System.json | 31 ++++ .../logmanagement/tables/DenyAll_Traffic.json | 79 ++++++++++ .../tables/F5_BigIP_ASM_Filtering.json | 35 +++++ .../tables/F5_BigIP_Monitor.json | 31 ++++ .../tables/Firewall_Traffic.json | 127 ++++++++++++++++ .../logmanagement/tables/Fortigate_Event.json | 31 ++++ conf/logmanagement/tables/IronPort.json | 55 +++++++ .../tables/IronPort_S_Series_Traffic.json | 55 +++++++ .../tables/Juniper_DX_Monitor.json | 27 ++++ .../tables/Linux_Kernel_Audit.json | 87 +++++++++++ conf/logmanagement/tables/Mail_Traffic.json | 67 +++++++++ conf/logmanagement/tables/Message.json | 63 ++++++++ conf/logmanagement/tables/Mnogosearch.json | 31 ++++ .../tables/Nagios_Service_Check.json | 43 ++++++ .../tables/Nagios_notification.json | 51 +++++++ conf/logmanagement/tables/Nagios_service.json | 43 ++++++ .../logmanagement/tables/NetFlow_Traffic.json | 67 +++++++++ conf/logmanagement/tables/Netscreen_NSM.json | 75 ++++++++++ conf/logmanagement/tables/Octopussy.json | 39 +++++ conf/logmanagement/tables/OpenVZ.json | 23 +++ conf/logmanagement/tables/Rsync_error.json | 35 +++++ conf/logmanagement/tables/Samhain.json | 35 +++++ conf/logmanagement/tables/Squid_Traffic.json | 59 ++++++++ conf/logmanagement/tables/Web_Traffic.json | 51 +++++++ .../logmanagement/tables/Windows_Message.json | 63 ++++++++ 38 files changed, 1910 insertions(+) create mode 100644 conf/logmanagement/tables/ARPWatch.json create mode 100644 conf/logmanagement/tables/Ansible.json create mode 100644 conf/logmanagement/tables/Apache_Mod_Security.json create mode 100644 conf/logmanagement/tables/Bind_query.json create mode 100644 conf/logmanagement/tables/Bind_zone.json create mode 100644 conf/logmanagement/tables/Cisco_ASA.json create mode 100644 conf/logmanagement/tables/Cisco_Pix_traffic.json create mode 100644 conf/logmanagement/tables/Cisco_Pix_url_access.json create mode 100644 conf/logmanagement/tables/Cisco_Router_traffic.json create mode 100644 conf/logmanagement/tables/Cyclades.json create mode 100644 conf/logmanagement/tables/DHCP_Event.json create mode 100644 conf/logmanagement/tables/Database_Message.json create mode 100644 conf/logmanagement/tables/DenyAll_Filtering.json create mode 100644 conf/logmanagement/tables/DenyAll_System.json create mode 100644 conf/logmanagement/tables/DenyAll_Traffic.json create mode 100644 conf/logmanagement/tables/F5_BigIP_ASM_Filtering.json create mode 100644 conf/logmanagement/tables/F5_BigIP_Monitor.json create mode 100644 conf/logmanagement/tables/Firewall_Traffic.json create mode 100644 conf/logmanagement/tables/Fortigate_Event.json create mode 100644 conf/logmanagement/tables/IronPort.json create mode 100644 conf/logmanagement/tables/IronPort_S_Series_Traffic.json create mode 100644 conf/logmanagement/tables/Juniper_DX_Monitor.json create mode 100644 conf/logmanagement/tables/Linux_Kernel_Audit.json create mode 100644 conf/logmanagement/tables/Mail_Traffic.json create mode 100644 conf/logmanagement/tables/Message.json create mode 100644 conf/logmanagement/tables/Mnogosearch.json create mode 100644 conf/logmanagement/tables/Nagios_Service_Check.json create mode 100644 conf/logmanagement/tables/Nagios_notification.json create mode 100644 conf/logmanagement/tables/Nagios_service.json create mode 100644 conf/logmanagement/tables/NetFlow_Traffic.json create mode 100644 conf/logmanagement/tables/Netscreen_NSM.json create mode 100644 conf/logmanagement/tables/Octopussy.json create mode 100644 conf/logmanagement/tables/OpenVZ.json create mode 100644 conf/logmanagement/tables/Rsync_error.json create mode 100644 conf/logmanagement/tables/Samhain.json create mode 100644 conf/logmanagement/tables/Squid_Traffic.json create mode 100644 conf/logmanagement/tables/Web_Traffic.json create mode 100644 conf/logmanagement/tables/Windows_Message.json diff --git a/conf/logmanagement/tables/ARPWatch.json b/conf/logmanagement/tables/ARPWatch.json new file mode 100644 index 0000000..7df5220 --- /dev/null +++ b/conf/logmanagement/tables/ARPWatch.json @@ -0,0 +1,31 @@ +{ + "fields" : [ + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "interface", + "type" : "NET_INTERFACE" + }, + { + "name" : "ip_addr", + "type" : "IP_ADDR" + }, + { + "name" : "mac_addr", + "type" : "MAC_ADDR" + }, + { + "name" : "msg", + "type" : "STRING" + } + ], + "version" : "200811060001", + "name" : "ARPWatch", + "description" : "ARPWatch Table" +} diff --git a/conf/logmanagement/tables/Ansible.json b/conf/logmanagement/tables/Ansible.json new file mode 100644 index 0000000..7604460 --- /dev/null +++ b/conf/logmanagement/tables/Ansible.json @@ -0,0 +1,23 @@ +{ + "fields" : [ + { + "name" : "arguments", + "type" : "STRING" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "module", + "type" : "WORD" + } + ], + "version" : "201311220001", + "name" : "Ansible", + "description" : "Ansible Actions Table" +} diff --git a/conf/logmanagement/tables/Apache_Mod_Security.json b/conf/logmanagement/tables/Apache_Mod_Security.json new file mode 100644 index 0000000..108c229 --- /dev/null +++ b/conf/logmanagement/tables/Apache_Mod_Security.json @@ -0,0 +1,51 @@ +{ + "fields" : [ + { + "name" : "apachetime", + "type" : "DATETIME" + }, + { + "name" : "client", + "type" : "IP_ADDR" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "hostname", + "type" : "WORD" + }, + { + "name" : "msg", + "type" : "STRING" + }, + { + "name" : "msg_category", + "type" : "STRING" + }, + { + "name" : "msg_id", + "type" : "NUMBER" + }, + { + "name" : "severity", + "type" : "WORD" + }, + { + "name" : "unique_id", + "type" : "WORD" + }, + { + "name" : "uri", + "type" : "STRING" + } + ], + "version" : "200711130001", + "name" : "Apache_Mod_Security", + "description" : "Apache ModSecurity Table" +} diff --git a/conf/logmanagement/tables/Bind_query.json b/conf/logmanagement/tables/Bind_query.json new file mode 100644 index 0000000..9b103d0 --- /dev/null +++ b/conf/logmanagement/tables/Bind_query.json @@ -0,0 +1,35 @@ +{ + "fields" : [ + { + "name" : "client", + "type" : "IP_ADDR" + }, + { + "name" : "daemon", + "type" : "WORD" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "STRING" + }, + { + "name" : "pid", + "type" : "PID" + }, + { + "name" : "query", + "type" : "STRING" + }, + { + "name" : "query_type", + "type" : "STRING" + } + ], + "version" : "201002220001", + "name" : "Bind_query", + "description" : "Bind query Table" +} diff --git a/conf/logmanagement/tables/Bind_zone.json b/conf/logmanagement/tables/Bind_zone.json new file mode 100644 index 0000000..1be0aab --- /dev/null +++ b/conf/logmanagement/tables/Bind_zone.json @@ -0,0 +1,39 @@ +{ + "fields" : [ + { + "name" : "action", + "type" : "STRING" + }, + { + "name" : "client", + "type" : "IP_ADDR" + }, + { + "name" : "daemon", + "type" : "WORD" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "STRING" + }, + { + "name" : "pid", + "type" : "PID" + }, + { + "name" : "status", + "type" : "STRING" + }, + { + "name" : "zone", + "type" : "STRING" + } + ], + "version" : "200608020001", + "name" : "Bind_zone", + "description" : "Bind zone Table" +} diff --git a/conf/logmanagement/tables/Cisco_ASA.json b/conf/logmanagement/tables/Cisco_ASA.json new file mode 100644 index 0000000..17df92d --- /dev/null +++ b/conf/logmanagement/tables/Cisco_ASA.json @@ -0,0 +1,135 @@ +{ + "fields" : [ + { + "name" : "acl", + "type" : "STRING" + }, + { + "name" : "acl_id", + "type" : "STRING" + }, + { + "name" : "bytes", + "type" : "NUMBER" + }, + { + "name" : "connection_id", + "type" : "NUMBER" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "dst", + "type" : "WORD" + }, + { + "name" : "dst_addr", + "type" : "WORD" + }, + { + "name" : "dst_addr_2", + "type" : "WORD" + }, + { + "name" : "dst_port", + "type" : "NUMBER" + }, + { + "name" : "dst_port_2", + "type" : "NUMBER" + }, + { + "name" : "duration", + "type" : "TIME" + }, + { + "name" : "faddr", + "type" : "WORD" + }, + { + "name" : "faddr_port", + "type" : "NUMBER" + }, + { + "name" : "flags", + "type" : "STRING" + }, + { + "name" : "gaddr", + "type" : "WORD" + }, + { + "name" : "gaddr_port", + "type" : "NUMBER" + }, + { + "name" : "group", + "type" : "STRING" + }, + { + "name" : "interface", + "type" : "STRING" + }, + { + "name" : "laddr", + "type" : "WORD" + }, + { + "name" : "laddr_port", + "type" : "NUMBER" + }, + { + "name" : "msg", + "type" : "STRING" + }, + { + "name" : "msg_id", + "type" : "STRING" + }, + { + "name" : "protocol", + "type" : "WORD" + }, + { + "name" : "src", + "type" : "STRING" + }, + { + "name" : "src_addr", + "type" : "WORD" + }, + { + "name" : "src_addr_2", + "type" : "WORD" + }, + { + "name" : "src_port", + "type" : "NUMBER" + }, + { + "name" : "src_port_2", + "type" : "NUMBER" + }, + { + "name" : "status", + "type" : "STRING" + }, + { + "name" : "type", + "type" : "WORD" + }, + { + "name" : "user", + "type" : "STRING" + } + ], + "version" : "201002170001", + "name" : "Cisco_ASA", + "description" : "Cisco Asa Table" +} diff --git a/conf/logmanagement/tables/Cisco_Pix_traffic.json b/conf/logmanagement/tables/Cisco_Pix_traffic.json new file mode 100644 index 0000000..e0a23bd --- /dev/null +++ b/conf/logmanagement/tables/Cisco_Pix_traffic.json @@ -0,0 +1,39 @@ +{ + "fields" : [ + { + "name" : "acl", + "type" : "STRING" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "datetime_long", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "dst", + "type" : "STRING" + }, + { + "name" : "msg_id", + "type" : "STRING" + }, + { + "name" : "src", + "type" : "STRING" + }, + { + "name" : "type", + "type" : "STRING" + } + ], + "version" : "200608020001", + "name" : "Cisco_Pix_traffic", + "description" : "Cisco Pix traffic Table" +} diff --git a/conf/logmanagement/tables/Cisco_Pix_url_access.json b/conf/logmanagement/tables/Cisco_Pix_url_access.json new file mode 100644 index 0000000..d591eea --- /dev/null +++ b/conf/logmanagement/tables/Cisco_Pix_url_access.json @@ -0,0 +1,35 @@ +{ + "fields" : [ + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "datetime_long", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "STRING" + }, + { + "name" : "msg_id", + "type" : "STRING" + }, + { + "name" : "pix_addr", + "type" : "STRING" + }, + { + "name" : "status", + "type" : "STRING" + }, + { + "name" : "url", + "type" : "STRING" + } + ], + "version" : "200608020001", + "name" : "Cisco_Pix_url_access", + "description" : "Cisco Pix url access Table" +} diff --git a/conf/logmanagement/tables/Cisco_Router_traffic.json b/conf/logmanagement/tables/Cisco_Router_traffic.json new file mode 100644 index 0000000..2489109 --- /dev/null +++ b/conf/logmanagement/tables/Cisco_Router_traffic.json @@ -0,0 +1,51 @@ +{ + "fields" : [ + { + "name" : "acl", + "type" : "STRING" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "dst_addr", + "type" : "IP_ADDR" + }, + { + "name" : "dst_port", + "type" : "NUMBER" + }, + { + "name" : "msg_id", + "type" : "STRING" + }, + { + "name" : "nb_packets", + "type" : "NUMBER" + }, + { + "name" : "protocol", + "type" : "STRING" + }, + { + "name" : "src_addr", + "type" : "IP_ADDR" + }, + { + "name" : "src_port", + "type" : "NUMBER" + }, + { + "name" : "status", + "type" : "STRING" + } + ], + "version" : "200608020001", + "name" : "Cisco_Router_traffic", + "description" : "Cisco Router traffic Table" +} diff --git a/conf/logmanagement/tables/Cyclades.json b/conf/logmanagement/tables/Cyclades.json new file mode 100644 index 0000000..f0d3fc2 --- /dev/null +++ b/conf/logmanagement/tables/Cyclades.json @@ -0,0 +1,39 @@ +{ + "fields" : [ + { + "name" : "daemon_name", + "type" : "WORD" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "msg", + "type" : "STRING" + }, + { + "name" : "port_name", + "type" : "WORD" + }, + { + "name" : "port_number", + "type" : "NUMBER" + }, + { + "name" : "session_type", + "type" : "NUMBER" + }, + { + "name" : "user", + "type" : "WORD" + } + ], + "version" : "201002120001", + "name" : "Cyclades", + "description" : "Cyclades Service Table" +} diff --git a/conf/logmanagement/tables/DHCP_Event.json b/conf/logmanagement/tables/DHCP_Event.json new file mode 100644 index 0000000..77df43e --- /dev/null +++ b/conf/logmanagement/tables/DHCP_Event.json @@ -0,0 +1,35 @@ +{ + "fields" : [ + { + "name" : "action", + "type" : "WORD" + }, + { + "name" : "client_ip", + "type" : "IP_ADDR" + }, + { + "name" : "client_mac", + "type" : "MAC_ADDR" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "msg", + "type" : "STRING" + }, + { + "name" : "server_nic", + "type" : "NET_INTERFACE" + } + ], + "version" : "200911240001", + "name" : "DHCP_Event", + "description" : "DHCP Event Table" +} diff --git a/conf/logmanagement/tables/Database_Message.json b/conf/logmanagement/tables/Database_Message.json new file mode 100644 index 0000000..3e7cda3 --- /dev/null +++ b/conf/logmanagement/tables/Database_Message.json @@ -0,0 +1,47 @@ +{ + "fields" : [ + { + "name" : "client", + "type" : "STRING" + }, + { + "name" : "daemon", + "type" : "WORD" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "db", + "type" : "WORD" + }, + { + "name" : "db_type", + "type" : "WORD" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "msg", + "type" : "STRING" + }, + { + "name" : "pid", + "type" : "PID" + }, + { + "name" : "table", + "type" : "WORD" + }, + { + "name" : "user", + "type" : "WORD" + } + ], + "version" : "200801310001", + "name" : "Database_Message", + "description" : "Database Messages Table" +} diff --git a/conf/logmanagement/tables/DenyAll_Filtering.json b/conf/logmanagement/tables/DenyAll_Filtering.json new file mode 100644 index 0000000..1d2c42a --- /dev/null +++ b/conf/logmanagement/tables/DenyAll_Filtering.json @@ -0,0 +1,47 @@ +{ + "fields" : [ + { + "name" : "action", + "type" : "STRING" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "denyall_product", + "type" : "STRING" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "http_method", + "type" : "STRING" + }, + { + "name" : "instance", + "type" : "STRING" + }, + { + "name" : "proxy", + "type" : "STRING" + }, + { + "name" : "rule", + "type" : "STRING" + }, + { + "name" : "src_addr", + "type" : "IP_ADDR" + }, + { + "name" : "url", + "type" : "STRING" + } + ], + "version" : "200608020001", + "name" : "DenyAll_Filtering", + "description" : "DenyAll Filtering Table" +} diff --git a/conf/logmanagement/tables/DenyAll_System.json b/conf/logmanagement/tables/DenyAll_System.json new file mode 100644 index 0000000..fbdbd1e --- /dev/null +++ b/conf/logmanagement/tables/DenyAll_System.json @@ -0,0 +1,31 @@ +{ + "fields" : [ + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "denyall_product", + "type" : "STRING" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "instance", + "type" : "STRING" + }, + { + "name" : "module", + "type" : "STRING" + }, + { + "name" : "msg", + "type" : "STRING" + } + ], + "version" : "200608020001", + "name" : "DenyAll_System", + "description" : "DenyAll System Table" +} diff --git a/conf/logmanagement/tables/DenyAll_Traffic.json b/conf/logmanagement/tables/DenyAll_Traffic.json new file mode 100644 index 0000000..7b42651 --- /dev/null +++ b/conf/logmanagement/tables/DenyAll_Traffic.json @@ -0,0 +1,79 @@ +{ + "fields" : [ + { + "name" : "browser", + "type" : "STRING" + }, + { + "name" : "cache_status", + "type" : "WORD" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "denyall_product", + "type" : "STRING" + }, + { + "name" : "denyall_time", + "type" : "FLOAT_NUMBER" + }, + { + "name" : "device", + "type" : "STRING" + }, + { + "name" : "http_method", + "type" : "STRING" + }, + { + "name" : "http_version", + "type" : "STRING" + }, + { + "name" : "instance", + "type" : "STRING" + }, + { + "name" : "rec_bytes", + "type" : "BYTES" + }, + { + "name" : "referer", + "type" : "STRING" + }, + { + "name" : "server_time", + "type" : "FLOAT_NUMBER" + }, + { + "name" : "src_addr", + "type" : "IP_ADDR" + }, + { + "name" : "ssl_bits", + "type" : "NUMBER" + }, + { + "name" : "ssl_version", + "type" : "WORD" + }, + { + "name" : "status", + "type" : "NUMBER" + }, + { + "name" : "total_time", + "type" : "FLOAT_NUMBER" + }, + { + "name" : "url", + "type" : "STRING" + } + ], + "version" : "200608020001", + "name" : "DenyAll_Traffic", + "description" : "DenyAll Traffic Table" +} diff --git a/conf/logmanagement/tables/F5_BigIP_ASM_Filtering.json b/conf/logmanagement/tables/F5_BigIP_ASM_Filtering.json new file mode 100644 index 0000000..2364c83 --- /dev/null +++ b/conf/logmanagement/tables/F5_BigIP_ASM_Filtering.json @@ -0,0 +1,35 @@ +{ + "fields" : [ + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "http_classifier", + "type" : "STRING" + }, + { + "name" : "request", + "type" : "STRING" + }, + { + "name" : "request_violations", + "type" : "STRING" + }, + { + "name" : "src_ip", + "type" : "IP_ADDR" + }, + { + "name" : "support_id", + "type" : "NUMBER" + } + ], + "version" : "200703080001", + "name" : "F5_BigIP_ASM_Filtering", + "description" : "F5 BigIP ASM Filtering Table" +} diff --git a/conf/logmanagement/tables/F5_BigIP_Monitor.json b/conf/logmanagement/tables/F5_BigIP_Monitor.json new file mode 100644 index 0000000..7935a7c --- /dev/null +++ b/conf/logmanagement/tables/F5_BigIP_Monitor.json @@ -0,0 +1,31 @@ +{ + "fields" : [ + { + "name" : "address", + "type" : "IP_ADDR" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "object", + "type" : "STRING" + }, + { + "name" : "port", + "type" : "NUMBER" + }, + { + "name" : "status", + "type" : "STRING" + } + ], + "version" : "200608020001", + "name" : "F5_BigIP_Monitor", + "description" : "F5 BigIP Monitor Table" +} diff --git a/conf/logmanagement/tables/Firewall_Traffic.json b/conf/logmanagement/tables/Firewall_Traffic.json new file mode 100644 index 0000000..f8c972e --- /dev/null +++ b/conf/logmanagement/tables/Firewall_Traffic.json @@ -0,0 +1,127 @@ +{ + "fields" : [ + { + "name" : "application", + "type" : "WORD" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "dst_addr", + "type" : "IP_ADDR" + }, + { + "name" : "dst_interface", + "type" : "WORD" + }, + { + "name" : "dst_port", + "type" : "NUMBER" + }, + { + "name" : "dst_zone", + "type" : "STRING" + }, + { + "name" : "duration", + "type" : "NUMBER" + }, + { + "name" : "fragment_flag", + "type" : "WORD" + }, + { + "name" : "group", + "type" : "WORD" + }, + { + "name" : "id", + "type" : "NUMBER" + }, + { + "name" : "ip_protocol", + "type" : "STRING" + }, + { + "name" : "length", + "type" : "NUMBER" + }, + { + "name" : "mac_addr", + "type" : "WORD" + }, + { + "name" : "policy_id", + "type" : "NUMBER" + }, + { + "name" : "rcvd_bytes", + "type" : "BYTES" + }, + { + "name" : "rcvd_pkt", + "type" : "NUMBER" + }, + { + "name" : "sent_bytes", + "type" : "BYTES" + }, + { + "name" : "sent_pkt", + "type" : "NUMBER" + }, + { + "name" : "service", + "type" : "STRING" + }, + { + "name" : "src_addr", + "type" : "IP_ADDR" + }, + { + "name" : "src_interface", + "type" : "WORD" + }, + { + "name" : "src_port", + "type" : "NUMBER" + }, + { + "name" : "src_zone", + "type" : "STRING" + }, + { + "name" : "status", + "type" : "STRING" + }, + { + "name" : "translated_ip", + "type" : "IP_ADDR" + }, + { + "name" : "translated_port", + "type" : "NUMBER" + }, + { + "name" : "ttl", + "type" : "NUMBER" + }, + { + "name" : "user", + "type" : "WORD" + }, + { + "name" : "vrouter", + "type" : "STRING" + } + ], + "version" : "200801250001", + "name" : "Firewall_Traffic", + "description" : "Generic Firewall Traffic Table" +} diff --git a/conf/logmanagement/tables/Fortigate_Event.json b/conf/logmanagement/tables/Fortigate_Event.json new file mode 100644 index 0000000..437bb13 --- /dev/null +++ b/conf/logmanagement/tables/Fortigate_Event.json @@ -0,0 +1,31 @@ +{ + "fields" : [ + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "device_name", + "type" : "WORD" + }, + { + "name" : "msg", + "type" : "STRING" + }, + { + "name" : "ui", + "type" : "STRING" + }, + { + "name" : "user", + "type" : "WORD" + } + ], + "version" : "200709070001", + "name" : "Fortigate_Event", + "description" : "Fortigate Event Table" +} diff --git a/conf/logmanagement/tables/IronPort.json b/conf/logmanagement/tables/IronPort.json new file mode 100644 index 0000000..01e05a5 --- /dev/null +++ b/conf/logmanagement/tables/IronPort.json @@ -0,0 +1,55 @@ +{ + "fields" : [ + { + "name" : "bounce_reason", + "type" : "STRING" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "dcid", + "type" : "NUMBER" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "icid", + "type" : "NUMBER" + }, + { + "name" : "mid", + "type" : "NUMBER" + }, + { + "name" : "msg", + "type" : "STRING" + }, + { + "name" : "rcpt", + "type" : "STRING" + }, + { + "name" : "response", + "type" : "STRING" + }, + { + "name" : "rid", + "type" : "NUMBER" + }, + { + "name" : "sender", + "type" : "STRING" + }, + { + "name" : "subject", + "type" : "STRING" + } + ], + "version" : "201101190001", + "name" : "IronPort", + "description" : "IronPort" +} diff --git a/conf/logmanagement/tables/IronPort_S_Series_Traffic.json b/conf/logmanagement/tables/IronPort_S_Series_Traffic.json new file mode 100644 index 0000000..a376b1b --- /dev/null +++ b/conf/logmanagement/tables/IronPort_S_Series_Traffic.json @@ -0,0 +1,55 @@ +{ + "fields" : [ + { + "name" : "acl", + "type" : "STRING" + }, + { + "name" : "action", + "type" : "WORD" + }, + { + "name" : "client_ip", + "type" : "IP_ADDR" + }, + { + "name" : "content_type", + "type" : "WORD" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "elapsed_time", + "type" : "NUMBER" + }, + { + "name" : "http_method", + "type" : "WORD" + }, + { + "name" : "http_response", + "type" : "NUMBER" + }, + { + "name" : "total_bytes", + "type" : "BYTES" + }, + { + "name" : "url", + "type" : "STRING" + }, + { + "name" : "user", + "type" : "WORD" + } + ], + "version" : "200610090001", + "name" : "IronPort_S_Series_Traffic", + "description" : "IronPort S-Series Traffic Table" +} diff --git a/conf/logmanagement/tables/Juniper_DX_Monitor.json b/conf/logmanagement/tables/Juniper_DX_Monitor.json new file mode 100644 index 0000000..32b73c6 --- /dev/null +++ b/conf/logmanagement/tables/Juniper_DX_Monitor.json @@ -0,0 +1,27 @@ +{ + "fields" : [ + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "object", + "type" : "STRING" + }, + { + "name" : "status", + "type" : "STRING" + }, + { + "name" : "vip", + "type" : "STRING" + } + ], + "version" : "200608020001", + "name" : "Juniper_DX_Monitor", + "description" : "Juniper DX Monitor Table" +} diff --git a/conf/logmanagement/tables/Linux_Kernel_Audit.json b/conf/logmanagement/tables/Linux_Kernel_Audit.json new file mode 100644 index 0000000..4ad38bf --- /dev/null +++ b/conf/logmanagement/tables/Linux_Kernel_Audit.json @@ -0,0 +1,87 @@ +{ + "fields" : [ + { + "name" : "auid", + "type" : "NUMBER" + }, + { + "name" : "command", + "type" : "STRING" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "exec", + "type" : "STRING" + }, + { + "name" : "gid", + "type" : "NUMBER" + }, + { + "name" : "inode", + "type" : "NUMBER" + }, + { + "name" : "item", + "type" : "NUMBER" + }, + { + "name" : "key", + "type" : "STRING" + }, + { + "name" : "list", + "type" : "NUMBER" + }, + { + "name" : "msg", + "type" : "STRING" + }, + { + "name" : "name", + "type" : "STRING" + }, + { + "name" : "operation", + "type" : "STRING" + }, + { + "name" : "pid", + "type" : "PID" + }, + { + "name" : "ppid", + "type" : "PID" + }, + { + "name" : "session", + "type" : "NUMBER" + }, + { + "name" : "subject", + "type" : "WORD" + }, + { + "name" : "tty", + "type" : "WORD" + }, + { + "name" : "type", + "type" : "NUMBER" + }, + { + "name" : "uid", + "type" : "NUMBER" + } + ], + "version" : "200908120001", + "name" : "Linux_Kernel_Audit", + "description" : "Linux Kernel Auditing Table" +} diff --git a/conf/logmanagement/tables/Mail_Traffic.json b/conf/logmanagement/tables/Mail_Traffic.json new file mode 100644 index 0000000..a14d9a0 --- /dev/null +++ b/conf/logmanagement/tables/Mail_Traffic.json @@ -0,0 +1,67 @@ +{ + "fields" : [ + { + "name" : "client", + "type" : "STRING" + }, + { + "name" : "daemon", + "type" : "WORD" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "delay", + "type" : "FLOAT_NUMBER" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "mail_id", + "type" : "WORD" + }, + { + "name" : "msg_id", + "type" : "WORD" + }, + { + "name" : "nrcpt", + "type" : "NUMBER" + }, + { + "name" : "pid", + "type" : "NUMBER" + }, + { + "name" : "recipient", + "type" : "EMAIL" + }, + { + "name" : "relay", + "type" : "STRING" + }, + { + "name" : "sender", + "type" : "EMAIL" + }, + { + "name" : "size", + "type" : "NUMBER" + }, + { + "name" : "status", + "type" : "STRING" + }, + { + "name" : "subject", + "type" : "STRING" + } + ], + "version" : "200801280001", + "name" : "Mail_Traffic", + "description" : "Generic Mail Traffic Table" +} diff --git a/conf/logmanagement/tables/Message.json b/conf/logmanagement/tables/Message.json new file mode 100644 index 0000000..530318f --- /dev/null +++ b/conf/logmanagement/tables/Message.json @@ -0,0 +1,63 @@ +{ + "fields" : [ + { + "name" : "apachetime", + "type" : "DATETIME" + }, + { + "name" : "client_ip", + "type" : "IP_ADDR" + }, + { + "name" : "daemon", + "type" : "WORD" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "interface", + "type" : "NET_INTERFACE" + }, + { + "name" : "level", + "type" : "WORD" + }, + { + "name" : "module", + "type" : "WORD" + }, + { + "name" : "msg", + "type" : "STRING" + }, + { + "name" : "msg_id", + "type" : "STRING" + }, + { + "name" : "pid", + "type" : "PID" + }, + { + "name" : "server", + "type" : "WORD" + }, + { + "name" : "status", + "type" : "STRING" + }, + { + "name" : "user", + "type" : "WORD" + } + ], + "version" : "201006030001", + "name" : "Message", + "description" : "Generic Message Table" +} diff --git a/conf/logmanagement/tables/Mnogosearch.json b/conf/logmanagement/tables/Mnogosearch.json new file mode 100644 index 0000000..5ab5f50 --- /dev/null +++ b/conf/logmanagement/tables/Mnogosearch.json @@ -0,0 +1,31 @@ +{ + "fields" : [ + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "module", + "type" : "WORD" + }, + { + "name" : "msg", + "type" : "STRING" + }, + { + "name" : "pid", + "type" : "PID" + }, + { + "name" : "url", + "type" : "STRING" + } + ], + "version" : "200702120001", + "name" : "Mnogosearch", + "description" : "Mnogosearch Web Search Engine Table" +} diff --git a/conf/logmanagement/tables/Nagios_Service_Check.json b/conf/logmanagement/tables/Nagios_Service_Check.json new file mode 100644 index 0000000..2e7cc72 --- /dev/null +++ b/conf/logmanagement/tables/Nagios_Service_Check.json @@ -0,0 +1,43 @@ +{ + "fields" : [ + { + "name" : "daemon", + "type" : "WORD" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "host", + "type" : "STRING" + }, + { + "name" : "nagios_server", + "type" : "STRING" + }, + { + "name" : "result", + "type" : "STRING" + }, + { + "name" : "service", + "type" : "STRING" + }, + { + "name" : "status", + "type" : "NUMBER" + }, + { + "name" : "timestamp", + "type" : "DATETIME" + } + ], + "version" : "200608020001", + "name" : "Nagios_Service_Check", + "description" : "Nagios Service Check Table" +} diff --git a/conf/logmanagement/tables/Nagios_notification.json b/conf/logmanagement/tables/Nagios_notification.json new file mode 100644 index 0000000..4d0ea8b --- /dev/null +++ b/conf/logmanagement/tables/Nagios_notification.json @@ -0,0 +1,51 @@ +{ + "fields" : [ + { + "name" : "daemon", + "type" : "WORD" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "dest", + "type" : "STRING" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "host", + "type" : "STRING" + }, + { + "name" : "msg", + "type" : "STRING" + }, + { + "name" : "notify-by", + "type" : "STRING" + }, + { + "name" : "notify_by", + "type" : "WORD" + }, + { + "name" : "service", + "type" : "STRING" + }, + { + "name" : "status", + "type" : "STRING" + }, + { + "name" : "type", + "type" : "STRING" + } + ], + "version" : "201002220001", + "name" : "Nagios_notification", + "description" : "Nagios Notification Table" +} diff --git a/conf/logmanagement/tables/Nagios_service.json b/conf/logmanagement/tables/Nagios_service.json new file mode 100644 index 0000000..fe31c56 --- /dev/null +++ b/conf/logmanagement/tables/Nagios_service.json @@ -0,0 +1,43 @@ +{ + "fields" : [ + { + "name" : "criticity", + "type" : "STRING" + }, + { + "name" : "daemon", + "type" : "WORD" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "STRING" + }, + { + "name" : "host", + "type" : "STRING" + }, + { + "name" : "msg", + "type" : "STRING" + }, + { + "name" : "nb_check", + "type" : "NUMBER" + }, + { + "name" : "service", + "type" : "STRING" + }, + { + "name" : "status", + "type" : "STRING" + } + ], + "version" : "200608020001", + "name" : "Nagios_service", + "description" : "Nagios Service Table" +} diff --git a/conf/logmanagement/tables/NetFlow_Traffic.json b/conf/logmanagement/tables/NetFlow_Traffic.json new file mode 100644 index 0000000..51112dc --- /dev/null +++ b/conf/logmanagement/tables/NetFlow_Traffic.json @@ -0,0 +1,67 @@ +{ + "fields" : [ + { + "name" : "d_version", + "type" : "NUMBER" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "dst_addr", + "type" : "IP_ADDR" + }, + { + "name" : "expecting", + "type" : "NUMBER" + }, + { + "name" : "filter_drops", + "type" : "NUMBER" + }, + { + "name" : "flows", + "type" : "NUMBER" + }, + { + "name" : "lost", + "type" : "NUMBER" + }, + { + "name" : "now", + "type" : "SECONDS" + }, + { + "name" : "pid", + "type" : "PID" + }, + { + "name" : "pkts", + "type" : "NUMBER" + }, + { + "name" : "received", + "type" : "NUMBER" + }, + { + "name" : "reset", + "type" : "NUMBER" + }, + { + "name" : "src_addr", + "type" : "IP_ADDR" + }, + { + "name" : "startup", + "type" : "SECONDS" + } + ], + "version" : "201109010001", + "name" : "NetFlow_Traffic", + "description" : "Generic NetFlow Traffic Table" +} diff --git a/conf/logmanagement/tables/Netscreen_NSM.json b/conf/logmanagement/tables/Netscreen_NSM.json new file mode 100644 index 0000000..4648eb3 --- /dev/null +++ b/conf/logmanagement/tables/Netscreen_NSM.json @@ -0,0 +1,75 @@ +{ + "fields" : [ + { + "name" : "action", + "type" : "WORD" + }, + { + "name" : "category", + "type" : "STRING" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "dst_addr", + "type" : "IP_ADDR" + }, + { + "name" : "dst_nat_addr", + "type" : "IP_ADDR" + }, + { + "name" : "dst_port", + "type" : "NUMBER" + }, + { + "name" : "dst_zone", + "type" : "STRING" + }, + { + "name" : "msg", + "type" : "STRING" + }, + { + "name" : "protocol", + "type" : "WORD" + }, + { + "name" : "rule", + "type" : "NUMBER" + }, + { + "name" : "severity", + "type" : "WORD" + }, + { + "name" : "src_addr", + "type" : "IP_ADDR" + }, + { + "name" : "src_nat_addr", + "type" : "IP_ADDR" + }, + { + "name" : "src_port", + "type" : "NUMBER" + }, + { + "name" : "src_zone", + "type" : "STRING" + }, + { + "name" : "subcategory", + "type" : "STRING" + } + ], + "version" : "200705070001", + "name" : "Netscreen_NSM", + "description" : "Netscreen NSM Table" +} diff --git a/conf/logmanagement/tables/Octopussy.json b/conf/logmanagement/tables/Octopussy.json new file mode 100644 index 0000000..b215fb2 --- /dev/null +++ b/conf/logmanagement/tables/Octopussy.json @@ -0,0 +1,39 @@ +{ + "fields" : [ + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "STRING" + }, + { + "name" : "filedate", + "type" : "DATETIME" + }, + { + "name" : "module", + "type" : "STRING" + }, + { + "name" : "nb_events", + "type" : "NUMBER" + }, + { + "name" : "seconds", + "type" : "NUMBER" + }, + { + "name" : "server", + "type" : "STRING" + }, + { + "name" : "service", + "type" : "STRING" + } + ], + "version" : "200608020001", + "name" : "Octopussy", + "description" : "Octopussy Table" +} diff --git a/conf/logmanagement/tables/OpenVZ.json b/conf/logmanagement/tables/OpenVZ.json new file mode 100644 index 0000000..1ee0c0f --- /dev/null +++ b/conf/logmanagement/tables/OpenVZ.json @@ -0,0 +1,23 @@ +{ + "fields" : [ + { + "name" : "action", + "type" : "WORD" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "id", + "type" : "WORD" + } + ], + "version" : "200806190001", + "name" : "OpenVZ", + "description" : "OPenVZ" +} diff --git a/conf/logmanagement/tables/Rsync_error.json b/conf/logmanagement/tables/Rsync_error.json new file mode 100644 index 0000000..2e9a2d3 --- /dev/null +++ b/conf/logmanagement/tables/Rsync_error.json @@ -0,0 +1,35 @@ +{ + "fields" : [ + { + "name" : "action", + "type" : "STRING" + }, + { + "name" : "daemon", + "type" : "WORD" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "object", + "type" : "STRING" + }, + { + "name" : "pid", + "type" : "PID" + }, + { + "name" : "status", + "type" : "STRING" + } + ], + "version" : "200608020001", + "name" : "Rsync_error", + "description" : "Rsync Error Messages Table" +} diff --git a/conf/logmanagement/tables/Samhain.json b/conf/logmanagement/tables/Samhain.json new file mode 100644 index 0000000..b798027 --- /dev/null +++ b/conf/logmanagement/tables/Samhain.json @@ -0,0 +1,35 @@ +{ + "fields" : [ + { + "name" : "daemon", + "type" : "WORD" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "level", + "type" : "STRING" + }, + { + "name" : "msg", + "type" : "STRING" + }, + { + "name" : "pid", + "type" : "PID" + }, + { + "name" : "policy", + "type" : "WORD" + } + ], + "version" : "200608020001", + "name" : "Samhain", + "description" : "Samhain Messages Table" +} diff --git a/conf/logmanagement/tables/Squid_Traffic.json b/conf/logmanagement/tables/Squid_Traffic.json new file mode 100644 index 0000000..74d57fc --- /dev/null +++ b/conf/logmanagement/tables/Squid_Traffic.json @@ -0,0 +1,59 @@ +{ + "fields" : [ + { + "name" : "bytes", + "type" : "BYTES" + }, + { + "name" : "client_ip", + "type" : "IP_ADDR" + }, + { + "name" : "daemon", + "type" : "WORD" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "duration", + "type" : "NUMBER" + }, + { + "name" : "hierarchy_code", + "type" : "STRING" + }, + { + "name" : "http_code", + "type" : "NUMBER" + }, + { + "name" : "http_method", + "type" : "WORD" + }, + { + "name" : "pid", + "type" : "PID" + }, + { + "name" : "squid_code", + "type" : "WORD" + }, + { + "name" : "type", + "type" : "STRING" + }, + { + "name" : "url", + "type" : "STRING" + } + ], + "version" : "200702220001", + "name" : "Squid_Traffic", + "description" : "Squid Traffic Table" +} diff --git a/conf/logmanagement/tables/Web_Traffic.json b/conf/logmanagement/tables/Web_Traffic.json new file mode 100644 index 0000000..d19396d --- /dev/null +++ b/conf/logmanagement/tables/Web_Traffic.json @@ -0,0 +1,51 @@ +{ + "fields" : [ + { + "name" : "apachetime", + "type" : "DATETIME" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "http_method", + "type" : "WORD" + }, + { + "name" : "http_version", + "type" : "WORD" + }, + { + "name" : "rec_bytes", + "type" : "BYTES" + }, + { + "name" : "referer", + "type" : "STRING" + }, + { + "name" : "src_addr", + "type" : "IP_ADDR" + }, + { + "name" : "status", + "type" : "NUMBER" + }, + { + "name" : "url", + "type" : "STRING" + }, + { + "name" : "user_agent", + "type" : "USER_AGENT" + } + ], + "version" : "200801250001", + "name" : "Web_Traffic", + "description" : "Generic Web Traffic Table" +} diff --git a/conf/logmanagement/tables/Windows_Message.json b/conf/logmanagement/tables/Windows_Message.json new file mode 100644 index 0000000..2ef21cd --- /dev/null +++ b/conf/logmanagement/tables/Windows_Message.json @@ -0,0 +1,63 @@ +{ + "fields" : [ + { + "name" : "category", + "type" : "STRING" + }, + { + "name" : "computer", + "type" : "WORD" + }, + { + "name" : "criticity", + "type" : "NUMBER" + }, + { + "name" : "datetime", + "type" : "DATETIME" + }, + { + "name" : "datetime2", + "type" : "DATETIME" + }, + { + "name" : "device", + "type" : "WORD" + }, + { + "name" : "event_count", + "type" : "NUMBER" + }, + { + "name" : "event_id", + "type" : "NUMBER" + }, + { + "name" : "event_type", + "type" : "STRING" + }, + { + "name" : "msg", + "type" : "STRING" + }, + { + "name" : "sid_type", + "type" : "WORD" + }, + { + "name" : "source", + "type" : "WORD" + }, + { + "name" : "src", + "type" : "WORD" + }, + { + "name" : "user", + "type" : "STRING" + } + ], + "version" : "200804170001", + "name" : "Windows_Message", + "description" : "Windows Message Table" +} From 7c0ed540e3ba6c791454a4a991a7bd919dd89b41 Mon Sep 17 00:00:00 2001 From: Sebastien Thebert Date: Tue, 11 Nov 2014 00:17:08 +0100 Subject: [PATCH 09/47] xml2json Tables configuration files completed (2/2) --- scripts/xml2json.pl | 2 +- var/lib/octopussy/conf/tables/ARPWatch.xml | 17 ----- var/lib/octopussy/conf/tables/Ansible.xml | 13 ---- .../conf/tables/Apache_Mod_Security.xml | 27 -------- var/lib/octopussy/conf/tables/Bind_query.xml | 19 ----- var/lib/octopussy/conf/tables/Bind_zone.xml | 21 ------ var/lib/octopussy/conf/tables/Cisco_ASA.xml | 69 ------------------- .../conf/tables/Cisco_Pix_traffic.xml | 21 ------ .../conf/tables/Cisco_Pix_url_access.xml | 19 ----- .../conf/tables/Cisco_Router_traffic.xml | 25 ------- var/lib/octopussy/conf/tables/Cyclades.xml | 21 ------ var/lib/octopussy/conf/tables/DHCP_Event.xml | 19 ----- .../conf/tables/Database_Message.xml | 25 ------- .../conf/tables/DenyAll_Filtering.xml | 23 ------- .../octopussy/conf/tables/DenyAll_System.xml | 15 ---- .../octopussy/conf/tables/DenyAll_Traffic.xml | 40 ----------- .../conf/tables/F5_BigIP_ASM_Filtering.xml | 18 ----- .../conf/tables/F5_BigIP_Monitor.xml | 15 ---- .../conf/tables/Firewall_Traffic.xml | 65 ----------------- .../octopussy/conf/tables/Fortigate_Event.xml | 15 ---- var/lib/octopussy/conf/tables/IronPort.xml | 28 -------- .../conf/tables/IronPort_S_Series_Traffic.xml | 28 -------- .../conf/tables/Juniper_DX_Monitor.xml | 13 ---- .../conf/tables/Linux_Kernel_Audit.xml | 45 ------------ .../octopussy/conf/tables/Mail_Traffic.xml | 35 ---------- var/lib/octopussy/conf/tables/Message.xml | 33 --------- var/lib/octopussy/conf/tables/Mnogosearch.xml | 17 ----- .../conf/tables/Nagios_Service_Check.xml | 22 ------ .../conf/tables/Nagios_notification.xml | 26 ------- .../octopussy/conf/tables/Nagios_service.xml | 23 ------- .../octopussy/conf/tables/NetFlow_Traffic.xml | 35 ---------- .../octopussy/conf/tables/Netscreen_NSM.xml | 39 ----------- var/lib/octopussy/conf/tables/Octopussy.xml | 21 ------ var/lib/octopussy/conf/tables/OpenVZ.xml | 13 ---- var/lib/octopussy/conf/tables/Rsync_error.xml | 19 ----- var/lib/octopussy/conf/tables/Samhain.xml | 18 ----- .../octopussy/conf/tables/Squid_Traffic.xml | 30 -------- var/lib/octopussy/conf/tables/Web_Traffic.xml | 27 -------- .../octopussy/conf/tables/Windows_Message.xml | 33 --------- 39 files changed, 1 insertion(+), 993 deletions(-) delete mode 100644 var/lib/octopussy/conf/tables/ARPWatch.xml delete mode 100644 var/lib/octopussy/conf/tables/Ansible.xml delete mode 100644 var/lib/octopussy/conf/tables/Apache_Mod_Security.xml delete mode 100644 var/lib/octopussy/conf/tables/Bind_query.xml delete mode 100644 var/lib/octopussy/conf/tables/Bind_zone.xml delete mode 100644 var/lib/octopussy/conf/tables/Cisco_ASA.xml delete mode 100644 var/lib/octopussy/conf/tables/Cisco_Pix_traffic.xml delete mode 100644 var/lib/octopussy/conf/tables/Cisco_Pix_url_access.xml delete mode 100644 var/lib/octopussy/conf/tables/Cisco_Router_traffic.xml delete mode 100644 var/lib/octopussy/conf/tables/Cyclades.xml delete mode 100644 var/lib/octopussy/conf/tables/DHCP_Event.xml delete mode 100644 var/lib/octopussy/conf/tables/Database_Message.xml delete mode 100644 var/lib/octopussy/conf/tables/DenyAll_Filtering.xml delete mode 100644 var/lib/octopussy/conf/tables/DenyAll_System.xml delete mode 100644 var/lib/octopussy/conf/tables/DenyAll_Traffic.xml delete mode 100644 var/lib/octopussy/conf/tables/F5_BigIP_ASM_Filtering.xml delete mode 100644 var/lib/octopussy/conf/tables/F5_BigIP_Monitor.xml delete mode 100644 var/lib/octopussy/conf/tables/Firewall_Traffic.xml delete mode 100644 var/lib/octopussy/conf/tables/Fortigate_Event.xml delete mode 100644 var/lib/octopussy/conf/tables/IronPort.xml delete mode 100644 var/lib/octopussy/conf/tables/IronPort_S_Series_Traffic.xml delete mode 100644 var/lib/octopussy/conf/tables/Juniper_DX_Monitor.xml delete mode 100644 var/lib/octopussy/conf/tables/Linux_Kernel_Audit.xml delete mode 100644 var/lib/octopussy/conf/tables/Mail_Traffic.xml delete mode 100644 var/lib/octopussy/conf/tables/Message.xml delete mode 100644 var/lib/octopussy/conf/tables/Mnogosearch.xml delete mode 100644 var/lib/octopussy/conf/tables/Nagios_Service_Check.xml delete mode 100644 var/lib/octopussy/conf/tables/Nagios_notification.xml delete mode 100644 var/lib/octopussy/conf/tables/Nagios_service.xml delete mode 100644 var/lib/octopussy/conf/tables/NetFlow_Traffic.xml delete mode 100644 var/lib/octopussy/conf/tables/Netscreen_NSM.xml delete mode 100644 var/lib/octopussy/conf/tables/Octopussy.xml delete mode 100644 var/lib/octopussy/conf/tables/OpenVZ.xml delete mode 100644 var/lib/octopussy/conf/tables/Rsync_error.xml delete mode 100644 var/lib/octopussy/conf/tables/Samhain.xml delete mode 100644 var/lib/octopussy/conf/tables/Squid_Traffic.xml delete mode 100644 var/lib/octopussy/conf/tables/Web_Traffic.xml delete mode 100644 var/lib/octopussy/conf/tables/Windows_Message.xml diff --git a/scripts/xml2json.pl b/scripts/xml2json.pl index 1926668..b22ff8d 100755 --- a/scripts/xml2json.pl +++ b/scripts/xml2json.pl @@ -68,7 +68,7 @@ sub json_table my @fields = (); foreach my $f (sort { $a->{title} cmp $b->{title} } @{$conf->{field}}) { - push @fields, $f; + push @fields, { name => $f->{title}, type => $f->{type} }; } delete $conf->{field}; $conf->{fields} = \@fields; diff --git a/var/lib/octopussy/conf/tables/ARPWatch.xml b/var/lib/octopussy/conf/tables/ARPWatch.xml deleted file mode 100644 index 3361c6a..0000000 --- a/var/lib/octopussy/conf/tables/ARPWatch.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Ansible.xml b/var/lib/octopussy/conf/tables/Ansible.xml deleted file mode 100644 index 2e962b1..0000000 --- a/var/lib/octopussy/conf/tables/Ansible.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Apache_Mod_Security.xml b/var/lib/octopussy/conf/tables/Apache_Mod_Security.xml deleted file mode 100644 index c4165a7..0000000 --- a/var/lib/octopussy/conf/tables/Apache_Mod_Security.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Bind_query.xml b/var/lib/octopussy/conf/tables/Bind_query.xml deleted file mode 100644 index c7aeb52..0000000 --- a/var/lib/octopussy/conf/tables/Bind_query.xml +++ /dev/null @@ -1,19 +0,0 @@ - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Bind_zone.xml b/var/lib/octopussy/conf/tables/Bind_zone.xml deleted file mode 100644 index 7699709..0000000 --- a/var/lib/octopussy/conf/tables/Bind_zone.xml +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Cisco_ASA.xml b/var/lib/octopussy/conf/tables/Cisco_ASA.xml deleted file mode 100644 index 83e2892..0000000 --- a/var/lib/octopussy/conf/tables/Cisco_ASA.xml +++ /dev/null @@ -1,69 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Cisco_Pix_traffic.xml b/var/lib/octopussy/conf/tables/Cisco_Pix_traffic.xml deleted file mode 100644 index ef644c6..0000000 --- a/var/lib/octopussy/conf/tables/Cisco_Pix_traffic.xml +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Cisco_Pix_url_access.xml b/var/lib/octopussy/conf/tables/Cisco_Pix_url_access.xml deleted file mode 100644 index 544d1ce..0000000 --- a/var/lib/octopussy/conf/tables/Cisco_Pix_url_access.xml +++ /dev/null @@ -1,19 +0,0 @@ - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Cisco_Router_traffic.xml b/var/lib/octopussy/conf/tables/Cisco_Router_traffic.xml deleted file mode 100644 index 6f240ab..0000000 --- a/var/lib/octopussy/conf/tables/Cisco_Router_traffic.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Cyclades.xml b/var/lib/octopussy/conf/tables/Cyclades.xml deleted file mode 100644 index b48d5aa..0000000 --- a/var/lib/octopussy/conf/tables/Cyclades.xml +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/DHCP_Event.xml b/var/lib/octopussy/conf/tables/DHCP_Event.xml deleted file mode 100644 index 217feec..0000000 --- a/var/lib/octopussy/conf/tables/DHCP_Event.xml +++ /dev/null @@ -1,19 +0,0 @@ - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Database_Message.xml b/var/lib/octopussy/conf/tables/Database_Message.xml deleted file mode 100644 index d2a0324..0000000 --- a/var/lib/octopussy/conf/tables/Database_Message.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/DenyAll_Filtering.xml b/var/lib/octopussy/conf/tables/DenyAll_Filtering.xml deleted file mode 100644 index de94bbe..0000000 --- a/var/lib/octopussy/conf/tables/DenyAll_Filtering.xml +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/DenyAll_System.xml b/var/lib/octopussy/conf/tables/DenyAll_System.xml deleted file mode 100644 index 74b96c9..0000000 --- a/var/lib/octopussy/conf/tables/DenyAll_System.xml +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/DenyAll_Traffic.xml b/var/lib/octopussy/conf/tables/DenyAll_Traffic.xml deleted file mode 100644 index a66af19..0000000 --- a/var/lib/octopussy/conf/tables/DenyAll_Traffic.xml +++ /dev/null @@ -1,40 +0,0 @@ - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/F5_BigIP_ASM_Filtering.xml b/var/lib/octopussy/conf/tables/F5_BigIP_ASM_Filtering.xml deleted file mode 100644 index fe47c78..0000000 --- a/var/lib/octopussy/conf/tables/F5_BigIP_ASM_Filtering.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/F5_BigIP_Monitor.xml b/var/lib/octopussy/conf/tables/F5_BigIP_Monitor.xml deleted file mode 100644 index 4acdfd2..0000000 --- a/var/lib/octopussy/conf/tables/F5_BigIP_Monitor.xml +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Firewall_Traffic.xml b/var/lib/octopussy/conf/tables/Firewall_Traffic.xml deleted file mode 100644 index 92290c9..0000000 --- a/var/lib/octopussy/conf/tables/Firewall_Traffic.xml +++ /dev/null @@ -1,65 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Fortigate_Event.xml b/var/lib/octopussy/conf/tables/Fortigate_Event.xml deleted file mode 100644 index d72cd3d..0000000 --- a/var/lib/octopussy/conf/tables/Fortigate_Event.xml +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/IronPort.xml b/var/lib/octopussy/conf/tables/IronPort.xml deleted file mode 100644 index 448b5a5..0000000 --- a/var/lib/octopussy/conf/tables/IronPort.xml +++ /dev/null @@ -1,28 +0,0 @@ - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/IronPort_S_Series_Traffic.xml b/var/lib/octopussy/conf/tables/IronPort_S_Series_Traffic.xml deleted file mode 100644 index a22f025..0000000 --- a/var/lib/octopussy/conf/tables/IronPort_S_Series_Traffic.xml +++ /dev/null @@ -1,28 +0,0 @@ - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Juniper_DX_Monitor.xml b/var/lib/octopussy/conf/tables/Juniper_DX_Monitor.xml deleted file mode 100644 index 8b48caa..0000000 --- a/var/lib/octopussy/conf/tables/Juniper_DX_Monitor.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Linux_Kernel_Audit.xml b/var/lib/octopussy/conf/tables/Linux_Kernel_Audit.xml deleted file mode 100644 index 1df02f3..0000000 --- a/var/lib/octopussy/conf/tables/Linux_Kernel_Audit.xml +++ /dev/null @@ -1,45 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Mail_Traffic.xml b/var/lib/octopussy/conf/tables/Mail_Traffic.xml deleted file mode 100644 index 23b9e0f..0000000 --- a/var/lib/octopussy/conf/tables/Mail_Traffic.xml +++ /dev/null @@ -1,35 +0,0 @@ - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Message.xml b/var/lib/octopussy/conf/tables/Message.xml deleted file mode 100644 index dbabf5e..0000000 --- a/var/lib/octopussy/conf/tables/Message.xml +++ /dev/null @@ -1,33 +0,0 @@ - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Mnogosearch.xml b/var/lib/octopussy/conf/tables/Mnogosearch.xml deleted file mode 100644 index 8b2e608..0000000 --- a/var/lib/octopussy/conf/tables/Mnogosearch.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Nagios_Service_Check.xml b/var/lib/octopussy/conf/tables/Nagios_Service_Check.xml deleted file mode 100644 index fd85653..0000000 --- a/var/lib/octopussy/conf/tables/Nagios_Service_Check.xml +++ /dev/null @@ -1,22 +0,0 @@ - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Nagios_notification.xml b/var/lib/octopussy/conf/tables/Nagios_notification.xml deleted file mode 100644 index 5d16686..0000000 --- a/var/lib/octopussy/conf/tables/Nagios_notification.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Nagios_service.xml b/var/lib/octopussy/conf/tables/Nagios_service.xml deleted file mode 100644 index 16177d5..0000000 --- a/var/lib/octopussy/conf/tables/Nagios_service.xml +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/NetFlow_Traffic.xml b/var/lib/octopussy/conf/tables/NetFlow_Traffic.xml deleted file mode 100644 index 4220edb..0000000 --- a/var/lib/octopussy/conf/tables/NetFlow_Traffic.xml +++ /dev/null @@ -1,35 +0,0 @@ - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Netscreen_NSM.xml b/var/lib/octopussy/conf/tables/Netscreen_NSM.xml deleted file mode 100644 index 2f54448..0000000 --- a/var/lib/octopussy/conf/tables/Netscreen_NSM.xml +++ /dev/null @@ -1,39 +0,0 @@ - - - - - - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Octopussy.xml b/var/lib/octopussy/conf/tables/Octopussy.xml deleted file mode 100644 index 839e5f6..0000000 --- a/var/lib/octopussy/conf/tables/Octopussy.xml +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/OpenVZ.xml b/var/lib/octopussy/conf/tables/OpenVZ.xml deleted file mode 100644 index da87d92..0000000 --- a/var/lib/octopussy/conf/tables/OpenVZ.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Rsync_error.xml b/var/lib/octopussy/conf/tables/Rsync_error.xml deleted file mode 100644 index 0d18f99..0000000 --- a/var/lib/octopussy/conf/tables/Rsync_error.xml +++ /dev/null @@ -1,19 +0,0 @@ - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Samhain.xml b/var/lib/octopussy/conf/tables/Samhain.xml deleted file mode 100644 index b6d9d61..0000000 --- a/var/lib/octopussy/conf/tables/Samhain.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Squid_Traffic.xml b/var/lib/octopussy/conf/tables/Squid_Traffic.xml deleted file mode 100644 index 7c0bba1..0000000 --- a/var/lib/octopussy/conf/tables/Squid_Traffic.xml +++ /dev/null @@ -1,30 +0,0 @@ - - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Web_Traffic.xml b/var/lib/octopussy/conf/tables/Web_Traffic.xml deleted file mode 100644 index ffa0aa2..0000000 --- a/var/lib/octopussy/conf/tables/Web_Traffic.xml +++ /dev/null @@ -1,27 +0,0 @@ - - - - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/tables/Windows_Message.xml b/var/lib/octopussy/conf/tables/Windows_Message.xml deleted file mode 100644 index a700a2f..0000000 --- a/var/lib/octopussy/conf/tables/Windows_Message.xml +++ /dev/null @@ -1,33 +0,0 @@ - - - - - - - - - - - - - - - - - From 322b88e86ac8b4af961f0254481bc5b42378ad4e Mon Sep 17 00:00:00 2001 From: Sebastien Thebert Date: Tue, 11 Nov 2014 00:30:14 +0100 Subject: [PATCH 10/47] xml2json loglevel & taxonomy configuration files completed --- conf/logmanagement/loglevel.json | 37 ++++++ conf/logmanagement/taxonomy.json | 171 ++++++++++++++++++++++++++++ scripts/xml2json.pl | 36 ++++++ var/lib/octopussy/conf/loglevel.xml | 11 -- var/lib/octopussy/conf/taxonomy.xml | 49 -------- 5 files changed, 244 insertions(+), 60 deletions(-) create mode 100644 conf/logmanagement/loglevel.json create mode 100644 conf/logmanagement/taxonomy.json delete mode 100644 var/lib/octopussy/conf/loglevel.xml delete mode 100644 var/lib/octopussy/conf/taxonomy.xml diff --git a/conf/logmanagement/loglevel.json b/conf/logmanagement/loglevel.json new file mode 100644 index 0000000..24d6666 --- /dev/null +++ b/conf/logmanagement/loglevel.json @@ -0,0 +1,37 @@ +[ + { + "color" : "red", + "level" : "7", + "value" : "Emergency" + }, + { + "color" : "darkred", + "level" : "6", + "value" : "Alert" + }, + { + "color" : "maroon", + "level" : "5", + "value" : "Critical" + }, + { + "color" : "orange", + "level" : "4", + "value" : "Warning" + }, + { + "color" : "green", + "level" : "3", + "value" : "Notice" + }, + { + "color" : "blue", + "level" : "2", + "value" : "Information" + }, + { + "color" : "gray", + "level" : "1", + "value" : "Debug" + } +] diff --git a/conf/logmanagement/taxonomy.json b/conf/logmanagement/taxonomy.json new file mode 100644 index 0000000..39dbc7e --- /dev/null +++ b/conf/logmanagement/taxonomy.json @@ -0,0 +1,171 @@ +[ + { + "color" : "#FFF000", + "desc" : "Access message", + "value" : "Access" + }, + { + "color" : "#FFD000", + "desc" : "Access Failure message", + "value" : "Access.Failure" + }, + { + "color" : "#FFB000", + "desc" : "Access Success message", + "value" : "Access.Success" + }, + { + "color" : "#0000FF", + "desc" : "Application message", + "value" : "Application" + }, + { + "color" : "#0000FF", + "desc" : "Application Errors message", + "value" : "Application.Errors" + }, + { + "color" : "#0000FF", + "desc" : "Application Start message", + "value" : "Application.Start" + }, + { + "color" : "#0000FF", + "desc" : "Application Stop message", + "value" : "Application.Stop" + }, + { + "color" : "#FF0000", + "desc" : "Attack message", + "value" : "Attack" + }, + { + "color" : "#00FFFF", + "desc" : "Authentication message", + "value" : "Auth" + }, + { + "color" : "#00FFF9", + "desc" : "Authentication Failure message", + "value" : "Auth.Failure" + }, + { + "color" : "#00FFF0", + "desc" : "Authentication Success message", + "value" : "Auth.Success" + }, + { + "color" : "#FF00FF", + "desc" : "Configuration message", + "value" : "Config" + }, + { + "color" : "#FB00FF", + "desc" : "Configuration Backup message", + "value" : "Config.Backup" + }, + { + "color" : "#F700FF", + "desc" : "Configuration Changes message", + "value" : "Config.Changes" + }, + { + "color" : "#F000FF", + "desc" : "Configuration Errors message", + "value" : "Config.Errors" + }, + { + "color" : "#E090E0", + "desc" : "Email Antivirus message", + "value" : "Email.Antivirus" + }, + { + "color" : "#E090E0", + "desc" : "Email Spam message", + "value" : "Email.Spam" + }, + { + "color" : "#E090E0", + "desc" : "Email Traffic message", + "value" : "Email.Traffic" + }, + { + "color" : "#AAAAAF", + "desc" : "Hardware Errors message", + "value" : "Hardware" + }, + { + "color" : "#AAAAAC", + "desc" : "Hardware Disk Errors message", + "value" : "Hardware.Disk" + }, + { + "color" : "#AAAAA9", + "desc" : "Hardware Memory Errors message", + "value" : "Hardware.Memory" + }, + { + "color" : "#AAAAA5", + "desc" : "Hardware Network Errors message", + "value" : "Hardware.Network" + }, + { + "color" : "#AAAAA0", + "desc" : "Hardware Power Supply Errors message", + "value" : "Hardware.Power" + }, + { + "color" : "#303090", + "desc" : "Network message", + "value" : "Network" + }, + { + "color" : "#303090", + "desc" : "Network Errors message", + "value" : "Network.Errors" + }, + { + "desc" : "Other message", + "value" : "Other" + }, + { + "color" : "#202090", + "desc" : "Printer message", + "value" : "Printer" + }, + { + "color" : "#202090", + "desc" : "Printer Errors message", + "value" : "Printer.Errors" + }, + { + "color" : "#0000FF", + "desc" : "System message", + "value" : "System" + }, + { + "color" : "#0000F9", + "desc" : "System Boot message", + "value" : "System.Boot" + }, + { + "color" : "#0000F0", + "desc" : "System Errors message", + "value" : "System.Errors" + }, + { + "color" : "#00FF00", + "desc" : "Traffic message", + "value" : "Traffic" + }, + { + "color" : "#00FF00", + "desc" : "Traffic Denied message", + "value" : "Traffic.Denied" + }, + { + "color" : "#00FF00", + "desc" : "Traffic Granted message", + "value" : "Traffic.Granted" + } +] diff --git a/scripts/xml2json.pl b/scripts/xml2json.pl index b22ff8d..5e66670 100755 --- a/scripts/xml2json.pl +++ b/scripts/xml2json.pl @@ -21,8 +21,10 @@ =head1 SYNOPSIS my %action = ( octopussy_device => \&json_device, + octopussy_loglevel => \&json_loglevel, octopussy_service => \&json_service, octopussy_table => \&json_table, + octopussy_taxonomy => \&json_taxonomy, ); =head1 SUBROUTINES @@ -36,6 +38,23 @@ sub json_device printf "Device\n"; } +=head2 json_loglevel($conf) + +=cut + +sub json_loglevel +{ + my $conf = shift; + + my @loglevel = (); + foreach my $l (reverse sort { $a->{level} <=> $b->{level} } @{$conf->{loglevel}}) + { + push @loglevel, $l; + } + + return (to_json(\@loglevel, {pretty => 1})); +} + =head2 json_service($conf) =cut @@ -76,6 +95,23 @@ sub json_table return (to_json($conf, {pretty => 1})); } +=head2 json_taxonomy($conf) + +=cut + +sub json_taxonomy +{ + my $conf = shift; + + my @taxonomy = (); + foreach my $t (sort { $a->{value} cmp $b->{value} } @{$conf->{taxonomy}}) + { + push @taxonomy, $t; + } + + return (to_json(\@taxonomy, {pretty => 1})); +} + =head2 xml_read($filename) Read XML file '$filename' diff --git a/var/lib/octopussy/conf/loglevel.xml b/var/lib/octopussy/conf/loglevel.xml deleted file mode 100644 index 806fe7b..0000000 --- a/var/lib/octopussy/conf/loglevel.xml +++ /dev/null @@ -1,11 +0,0 @@ - - - - - - - - - - - diff --git a/var/lib/octopussy/conf/taxonomy.xml b/var/lib/octopussy/conf/taxonomy.xml deleted file mode 100644 index 09bc541..0000000 --- a/var/lib/octopussy/conf/taxonomy.xml +++ /dev/null @@ -1,49 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From 457a10cb58813473056e04d67495b3c4b0cccc53 Mon Sep 17 00:00:00 2001 From: Sebastien Thebert Date: Tue, 11 Nov 2014 21:55:12 +0100 Subject: [PATCH 11/47] Starting octopussy_api.pl API handling: /service/:service_name /services /table/:table_name /tables --- bin/octopussy_api.pl | 26 ++++++ lib/OneTool/LogManagement/Configuration.pm | 85 +++++++++++++++++++ lib/OneTool/LogManagement/Server/API.pm | 51 +++++++++++ .../LogManagement/Server/API/Service.pm | 53 ++++++++++++ lib/OneTool/LogManagement/Server/API/Table.pm | 53 ++++++++++++ lib/OneTool/LogManagement/Service.pm | 47 ++++++++++ lib/OneTool/LogManagement/Table.pm | 47 ++++++++++ 7 files changed, 362 insertions(+) create mode 100755 bin/octopussy_api.pl create mode 100644 lib/OneTool/LogManagement/Configuration.pm create mode 100644 lib/OneTool/LogManagement/Server/API.pm create mode 100644 lib/OneTool/LogManagement/Server/API/Service.pm create mode 100644 lib/OneTool/LogManagement/Server/API/Table.pm create mode 100644 lib/OneTool/LogManagement/Service.pm create mode 100644 lib/OneTool/LogManagement/Table.pm diff --git a/bin/octopussy_api.pl b/bin/octopussy_api.pl new file mode 100755 index 0000000..4716dee --- /dev/null +++ b/bin/octopussy_api.pl @@ -0,0 +1,26 @@ +#!/usr/bin/perl + +=head1 NAME + +octopussy_api.pl - Octopussy API + +=cut + +use strict; +use warnings; + +use FindBin; + +use lib "$FindBin::Bin/../lib/"; + +require Mojolicious::Commands; + Mojolicious::Commands->start_app( + 'OneTool::LogManagement::Server::API', + 'daemon', + '-l', 'http://*:2000'); + +=head1 AUTHOR + +Sebastien Thebert + +=cut \ No newline at end of file diff --git a/lib/OneTool/LogManagement/Configuration.pm b/lib/OneTool/LogManagement/Configuration.pm new file mode 100644 index 0000000..b0e13f7 --- /dev/null +++ b/lib/OneTool/LogManagement/Configuration.pm @@ -0,0 +1,85 @@ +package OneTool::LogManagement::Configuration; + +=head1 NAME + +OneTool::LogManagement::Configuration - OneTool LogManagement Configuration module + +=cut + +use strict; +use warnings; + +use File::Slurp; +use FindBin; +use JSON; + +my $DIR_CONFIG = "$FindBin::Bin/../conf/logmanagement"; + +=head1 SUBROUTINES/METHODS + +=head2 get($type, $name) + +=cut + +sub get +{ + my ($type, $name) = @_; + + my $filename = filename($type, $name); + if ((defined $filename) && (-r $filename)) + { + my $json = read_file($filename); + my $conf = from_json($json); + + return ($conf); + } + + return (undef); +} + + +=head2 items($type) + +=cut + +sub items +{ + my $type = shift; + + my @items = map { ($_ =~ /^(.+)\.json$/ ? ($_ = $1) : ()) } + read_dir("${DIR_CONFIG}/$type/"); + + return (@items); +} + +=head2 directory() + +=cut + +sub directory +{ + my $dir_new = shift; + + $DIR_CONFIG = (defined $dir_new ? $dir_new : $DIR_CONFIG); + + return ($DIR_CONFIG); +} + +=head2 filename($type, $name) + +=cut + +sub filename +{ + my ($type, $name) = @_; + + return ("${DIR_CONFIG}/$type/${name}.json"); +} + +1; + +=head1 AUTHOR + +Sebastien Thebert + +=cut diff --git a/lib/OneTool/LogManagement/Server/API.pm b/lib/OneTool/LogManagement/Server/API.pm new file mode 100644 index 0000000..567d9ea --- /dev/null +++ b/lib/OneTool/LogManagement/Server/API.pm @@ -0,0 +1,51 @@ +package OneTool::LogManagement::Server::API; + +=head1 NAME + +OneTool::LogManagement::Server::API - OneTool LogManagement Server API module + +=cut + +use strict; +use warnings; + +use Mojo::Base 'Mojolicious'; + +=head1 SUBROUTINES/METHODS + +=head2 startup + +=cut + +sub startup +{ + my $self = shift; + + my $r = $self->routes; + + # Routes /device(s) + #$r->get('/device/:device_name')->to('device#configuration'); + #$r->post('/device/:device_name')->to('device#new'); + #$r->get('/devices')->to('device#list'); + + #$r->get('/device_models/:device_type')->to('device#models'); + #$r->get('/device_types')->to('device#types'); + # Routes /logs + #$r->get('/logs/:begin/:end/:device_selection/:service_selection')->to('logs#extraction'); + + # Routes /service(s) + $r->get('/service/:service_name')->to('service#configuration'); + $r->get('/services')->to('service#list'); + + # Routes /table(s) + $r->get('/table/:table_name')->to('table#configuration'); + $r->get('/tables')->to('table#list'); +} + +1; + +=head1 AUTHOR + +Sebastien Thebert + +=cut diff --git a/lib/OneTool/LogManagement/Server/API/Service.pm b/lib/OneTool/LogManagement/Server/API/Service.pm new file mode 100644 index 0000000..8baf110 --- /dev/null +++ b/lib/OneTool/LogManagement/Server/API/Service.pm @@ -0,0 +1,53 @@ +package OneTool::LogManagement::Server::API::Service; + +=head1 NAME + +OneTool::LogManagement::Server::API::Service - OneTool LogManagement Server API Service module + +=cut + +use strict; +use warnings; + +use Mojo::Base 'Mojolicious::Controller'; + +use OneTool::LogManagement::Service; + +=head2 configuration() + +Returns Service configuration + +=cut + +sub configuration +{ + my $self = shift; + + my $service_name = $self->param('service_name'); + my $conf = OneTool::LogManagement::Service::configuration($service_name); + + $self->render(json => $conf); +} + +=head2 list() + +Returns Services list + +=cut + +sub list +{ + my $self = shift; + + my @list = OneTool::LogManagement::Service::list(); + + $self->render(json => \@list); +} + +1; + +=head1 AUTHOR + +Sebastien Thebert + +=cut diff --git a/lib/OneTool/LogManagement/Server/API/Table.pm b/lib/OneTool/LogManagement/Server/API/Table.pm new file mode 100644 index 0000000..3d597cf --- /dev/null +++ b/lib/OneTool/LogManagement/Server/API/Table.pm @@ -0,0 +1,53 @@ +package OneTool::LogManagement::Server::API::Table; + +=head1 NAME + +OneTool::LogManagement::Server::API::Table - OneTool LogManagement Server API Table module + +=cut + +use strict; +use warnings; + +use Mojo::Base 'Mojolicious::Controller'; + +use OneTool::LogManagement::Table; + +=head2 configuration() + +Returns Table configuration + +=cut + +sub configuration +{ + my $self = shift; + + my $table_name = $self->param('table_name'); + my $conf = OneTool::LogManagement::Table::configuration($table_name); + + $self->render(json => $conf); +} + +=head2 list() + +Returns Tables list + +=cut + +sub list +{ + my $self = shift; + + my @list = OneTool::LogManagement::Table::list(); + + $self->render(json => \@list); +} + +1; + +=head1 AUTHOR + +Sebastien Thebert + +=cut diff --git a/lib/OneTool/LogManagement/Service.pm b/lib/OneTool/LogManagement/Service.pm new file mode 100644 index 0000000..aaa60a7 --- /dev/null +++ b/lib/OneTool/LogManagement/Service.pm @@ -0,0 +1,47 @@ +package OneTool::LogManagement::Service; + +=head1 NAME + +OneTool::LogManagement::Service - OneTool LogManagement Service module + +=cut + +use strict; +use warnings; + +use OneTool::LogManagement::Configuration; + +=head1 SUBROUTINES/METHODS + +=head2 configuration($service_name) + +=cut + +sub configuration +{ + my $service_name = shift; + + my $conf = OneTool::LogManagement::Configuration::get('services', + $service_name); + + return ($conf); +} + +=head2 list() + +=cut + +sub list +{ + my @items = OneTool::LogManagement::Configuration::items('services'); + + return (@items); +} + +1; + +=head1 AUTHOR + +Sebastien Thebert + +=cut diff --git a/lib/OneTool/LogManagement/Table.pm b/lib/OneTool/LogManagement/Table.pm new file mode 100644 index 0000000..4fc1531 --- /dev/null +++ b/lib/OneTool/LogManagement/Table.pm @@ -0,0 +1,47 @@ +package OneTool::LogManagement::Table; + +=head1 NAME + +OneTool::LogManagement::Table - OneTool LogManagement Table module + +=cut + +use strict; +use warnings; + +use OneTool::LogManagement::Configuration; + +=head1 SUBROUTINES/METHODS + +=head2 configuration($table_name) + +=cut + +sub configuration +{ + my $table_name = shift; + + my $conf = OneTool::LogManagement::Configuration::get('tables', + $table_name); + + return ($conf); +} + +=head2 list() + +=cut + +sub list +{ + my @items = OneTool::LogManagement::Configuration::items('tables'); + + return (@items); +} + +1; + +=head1 AUTHOR + +Sebastien Thebert + +=cut From b84d5eb1eeb9fccffdc896fce95842cc3ef39a2c Mon Sep 17 00:00:00 2001 From: Sebastien Thebert Date: Tue, 11 Nov 2014 23:49:57 +0100 Subject: [PATCH 12/47] Octopussy WebConsole base Bootstrap, jQuery & FontAwesome --- bin/octopussy_webconsole.pl | 17 + conf/octopussy_webconsole.json | 8 + lib/OneTool/I18N/fr.pm | 39 ++ lib/OneTool/Web.pm | 64 ++++ public/css/Octopussy.css | 1 + public/css/bootstrap-theme.css | 347 ++++++++++++++++++ public/css/bootstrap.min.css | 7 + public/css/font-awesome.min.css | 4 + public/fonts/FontAwesome.otf | Bin 0 -> 75188 bytes public/fonts/fontawesome-webfont.eot | Bin 0 -> 72449 bytes public/fonts/fontawesome-webfont.svg | 504 ++++++++++++++++++++++++++ public/fonts/fontawesome-webfont.ttf | Bin 0 -> 141564 bytes public/fonts/fontawesome-webfont.woff | Bin 0 -> 83760 bytes public/js/bootstrap.min.js | 6 + public/js/jquery.min.js | 4 + templates/menu_top.tt | 19 + templates/wrapper.tt | 42 +++ 17 files changed, 1062 insertions(+) create mode 100644 bin/octopussy_webconsole.pl create mode 100644 conf/octopussy_webconsole.json create mode 100644 lib/OneTool/I18N/fr.pm create mode 100644 lib/OneTool/Web.pm create mode 100644 public/css/Octopussy.css create mode 100644 public/css/bootstrap-theme.css create mode 100644 public/css/bootstrap.min.css create mode 100644 public/css/font-awesome.min.css create mode 100644 public/fonts/FontAwesome.otf create mode 100755 public/fonts/fontawesome-webfont.eot create mode 100755 public/fonts/fontawesome-webfont.svg create mode 100755 public/fonts/fontawesome-webfont.ttf create mode 100755 public/fonts/fontawesome-webfont.woff create mode 100644 public/js/bootstrap.min.js create mode 100644 public/js/jquery.min.js create mode 100644 templates/menu_top.tt create mode 100644 templates/wrapper.tt diff --git a/bin/octopussy_webconsole.pl b/bin/octopussy_webconsole.pl new file mode 100644 index 0000000..362cd0c --- /dev/null +++ b/bin/octopussy_webconsole.pl @@ -0,0 +1,17 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +use FindBin; +BEGIN { unshift @INC, "$FindBin::Bin/../lib" } + +# Start command line interface for application +require Mojolicious::Commands; +Mojolicious::Commands->start_app('OneTool::Web'); + +=head1 AUTHOR + +Sebastien Thebert + +=cut \ No newline at end of file diff --git a/conf/octopussy_webconsole.json b/conf/octopussy_webconsole.json new file mode 100644 index 0000000..5a494f5 --- /dev/null +++ b/conf/octopussy_webconsole.json @@ -0,0 +1,8 @@ +{ + "applications": { + "LogManagement":{ + "icon":"fa-list", + "servers":["http://127.0.0.1:2000"] + } + } +} \ No newline at end of file diff --git a/lib/OneTool/I18N/fr.pm b/lib/OneTool/I18N/fr.pm new file mode 100644 index 0000000..54c2f6d --- /dev/null +++ b/lib/OneTool/I18N/fr.pm @@ -0,0 +1,39 @@ +package OneTool::I18N::fr; + +=head1 NAME + +OneTool::I18N::fr + +=cut + +use base 'OneTool::I18N'; + +use utf8; + +our %Lexicon = ( + '_ACTION' => 'Action', + '_CANCEL' => 'Annuler', + '_DESCRIPTION' => 'Description', + '_DEVICE_MODEL' => 'Modèle d\'Equipement', + '_DEVICE_TYPE' => 'Type d\'Equipement', + '_DISABLED' => 'Désactivé', + '_EDIT' => 'Editer', + '_EDIT_THIS_PAGE' => 'Editer cette page', + '_ENABLED' => 'Activé', + '_IP_ADDRESS' => 'Adresse IP', + '_FILTER' => 'Filtrer', + '_LOG_TYPE' => 'Type de Log', + '_NAME' => 'Nom', + '_NEW_DEVICE' => 'Nouvel Equipement', + '_REMOVE' => 'Supprimer', + '_REMOVE_THIS_PAGE' => 'Supprimer cette page', + '_SAVE' => 'Sauver', + '_SERVICE' => 'Service', + '_SERVICES' => 'Services', + '_SHOW_REVISIONS' => 'Voir les revisions', + '_STATUS' => 'Statut', + '_STORAGES' => 'Stockages', +); + +1; + diff --git a/lib/OneTool/Web.pm b/lib/OneTool/Web.pm new file mode 100644 index 0000000..37f5949 --- /dev/null +++ b/lib/OneTool/Web.pm @@ -0,0 +1,64 @@ +package OneTool::Web; + +=head1 NAME + +OneTool::Web - OneTool Web module + +=cut + +use strict; +use warnings; + +use FindBin; +use Mojo::Base 'Mojolicious'; + +use OneTool::Web::LogManagement::Service; + +#use OneTool::Web::Wiki::Page; + +=head1 SUBROUTINES/METHODS + +=head2 startup + +=cut + +sub startup +{ + my $self = shift; + + # loads app configuration + my $config = $self->plugin('JSONConfig', + { file => "$FindBin::Bin/../conf/octopussy_webconsole.json" }); + + # inits Template::Toolkit renderer + $self->plugin(tt_renderer => { + template_options => { + PLUGIN_BASE => 'OneTool::Web::Template::Plugin', + WRAPPER => 'wrapper.tt', + } + }); + $self->renderer->default_handler('tt'); + + # inits I18N + $self->plugin(charset => { charset => 'utf8' }); + $self->plugin(I18N => { namespace => 'OneTool::I18N', default => 'fr' }); + + # sets routes + my $r = $self->routes; + + # Routes /logmanagement/device(s) +# $r->get('/logmanagement/devices')->to('LogManagement::Device#list'); +# $r->get('/logmanagement/device_models/:device_type')->to('LogManagement::Device#models'); +# $r->get('/logmanagement/device/:device_name/services')->to('LogManagement::Device#services'); + + $r->get('/logmanagement/services')->to('LogManagement::Service#list'); + $r->get('/logmanagement/service/:service_name')->to('LogManagement::Service#messages'); +} + +1; + +=head1 AUTHOR + +Sebastien Thebert + +=cut diff --git a/public/css/Octopussy.css b/public/css/Octopussy.css new file mode 100644 index 0000000..c69d2ad --- /dev/null +++ b/public/css/Octopussy.css @@ -0,0 +1 @@ +body { padding-top: 60px; } \ No newline at end of file diff --git a/public/css/bootstrap-theme.css b/public/css/bootstrap-theme.css new file mode 100644 index 0000000..a406992 --- /dev/null +++ b/public/css/bootstrap-theme.css @@ -0,0 +1,347 @@ +/*! + * Bootstrap v3.1.1 (http://getbootstrap.com) + * Copyright 2011-2014 Twitter, Inc. + * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) + */ + +.btn-default, +.btn-primary, +.btn-success, +.btn-info, +.btn-warning, +.btn-danger { + text-shadow: 0 -1px 0 rgba(0, 0, 0, .2); + -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, .15), 0 1px 1px rgba(0, 0, 0, .075); + box-shadow: inset 0 1px 0 rgba(255, 255, 255, .15), 0 1px 1px rgba(0, 0, 0, .075); +} +.btn-default:active, +.btn-primary:active, +.btn-success:active, +.btn-info:active, +.btn-warning:active, +.btn-danger:active, +.btn-default.active, +.btn-primary.active, +.btn-success.active, +.btn-info.active, +.btn-warning.active, +.btn-danger.active { + -webkit-box-shadow: inset 0 3px 5px rgba(0, 0, 0, .125); + box-shadow: inset 0 3px 5px rgba(0, 0, 0, .125); +} +.btn:active, +.btn.active { + background-image: none; +} +.btn-default { + text-shadow: 0 1px 0 #fff; + background-image: -webkit-linear-gradient(top, #fff 0%, #e0e0e0 100%); + background-image: linear-gradient(to bottom, #fff 0%, #e0e0e0 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#ffe0e0e0', GradientType=0); + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); + background-repeat: repeat-x; + border-color: #dbdbdb; + border-color: #ccc; +} +.btn-default:hover, +.btn-default:focus { + background-color: #e0e0e0; + background-position: 0 -15px; +} +.btn-default:active, +.btn-default.active { + background-color: #e0e0e0; + border-color: #dbdbdb; +} +.btn-primary { + background-image: -webkit-linear-gradient(top, #428bca 0%, #2d6ca2 100%); + background-image: linear-gradient(to bottom, #428bca 0%, #2d6ca2 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff2d6ca2', GradientType=0); + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); + background-repeat: repeat-x; + border-color: #2b669a; +} +.btn-primary:hover, +.btn-primary:focus { + background-color: #2d6ca2; + background-position: 0 -15px; +} +.btn-primary:active, +.btn-primary.active { + background-color: #2d6ca2; + border-color: #2b669a; +} +.btn-success { + background-image: -webkit-linear-gradient(top, #5cb85c 0%, #419641 100%); + background-image: linear-gradient(to bottom, #5cb85c 0%, #419641 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5cb85c', endColorstr='#ff419641', GradientType=0); + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); + background-repeat: repeat-x; + border-color: #3e8f3e; +} +.btn-success:hover, +.btn-success:focus { + background-color: #419641; + background-position: 0 -15px; +} +.btn-success:active, +.btn-success.active { + background-color: #419641; + border-color: #3e8f3e; +} +.btn-info { + background-image: -webkit-linear-gradient(top, #5bc0de 0%, #2aabd2 100%); + background-image: linear-gradient(to bottom, #5bc0de 0%, #2aabd2 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff2aabd2', GradientType=0); + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); + background-repeat: repeat-x; + border-color: #28a4c9; +} +.btn-info:hover, +.btn-info:focus { + background-color: #2aabd2; + background-position: 0 -15px; +} +.btn-info:active, +.btn-info.active { + background-color: #2aabd2; + border-color: #28a4c9; +} +.btn-warning { + background-image: -webkit-linear-gradient(top, #f0ad4e 0%, #eb9316 100%); + background-image: linear-gradient(to bottom, #f0ad4e 0%, #eb9316 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff0ad4e', endColorstr='#ffeb9316', GradientType=0); + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); + background-repeat: repeat-x; + border-color: #e38d13; +} +.btn-warning:hover, +.btn-warning:focus { + background-color: #eb9316; + background-position: 0 -15px; +} +.btn-warning:active, +.btn-warning.active { + background-color: #eb9316; + border-color: #e38d13; +} +.btn-danger { + background-image: -webkit-linear-gradient(top, #d9534f 0%, #c12e2a 100%); + background-image: linear-gradient(to bottom, #d9534f 0%, #c12e2a 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9534f', endColorstr='#ffc12e2a', GradientType=0); + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); + background-repeat: repeat-x; + border-color: #b92c28; +} +.btn-danger:hover, +.btn-danger:focus { + background-color: #c12e2a; + background-position: 0 -15px; +} +.btn-danger:active, +.btn-danger.active { + background-color: #c12e2a; + border-color: #b92c28; +} +.thumbnail, +.img-thumbnail { + -webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, .075); + box-shadow: 0 1px 2px rgba(0, 0, 0, .075); +} +.dropdown-menu > li > a:hover, +.dropdown-menu > li > a:focus { + background-color: #e8e8e8; + background-image: -webkit-linear-gradient(top, #f5f5f5 0%, #e8e8e8 100%); + background-image: linear-gradient(to bottom, #f5f5f5 0%, #e8e8e8 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#ffe8e8e8', GradientType=0); + background-repeat: repeat-x; +} +.dropdown-menu > .active > a, +.dropdown-menu > .active > a:hover, +.dropdown-menu > .active > a:focus { + background-color: #357ebd; + background-image: -webkit-linear-gradient(top, #428bca 0%, #357ebd 100%); + background-image: linear-gradient(to bottom, #428bca 0%, #357ebd 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff357ebd', GradientType=0); + background-repeat: repeat-x; +} +.navbar-default { + background-image: -webkit-linear-gradient(top, #fff 0%, #f8f8f8 100%); + background-image: linear-gradient(to bottom, #fff 0%, #f8f8f8 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#fff8f8f8', GradientType=0); + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); + background-repeat: repeat-x; + border-radius: 4px; + -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, .15), 0 1px 5px rgba(0, 0, 0, .075); + box-shadow: inset 0 1px 0 rgba(255, 255, 255, .15), 0 1px 5px rgba(0, 0, 0, .075); +} +.navbar-default .navbar-nav > .active > a { + background-image: -webkit-linear-gradient(top, #ebebeb 0%, #f3f3f3 100%); + background-image: linear-gradient(to bottom, #ebebeb 0%, #f3f3f3 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffebebeb', endColorstr='#fff3f3f3', GradientType=0); + background-repeat: repeat-x; + -webkit-box-shadow: inset 0 3px 9px rgba(0, 0, 0, .075); + box-shadow: inset 0 3px 9px rgba(0, 0, 0, .075); +} +.navbar-brand, +.navbar-nav > li > a { + text-shadow: 0 1px 0 rgba(255, 255, 255, .25); +} +.navbar-inverse { + background-image: -webkit-linear-gradient(top, #3c3c3c 0%, #222 100%); + background-image: linear-gradient(to bottom, #3c3c3c 0%, #222 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff3c3c3c', endColorstr='#ff222222', GradientType=0); + filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); + background-repeat: repeat-x; +} +.navbar-inverse .navbar-nav > .active > a { + background-image: -webkit-linear-gradient(top, #222 0%, #282828 100%); + background-image: linear-gradient(to bottom, #222 0%, #282828 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff222222', endColorstr='#ff282828', GradientType=0); + background-repeat: repeat-x; + -webkit-box-shadow: inset 0 3px 9px rgba(0, 0, 0, .25); + box-shadow: inset 0 3px 9px rgba(0, 0, 0, .25); +} +.navbar-inverse .navbar-brand, +.navbar-inverse .navbar-nav > li > a { + text-shadow: 0 -1px 0 rgba(0, 0, 0, .25); +} +.navbar-static-top, +.navbar-fixed-top, +.navbar-fixed-bottom { + border-radius: 0; +} +.alert { + text-shadow: 0 1px 0 rgba(255, 255, 255, .2); + -webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, .25), 0 1px 2px rgba(0, 0, 0, .05); + box-shadow: inset 0 1px 0 rgba(255, 255, 255, .25), 0 1px 2px rgba(0, 0, 0, .05); +} +.alert-success { + background-image: -webkit-linear-gradient(top, #dff0d8 0%, #c8e5bc 100%); + background-image: linear-gradient(to bottom, #dff0d8 0%, #c8e5bc 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffc8e5bc', GradientType=0); + background-repeat: repeat-x; + border-color: #b2dba1; +} +.alert-info { + background-image: -webkit-linear-gradient(top, #d9edf7 0%, #b9def0 100%); + background-image: linear-gradient(to bottom, #d9edf7 0%, #b9def0 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffb9def0', GradientType=0); + background-repeat: repeat-x; + border-color: #9acfea; +} +.alert-warning { + background-image: -webkit-linear-gradient(top, #fcf8e3 0%, #f8efc0 100%); + background-image: linear-gradient(to bottom, #fcf8e3 0%, #f8efc0 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fff8efc0', GradientType=0); + background-repeat: repeat-x; + border-color: #f5e79e; +} +.alert-danger { + background-image: -webkit-linear-gradient(top, #f2dede 0%, #e7c3c3 100%); + background-image: linear-gradient(to bottom, #f2dede 0%, #e7c3c3 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffe7c3c3', GradientType=0); + background-repeat: repeat-x; + border-color: #dca7a7; +} +.progress { + background-image: -webkit-linear-gradient(top, #ebebeb 0%, #f5f5f5 100%); + background-image: linear-gradient(to bottom, #ebebeb 0%, #f5f5f5 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffebebeb', endColorstr='#fff5f5f5', GradientType=0); + background-repeat: repeat-x; +} +.progress-bar { + background-image: -webkit-linear-gradient(top, #428bca 0%, #3071a9 100%); + background-image: linear-gradient(to bottom, #428bca 0%, #3071a9 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff3071a9', GradientType=0); + background-repeat: repeat-x; +} +.progress-bar-success { + background-image: -webkit-linear-gradient(top, #5cb85c 0%, #449d44 100%); + background-image: linear-gradient(to bottom, #5cb85c 0%, #449d44 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5cb85c', endColorstr='#ff449d44', GradientType=0); + background-repeat: repeat-x; +} +.progress-bar-info { + background-image: -webkit-linear-gradient(top, #5bc0de 0%, #31b0d5 100%); + background-image: linear-gradient(to bottom, #5bc0de 0%, #31b0d5 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff31b0d5', GradientType=0); + background-repeat: repeat-x; +} +.progress-bar-warning { + background-image: -webkit-linear-gradient(top, #f0ad4e 0%, #ec971f 100%); + background-image: linear-gradient(to bottom, #f0ad4e 0%, #ec971f 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff0ad4e', endColorstr='#ffec971f', GradientType=0); + background-repeat: repeat-x; +} +.progress-bar-danger { + background-image: -webkit-linear-gradient(top, #d9534f 0%, #c9302c 100%); + background-image: linear-gradient(to bottom, #d9534f 0%, #c9302c 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9534f', endColorstr='#ffc9302c', GradientType=0); + background-repeat: repeat-x; +} +.list-group { + border-radius: 4px; + -webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, .075); + box-shadow: 0 1px 2px rgba(0, 0, 0, .075); +} +.list-group-item.active, +.list-group-item.active:hover, +.list-group-item.active:focus { + text-shadow: 0 -1px 0 #3071a9; + background-image: -webkit-linear-gradient(top, #428bca 0%, #3278b3 100%); + background-image: linear-gradient(to bottom, #428bca 0%, #3278b3 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff3278b3', GradientType=0); + background-repeat: repeat-x; + border-color: #3278b3; +} +.panel { + -webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, .05); + box-shadow: 0 1px 2px rgba(0, 0, 0, .05); +} +.panel-default > .panel-heading { + background-image: -webkit-linear-gradient(top, #f5f5f5 0%, #e8e8e8 100%); + background-image: linear-gradient(to bottom, #f5f5f5 0%, #e8e8e8 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#ffe8e8e8', GradientType=0); + background-repeat: repeat-x; +} +.panel-primary > .panel-heading { + background-image: -webkit-linear-gradient(top, #428bca 0%, #357ebd 100%); + background-image: linear-gradient(to bottom, #428bca 0%, #357ebd 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff357ebd', GradientType=0); + background-repeat: repeat-x; +} +.panel-success > .panel-heading { + background-image: -webkit-linear-gradient(top, #dff0d8 0%, #d0e9c6 100%); + background-image: linear-gradient(to bottom, #dff0d8 0%, #d0e9c6 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffd0e9c6', GradientType=0); + background-repeat: repeat-x; +} +.panel-info > .panel-heading { + background-image: -webkit-linear-gradient(top, #d9edf7 0%, #c4e3f3 100%); + background-image: linear-gradient(to bottom, #d9edf7 0%, #c4e3f3 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffc4e3f3', GradientType=0); + background-repeat: repeat-x; +} +.panel-warning > .panel-heading { + background-image: -webkit-linear-gradient(top, #fcf8e3 0%, #faf2cc 100%); + background-image: linear-gradient(to bottom, #fcf8e3 0%, #faf2cc 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fffaf2cc', GradientType=0); + background-repeat: repeat-x; +} +.panel-danger > .panel-heading { + background-image: -webkit-linear-gradient(top, #f2dede 0%, #ebcccc 100%); + background-image: linear-gradient(to bottom, #f2dede 0%, #ebcccc 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffebcccc', GradientType=0); + background-repeat: repeat-x; +} +.well { + background-image: -webkit-linear-gradient(top, #e8e8e8 0%, #f5f5f5 100%); + background-image: linear-gradient(to bottom, #e8e8e8 0%, #f5f5f5 100%); + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffe8e8e8', endColorstr='#fff5f5f5', GradientType=0); + background-repeat: repeat-x; + border-color: #dcdcdc; + -webkit-box-shadow: inset 0 1px 3px rgba(0, 0, 0, .05), 0 1px 0 rgba(255, 255, 255, .1); + box-shadow: inset 0 1px 3px rgba(0, 0, 0, .05), 0 1px 0 rgba(255, 255, 255, .1); +} +/*# sourceMappingURL=bootstrap-theme.css.map */ diff --git a/public/css/bootstrap.min.css b/public/css/bootstrap.min.css new file mode 100644 index 0000000..679272d --- /dev/null +++ b/public/css/bootstrap.min.css @@ -0,0 +1,7 @@ +/*! + * Bootstrap v3.1.1 (http://getbootstrap.com) + * Copyright 2011-2014 Twitter, Inc. + * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) + */ + +/*! normalize.css v3.0.0 | MIT License | git.io/normalize */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background:0 0}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{font-size:2em;margin:.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button,select{text-transform:none}button,html input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}input{line-height:normal}input[type=checkbox],input[type=radio]{box-sizing:border-box;padding:0}input[type=number]::-webkit-inner-spin-button,input[type=number]::-webkit-outer-spin-button{height:auto}input[type=search]{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}legend{border:0;padding:0}textarea{overflow:auto}optgroup{font-weight:700}table{border-collapse:collapse;border-spacing:0}td,th{padding:0}@media print{*{text-shadow:none!important;color:#000!important;background:transparent!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100%!important}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}select{background:#fff!important}.navbar{display:none}.table td,.table th{background-color:#fff!important}.btn>.caret,.dropup>.btn>.caret{border-top-color:#000!important}.label{border:1px solid #000}.table{border-collapse:collapse!important}.table-bordered th,.table-bordered td{border:1px solid #ddd!important}}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}:before,:after{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:62.5%;-webkit-tap-highlight-color:rgba(0,0,0,0)}body{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:1.42857143;color:#333;background-color:#fff}input,button,select,textarea{font-family:inherit;font-size:inherit;line-height:inherit}a{color:#428bca;text-decoration:none}a:hover,a:focus{color:#2a6496;text-decoration:underline}a:focus{outline:thin dotted;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}figure{margin:0}img{vertical-align:middle}.img-responsive,.thumbnail>img,.thumbnail a>img,.carousel-inner>.item>img,.carousel-inner>.item>a>img{display:block;max-width:100%;height:auto}.img-rounded{border-radius:6px}.img-thumbnail{padding:4px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;transition:all .2s ease-in-out;display:inline-block;max-width:100%;height:auto}.img-circle{border-radius:50%}hr{margin-top:20px;margin-bottom:20px;border:0;border-top:1px solid #eee}.sr-only{position:absolute;width:1px;height:1px;margin:-1px;padding:0;overflow:hidden;clip:rect(0,0,0,0);border:0}h1,h2,h3,h4,h5,h6,.h1,.h2,.h3,.h4,.h5,.h6{font-family:inherit;font-weight:500;line-height:1.1;color:inherit}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small,.h1 small,.h2 small,.h3 small,.h4 small,.h5 small,.h6 small,h1 .small,h2 .small,h3 .small,h4 .small,h5 .small,h6 .small,.h1 .small,.h2 .small,.h3 .small,.h4 .small,.h5 .small,.h6 .small{font-weight:400;line-height:1;color:#999}h1,.h1,h2,.h2,h3,.h3{margin-top:20px;margin-bottom:10px}h1 small,.h1 small,h2 small,.h2 small,h3 small,.h3 small,h1 .small,.h1 .small,h2 .small,.h2 .small,h3 .small,.h3 .small{font-size:65%}h4,.h4,h5,.h5,h6,.h6{margin-top:10px;margin-bottom:10px}h4 small,.h4 small,h5 small,.h5 small,h6 small,.h6 small,h4 .small,.h4 .small,h5 .small,.h5 .small,h6 .small,.h6 .small{font-size:75%}h1,.h1{font-size:36px}h2,.h2{font-size:30px}h3,.h3{font-size:24px}h4,.h4{font-size:18px}h5,.h5{font-size:14px}h6,.h6{font-size:12px}p{margin:0 0 10px}.lead{margin-bottom:20px;font-size:16px;font-weight:200;line-height:1.4}@media (min-width:768px){.lead{font-size:21px}}small,.small{font-size:85%}cite{font-style:normal}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}.text-justify{text-align:justify}.text-muted{color:#999}.text-primary{color:#428bca}a.text-primary:hover{color:#3071a9}.text-success{color:#3c763d}a.text-success:hover{color:#2b542c}.text-info{color:#31708f}a.text-info:hover{color:#245269}.text-warning{color:#8a6d3b}a.text-warning:hover{color:#66512c}.text-danger{color:#a94442}a.text-danger:hover{color:#843534}.bg-primary{color:#fff;background-color:#428bca}a.bg-primary:hover{background-color:#3071a9}.bg-success{background-color:#dff0d8}a.bg-success:hover{background-color:#c1e2b3}.bg-info{background-color:#d9edf7}a.bg-info:hover{background-color:#afd9ee}.bg-warning{background-color:#fcf8e3}a.bg-warning:hover{background-color:#f7ecb5}.bg-danger{background-color:#f2dede}a.bg-danger:hover{background-color:#e4b9b9}.page-header{padding-bottom:9px;margin:40px 0 20px;border-bottom:1px solid #eee}ul,ol{margin-top:0;margin-bottom:10px}ul ul,ol ul,ul ol,ol ol{margin-bottom:0}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none;margin-left:-5px}.list-inline>li{display:inline-block;padding-left:5px;padding-right:5px}dl{margin-top:0;margin-bottom:20px}dt,dd{line-height:1.42857143}dt{font-weight:700}dd{margin-left:0}@media (min-width:768px){.dl-horizontal dt{float:left;width:160px;clear:left;text-align:right;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}}abbr[title],abbr[data-original-title]{cursor:help;border-bottom:1px dotted #999}.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:10px 20px;margin:0 0 20px;font-size:17.5px;border-left:5px solid #eee}blockquote p:last-child,blockquote ul:last-child,blockquote ol:last-child{margin-bottom:0}blockquote footer,blockquote small,blockquote .small{display:block;font-size:80%;line-height:1.42857143;color:#999}blockquote footer:before,blockquote small:before,blockquote .small:before{content:'\2014 \00A0'}.blockquote-reverse,blockquote.pull-right{padding-right:15px;padding-left:0;border-right:5px solid #eee;border-left:0;text-align:right}.blockquote-reverse footer:before,blockquote.pull-right footer:before,.blockquote-reverse small:before,blockquote.pull-right small:before,.blockquote-reverse .small:before,blockquote.pull-right .small:before{content:''}.blockquote-reverse footer:after,blockquote.pull-right footer:after,.blockquote-reverse small:after,blockquote.pull-right small:after,.blockquote-reverse .small:after,blockquote.pull-right .small:after{content:'\00A0 \2014'}blockquote:before,blockquote:after{content:""}address{margin-bottom:20px;font-style:normal;line-height:1.42857143}code,kbd,pre,samp{font-family:Menlo,Monaco,Consolas,"Courier New",monospace}code{padding:2px 4px;font-size:90%;color:#c7254e;background-color:#f9f2f4;white-space:nowrap;border-radius:4px}kbd{padding:2px 4px;font-size:90%;color:#fff;background-color:#333;border-radius:3px;box-shadow:inset 0 -1px 0 rgba(0,0,0,.25)}pre{display:block;padding:9.5px;margin:0 0 10px;font-size:13px;line-height:1.42857143;word-break:break-all;word-wrap:break-word;color:#333;background-color:#f5f5f5;border:1px solid #ccc;border-radius:4px}pre code{padding:0;font-size:inherit;color:inherit;white-space:pre-wrap;background-color:transparent;border-radius:0}.pre-scrollable{max-height:340px;overflow-y:scroll}.container{margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}@media (min-width:768px){.container{width:750px}}@media (min-width:992px){.container{width:970px}}@media (min-width:1200px){.container{width:1170px}}.container-fluid{margin-right:auto;margin-left:auto;padding-left:15px;padding-right:15px}.row{margin-left:-15px;margin-right:-15px}.col-xs-1,.col-sm-1,.col-md-1,.col-lg-1,.col-xs-2,.col-sm-2,.col-md-2,.col-lg-2,.col-xs-3,.col-sm-3,.col-md-3,.col-lg-3,.col-xs-4,.col-sm-4,.col-md-4,.col-lg-4,.col-xs-5,.col-sm-5,.col-md-5,.col-lg-5,.col-xs-6,.col-sm-6,.col-md-6,.col-lg-6,.col-xs-7,.col-sm-7,.col-md-7,.col-lg-7,.col-xs-8,.col-sm-8,.col-md-8,.col-lg-8,.col-xs-9,.col-sm-9,.col-md-9,.col-lg-9,.col-xs-10,.col-sm-10,.col-md-10,.col-lg-10,.col-xs-11,.col-sm-11,.col-md-11,.col-lg-11,.col-xs-12,.col-sm-12,.col-md-12,.col-lg-12{position:relative;min-height:1px;padding-left:15px;padding-right:15px}.col-xs-1,.col-xs-2,.col-xs-3,.col-xs-4,.col-xs-5,.col-xs-6,.col-xs-7,.col-xs-8,.col-xs-9,.col-xs-10,.col-xs-11,.col-xs-12{float:left}.col-xs-12{width:100%}.col-xs-11{width:91.66666667%}.col-xs-10{width:83.33333333%}.col-xs-9{width:75%}.col-xs-8{width:66.66666667%}.col-xs-7{width:58.33333333%}.col-xs-6{width:50%}.col-xs-5{width:41.66666667%}.col-xs-4{width:33.33333333%}.col-xs-3{width:25%}.col-xs-2{width:16.66666667%}.col-xs-1{width:8.33333333%}.col-xs-pull-12{right:100%}.col-xs-pull-11{right:91.66666667%}.col-xs-pull-10{right:83.33333333%}.col-xs-pull-9{right:75%}.col-xs-pull-8{right:66.66666667%}.col-xs-pull-7{right:58.33333333%}.col-xs-pull-6{right:50%}.col-xs-pull-5{right:41.66666667%}.col-xs-pull-4{right:33.33333333%}.col-xs-pull-3{right:25%}.col-xs-pull-2{right:16.66666667%}.col-xs-pull-1{right:8.33333333%}.col-xs-pull-0{right:0}.col-xs-push-12{left:100%}.col-xs-push-11{left:91.66666667%}.col-xs-push-10{left:83.33333333%}.col-xs-push-9{left:75%}.col-xs-push-8{left:66.66666667%}.col-xs-push-7{left:58.33333333%}.col-xs-push-6{left:50%}.col-xs-push-5{left:41.66666667%}.col-xs-push-4{left:33.33333333%}.col-xs-push-3{left:25%}.col-xs-push-2{left:16.66666667%}.col-xs-push-1{left:8.33333333%}.col-xs-push-0{left:0}.col-xs-offset-12{margin-left:100%}.col-xs-offset-11{margin-left:91.66666667%}.col-xs-offset-10{margin-left:83.33333333%}.col-xs-offset-9{margin-left:75%}.col-xs-offset-8{margin-left:66.66666667%}.col-xs-offset-7{margin-left:58.33333333%}.col-xs-offset-6{margin-left:50%}.col-xs-offset-5{margin-left:41.66666667%}.col-xs-offset-4{margin-left:33.33333333%}.col-xs-offset-3{margin-left:25%}.col-xs-offset-2{margin-left:16.66666667%}.col-xs-offset-1{margin-left:8.33333333%}.col-xs-offset-0{margin-left:0}@media (min-width:768px){.col-sm-1,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-10,.col-sm-11,.col-sm-12{float:left}.col-sm-12{width:100%}.col-sm-11{width:91.66666667%}.col-sm-10{width:83.33333333%}.col-sm-9{width:75%}.col-sm-8{width:66.66666667%}.col-sm-7{width:58.33333333%}.col-sm-6{width:50%}.col-sm-5{width:41.66666667%}.col-sm-4{width:33.33333333%}.col-sm-3{width:25%}.col-sm-2{width:16.66666667%}.col-sm-1{width:8.33333333%}.col-sm-pull-12{right:100%}.col-sm-pull-11{right:91.66666667%}.col-sm-pull-10{right:83.33333333%}.col-sm-pull-9{right:75%}.col-sm-pull-8{right:66.66666667%}.col-sm-pull-7{right:58.33333333%}.col-sm-pull-6{right:50%}.col-sm-pull-5{right:41.66666667%}.col-sm-pull-4{right:33.33333333%}.col-sm-pull-3{right:25%}.col-sm-pull-2{right:16.66666667%}.col-sm-pull-1{right:8.33333333%}.col-sm-pull-0{right:0}.col-sm-push-12{left:100%}.col-sm-push-11{left:91.66666667%}.col-sm-push-10{left:83.33333333%}.col-sm-push-9{left:75%}.col-sm-push-8{left:66.66666667%}.col-sm-push-7{left:58.33333333%}.col-sm-push-6{left:50%}.col-sm-push-5{left:41.66666667%}.col-sm-push-4{left:33.33333333%}.col-sm-push-3{left:25%}.col-sm-push-2{left:16.66666667%}.col-sm-push-1{left:8.33333333%}.col-sm-push-0{left:0}.col-sm-offset-12{margin-left:100%}.col-sm-offset-11{margin-left:91.66666667%}.col-sm-offset-10{margin-left:83.33333333%}.col-sm-offset-9{margin-left:75%}.col-sm-offset-8{margin-left:66.66666667%}.col-sm-offset-7{margin-left:58.33333333%}.col-sm-offset-6{margin-left:50%}.col-sm-offset-5{margin-left:41.66666667%}.col-sm-offset-4{margin-left:33.33333333%}.col-sm-offset-3{margin-left:25%}.col-sm-offset-2{margin-left:16.66666667%}.col-sm-offset-1{margin-left:8.33333333%}.col-sm-offset-0{margin-left:0}}@media (min-width:992px){.col-md-1,.col-md-2,.col-md-3,.col-md-4,.col-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-10,.col-md-11,.col-md-12{float:left}.col-md-12{width:100%}.col-md-11{width:91.66666667%}.col-md-10{width:83.33333333%}.col-md-9{width:75%}.col-md-8{width:66.66666667%}.col-md-7{width:58.33333333%}.col-md-6{width:50%}.col-md-5{width:41.66666667%}.col-md-4{width:33.33333333%}.col-md-3{width:25%}.col-md-2{width:16.66666667%}.col-md-1{width:8.33333333%}.col-md-pull-12{right:100%}.col-md-pull-11{right:91.66666667%}.col-md-pull-10{right:83.33333333%}.col-md-pull-9{right:75%}.col-md-pull-8{right:66.66666667%}.col-md-pull-7{right:58.33333333%}.col-md-pull-6{right:50%}.col-md-pull-5{right:41.66666667%}.col-md-pull-4{right:33.33333333%}.col-md-pull-3{right:25%}.col-md-pull-2{right:16.66666667%}.col-md-pull-1{right:8.33333333%}.col-md-pull-0{right:0}.col-md-push-12{left:100%}.col-md-push-11{left:91.66666667%}.col-md-push-10{left:83.33333333%}.col-md-push-9{left:75%}.col-md-push-8{left:66.66666667%}.col-md-push-7{left:58.33333333%}.col-md-push-6{left:50%}.col-md-push-5{left:41.66666667%}.col-md-push-4{left:33.33333333%}.col-md-push-3{left:25%}.col-md-push-2{left:16.66666667%}.col-md-push-1{left:8.33333333%}.col-md-push-0{left:0}.col-md-offset-12{margin-left:100%}.col-md-offset-11{margin-left:91.66666667%}.col-md-offset-10{margin-left:83.33333333%}.col-md-offset-9{margin-left:75%}.col-md-offset-8{margin-left:66.66666667%}.col-md-offset-7{margin-left:58.33333333%}.col-md-offset-6{margin-left:50%}.col-md-offset-5{margin-left:41.66666667%}.col-md-offset-4{margin-left:33.33333333%}.col-md-offset-3{margin-left:25%}.col-md-offset-2{margin-left:16.66666667%}.col-md-offset-1{margin-left:8.33333333%}.col-md-offset-0{margin-left:0}}@media (min-width:1200px){.col-lg-1,.col-lg-2,.col-lg-3,.col-lg-4,.col-lg-5,.col-lg-6,.col-lg-7,.col-lg-8,.col-lg-9,.col-lg-10,.col-lg-11,.col-lg-12{float:left}.col-lg-12{width:100%}.col-lg-11{width:91.66666667%}.col-lg-10{width:83.33333333%}.col-lg-9{width:75%}.col-lg-8{width:66.66666667%}.col-lg-7{width:58.33333333%}.col-lg-6{width:50%}.col-lg-5{width:41.66666667%}.col-lg-4{width:33.33333333%}.col-lg-3{width:25%}.col-lg-2{width:16.66666667%}.col-lg-1{width:8.33333333%}.col-lg-pull-12{right:100%}.col-lg-pull-11{right:91.66666667%}.col-lg-pull-10{right:83.33333333%}.col-lg-pull-9{right:75%}.col-lg-pull-8{right:66.66666667%}.col-lg-pull-7{right:58.33333333%}.col-lg-pull-6{right:50%}.col-lg-pull-5{right:41.66666667%}.col-lg-pull-4{right:33.33333333%}.col-lg-pull-3{right:25%}.col-lg-pull-2{right:16.66666667%}.col-lg-pull-1{right:8.33333333%}.col-lg-pull-0{right:0}.col-lg-push-12{left:100%}.col-lg-push-11{left:91.66666667%}.col-lg-push-10{left:83.33333333%}.col-lg-push-9{left:75%}.col-lg-push-8{left:66.66666667%}.col-lg-push-7{left:58.33333333%}.col-lg-push-6{left:50%}.col-lg-push-5{left:41.66666667%}.col-lg-push-4{left:33.33333333%}.col-lg-push-3{left:25%}.col-lg-push-2{left:16.66666667%}.col-lg-push-1{left:8.33333333%}.col-lg-push-0{left:0}.col-lg-offset-12{margin-left:100%}.col-lg-offset-11{margin-left:91.66666667%}.col-lg-offset-10{margin-left:83.33333333%}.col-lg-offset-9{margin-left:75%}.col-lg-offset-8{margin-left:66.66666667%}.col-lg-offset-7{margin-left:58.33333333%}.col-lg-offset-6{margin-left:50%}.col-lg-offset-5{margin-left:41.66666667%}.col-lg-offset-4{margin-left:33.33333333%}.col-lg-offset-3{margin-left:25%}.col-lg-offset-2{margin-left:16.66666667%}.col-lg-offset-1{margin-left:8.33333333%}.col-lg-offset-0{margin-left:0}}table{max-width:100%;background-color:transparent}th{text-align:left}.table{width:100%;margin-bottom:20px}.table>thead>tr>th,.table>tbody>tr>th,.table>tfoot>tr>th,.table>thead>tr>td,.table>tbody>tr>td,.table>tfoot>tr>td{padding:8px;line-height:1.42857143;vertical-align:top;border-top:1px solid #ddd}.table>thead>tr>th{vertical-align:bottom;border-bottom:2px solid #ddd}.table>caption+thead>tr:first-child>th,.table>colgroup+thead>tr:first-child>th,.table>thead:first-child>tr:first-child>th,.table>caption+thead>tr:first-child>td,.table>colgroup+thead>tr:first-child>td,.table>thead:first-child>tr:first-child>td{border-top:0}.table>tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed>thead>tr>th,.table-condensed>tbody>tr>th,.table-condensed>tfoot>tr>th,.table-condensed>thead>tr>td,.table-condensed>tbody>tr>td,.table-condensed>tfoot>tr>td{padding:5px}.table-bordered{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>tbody>tr>th,.table-bordered>tfoot>tr>th,.table-bordered>thead>tr>td,.table-bordered>tbody>tr>td,.table-bordered>tfoot>tr>td{border:1px solid #ddd}.table-bordered>thead>tr>th,.table-bordered>thead>tr>td{border-bottom-width:2px}.table-striped>tbody>tr:nth-child(odd)>td,.table-striped>tbody>tr:nth-child(odd)>th{background-color:#f9f9f9}.table-hover>tbody>tr:hover>td,.table-hover>tbody>tr:hover>th{background-color:#f5f5f5}table col[class*=col-]{position:static;float:none;display:table-column}table td[class*=col-],table th[class*=col-]{position:static;float:none;display:table-cell}.table>thead>tr>td.active,.table>tbody>tr>td.active,.table>tfoot>tr>td.active,.table>thead>tr>th.active,.table>tbody>tr>th.active,.table>tfoot>tr>th.active,.table>thead>tr.active>td,.table>tbody>tr.active>td,.table>tfoot>tr.active>td,.table>thead>tr.active>th,.table>tbody>tr.active>th,.table>tfoot>tr.active>th{background-color:#f5f5f5}.table-hover>tbody>tr>td.active:hover,.table-hover>tbody>tr>th.active:hover,.table-hover>tbody>tr.active:hover>td,.table-hover>tbody>tr.active:hover>th{background-color:#e8e8e8}.table>thead>tr>td.success,.table>tbody>tr>td.success,.table>tfoot>tr>td.success,.table>thead>tr>th.success,.table>tbody>tr>th.success,.table>tfoot>tr>th.success,.table>thead>tr.success>td,.table>tbody>tr.success>td,.table>tfoot>tr.success>td,.table>thead>tr.success>th,.table>tbody>tr.success>th,.table>tfoot>tr.success>th{background-color:#dff0d8}.table-hover>tbody>tr>td.success:hover,.table-hover>tbody>tr>th.success:hover,.table-hover>tbody>tr.success:hover>td,.table-hover>tbody>tr.success:hover>th{background-color:#d0e9c6}.table>thead>tr>td.info,.table>tbody>tr>td.info,.table>tfoot>tr>td.info,.table>thead>tr>th.info,.table>tbody>tr>th.info,.table>tfoot>tr>th.info,.table>thead>tr.info>td,.table>tbody>tr.info>td,.table>tfoot>tr.info>td,.table>thead>tr.info>th,.table>tbody>tr.info>th,.table>tfoot>tr.info>th{background-color:#d9edf7}.table-hover>tbody>tr>td.info:hover,.table-hover>tbody>tr>th.info:hover,.table-hover>tbody>tr.info:hover>td,.table-hover>tbody>tr.info:hover>th{background-color:#c4e3f3}.table>thead>tr>td.warning,.table>tbody>tr>td.warning,.table>tfoot>tr>td.warning,.table>thead>tr>th.warning,.table>tbody>tr>th.warning,.table>tfoot>tr>th.warning,.table>thead>tr.warning>td,.table>tbody>tr.warning>td,.table>tfoot>tr.warning>td,.table>thead>tr.warning>th,.table>tbody>tr.warning>th,.table>tfoot>tr.warning>th{background-color:#fcf8e3}.table-hover>tbody>tr>td.warning:hover,.table-hover>tbody>tr>th.warning:hover,.table-hover>tbody>tr.warning:hover>td,.table-hover>tbody>tr.warning:hover>th{background-color:#faf2cc}.table>thead>tr>td.danger,.table>tbody>tr>td.danger,.table>tfoot>tr>td.danger,.table>thead>tr>th.danger,.table>tbody>tr>th.danger,.table>tfoot>tr>th.danger,.table>thead>tr.danger>td,.table>tbody>tr.danger>td,.table>tfoot>tr.danger>td,.table>thead>tr.danger>th,.table>tbody>tr.danger>th,.table>tfoot>tr.danger>th{background-color:#f2dede}.table-hover>tbody>tr>td.danger:hover,.table-hover>tbody>tr>th.danger:hover,.table-hover>tbody>tr.danger:hover>td,.table-hover>tbody>tr.danger:hover>th{background-color:#ebcccc}@media (max-width:767px){.table-responsive{width:100%;margin-bottom:15px;overflow-y:hidden;overflow-x:scroll;-ms-overflow-style:-ms-autohiding-scrollbar;border:1px solid #ddd;-webkit-overflow-scrolling:touch}.table-responsive>.table{margin-bottom:0}.table-responsive>.table>thead>tr>th,.table-responsive>.table>tbody>tr>th,.table-responsive>.table>tfoot>tr>th,.table-responsive>.table>thead>tr>td,.table-responsive>.table>tbody>tr>td,.table-responsive>.table>tfoot>tr>td{white-space:nowrap}.table-responsive>.table-bordered{border:0}.table-responsive>.table-bordered>thead>tr>th:first-child,.table-responsive>.table-bordered>tbody>tr>th:first-child,.table-responsive>.table-bordered>tfoot>tr>th:first-child,.table-responsive>.table-bordered>thead>tr>td:first-child,.table-responsive>.table-bordered>tbody>tr>td:first-child,.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.table-responsive>.table-bordered>thead>tr>th:last-child,.table-responsive>.table-bordered>tbody>tr>th:last-child,.table-responsive>.table-bordered>tfoot>tr>th:last-child,.table-responsive>.table-bordered>thead>tr>td:last-child,.table-responsive>.table-bordered>tbody>tr>td:last-child,.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.table-responsive>.table-bordered>tbody>tr:last-child>th,.table-responsive>.table-bordered>tfoot>tr:last-child>th,.table-responsive>.table-bordered>tbody>tr:last-child>td,.table-responsive>.table-bordered>tfoot>tr:last-child>td{border-bottom:0}}fieldset{padding:0;margin:0;border:0;min-width:0}legend{display:block;width:100%;padding:0;margin-bottom:20px;font-size:21px;line-height:inherit;color:#333;border:0;border-bottom:1px solid #e5e5e5}label{display:inline-block;margin-bottom:5px;font-weight:700}input[type=search]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type=radio],input[type=checkbox]{margin:4px 0 0;margin-top:1px \9;line-height:normal}input[type=file]{display:block}input[type=range]{display:block;width:100%}select[multiple],select[size]{height:auto}input[type=file]:focus,input[type=radio]:focus,input[type=checkbox]:focus{outline:thin dotted;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}output{display:block;padding-top:7px;font-size:14px;line-height:1.42857143;color:#555}.form-control{display:block;width:100%;height:34px;padding:6px 12px;font-size:14px;line-height:1.42857143;color:#555;background-color:#fff;background-image:none;border:1px solid #ccc;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075);-webkit-transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s;transition:border-color ease-in-out .15s,box-shadow ease-in-out .15s}.form-control:focus{border-color:#66afe9;outline:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 8px rgba(102,175,233,.6);box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 8px rgba(102,175,233,.6)}.form-control::-moz-placeholder{color:#999;opacity:1}.form-control:-ms-input-placeholder{color:#999}.form-control::-webkit-input-placeholder{color:#999}.form-control[disabled],.form-control[readonly],fieldset[disabled] .form-control{cursor:not-allowed;background-color:#eee;opacity:1}textarea.form-control{height:auto}input[type=search]{-webkit-appearance:none}input[type=date]{line-height:34px}.form-group{margin-bottom:15px}.radio,.checkbox{display:block;min-height:20px;margin-top:10px;margin-bottom:10px;padding-left:20px}.radio label,.checkbox label{display:inline;font-weight:400;cursor:pointer}.radio input[type=radio],.radio-inline input[type=radio],.checkbox input[type=checkbox],.checkbox-inline input[type=checkbox]{float:left;margin-left:-20px}.radio+.radio,.checkbox+.checkbox{margin-top:-5px}.radio-inline,.checkbox-inline{display:inline-block;padding-left:20px;margin-bottom:0;vertical-align:middle;font-weight:400;cursor:pointer}.radio-inline+.radio-inline,.checkbox-inline+.checkbox-inline{margin-top:0;margin-left:10px}input[type=radio][disabled],input[type=checkbox][disabled],.radio[disabled],.radio-inline[disabled],.checkbox[disabled],.checkbox-inline[disabled],fieldset[disabled] input[type=radio],fieldset[disabled] input[type=checkbox],fieldset[disabled] .radio,fieldset[disabled] .radio-inline,fieldset[disabled] .checkbox,fieldset[disabled] .checkbox-inline{cursor:not-allowed}.input-sm{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-sm{height:30px;line-height:30px}textarea.input-sm,select[multiple].input-sm{height:auto}.input-lg{height:46px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-lg{height:46px;line-height:46px}textarea.input-lg,select[multiple].input-lg{height:auto}.has-feedback{position:relative}.has-feedback .form-control{padding-right:42.5px}.has-feedback .form-control-feedback{position:absolute;top:25px;right:0;display:block;width:34px;height:34px;line-height:34px;text-align:center}.has-success .help-block,.has-success .control-label,.has-success .radio,.has-success .checkbox,.has-success .radio-inline,.has-success .checkbox-inline{color:#3c763d}.has-success .form-control{border-color:#3c763d;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-success .form-control:focus{border-color:#2b542c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #67b168;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #67b168}.has-success .input-group-addon{color:#3c763d;border-color:#3c763d;background-color:#dff0d8}.has-success .form-control-feedback{color:#3c763d}.has-warning .help-block,.has-warning .control-label,.has-warning .radio,.has-warning .checkbox,.has-warning .radio-inline,.has-warning .checkbox-inline{color:#8a6d3b}.has-warning .form-control{border-color:#8a6d3b;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-warning .form-control:focus{border-color:#66512c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #c0a16b;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #c0a16b}.has-warning .input-group-addon{color:#8a6d3b;border-color:#8a6d3b;background-color:#fcf8e3}.has-warning .form-control-feedback{color:#8a6d3b}.has-error .help-block,.has-error .control-label,.has-error .radio,.has-error .checkbox,.has-error .radio-inline,.has-error .checkbox-inline{color:#a94442}.has-error .form-control{border-color:#a94442;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075);box-shadow:inset 0 1px 1px rgba(0,0,0,.075)}.has-error .form-control:focus{border-color:#843534;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #ce8483;box-shadow:inset 0 1px 1px rgba(0,0,0,.075),0 0 6px #ce8483}.has-error .input-group-addon{color:#a94442;border-color:#a94442;background-color:#f2dede}.has-error .form-control-feedback{color:#a94442}.form-control-static{margin-bottom:0}.help-block{display:block;margin-top:5px;margin-bottom:10px;color:#737373}@media (min-width:768px){.form-inline .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.form-inline .form-control{display:inline-block;width:auto;vertical-align:middle}.form-inline .input-group>.form-control{width:100%}.form-inline .control-label{margin-bottom:0;vertical-align:middle}.form-inline .radio,.form-inline .checkbox{display:inline-block;margin-top:0;margin-bottom:0;padding-left:0;vertical-align:middle}.form-inline .radio input[type=radio],.form-inline .checkbox input[type=checkbox]{float:none;margin-left:0}.form-inline .has-feedback .form-control-feedback{top:0}}.form-horizontal .control-label,.form-horizontal .radio,.form-horizontal .checkbox,.form-horizontal .radio-inline,.form-horizontal .checkbox-inline{margin-top:0;margin-bottom:0;padding-top:7px}.form-horizontal .radio,.form-horizontal .checkbox{min-height:27px}.form-horizontal .form-group{margin-left:-15px;margin-right:-15px}.form-horizontal .form-control-static{padding-top:7px}@media (min-width:768px){.form-horizontal .control-label{text-align:right}}.form-horizontal .has-feedback .form-control-feedback{top:0;right:15px}.btn{display:inline-block;margin-bottom:0;font-weight:400;text-align:center;vertical-align:middle;cursor:pointer;background-image:none;border:1px solid transparent;white-space:nowrap;padding:6px 12px;font-size:14px;line-height:1.42857143;border-radius:4px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.btn:focus,.btn:active:focus,.btn.active:focus{outline:thin dotted;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn:hover,.btn:focus{color:#333;text-decoration:none}.btn:active,.btn.active{outline:0;background-image:none;-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125)}.btn.disabled,.btn[disabled],fieldset[disabled] .btn{cursor:not-allowed;pointer-events:none;opacity:.65;filter:alpha(opacity=65);-webkit-box-shadow:none;box-shadow:none}.btn-default{color:#333;background-color:#fff;border-color:#ccc}.btn-default:hover,.btn-default:focus,.btn-default:active,.btn-default.active,.open .dropdown-toggle.btn-default{color:#333;background-color:#ebebeb;border-color:#adadad}.btn-default:active,.btn-default.active,.open .dropdown-toggle.btn-default{background-image:none}.btn-default.disabled,.btn-default[disabled],fieldset[disabled] .btn-default,.btn-default.disabled:hover,.btn-default[disabled]:hover,fieldset[disabled] .btn-default:hover,.btn-default.disabled:focus,.btn-default[disabled]:focus,fieldset[disabled] .btn-default:focus,.btn-default.disabled:active,.btn-default[disabled]:active,fieldset[disabled] .btn-default:active,.btn-default.disabled.active,.btn-default[disabled].active,fieldset[disabled] .btn-default.active{background-color:#fff;border-color:#ccc}.btn-default .badge{color:#fff;background-color:#333}.btn-primary{color:#fff;background-color:#428bca;border-color:#357ebd}.btn-primary:hover,.btn-primary:focus,.btn-primary:active,.btn-primary.active,.open .dropdown-toggle.btn-primary{color:#fff;background-color:#3276b1;border-color:#285e8e}.btn-primary:active,.btn-primary.active,.open .dropdown-toggle.btn-primary{background-image:none}.btn-primary.disabled,.btn-primary[disabled],fieldset[disabled] .btn-primary,.btn-primary.disabled:hover,.btn-primary[disabled]:hover,fieldset[disabled] .btn-primary:hover,.btn-primary.disabled:focus,.btn-primary[disabled]:focus,fieldset[disabled] .btn-primary:focus,.btn-primary.disabled:active,.btn-primary[disabled]:active,fieldset[disabled] .btn-primary:active,.btn-primary.disabled.active,.btn-primary[disabled].active,fieldset[disabled] .btn-primary.active{background-color:#428bca;border-color:#357ebd}.btn-primary .badge{color:#428bca;background-color:#fff}.btn-success{color:#fff;background-color:#5cb85c;border-color:#4cae4c}.btn-success:hover,.btn-success:focus,.btn-success:active,.btn-success.active,.open .dropdown-toggle.btn-success{color:#fff;background-color:#47a447;border-color:#398439}.btn-success:active,.btn-success.active,.open .dropdown-toggle.btn-success{background-image:none}.btn-success.disabled,.btn-success[disabled],fieldset[disabled] .btn-success,.btn-success.disabled:hover,.btn-success[disabled]:hover,fieldset[disabled] .btn-success:hover,.btn-success.disabled:focus,.btn-success[disabled]:focus,fieldset[disabled] .btn-success:focus,.btn-success.disabled:active,.btn-success[disabled]:active,fieldset[disabled] .btn-success:active,.btn-success.disabled.active,.btn-success[disabled].active,fieldset[disabled] .btn-success.active{background-color:#5cb85c;border-color:#4cae4c}.btn-success .badge{color:#5cb85c;background-color:#fff}.btn-info{color:#fff;background-color:#5bc0de;border-color:#46b8da}.btn-info:hover,.btn-info:focus,.btn-info:active,.btn-info.active,.open .dropdown-toggle.btn-info{color:#fff;background-color:#39b3d7;border-color:#269abc}.btn-info:active,.btn-info.active,.open .dropdown-toggle.btn-info{background-image:none}.btn-info.disabled,.btn-info[disabled],fieldset[disabled] .btn-info,.btn-info.disabled:hover,.btn-info[disabled]:hover,fieldset[disabled] .btn-info:hover,.btn-info.disabled:focus,.btn-info[disabled]:focus,fieldset[disabled] .btn-info:focus,.btn-info.disabled:active,.btn-info[disabled]:active,fieldset[disabled] .btn-info:active,.btn-info.disabled.active,.btn-info[disabled].active,fieldset[disabled] .btn-info.active{background-color:#5bc0de;border-color:#46b8da}.btn-info .badge{color:#5bc0de;background-color:#fff}.btn-warning{color:#fff;background-color:#f0ad4e;border-color:#eea236}.btn-warning:hover,.btn-warning:focus,.btn-warning:active,.btn-warning.active,.open .dropdown-toggle.btn-warning{color:#fff;background-color:#ed9c28;border-color:#d58512}.btn-warning:active,.btn-warning.active,.open .dropdown-toggle.btn-warning{background-image:none}.btn-warning.disabled,.btn-warning[disabled],fieldset[disabled] .btn-warning,.btn-warning.disabled:hover,.btn-warning[disabled]:hover,fieldset[disabled] .btn-warning:hover,.btn-warning.disabled:focus,.btn-warning[disabled]:focus,fieldset[disabled] .btn-warning:focus,.btn-warning.disabled:active,.btn-warning[disabled]:active,fieldset[disabled] .btn-warning:active,.btn-warning.disabled.active,.btn-warning[disabled].active,fieldset[disabled] .btn-warning.active{background-color:#f0ad4e;border-color:#eea236}.btn-warning .badge{color:#f0ad4e;background-color:#fff}.btn-danger{color:#fff;background-color:#d9534f;border-color:#d43f3a}.btn-danger:hover,.btn-danger:focus,.btn-danger:active,.btn-danger.active,.open .dropdown-toggle.btn-danger{color:#fff;background-color:#d2322d;border-color:#ac2925}.btn-danger:active,.btn-danger.active,.open .dropdown-toggle.btn-danger{background-image:none}.btn-danger.disabled,.btn-danger[disabled],fieldset[disabled] .btn-danger,.btn-danger.disabled:hover,.btn-danger[disabled]:hover,fieldset[disabled] .btn-danger:hover,.btn-danger.disabled:focus,.btn-danger[disabled]:focus,fieldset[disabled] .btn-danger:focus,.btn-danger.disabled:active,.btn-danger[disabled]:active,fieldset[disabled] .btn-danger:active,.btn-danger.disabled.active,.btn-danger[disabled].active,fieldset[disabled] .btn-danger.active{background-color:#d9534f;border-color:#d43f3a}.btn-danger .badge{color:#d9534f;background-color:#fff}.btn-link{color:#428bca;font-weight:400;cursor:pointer;border-radius:0}.btn-link,.btn-link:active,.btn-link[disabled],fieldset[disabled] .btn-link{background-color:transparent;-webkit-box-shadow:none;box-shadow:none}.btn-link,.btn-link:hover,.btn-link:focus,.btn-link:active{border-color:transparent}.btn-link:hover,.btn-link:focus{color:#2a6496;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,fieldset[disabled] .btn-link:hover,.btn-link[disabled]:focus,fieldset[disabled] .btn-link:focus{color:#999;text-decoration:none}.btn-lg,.btn-group-lg>.btn{padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}.btn-sm,.btn-group-sm>.btn{padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}.btn-xs,.btn-group-xs>.btn{padding:1px 5px;font-size:12px;line-height:1.5;border-radius:3px}.btn-block{display:block;width:100%;padding-left:0;padding-right:0}.btn-block+.btn-block{margin-top:5px}input[type=submit].btn-block,input[type=reset].btn-block,input[type=button].btn-block{width:100%}.fade{opacity:0;-webkit-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{display:none}.collapse.in{display:block}.collapsing{position:relative;height:0;overflow:hidden;-webkit-transition:height .35s ease;transition:height .35s ease}@font-face{font-family:'Glyphicons Halflings';src:url(../fonts/glyphicons-halflings-regular.eot);src:url(../fonts/glyphicons-halflings-regular.eot?#iefix) format('embedded-opentype'),url(../fonts/glyphicons-halflings-regular.woff) format('woff'),url(../fonts/glyphicons-halflings-regular.ttf) format('truetype'),url(../fonts/glyphicons-halflings-regular.svg#glyphicons_halflingsregular) format('svg')}.glyphicon{position:relative;top:1px;display:inline-block;font-family:'Glyphicons Halflings';font-style:normal;font-weight:400;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.glyphicon-asterisk:before{content:"\2a"}.glyphicon-plus:before{content:"\2b"}.glyphicon-euro:before{content:"\20ac"}.glyphicon-minus:before{content:"\2212"}.glyphicon-cloud:before{content:"\2601"}.glyphicon-envelope:before{content:"\2709"}.glyphicon-pencil:before{content:"\270f"}.glyphicon-glass:before{content:"\e001"}.glyphicon-music:before{content:"\e002"}.glyphicon-search:before{content:"\e003"}.glyphicon-heart:before{content:"\e005"}.glyphicon-star:before{content:"\e006"}.glyphicon-star-empty:before{content:"\e007"}.glyphicon-user:before{content:"\e008"}.glyphicon-film:before{content:"\e009"}.glyphicon-th-large:before{content:"\e010"}.glyphicon-th:before{content:"\e011"}.glyphicon-th-list:before{content:"\e012"}.glyphicon-ok:before{content:"\e013"}.glyphicon-remove:before{content:"\e014"}.glyphicon-zoom-in:before{content:"\e015"}.glyphicon-zoom-out:before{content:"\e016"}.glyphicon-off:before{content:"\e017"}.glyphicon-signal:before{content:"\e018"}.glyphicon-cog:before{content:"\e019"}.glyphicon-trash:before{content:"\e020"}.glyphicon-home:before{content:"\e021"}.glyphicon-file:before{content:"\e022"}.glyphicon-time:before{content:"\e023"}.glyphicon-road:before{content:"\e024"}.glyphicon-download-alt:before{content:"\e025"}.glyphicon-download:before{content:"\e026"}.glyphicon-upload:before{content:"\e027"}.glyphicon-inbox:before{content:"\e028"}.glyphicon-play-circle:before{content:"\e029"}.glyphicon-repeat:before{content:"\e030"}.glyphicon-refresh:before{content:"\e031"}.glyphicon-list-alt:before{content:"\e032"}.glyphicon-lock:before{content:"\e033"}.glyphicon-flag:before{content:"\e034"}.glyphicon-headphones:before{content:"\e035"}.glyphicon-volume-off:before{content:"\e036"}.glyphicon-volume-down:before{content:"\e037"}.glyphicon-volume-up:before{content:"\e038"}.glyphicon-qrcode:before{content:"\e039"}.glyphicon-barcode:before{content:"\e040"}.glyphicon-tag:before{content:"\e041"}.glyphicon-tags:before{content:"\e042"}.glyphicon-book:before{content:"\e043"}.glyphicon-bookmark:before{content:"\e044"}.glyphicon-print:before{content:"\e045"}.glyphicon-camera:before{content:"\e046"}.glyphicon-font:before{content:"\e047"}.glyphicon-bold:before{content:"\e048"}.glyphicon-italic:before{content:"\e049"}.glyphicon-text-height:before{content:"\e050"}.glyphicon-text-width:before{content:"\e051"}.glyphicon-align-left:before{content:"\e052"}.glyphicon-align-center:before{content:"\e053"}.glyphicon-align-right:before{content:"\e054"}.glyphicon-align-justify:before{content:"\e055"}.glyphicon-list:before{content:"\e056"}.glyphicon-indent-left:before{content:"\e057"}.glyphicon-indent-right:before{content:"\e058"}.glyphicon-facetime-video:before{content:"\e059"}.glyphicon-picture:before{content:"\e060"}.glyphicon-map-marker:before{content:"\e062"}.glyphicon-adjust:before{content:"\e063"}.glyphicon-tint:before{content:"\e064"}.glyphicon-edit:before{content:"\e065"}.glyphicon-share:before{content:"\e066"}.glyphicon-check:before{content:"\e067"}.glyphicon-move:before{content:"\e068"}.glyphicon-step-backward:before{content:"\e069"}.glyphicon-fast-backward:before{content:"\e070"}.glyphicon-backward:before{content:"\e071"}.glyphicon-play:before{content:"\e072"}.glyphicon-pause:before{content:"\e073"}.glyphicon-stop:before{content:"\e074"}.glyphicon-forward:before{content:"\e075"}.glyphicon-fast-forward:before{content:"\e076"}.glyphicon-step-forward:before{content:"\e077"}.glyphicon-eject:before{content:"\e078"}.glyphicon-chevron-left:before{content:"\e079"}.glyphicon-chevron-right:before{content:"\e080"}.glyphicon-plus-sign:before{content:"\e081"}.glyphicon-minus-sign:before{content:"\e082"}.glyphicon-remove-sign:before{content:"\e083"}.glyphicon-ok-sign:before{content:"\e084"}.glyphicon-question-sign:before{content:"\e085"}.glyphicon-info-sign:before{content:"\e086"}.glyphicon-screenshot:before{content:"\e087"}.glyphicon-remove-circle:before{content:"\e088"}.glyphicon-ok-circle:before{content:"\e089"}.glyphicon-ban-circle:before{content:"\e090"}.glyphicon-arrow-left:before{content:"\e091"}.glyphicon-arrow-right:before{content:"\e092"}.glyphicon-arrow-up:before{content:"\e093"}.glyphicon-arrow-down:before{content:"\e094"}.glyphicon-share-alt:before{content:"\e095"}.glyphicon-resize-full:before{content:"\e096"}.glyphicon-resize-small:before{content:"\e097"}.glyphicon-exclamation-sign:before{content:"\e101"}.glyphicon-gift:before{content:"\e102"}.glyphicon-leaf:before{content:"\e103"}.glyphicon-fire:before{content:"\e104"}.glyphicon-eye-open:before{content:"\e105"}.glyphicon-eye-close:before{content:"\e106"}.glyphicon-warning-sign:before{content:"\e107"}.glyphicon-plane:before{content:"\e108"}.glyphicon-calendar:before{content:"\e109"}.glyphicon-random:before{content:"\e110"}.glyphicon-comment:before{content:"\e111"}.glyphicon-magnet:before{content:"\e112"}.glyphicon-chevron-up:before{content:"\e113"}.glyphicon-chevron-down:before{content:"\e114"}.glyphicon-retweet:before{content:"\e115"}.glyphicon-shopping-cart:before{content:"\e116"}.glyphicon-folder-close:before{content:"\e117"}.glyphicon-folder-open:before{content:"\e118"}.glyphicon-resize-vertical:before{content:"\e119"}.glyphicon-resize-horizontal:before{content:"\e120"}.glyphicon-hdd:before{content:"\e121"}.glyphicon-bullhorn:before{content:"\e122"}.glyphicon-bell:before{content:"\e123"}.glyphicon-certificate:before{content:"\e124"}.glyphicon-thumbs-up:before{content:"\e125"}.glyphicon-thumbs-down:before{content:"\e126"}.glyphicon-hand-right:before{content:"\e127"}.glyphicon-hand-left:before{content:"\e128"}.glyphicon-hand-up:before{content:"\e129"}.glyphicon-hand-down:before{content:"\e130"}.glyphicon-circle-arrow-right:before{content:"\e131"}.glyphicon-circle-arrow-left:before{content:"\e132"}.glyphicon-circle-arrow-up:before{content:"\e133"}.glyphicon-circle-arrow-down:before{content:"\e134"}.glyphicon-globe:before{content:"\e135"}.glyphicon-wrench:before{content:"\e136"}.glyphicon-tasks:before{content:"\e137"}.glyphicon-filter:before{content:"\e138"}.glyphicon-briefcase:before{content:"\e139"}.glyphicon-fullscreen:before{content:"\e140"}.glyphicon-dashboard:before{content:"\e141"}.glyphicon-paperclip:before{content:"\e142"}.glyphicon-heart-empty:before{content:"\e143"}.glyphicon-link:before{content:"\e144"}.glyphicon-phone:before{content:"\e145"}.glyphicon-pushpin:before{content:"\e146"}.glyphicon-usd:before{content:"\e148"}.glyphicon-gbp:before{content:"\e149"}.glyphicon-sort:before{content:"\e150"}.glyphicon-sort-by-alphabet:before{content:"\e151"}.glyphicon-sort-by-alphabet-alt:before{content:"\e152"}.glyphicon-sort-by-order:before{content:"\e153"}.glyphicon-sort-by-order-alt:before{content:"\e154"}.glyphicon-sort-by-attributes:before{content:"\e155"}.glyphicon-sort-by-attributes-alt:before{content:"\e156"}.glyphicon-unchecked:before{content:"\e157"}.glyphicon-expand:before{content:"\e158"}.glyphicon-collapse-down:before{content:"\e159"}.glyphicon-collapse-up:before{content:"\e160"}.glyphicon-log-in:before{content:"\e161"}.glyphicon-flash:before{content:"\e162"}.glyphicon-log-out:before{content:"\e163"}.glyphicon-new-window:before{content:"\e164"}.glyphicon-record:before{content:"\e165"}.glyphicon-save:before{content:"\e166"}.glyphicon-open:before{content:"\e167"}.glyphicon-saved:before{content:"\e168"}.glyphicon-import:before{content:"\e169"}.glyphicon-export:before{content:"\e170"}.glyphicon-send:before{content:"\e171"}.glyphicon-floppy-disk:before{content:"\e172"}.glyphicon-floppy-saved:before{content:"\e173"}.glyphicon-floppy-remove:before{content:"\e174"}.glyphicon-floppy-save:before{content:"\e175"}.glyphicon-floppy-open:before{content:"\e176"}.glyphicon-credit-card:before{content:"\e177"}.glyphicon-transfer:before{content:"\e178"}.glyphicon-cutlery:before{content:"\e179"}.glyphicon-header:before{content:"\e180"}.glyphicon-compressed:before{content:"\e181"}.glyphicon-earphone:before{content:"\e182"}.glyphicon-phone-alt:before{content:"\e183"}.glyphicon-tower:before{content:"\e184"}.glyphicon-stats:before{content:"\e185"}.glyphicon-sd-video:before{content:"\e186"}.glyphicon-hd-video:before{content:"\e187"}.glyphicon-subtitles:before{content:"\e188"}.glyphicon-sound-stereo:before{content:"\e189"}.glyphicon-sound-dolby:before{content:"\e190"}.glyphicon-sound-5-1:before{content:"\e191"}.glyphicon-sound-6-1:before{content:"\e192"}.glyphicon-sound-7-1:before{content:"\e193"}.glyphicon-copyright-mark:before{content:"\e194"}.glyphicon-registration-mark:before{content:"\e195"}.glyphicon-cloud-download:before{content:"\e197"}.glyphicon-cloud-upload:before{content:"\e198"}.glyphicon-tree-conifer:before{content:"\e199"}.glyphicon-tree-deciduous:before{content:"\e200"}.caret{display:inline-block;width:0;height:0;margin-left:2px;vertical-align:middle;border-top:4px solid;border-right:4px solid transparent;border-left:4px solid transparent}.dropdown{position:relative}.dropdown-toggle:focus{outline:0}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;list-style:none;font-size:14px;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,.15);border-radius:4px;-webkit-box-shadow:0 6px 12px rgba(0,0,0,.175);box-shadow:0 6px 12px rgba(0,0,0,.175);background-clip:padding-box}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.dropdown-menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:400;line-height:1.42857143;color:#333;white-space:nowrap}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus{text-decoration:none;color:#262626;background-color:#f5f5f5}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{color:#fff;text-decoration:none;outline:0;background-color:#428bca}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{color:#999}.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{text-decoration:none;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);cursor:not-allowed}.open>.dropdown-menu{display:block}.open>a{outline:0}.dropdown-menu-right{left:auto;right:0}.dropdown-menu-left{left:0;right:auto}.dropdown-header{display:block;padding:3px 20px;font-size:12px;line-height:1.42857143;color:#999}.dropdown-backdrop{position:fixed;left:0;right:0;bottom:0;top:0;z-index:990}.pull-right>.dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{border-top:0;border-bottom:4px solid;content:""}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:1px}@media (min-width:768px){.navbar-right .dropdown-menu{left:auto;right:0}.navbar-right .dropdown-menu-left{left:0;right:auto}}.btn-group,.btn-group-vertical{position:relative;display:inline-block;vertical-align:middle}.btn-group>.btn,.btn-group-vertical>.btn{position:relative;float:left}.btn-group>.btn:hover,.btn-group-vertical>.btn:hover,.btn-group>.btn:focus,.btn-group-vertical>.btn:focus,.btn-group>.btn:active,.btn-group-vertical>.btn:active,.btn-group>.btn.active,.btn-group-vertical>.btn.active{z-index:2}.btn-group>.btn:focus,.btn-group-vertical>.btn:focus{outline:0}.btn-group .btn+.btn,.btn-group .btn+.btn-group,.btn-group .btn-group+.btn,.btn-group .btn-group+.btn-group{margin-left:-1px}.btn-toolbar{margin-left:-5px}.btn-toolbar .btn-group,.btn-toolbar .input-group{float:left}.btn-toolbar>.btn,.btn-toolbar>.btn-group,.btn-toolbar>.input-group{margin-left:5px}.btn-group>.btn:not(:first-child):not(:last-child):not(.dropdown-toggle){border-radius:0}.btn-group>.btn:first-child{margin-left:0}.btn-group>.btn:first-child:not(:last-child):not(.dropdown-toggle){border-bottom-right-radius:0;border-top-right-radius:0}.btn-group>.btn:last-child:not(:first-child),.btn-group>.dropdown-toggle:not(:first-child){border-bottom-left-radius:0;border-top-left-radius:0}.btn-group>.btn-group{float:left}.btn-group>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group>.btn-group:first-child>.btn:last-child,.btn-group>.btn-group:first-child>.dropdown-toggle{border-bottom-right-radius:0;border-top-right-radius:0}.btn-group>.btn-group:last-child>.btn:first-child{border-bottom-left-radius:0;border-top-left-radius:0}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.btn+.dropdown-toggle{padding-left:8px;padding-right:8px}.btn-group>.btn-lg+.dropdown-toggle{padding-left:12px;padding-right:12px}.btn-group.open .dropdown-toggle{-webkit-box-shadow:inset 0 3px 5px rgba(0,0,0,.125);box-shadow:inset 0 3px 5px rgba(0,0,0,.125)}.btn-group.open .dropdown-toggle.btn-link{-webkit-box-shadow:none;box-shadow:none}.btn .caret{margin-left:0}.btn-lg .caret{border-width:5px 5px 0;border-bottom-width:0}.dropup .btn-lg .caret{border-width:0 5px 5px}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group,.btn-group-vertical>.btn-group>.btn{display:block;float:none;width:100%;max-width:100%}.btn-group-vertical>.btn-group>.btn{float:none}.btn-group-vertical>.btn+.btn,.btn-group-vertical>.btn+.btn-group,.btn-group-vertical>.btn-group+.btn,.btn-group-vertical>.btn-group+.btn-group{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:not(:first-child):not(:last-child){border-radius:0}.btn-group-vertical>.btn:first-child:not(:last-child){border-top-right-radius:4px;border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn:last-child:not(:first-child){border-bottom-left-radius:4px;border-top-right-radius:0;border-top-left-radius:0}.btn-group-vertical>.btn-group:not(:first-child):not(:last-child)>.btn{border-radius:0}.btn-group-vertical>.btn-group:first-child:not(:last-child)>.btn:last-child,.btn-group-vertical>.btn-group:first-child:not(:last-child)>.dropdown-toggle{border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:last-child:not(:first-child)>.btn:first-child{border-top-right-radius:0;border-top-left-radius:0}.btn-group-justified{display:table;width:100%;table-layout:fixed;border-collapse:separate}.btn-group-justified>.btn,.btn-group-justified>.btn-group{float:none;display:table-cell;width:1%}.btn-group-justified>.btn-group .btn{width:100%}[data-toggle=buttons]>.btn>input[type=radio],[data-toggle=buttons]>.btn>input[type=checkbox]{display:none}.input-group{position:relative;display:table;border-collapse:separate}.input-group[class*=col-]{float:none;padding-left:0;padding-right:0}.input-group .form-control{position:relative;z-index:2;float:left;width:100%;margin-bottom:0}.input-group-lg>.form-control,.input-group-lg>.input-group-addon,.input-group-lg>.input-group-btn>.btn{height:46px;padding:10px 16px;font-size:18px;line-height:1.33;border-radius:6px}select.input-group-lg>.form-control,select.input-group-lg>.input-group-addon,select.input-group-lg>.input-group-btn>.btn{height:46px;line-height:46px}textarea.input-group-lg>.form-control,textarea.input-group-lg>.input-group-addon,textarea.input-group-lg>.input-group-btn>.btn,select[multiple].input-group-lg>.form-control,select[multiple].input-group-lg>.input-group-addon,select[multiple].input-group-lg>.input-group-btn>.btn{height:auto}.input-group-sm>.form-control,.input-group-sm>.input-group-addon,.input-group-sm>.input-group-btn>.btn{height:30px;padding:5px 10px;font-size:12px;line-height:1.5;border-radius:3px}select.input-group-sm>.form-control,select.input-group-sm>.input-group-addon,select.input-group-sm>.input-group-btn>.btn{height:30px;line-height:30px}textarea.input-group-sm>.form-control,textarea.input-group-sm>.input-group-addon,textarea.input-group-sm>.input-group-btn>.btn,select[multiple].input-group-sm>.form-control,select[multiple].input-group-sm>.input-group-addon,select[multiple].input-group-sm>.input-group-btn>.btn{height:auto}.input-group-addon,.input-group-btn,.input-group .form-control{display:table-cell}.input-group-addon:not(:first-child):not(:last-child),.input-group-btn:not(:first-child):not(:last-child),.input-group .form-control:not(:first-child):not(:last-child){border-radius:0}.input-group-addon,.input-group-btn{width:1%;white-space:nowrap;vertical-align:middle}.input-group-addon{padding:6px 12px;font-size:14px;font-weight:400;line-height:1;color:#555;text-align:center;background-color:#eee;border:1px solid #ccc;border-radius:4px}.input-group-addon.input-sm{padding:5px 10px;font-size:12px;border-radius:3px}.input-group-addon.input-lg{padding:10px 16px;font-size:18px;border-radius:6px}.input-group-addon input[type=radio],.input-group-addon input[type=checkbox]{margin-top:0}.input-group .form-control:first-child,.input-group-addon:first-child,.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group>.btn,.input-group-btn:first-child>.dropdown-toggle,.input-group-btn:last-child>.btn:not(:last-child):not(.dropdown-toggle),.input-group-btn:last-child>.btn-group:not(:last-child)>.btn{border-bottom-right-radius:0;border-top-right-radius:0}.input-group-addon:first-child{border-right:0}.input-group .form-control:last-child,.input-group-addon:last-child,.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group>.btn,.input-group-btn:last-child>.dropdown-toggle,.input-group-btn:first-child>.btn:not(:first-child),.input-group-btn:first-child>.btn-group:not(:first-child)>.btn{border-bottom-left-radius:0;border-top-left-radius:0}.input-group-addon:last-child{border-left:0}.input-group-btn{position:relative;font-size:0;white-space:nowrap}.input-group-btn>.btn{position:relative}.input-group-btn>.btn+.btn{margin-left:-1px}.input-group-btn>.btn:hover,.input-group-btn>.btn:focus,.input-group-btn>.btn:active{z-index:2}.input-group-btn:first-child>.btn,.input-group-btn:first-child>.btn-group{margin-right:-1px}.input-group-btn:last-child>.btn,.input-group-btn:last-child>.btn-group{margin-left:-1px}.nav{margin-bottom:0;padding-left:0;list-style:none}.nav>li{position:relative;display:block}.nav>li>a{position:relative;display:block;padding:10px 15px}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li.disabled>a{color:#999}.nav>li.disabled>a:hover,.nav>li.disabled>a:focus{color:#999;text-decoration:none;background-color:transparent;cursor:not-allowed}.nav .open>a,.nav .open>a:hover,.nav .open>a:focus{background-color:#eee;border-color:#428bca}.nav .nav-divider{height:1px;margin:9px 0;overflow:hidden;background-color:#e5e5e5}.nav>li>a>img{max-width:none}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{float:left;margin-bottom:-1px}.nav-tabs>li>a{margin-right:2px;line-height:1.42857143;border:1px solid transparent;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover{border-color:#eee #eee #ddd}.nav-tabs>li.active>a,.nav-tabs>li.active>a:hover,.nav-tabs>li.active>a:focus{color:#555;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent;cursor:default}.nav-tabs.nav-justified{width:100%;border-bottom:0}.nav-tabs.nav-justified>li{float:none}.nav-tabs.nav-justified>li>a{text-align:center;margin-bottom:5px}.nav-tabs.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-tabs.nav-justified>li{display:table-cell;width:1%}.nav-tabs.nav-justified>li>a{margin-bottom:0}}.nav-tabs.nav-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs.nav-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs.nav-justified>.active>a,.nav-tabs.nav-justified>.active>a:hover,.nav-tabs.nav-justified>.active>a:focus{border-bottom-color:#fff}}.nav-pills>li{float:left}.nav-pills>li>a{border-radius:4px}.nav-pills>li+li{margin-left:2px}.nav-pills>li.active>a,.nav-pills>li.active>a:hover,.nav-pills>li.active>a:focus{color:#fff;background-color:#428bca}.nav-stacked>li{float:none}.nav-stacked>li+li{margin-top:2px;margin-left:0}.nav-justified{width:100%}.nav-justified>li{float:none}.nav-justified>li>a{text-align:center;margin-bottom:5px}.nav-justified>.dropdown .dropdown-menu{top:auto;left:auto}@media (min-width:768px){.nav-justified>li{display:table-cell;width:1%}.nav-justified>li>a{margin-bottom:0}}.nav-tabs-justified{border-bottom:0}.nav-tabs-justified>li>a{margin-right:0;border-radius:4px}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border:1px solid #ddd}@media (min-width:768px){.nav-tabs-justified>li>a{border-bottom:1px solid #ddd;border-radius:4px 4px 0 0}.nav-tabs-justified>.active>a,.nav-tabs-justified>.active>a:hover,.nav-tabs-justified>.active>a:focus{border-bottom-color:#fff}}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.nav-tabs .dropdown-menu{margin-top:-1px;border-top-right-radius:0;border-top-left-radius:0}.navbar{position:relative;min-height:50px;margin-bottom:20px;border:1px solid transparent}@media (min-width:768px){.navbar{border-radius:4px}}@media (min-width:768px){.navbar-header{float:left}}.navbar-collapse{max-height:340px;overflow-x:visible;padding-right:15px;padding-left:15px;border-top:1px solid transparent;box-shadow:inset 0 1px 0 rgba(255,255,255,.1);-webkit-overflow-scrolling:touch}.navbar-collapse.in{overflow-y:auto}@media (min-width:768px){.navbar-collapse{width:auto;border-top:0;box-shadow:none}.navbar-collapse.collapse{display:block!important;height:auto!important;padding-bottom:0;overflow:visible!important}.navbar-collapse.in{overflow-y:visible}.navbar-fixed-top .navbar-collapse,.navbar-static-top .navbar-collapse,.navbar-fixed-bottom .navbar-collapse{padding-left:0;padding-right:0}}.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:-15px;margin-left:-15px}@media (min-width:768px){.container>.navbar-header,.container-fluid>.navbar-header,.container>.navbar-collapse,.container-fluid>.navbar-collapse{margin-right:0;margin-left:0}}.navbar-static-top{z-index:1000;border-width:0 0 1px}@media (min-width:768px){.navbar-static-top{border-radius:0}}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030}@media (min-width:768px){.navbar-fixed-top,.navbar-fixed-bottom{border-radius:0}}.navbar-fixed-top{top:0;border-width:0 0 1px}.navbar-fixed-bottom{bottom:0;margin-bottom:0;border-width:1px 0 0}.navbar-brand{float:left;padding:15px;font-size:18px;line-height:20px;height:50px}.navbar-brand:hover,.navbar-brand:focus{text-decoration:none}@media (min-width:768px){.navbar>.container .navbar-brand,.navbar>.container-fluid .navbar-brand{margin-left:-15px}}.navbar-toggle{position:relative;float:right;margin-right:15px;padding:9px 10px;margin-top:8px;margin-bottom:8px;background-color:transparent;background-image:none;border:1px solid transparent;border-radius:4px}.navbar-toggle:focus{outline:0}.navbar-toggle .icon-bar{display:block;width:22px;height:2px;border-radius:1px}.navbar-toggle .icon-bar+.icon-bar{margin-top:4px}@media (min-width:768px){.navbar-toggle{display:none}}.navbar-nav{margin:7.5px -15px}.navbar-nav>li>a{padding-top:10px;padding-bottom:10px;line-height:20px}@media (max-width:767px){.navbar-nav .open .dropdown-menu{position:static;float:none;width:auto;margin-top:0;background-color:transparent;border:0;box-shadow:none}.navbar-nav .open .dropdown-menu>li>a,.navbar-nav .open .dropdown-menu .dropdown-header{padding:5px 15px 5px 25px}.navbar-nav .open .dropdown-menu>li>a{line-height:20px}.navbar-nav .open .dropdown-menu>li>a:hover,.navbar-nav .open .dropdown-menu>li>a:focus{background-image:none}}@media (min-width:768px){.navbar-nav{float:left;margin:0}.navbar-nav>li{float:left}.navbar-nav>li>a{padding-top:15px;padding-bottom:15px}.navbar-nav.navbar-right:last-child{margin-right:-15px}}@media (min-width:768px){.navbar-left{float:left!important}.navbar-right{float:right!important}}.navbar-form{margin-left:-15px;margin-right:-15px;padding:10px 15px;border-top:1px solid transparent;border-bottom:1px solid transparent;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,.1),0 1px 0 rgba(255,255,255,.1);box-shadow:inset 0 1px 0 rgba(255,255,255,.1),0 1px 0 rgba(255,255,255,.1);margin-top:8px;margin-bottom:8px}@media (min-width:768px){.navbar-form .form-group{display:inline-block;margin-bottom:0;vertical-align:middle}.navbar-form .form-control{display:inline-block;width:auto;vertical-align:middle}.navbar-form .input-group>.form-control{width:100%}.navbar-form .control-label{margin-bottom:0;vertical-align:middle}.navbar-form .radio,.navbar-form .checkbox{display:inline-block;margin-top:0;margin-bottom:0;padding-left:0;vertical-align:middle}.navbar-form .radio input[type=radio],.navbar-form .checkbox input[type=checkbox]{float:none;margin-left:0}.navbar-form .has-feedback .form-control-feedback{top:0}}@media (max-width:767px){.navbar-form .form-group{margin-bottom:5px}}@media (min-width:768px){.navbar-form{width:auto;border:0;margin-left:0;margin-right:0;padding-top:0;padding-bottom:0;-webkit-box-shadow:none;box-shadow:none}.navbar-form.navbar-right:last-child{margin-right:-15px}}.navbar-nav>li>.dropdown-menu{margin-top:0;border-top-right-radius:0;border-top-left-radius:0}.navbar-fixed-bottom .navbar-nav>li>.dropdown-menu{border-bottom-right-radius:0;border-bottom-left-radius:0}.navbar-btn{margin-top:8px;margin-bottom:8px}.navbar-btn.btn-sm{margin-top:10px;margin-bottom:10px}.navbar-btn.btn-xs{margin-top:14px;margin-bottom:14px}.navbar-text{margin-top:15px;margin-bottom:15px}@media (min-width:768px){.navbar-text{float:left;margin-left:15px;margin-right:15px}.navbar-text.navbar-right:last-child{margin-right:0}}.navbar-default{background-color:#f8f8f8;border-color:#e7e7e7}.navbar-default .navbar-brand{color:#777}.navbar-default .navbar-brand:hover,.navbar-default .navbar-brand:focus{color:#5e5e5e;background-color:transparent}.navbar-default .navbar-text{color:#777}.navbar-default .navbar-nav>li>a{color:#777}.navbar-default .navbar-nav>li>a:hover,.navbar-default .navbar-nav>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav>.active>a,.navbar-default .navbar-nav>.active>a:hover,.navbar-default .navbar-nav>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav>.disabled>a,.navbar-default .navbar-nav>.disabled>a:hover,.navbar-default .navbar-nav>.disabled>a:focus{color:#ccc;background-color:transparent}.navbar-default .navbar-toggle{border-color:#ddd}.navbar-default .navbar-toggle:hover,.navbar-default .navbar-toggle:focus{background-color:#ddd}.navbar-default .navbar-toggle .icon-bar{background-color:#888}.navbar-default .navbar-collapse,.navbar-default .navbar-form{border-color:#e7e7e7}.navbar-default .navbar-nav>.open>a,.navbar-default .navbar-nav>.open>a:hover,.navbar-default .navbar-nav>.open>a:focus{background-color:#e7e7e7;color:#555}@media (max-width:767px){.navbar-default .navbar-nav .open .dropdown-menu>li>a{color:#777}.navbar-default .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>li>a:focus{color:#333;background-color:transparent}.navbar-default .navbar-nav .open .dropdown-menu>.active>a,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.active>a:focus{color:#555;background-color:#e7e7e7}.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-default .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#ccc;background-color:transparent}}.navbar-default .navbar-link{color:#777}.navbar-default .navbar-link:hover{color:#333}.navbar-inverse{background-color:#222;border-color:#080808}.navbar-inverse .navbar-brand{color:#999}.navbar-inverse .navbar-brand:hover,.navbar-inverse .navbar-brand:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-text{color:#999}.navbar-inverse .navbar-nav>li>a{color:#999}.navbar-inverse .navbar-nav>li>a:hover,.navbar-inverse .navbar-nav>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav>.active>a,.navbar-inverse .navbar-nav>.active>a:hover,.navbar-inverse .navbar-nav>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav>.disabled>a,.navbar-inverse .navbar-nav>.disabled>a:hover,.navbar-inverse .navbar-nav>.disabled>a:focus{color:#444;background-color:transparent}.navbar-inverse .navbar-toggle{border-color:#333}.navbar-inverse .navbar-toggle:hover,.navbar-inverse .navbar-toggle:focus{background-color:#333}.navbar-inverse .navbar-toggle .icon-bar{background-color:#fff}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#101010}.navbar-inverse .navbar-nav>.open>a,.navbar-inverse .navbar-nav>.open>a:hover,.navbar-inverse .navbar-nav>.open>a:focus{background-color:#080808;color:#fff}@media (max-width:767px){.navbar-inverse .navbar-nav .open .dropdown-menu>.dropdown-header{border-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu .divider{background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a{color:#999}.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>li>a:focus{color:#fff;background-color:transparent}.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.active>a:focus{color:#fff;background-color:#080808}.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:hover,.navbar-inverse .navbar-nav .open .dropdown-menu>.disabled>a:focus{color:#444;background-color:transparent}}.navbar-inverse .navbar-link{color:#999}.navbar-inverse .navbar-link:hover{color:#fff}.breadcrumb{padding:8px 15px;margin-bottom:20px;list-style:none;background-color:#f5f5f5;border-radius:4px}.breadcrumb>li{display:inline-block}.breadcrumb>li+li:before{content:"/\00a0";padding:0 5px;color:#ccc}.breadcrumb>.active{color:#999}.pagination{display:inline-block;padding-left:0;margin:20px 0;border-radius:4px}.pagination>li{display:inline}.pagination>li>a,.pagination>li>span{position:relative;float:left;padding:6px 12px;line-height:1.42857143;text-decoration:none;color:#428bca;background-color:#fff;border:1px solid #ddd;margin-left:-1px}.pagination>li:first-child>a,.pagination>li:first-child>span{margin-left:0;border-bottom-left-radius:4px;border-top-left-radius:4px}.pagination>li:last-child>a,.pagination>li:last-child>span{border-bottom-right-radius:4px;border-top-right-radius:4px}.pagination>li>a:hover,.pagination>li>span:hover,.pagination>li>a:focus,.pagination>li>span:focus{color:#2a6496;background-color:#eee;border-color:#ddd}.pagination>.active>a,.pagination>.active>span,.pagination>.active>a:hover,.pagination>.active>span:hover,.pagination>.active>a:focus,.pagination>.active>span:focus{z-index:2;color:#fff;background-color:#428bca;border-color:#428bca;cursor:default}.pagination>.disabled>span,.pagination>.disabled>span:hover,.pagination>.disabled>span:focus,.pagination>.disabled>a,.pagination>.disabled>a:hover,.pagination>.disabled>a:focus{color:#999;background-color:#fff;border-color:#ddd;cursor:not-allowed}.pagination-lg>li>a,.pagination-lg>li>span{padding:10px 16px;font-size:18px}.pagination-lg>li:first-child>a,.pagination-lg>li:first-child>span{border-bottom-left-radius:6px;border-top-left-radius:6px}.pagination-lg>li:last-child>a,.pagination-lg>li:last-child>span{border-bottom-right-radius:6px;border-top-right-radius:6px}.pagination-sm>li>a,.pagination-sm>li>span{padding:5px 10px;font-size:12px}.pagination-sm>li:first-child>a,.pagination-sm>li:first-child>span{border-bottom-left-radius:3px;border-top-left-radius:3px}.pagination-sm>li:last-child>a,.pagination-sm>li:last-child>span{border-bottom-right-radius:3px;border-top-right-radius:3px}.pager{padding-left:0;margin:20px 0;list-style:none;text-align:center}.pager li{display:inline}.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;border-radius:15px}.pager li>a:hover,.pager li>a:focus{text-decoration:none;background-color:#eee}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>a:focus,.pager .disabled>span{color:#999;background-color:#fff;cursor:not-allowed}.label{display:inline;padding:.2em .6em .3em;font-size:75%;font-weight:700;line-height:1;color:#fff;text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:.25em}.label[href]:hover,.label[href]:focus{color:#fff;text-decoration:none;cursor:pointer}.label:empty{display:none}.btn .label{position:relative;top:-1px}.label-default{background-color:#999}.label-default[href]:hover,.label-default[href]:focus{background-color:gray}.label-primary{background-color:#428bca}.label-primary[href]:hover,.label-primary[href]:focus{background-color:#3071a9}.label-success{background-color:#5cb85c}.label-success[href]:hover,.label-success[href]:focus{background-color:#449d44}.label-info{background-color:#5bc0de}.label-info[href]:hover,.label-info[href]:focus{background-color:#31b0d5}.label-warning{background-color:#f0ad4e}.label-warning[href]:hover,.label-warning[href]:focus{background-color:#ec971f}.label-danger{background-color:#d9534f}.label-danger[href]:hover,.label-danger[href]:focus{background-color:#c9302c}.badge{display:inline-block;min-width:10px;padding:3px 7px;font-size:12px;font-weight:700;color:#fff;line-height:1;vertical-align:baseline;white-space:nowrap;text-align:center;background-color:#999;border-radius:10px}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.btn-xs .badge{top:0;padding:1px 5px}a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}a.list-group-item.active>.badge,.nav-pills>.active>a>.badge{color:#428bca;background-color:#fff}.nav-pills>li>a>.badge{margin-left:3px}.jumbotron{padding:30px;margin-bottom:30px;color:inherit;background-color:#eee}.jumbotron h1,.jumbotron .h1{color:inherit}.jumbotron p{margin-bottom:15px;font-size:21px;font-weight:200}.container .jumbotron{border-radius:6px}.jumbotron .container{max-width:100%}@media screen and (min-width:768px){.jumbotron{padding-top:48px;padding-bottom:48px}.container .jumbotron{padding-left:60px;padding-right:60px}.jumbotron h1,.jumbotron .h1{font-size:63px}}.thumbnail{display:block;padding:4px;margin-bottom:20px;line-height:1.42857143;background-color:#fff;border:1px solid #ddd;border-radius:4px;-webkit-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.thumbnail>img,.thumbnail a>img{margin-left:auto;margin-right:auto}a.thumbnail:hover,a.thumbnail:focus,a.thumbnail.active{border-color:#428bca}.thumbnail .caption{padding:9px;color:#333}.alert{padding:15px;margin-bottom:20px;border:1px solid transparent;border-radius:4px}.alert h4{margin-top:0;color:inherit}.alert .alert-link{font-weight:700}.alert>p,.alert>ul{margin-bottom:0}.alert>p+p{margin-top:5px}.alert-dismissable{padding-right:35px}.alert-dismissable .close{position:relative;top:-2px;right:-21px;color:inherit}.alert-success{background-color:#dff0d8;border-color:#d6e9c6;color:#3c763d}.alert-success hr{border-top-color:#c9e2b3}.alert-success .alert-link{color:#2b542c}.alert-info{background-color:#d9edf7;border-color:#bce8f1;color:#31708f}.alert-info hr{border-top-color:#a6e1ec}.alert-info .alert-link{color:#245269}.alert-warning{background-color:#fcf8e3;border-color:#faebcc;color:#8a6d3b}.alert-warning hr{border-top-color:#f7e1b5}.alert-warning .alert-link{color:#66512c}.alert-danger{background-color:#f2dede;border-color:#ebccd1;color:#a94442}.alert-danger hr{border-top-color:#e4b9c0}.alert-danger .alert-link{color:#843534}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{overflow:hidden;height:20px;margin-bottom:20px;background-color:#f5f5f5;border-radius:4px;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,.1);box-shadow:inset 0 1px 2px rgba(0,0,0,.1)}.progress-bar{float:left;width:0;height:100%;font-size:12px;line-height:20px;color:#fff;text-align:center;background-color:#428bca;-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,.15);-webkit-transition:width .6s ease;transition:width .6s ease}.progress-striped .progress-bar{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-size:40px 40px}.progress.active .progress-bar{-webkit-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-bar-success{background-color:#5cb85c}.progress-striped .progress-bar-success{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.progress-bar-info{background-color:#5bc0de}.progress-striped .progress-bar-info{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.progress-bar-warning{background-color:#f0ad4e}.progress-striped .progress-bar-warning{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.progress-bar-danger{background-color:#d9534f}.progress-striped .progress-bar-danger{background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent)}.media,.media-body{overflow:hidden;zoom:1}.media,.media .media{margin-top:15px}.media:first-child{margin-top:0}.media-object{display:block}.media-heading{margin:0 0 5px}.media>.pull-left{margin-right:10px}.media>.pull-right{margin-left:10px}.media-list{padding-left:0;list-style:none}.list-group{margin-bottom:20px;padding-left:0}.list-group-item{position:relative;display:block;padding:10px 15px;margin-bottom:-1px;background-color:#fff;border:1px solid #ddd}.list-group-item:first-child{border-top-right-radius:4px;border-top-left-radius:4px}.list-group-item:last-child{margin-bottom:0;border-bottom-right-radius:4px;border-bottom-left-radius:4px}.list-group-item>.badge{float:right}.list-group-item>.badge+.badge{margin-right:5px}a.list-group-item{color:#555}a.list-group-item .list-group-item-heading{color:#333}a.list-group-item:hover,a.list-group-item:focus{text-decoration:none;background-color:#f5f5f5}a.list-group-item.active,a.list-group-item.active:hover,a.list-group-item.active:focus{z-index:2;color:#fff;background-color:#428bca;border-color:#428bca}a.list-group-item.active .list-group-item-heading,a.list-group-item.active:hover .list-group-item-heading,a.list-group-item.active:focus .list-group-item-heading{color:inherit}a.list-group-item.active .list-group-item-text,a.list-group-item.active:hover .list-group-item-text,a.list-group-item.active:focus .list-group-item-text{color:#e1edf7}.list-group-item-success{color:#3c763d;background-color:#dff0d8}a.list-group-item-success{color:#3c763d}a.list-group-item-success .list-group-item-heading{color:inherit}a.list-group-item-success:hover,a.list-group-item-success:focus{color:#3c763d;background-color:#d0e9c6}a.list-group-item-success.active,a.list-group-item-success.active:hover,a.list-group-item-success.active:focus{color:#fff;background-color:#3c763d;border-color:#3c763d}.list-group-item-info{color:#31708f;background-color:#d9edf7}a.list-group-item-info{color:#31708f}a.list-group-item-info .list-group-item-heading{color:inherit}a.list-group-item-info:hover,a.list-group-item-info:focus{color:#31708f;background-color:#c4e3f3}a.list-group-item-info.active,a.list-group-item-info.active:hover,a.list-group-item-info.active:focus{color:#fff;background-color:#31708f;border-color:#31708f}.list-group-item-warning{color:#8a6d3b;background-color:#fcf8e3}a.list-group-item-warning{color:#8a6d3b}a.list-group-item-warning .list-group-item-heading{color:inherit}a.list-group-item-warning:hover,a.list-group-item-warning:focus{color:#8a6d3b;background-color:#faf2cc}a.list-group-item-warning.active,a.list-group-item-warning.active:hover,a.list-group-item-warning.active:focus{color:#fff;background-color:#8a6d3b;border-color:#8a6d3b}.list-group-item-danger{color:#a94442;background-color:#f2dede}a.list-group-item-danger{color:#a94442}a.list-group-item-danger .list-group-item-heading{color:inherit}a.list-group-item-danger:hover,a.list-group-item-danger:focus{color:#a94442;background-color:#ebcccc}a.list-group-item-danger.active,a.list-group-item-danger.active:hover,a.list-group-item-danger.active:focus{color:#fff;background-color:#a94442;border-color:#a94442}.list-group-item-heading{margin-top:0;margin-bottom:5px}.list-group-item-text{margin-bottom:0;line-height:1.3}.panel{margin-bottom:20px;background-color:#fff;border:1px solid transparent;border-radius:4px;-webkit-box-shadow:0 1px 1px rgba(0,0,0,.05);box-shadow:0 1px 1px rgba(0,0,0,.05)}.panel-body{padding:15px}.panel-heading{padding:10px 15px;border-bottom:1px solid transparent;border-top-right-radius:3px;border-top-left-radius:3px}.panel-heading>.dropdown .dropdown-toggle{color:inherit}.panel-title{margin-top:0;margin-bottom:0;font-size:16px;color:inherit}.panel-title>a{color:inherit}.panel-footer{padding:10px 15px;background-color:#f5f5f5;border-top:1px solid #ddd;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.list-group{margin-bottom:0}.panel>.list-group .list-group-item{border-width:1px 0;border-radius:0}.panel>.list-group:first-child .list-group-item:first-child{border-top:0;border-top-right-radius:3px;border-top-left-radius:3px}.panel>.list-group:last-child .list-group-item:last-child{border-bottom:0;border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel-heading+.list-group .list-group-item:first-child{border-top-width:0}.panel>.table,.panel>.table-responsive>.table{margin-bottom:0}.panel>.table:first-child,.panel>.table-responsive:first-child>.table:first-child{border-top-right-radius:3px;border-top-left-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:first-child,.panel>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:first-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:first-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:first-child{border-top-left-radius:3px}.panel>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child td:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child td:last-child,.panel>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>thead:first-child>tr:first-child th:last-child,.panel>.table:first-child>tbody:first-child>tr:first-child th:last-child,.panel>.table-responsive:first-child>.table:first-child>tbody:first-child>tr:first-child th:last-child{border-top-right-radius:3px}.panel>.table:last-child,.panel>.table-responsive:last-child>.table:last-child{border-bottom-right-radius:3px;border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:first-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:first-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:first-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:first-child{border-bottom-left-radius:3px}.panel>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child td:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child td:last-child,.panel>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tbody:last-child>tr:last-child th:last-child,.panel>.table:last-child>tfoot:last-child>tr:last-child th:last-child,.panel>.table-responsive:last-child>.table:last-child>tfoot:last-child>tr:last-child th:last-child{border-bottom-right-radius:3px}.panel>.panel-body+.table,.panel>.panel-body+.table-responsive{border-top:1px solid #ddd}.panel>.table>tbody:first-child>tr:first-child th,.panel>.table>tbody:first-child>tr:first-child td{border-top:0}.panel>.table-bordered,.panel>.table-responsive>.table-bordered{border:0}.panel>.table-bordered>thead>tr>th:first-child,.panel>.table-responsive>.table-bordered>thead>tr>th:first-child,.panel>.table-bordered>tbody>tr>th:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:first-child,.panel>.table-bordered>tfoot>tr>th:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:first-child,.panel>.table-bordered>thead>tr>td:first-child,.panel>.table-responsive>.table-bordered>thead>tr>td:first-child,.panel>.table-bordered>tbody>tr>td:first-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:first-child,.panel>.table-bordered>tfoot>tr>td:first-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:first-child{border-left:0}.panel>.table-bordered>thead>tr>th:last-child,.panel>.table-responsive>.table-bordered>thead>tr>th:last-child,.panel>.table-bordered>tbody>tr>th:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>th:last-child,.panel>.table-bordered>tfoot>tr>th:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>th:last-child,.panel>.table-bordered>thead>tr>td:last-child,.panel>.table-responsive>.table-bordered>thead>tr>td:last-child,.panel>.table-bordered>tbody>tr>td:last-child,.panel>.table-responsive>.table-bordered>tbody>tr>td:last-child,.panel>.table-bordered>tfoot>tr>td:last-child,.panel>.table-responsive>.table-bordered>tfoot>tr>td:last-child{border-right:0}.panel>.table-bordered>thead>tr:first-child>td,.panel>.table-responsive>.table-bordered>thead>tr:first-child>td,.panel>.table-bordered>tbody>tr:first-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>td,.panel>.table-bordered>thead>tr:first-child>th,.panel>.table-responsive>.table-bordered>thead>tr:first-child>th,.panel>.table-bordered>tbody>tr:first-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:first-child>th{border-bottom:0}.panel>.table-bordered>tbody>tr:last-child>td,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>td,.panel>.table-bordered>tfoot>tr:last-child>td,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>td,.panel>.table-bordered>tbody>tr:last-child>th,.panel>.table-responsive>.table-bordered>tbody>tr:last-child>th,.panel>.table-bordered>tfoot>tr:last-child>th,.panel>.table-responsive>.table-bordered>tfoot>tr:last-child>th{border-bottom:0}.panel>.table-responsive{border:0;margin-bottom:0}.panel-group{margin-bottom:20px}.panel-group .panel{margin-bottom:0;border-radius:4px;overflow:hidden}.panel-group .panel+.panel{margin-top:5px}.panel-group .panel-heading{border-bottom:0}.panel-group .panel-heading+.panel-collapse .panel-body{border-top:1px solid #ddd}.panel-group .panel-footer{border-top:0}.panel-group .panel-footer+.panel-collapse .panel-body{border-bottom:1px solid #ddd}.panel-default{border-color:#ddd}.panel-default>.panel-heading{color:#333;background-color:#f5f5f5;border-color:#ddd}.panel-default>.panel-heading+.panel-collapse .panel-body{border-top-color:#ddd}.panel-default>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#ddd}.panel-primary{border-color:#428bca}.panel-primary>.panel-heading{color:#fff;background-color:#428bca;border-color:#428bca}.panel-primary>.panel-heading+.panel-collapse .panel-body{border-top-color:#428bca}.panel-primary>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#428bca}.panel-success{border-color:#d6e9c6}.panel-success>.panel-heading{color:#3c763d;background-color:#dff0d8;border-color:#d6e9c6}.panel-success>.panel-heading+.panel-collapse .panel-body{border-top-color:#d6e9c6}.panel-success>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#d6e9c6}.panel-info{border-color:#bce8f1}.panel-info>.panel-heading{color:#31708f;background-color:#d9edf7;border-color:#bce8f1}.panel-info>.panel-heading+.panel-collapse .panel-body{border-top-color:#bce8f1}.panel-info>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#bce8f1}.panel-warning{border-color:#faebcc}.panel-warning>.panel-heading{color:#8a6d3b;background-color:#fcf8e3;border-color:#faebcc}.panel-warning>.panel-heading+.panel-collapse .panel-body{border-top-color:#faebcc}.panel-warning>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#faebcc}.panel-danger{border-color:#ebccd1}.panel-danger>.panel-heading{color:#a94442;background-color:#f2dede;border-color:#ebccd1}.panel-danger>.panel-heading+.panel-collapse .panel-body{border-top-color:#ebccd1}.panel-danger>.panel-footer+.panel-collapse .panel-body{border-bottom-color:#ebccd1}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.05);box-shadow:inset 0 1px 1px rgba(0,0,0,.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,.15)}.well-lg{padding:24px;border-radius:6px}.well-sm{padding:9px;border-radius:3px}.close{float:right;font-size:21px;font-weight:700;line-height:1;color:#000;text-shadow:0 1px 0 #fff;opacity:.2;filter:alpha(opacity=20)}.close:hover,.close:focus{color:#000;text-decoration:none;cursor:pointer;opacity:.5;filter:alpha(opacity=50)}button.close{padding:0;cursor:pointer;background:0 0;border:0;-webkit-appearance:none}.modal-open{overflow:hidden}.modal{display:none;overflow:auto;overflow-y:scroll;position:fixed;top:0;right:0;bottom:0;left:0;z-index:1050;-webkit-overflow-scrolling:touch;outline:0}.modal.fade .modal-dialog{-webkit-transform:translate(0,-25%);-ms-transform:translate(0,-25%);transform:translate(0,-25%);-webkit-transition:-webkit-transform .3s ease-out;-moz-transition:-moz-transform .3s ease-out;-o-transition:-o-transform .3s ease-out;transition:transform .3s ease-out}.modal.in .modal-dialog{-webkit-transform:translate(0,0);-ms-transform:translate(0,0);transform:translate(0,0)}.modal-dialog{position:relative;width:auto;margin:10px}.modal-content{position:relative;background-color:#fff;border:1px solid #999;border:1px solid rgba(0,0,0,.2);border-radius:6px;-webkit-box-shadow:0 3px 9px rgba(0,0,0,.5);box-shadow:0 3px 9px rgba(0,0,0,.5);background-clip:padding-box;outline:0}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{opacity:0;filter:alpha(opacity=0)}.modal-backdrop.in{opacity:.5;filter:alpha(opacity=50)}.modal-header{padding:15px;border-bottom:1px solid #e5e5e5;min-height:16.42857143px}.modal-header .close{margin-top:-2px}.modal-title{margin:0;line-height:1.42857143}.modal-body{position:relative;padding:20px}.modal-footer{margin-top:15px;padding:19px 20px 20px;text-align:right;border-top:1px solid #e5e5e5}.modal-footer .btn+.btn{margin-left:5px;margin-bottom:0}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}@media (min-width:768px){.modal-dialog{width:600px;margin:30px auto}.modal-content{-webkit-box-shadow:0 5px 15px rgba(0,0,0,.5);box-shadow:0 5px 15px rgba(0,0,0,.5)}.modal-sm{width:300px}}@media (min-width:992px){.modal-lg{width:900px}}.tooltip{position:absolute;z-index:1030;display:block;visibility:visible;font-size:12px;line-height:1.4;opacity:0;filter:alpha(opacity=0)}.tooltip.in{opacity:.9;filter:alpha(opacity=90)}.tooltip.top{margin-top:-3px;padding:5px 0}.tooltip.right{margin-left:3px;padding:0 5px}.tooltip.bottom{margin-top:3px;padding:5px 0}.tooltip.left{margin-left:-3px;padding:0 5px}.tooltip-inner{max-width:200px;padding:3px 8px;color:#fff;text-align:center;text-decoration:none;background-color:#000;border-radius:4px}.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.top-left .tooltip-arrow{bottom:0;left:5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.top-right .tooltip-arrow{bottom:0;right:5px;border-width:5px 5px 0;border-top-color:#000}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-width:5px 5px 5px 0;border-right-color:#000}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-width:5px 0 5px 5px;border-left-color:#000}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip.bottom-left .tooltip-arrow{top:0;left:5px;border-width:0 5px 5px;border-bottom-color:#000}.tooltip.bottom-right .tooltip-arrow{top:0;right:5px;border-width:0 5px 5px;border-bottom-color:#000}.popover{position:absolute;top:0;left:0;z-index:1010;display:none;max-width:276px;padding:1px;text-align:left;background-color:#fff;background-clip:padding-box;border:1px solid #ccc;border:1px solid rgba(0,0,0,.2);border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,.2);box-shadow:0 5px 10px rgba(0,0,0,.2);white-space:normal}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover-title{margin:0;padding:8px 14px;font-size:14px;font-weight:400;line-height:18px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;border-radius:5px 5px 0 0}.popover-content{padding:9px 14px}.popover>.arrow,.popover>.arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid}.popover>.arrow{border-width:11px}.popover>.arrow:after{border-width:10px;content:""}.popover.top>.arrow{left:50%;margin-left:-11px;border-bottom-width:0;border-top-color:#999;border-top-color:rgba(0,0,0,.25);bottom:-11px}.popover.top>.arrow:after{content:" ";bottom:1px;margin-left:-10px;border-bottom-width:0;border-top-color:#fff}.popover.right>.arrow{top:50%;left:-11px;margin-top:-11px;border-left-width:0;border-right-color:#999;border-right-color:rgba(0,0,0,.25)}.popover.right>.arrow:after{content:" ";left:1px;bottom:-10px;border-left-width:0;border-right-color:#fff}.popover.bottom>.arrow{left:50%;margin-left:-11px;border-top-width:0;border-bottom-color:#999;border-bottom-color:rgba(0,0,0,.25);top:-11px}.popover.bottom>.arrow:after{content:" ";top:1px;margin-left:-10px;border-top-width:0;border-bottom-color:#fff}.popover.left>.arrow{top:50%;right:-11px;margin-top:-11px;border-right-width:0;border-left-color:#999;border-left-color:rgba(0,0,0,.25)}.popover.left>.arrow:after{content:" ";right:1px;border-right-width:0;border-left-color:#fff;bottom:-10px}.carousel{position:relative}.carousel-inner{position:relative;overflow:hidden;width:100%}.carousel-inner>.item{display:none;position:relative;-webkit-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel-inner>.item>img,.carousel-inner>.item>a>img{line-height:1}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block}.carousel-inner>.active{left:0}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.carousel-inner>.next{left:100%}.carousel-inner>.prev{left:-100%}.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0}.carousel-inner>.active.left{left:-100%}.carousel-inner>.active.right{left:100%}.carousel-control{position:absolute;top:0;left:0;bottom:0;width:15%;opacity:.5;filter:alpha(opacity=50);font-size:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,.6)}.carousel-control.left{background-image:-webkit-linear-gradient(left,color-stop(rgba(0,0,0,.5) 0),color-stop(rgba(0,0,0,.0001) 100%));background-image:linear-gradient(to right,rgba(0,0,0,.5) 0,rgba(0,0,0,.0001) 100%);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#80000000', endColorstr='#00000000', GradientType=1)}.carousel-control.right{left:auto;right:0;background-image:-webkit-linear-gradient(left,color-stop(rgba(0,0,0,.0001) 0),color-stop(rgba(0,0,0,.5) 100%));background-image:linear-gradient(to right,rgba(0,0,0,.0001) 0,rgba(0,0,0,.5) 100%);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#00000000', endColorstr='#80000000', GradientType=1)}.carousel-control:hover,.carousel-control:focus{outline:0;color:#fff;text-decoration:none;opacity:.9;filter:alpha(opacity=90)}.carousel-control .icon-prev,.carousel-control .icon-next,.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right{position:absolute;top:50%;z-index:5;display:inline-block}.carousel-control .icon-prev,.carousel-control .glyphicon-chevron-left{left:50%}.carousel-control .icon-next,.carousel-control .glyphicon-chevron-right{right:50%}.carousel-control .icon-prev,.carousel-control .icon-next{width:20px;height:20px;margin-top:-10px;margin-left:-10px;font-family:serif}.carousel-control .icon-prev:before{content:'\2039'}.carousel-control .icon-next:before{content:'\203a'}.carousel-indicators{position:absolute;bottom:10px;left:50%;z-index:15;width:60%;margin-left:-30%;padding-left:0;list-style:none;text-align:center}.carousel-indicators li{display:inline-block;width:10px;height:10px;margin:1px;text-indent:-999px;border:1px solid #fff;border-radius:10px;cursor:pointer;background-color:#000 \9;background-color:rgba(0,0,0,0)}.carousel-indicators .active{margin:0;width:12px;height:12px;background-color:#fff}.carousel-caption{position:absolute;left:15%;right:15%;bottom:20px;z-index:10;padding-top:20px;padding-bottom:20px;color:#fff;text-align:center;text-shadow:0 1px 2px rgba(0,0,0,.6)}.carousel-caption .btn{text-shadow:none}@media screen and (min-width:768px){.carousel-control .glyphicon-chevron-left,.carousel-control .glyphicon-chevron-right,.carousel-control .icon-prev,.carousel-control .icon-next{width:30px;height:30px;margin-top:-15px;margin-left:-15px;font-size:30px}.carousel-caption{left:20%;right:20%;padding-bottom:30px}.carousel-indicators{bottom:20px}}.clearfix:before,.clearfix:after,.container:before,.container:after,.container-fluid:before,.container-fluid:after,.row:before,.row:after,.form-horizontal .form-group:before,.form-horizontal .form-group:after,.btn-toolbar:before,.btn-toolbar:after,.btn-group-vertical>.btn-group:before,.btn-group-vertical>.btn-group:after,.nav:before,.nav:after,.navbar:before,.navbar:after,.navbar-header:before,.navbar-header:after,.navbar-collapse:before,.navbar-collapse:after,.pager:before,.pager:after,.panel-body:before,.panel-body:after,.modal-footer:before,.modal-footer:after{content:" ";display:table}.clearfix:after,.container:after,.container-fluid:after,.row:after,.form-horizontal .form-group:after,.btn-toolbar:after,.btn-group-vertical>.btn-group:after,.nav:after,.navbar:after,.navbar-header:after,.navbar-collapse:after,.pager:after,.panel-body:after,.modal-footer:after{clear:both}.center-block{display:block;margin-left:auto;margin-right:auto}.pull-right{float:right!important}.pull-left{float:left!important}.hide{display:none!important}.show{display:block!important}.invisible{visibility:hidden}.text-hide{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.hidden{display:none!important;visibility:hidden!important}.affix{position:fixed}@-ms-viewport{width:device-width}.visible-xs,.visible-sm,.visible-md,.visible-lg{display:none!important}@media (max-width:767px){.visible-xs{display:block!important}table.visible-xs{display:table}tr.visible-xs{display:table-row!important}th.visible-xs,td.visible-xs{display:table-cell!important}}@media (min-width:768px) and (max-width:991px){.visible-sm{display:block!important}table.visible-sm{display:table}tr.visible-sm{display:table-row!important}th.visible-sm,td.visible-sm{display:table-cell!important}}@media (min-width:992px) and (max-width:1199px){.visible-md{display:block!important}table.visible-md{display:table}tr.visible-md{display:table-row!important}th.visible-md,td.visible-md{display:table-cell!important}}@media (min-width:1200px){.visible-lg{display:block!important}table.visible-lg{display:table}tr.visible-lg{display:table-row!important}th.visible-lg,td.visible-lg{display:table-cell!important}}@media (max-width:767px){.hidden-xs{display:none!important}}@media (min-width:768px) and (max-width:991px){.hidden-sm{display:none!important}}@media (min-width:992px) and (max-width:1199px){.hidden-md{display:none!important}}@media (min-width:1200px){.hidden-lg{display:none!important}}.visible-print{display:none!important}@media print{.visible-print{display:block!important}table.visible-print{display:table}tr.visible-print{display:table-row!important}th.visible-print,td.visible-print{display:table-cell!important}}@media print{.hidden-print{display:none!important}} \ No newline at end of file diff --git a/public/css/font-awesome.min.css b/public/css/font-awesome.min.css new file mode 100644 index 0000000..3d920fc --- /dev/null +++ b/public/css/font-awesome.min.css @@ -0,0 +1,4 @@ +/*! + * Font Awesome 4.1.0 by @davegandy - http://fontawesome.io - @fontawesome + * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License) + */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot?v=4.1.0');src:url('../fonts/fontawesome-webfont.eot?#iefix&v=4.1.0') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff?v=4.1.0') format('woff'),url('../fonts/fontawesome-webfont.ttf?v=4.1.0') format('truetype'),url('../fonts/fontawesome-webfont.svg?v=4.1.0#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font-family:FontAwesome;font-style:normal;font-weight:normal;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.28571429em;text-align:center}.fa-ul{padding-left:0;margin-left:2.14285714em;list-style-type:none}.fa-ul>li{position:relative}.fa-li{position:absolute;left:-2.14285714em;width:2.14285714em;top:.14285714em;text-align:center}.fa-li.fa-lg{left:-1.85714286em}.fa-border{padding:.2em .25em .15em;border:solid .08em #eee;border-radius:.1em}.pull-right{float:right}.pull-left{float:left}.fa.pull-left{margin-right:.3em}.fa.pull-right{margin-left:.3em}.fa-spin{-webkit-animation:spin 2s infinite linear;-moz-animation:spin 2s infinite linear;-o-animation:spin 2s infinite linear;animation:spin 2s infinite linear}@-moz-keyframes spin{0%{-moz-transform:rotate(0deg)}100%{-moz-transform:rotate(359deg)}}@-webkit-keyframes spin{0%{-webkit-transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg)}}@-o-keyframes spin{0%{-o-transform:rotate(0deg)}100%{-o-transform:rotate(359deg)}}@keyframes spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}.fa-rotate-90{filter:progid:DXImageTransform.Microsoft.BasicImage(rotation=1);-webkit-transform:rotate(90deg);-moz-transform:rotate(90deg);-ms-transform:rotate(90deg);-o-transform:rotate(90deg);transform:rotate(90deg)}.fa-rotate-180{filter:progid:DXImageTransform.Microsoft.BasicImage(rotation=2);-webkit-transform:rotate(180deg);-moz-transform:rotate(180deg);-ms-transform:rotate(180deg);-o-transform:rotate(180deg);transform:rotate(180deg)}.fa-rotate-270{filter:progid:DXImageTransform.Microsoft.BasicImage(rotation=3);-webkit-transform:rotate(270deg);-moz-transform:rotate(270deg);-ms-transform:rotate(270deg);-o-transform:rotate(270deg);transform:rotate(270deg)}.fa-flip-horizontal{filter:progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1);-webkit-transform:scale(-1, 1);-moz-transform:scale(-1, 1);-ms-transform:scale(-1, 1);-o-transform:scale(-1, 1);transform:scale(-1, 1)}.fa-flip-vertical{filter:progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1);-webkit-transform:scale(1, -1);-moz-transform:scale(1, -1);-ms-transform:scale(1, -1);-o-transform:scale(1, -1);transform:scale(1, -1)}.fa-stack{position:relative;display:inline-block;width:2em;height:2em;line-height:2em;vertical-align:middle}.fa-stack-1x,.fa-stack-2x{position:absolute;left:0;width:100%;text-align:center}.fa-stack-1x{line-height:inherit}.fa-stack-2x{font-size:2em}.fa-inverse{color:#fff}.fa-glass:before{content:"\f000"}.fa-music:before{content:"\f001"}.fa-search:before{content:"\f002"}.fa-envelope-o:before{content:"\f003"}.fa-heart:before{content:"\f004"}.fa-star:before{content:"\f005"}.fa-star-o:before{content:"\f006"}.fa-user:before{content:"\f007"}.fa-film:before{content:"\f008"}.fa-th-large:before{content:"\f009"}.fa-th:before{content:"\f00a"}.fa-th-list:before{content:"\f00b"}.fa-check:before{content:"\f00c"}.fa-times:before{content:"\f00d"}.fa-search-plus:before{content:"\f00e"}.fa-search-minus:before{content:"\f010"}.fa-power-off:before{content:"\f011"}.fa-signal:before{content:"\f012"}.fa-gear:before,.fa-cog:before{content:"\f013"}.fa-trash-o:before{content:"\f014"}.fa-home:before{content:"\f015"}.fa-file-o:before{content:"\f016"}.fa-clock-o:before{content:"\f017"}.fa-road:before{content:"\f018"}.fa-download:before{content:"\f019"}.fa-arrow-circle-o-down:before{content:"\f01a"}.fa-arrow-circle-o-up:before{content:"\f01b"}.fa-inbox:before{content:"\f01c"}.fa-play-circle-o:before{content:"\f01d"}.fa-rotate-right:before,.fa-repeat:before{content:"\f01e"}.fa-refresh:before{content:"\f021"}.fa-list-alt:before{content:"\f022"}.fa-lock:before{content:"\f023"}.fa-flag:before{content:"\f024"}.fa-headphones:before{content:"\f025"}.fa-volume-off:before{content:"\f026"}.fa-volume-down:before{content:"\f027"}.fa-volume-up:before{content:"\f028"}.fa-qrcode:before{content:"\f029"}.fa-barcode:before{content:"\f02a"}.fa-tag:before{content:"\f02b"}.fa-tags:before{content:"\f02c"}.fa-book:before{content:"\f02d"}.fa-bookmark:before{content:"\f02e"}.fa-print:before{content:"\f02f"}.fa-camera:before{content:"\f030"}.fa-font:before{content:"\f031"}.fa-bold:before{content:"\f032"}.fa-italic:before{content:"\f033"}.fa-text-height:before{content:"\f034"}.fa-text-width:before{content:"\f035"}.fa-align-left:before{content:"\f036"}.fa-align-center:before{content:"\f037"}.fa-align-right:before{content:"\f038"}.fa-align-justify:before{content:"\f039"}.fa-list:before{content:"\f03a"}.fa-dedent:before,.fa-outdent:before{content:"\f03b"}.fa-indent:before{content:"\f03c"}.fa-video-camera:before{content:"\f03d"}.fa-photo:before,.fa-image:before,.fa-picture-o:before{content:"\f03e"}.fa-pencil:before{content:"\f040"}.fa-map-marker:before{content:"\f041"}.fa-adjust:before{content:"\f042"}.fa-tint:before{content:"\f043"}.fa-edit:before,.fa-pencil-square-o:before{content:"\f044"}.fa-share-square-o:before{content:"\f045"}.fa-check-square-o:before{content:"\f046"}.fa-arrows:before{content:"\f047"}.fa-step-backward:before{content:"\f048"}.fa-fast-backward:before{content:"\f049"}.fa-backward:before{content:"\f04a"}.fa-play:before{content:"\f04b"}.fa-pause:before{content:"\f04c"}.fa-stop:before{content:"\f04d"}.fa-forward:before{content:"\f04e"}.fa-fast-forward:before{content:"\f050"}.fa-step-forward:before{content:"\f051"}.fa-eject:before{content:"\f052"}.fa-chevron-left:before{content:"\f053"}.fa-chevron-right:before{content:"\f054"}.fa-plus-circle:before{content:"\f055"}.fa-minus-circle:before{content:"\f056"}.fa-times-circle:before{content:"\f057"}.fa-check-circle:before{content:"\f058"}.fa-question-circle:before{content:"\f059"}.fa-info-circle:before{content:"\f05a"}.fa-crosshairs:before{content:"\f05b"}.fa-times-circle-o:before{content:"\f05c"}.fa-check-circle-o:before{content:"\f05d"}.fa-ban:before{content:"\f05e"}.fa-arrow-left:before{content:"\f060"}.fa-arrow-right:before{content:"\f061"}.fa-arrow-up:before{content:"\f062"}.fa-arrow-down:before{content:"\f063"}.fa-mail-forward:before,.fa-share:before{content:"\f064"}.fa-expand:before{content:"\f065"}.fa-compress:before{content:"\f066"}.fa-plus:before{content:"\f067"}.fa-minus:before{content:"\f068"}.fa-asterisk:before{content:"\f069"}.fa-exclamation-circle:before{content:"\f06a"}.fa-gift:before{content:"\f06b"}.fa-leaf:before{content:"\f06c"}.fa-fire:before{content:"\f06d"}.fa-eye:before{content:"\f06e"}.fa-eye-slash:before{content:"\f070"}.fa-warning:before,.fa-exclamation-triangle:before{content:"\f071"}.fa-plane:before{content:"\f072"}.fa-calendar:before{content:"\f073"}.fa-random:before{content:"\f074"}.fa-comment:before{content:"\f075"}.fa-magnet:before{content:"\f076"}.fa-chevron-up:before{content:"\f077"}.fa-chevron-down:before{content:"\f078"}.fa-retweet:before{content:"\f079"}.fa-shopping-cart:before{content:"\f07a"}.fa-folder:before{content:"\f07b"}.fa-folder-open:before{content:"\f07c"}.fa-arrows-v:before{content:"\f07d"}.fa-arrows-h:before{content:"\f07e"}.fa-bar-chart-o:before{content:"\f080"}.fa-twitter-square:before{content:"\f081"}.fa-facebook-square:before{content:"\f082"}.fa-camera-retro:before{content:"\f083"}.fa-key:before{content:"\f084"}.fa-gears:before,.fa-cogs:before{content:"\f085"}.fa-comments:before{content:"\f086"}.fa-thumbs-o-up:before{content:"\f087"}.fa-thumbs-o-down:before{content:"\f088"}.fa-star-half:before{content:"\f089"}.fa-heart-o:before{content:"\f08a"}.fa-sign-out:before{content:"\f08b"}.fa-linkedin-square:before{content:"\f08c"}.fa-thumb-tack:before{content:"\f08d"}.fa-external-link:before{content:"\f08e"}.fa-sign-in:before{content:"\f090"}.fa-trophy:before{content:"\f091"}.fa-github-square:before{content:"\f092"}.fa-upload:before{content:"\f093"}.fa-lemon-o:before{content:"\f094"}.fa-phone:before{content:"\f095"}.fa-square-o:before{content:"\f096"}.fa-bookmark-o:before{content:"\f097"}.fa-phone-square:before{content:"\f098"}.fa-twitter:before{content:"\f099"}.fa-facebook:before{content:"\f09a"}.fa-github:before{content:"\f09b"}.fa-unlock:before{content:"\f09c"}.fa-credit-card:before{content:"\f09d"}.fa-rss:before{content:"\f09e"}.fa-hdd-o:before{content:"\f0a0"}.fa-bullhorn:before{content:"\f0a1"}.fa-bell:before{content:"\f0f3"}.fa-certificate:before{content:"\f0a3"}.fa-hand-o-right:before{content:"\f0a4"}.fa-hand-o-left:before{content:"\f0a5"}.fa-hand-o-up:before{content:"\f0a6"}.fa-hand-o-down:before{content:"\f0a7"}.fa-arrow-circle-left:before{content:"\f0a8"}.fa-arrow-circle-right:before{content:"\f0a9"}.fa-arrow-circle-up:before{content:"\f0aa"}.fa-arrow-circle-down:before{content:"\f0ab"}.fa-globe:before{content:"\f0ac"}.fa-wrench:before{content:"\f0ad"}.fa-tasks:before{content:"\f0ae"}.fa-filter:before{content:"\f0b0"}.fa-briefcase:before{content:"\f0b1"}.fa-arrows-alt:before{content:"\f0b2"}.fa-group:before,.fa-users:before{content:"\f0c0"}.fa-chain:before,.fa-link:before{content:"\f0c1"}.fa-cloud:before{content:"\f0c2"}.fa-flask:before{content:"\f0c3"}.fa-cut:before,.fa-scissors:before{content:"\f0c4"}.fa-copy:before,.fa-files-o:before{content:"\f0c5"}.fa-paperclip:before{content:"\f0c6"}.fa-save:before,.fa-floppy-o:before{content:"\f0c7"}.fa-square:before{content:"\f0c8"}.fa-navicon:before,.fa-reorder:before,.fa-bars:before{content:"\f0c9"}.fa-list-ul:before{content:"\f0ca"}.fa-list-ol:before{content:"\f0cb"}.fa-strikethrough:before{content:"\f0cc"}.fa-underline:before{content:"\f0cd"}.fa-table:before{content:"\f0ce"}.fa-magic:before{content:"\f0d0"}.fa-truck:before{content:"\f0d1"}.fa-pinterest:before{content:"\f0d2"}.fa-pinterest-square:before{content:"\f0d3"}.fa-google-plus-square:before{content:"\f0d4"}.fa-google-plus:before{content:"\f0d5"}.fa-money:before{content:"\f0d6"}.fa-caret-down:before{content:"\f0d7"}.fa-caret-up:before{content:"\f0d8"}.fa-caret-left:before{content:"\f0d9"}.fa-caret-right:before{content:"\f0da"}.fa-columns:before{content:"\f0db"}.fa-unsorted:before,.fa-sort:before{content:"\f0dc"}.fa-sort-down:before,.fa-sort-desc:before{content:"\f0dd"}.fa-sort-up:before,.fa-sort-asc:before{content:"\f0de"}.fa-envelope:before{content:"\f0e0"}.fa-linkedin:before{content:"\f0e1"}.fa-rotate-left:before,.fa-undo:before{content:"\f0e2"}.fa-legal:before,.fa-gavel:before{content:"\f0e3"}.fa-dashboard:before,.fa-tachometer:before{content:"\f0e4"}.fa-comment-o:before{content:"\f0e5"}.fa-comments-o:before{content:"\f0e6"}.fa-flash:before,.fa-bolt:before{content:"\f0e7"}.fa-sitemap:before{content:"\f0e8"}.fa-umbrella:before{content:"\f0e9"}.fa-paste:before,.fa-clipboard:before{content:"\f0ea"}.fa-lightbulb-o:before{content:"\f0eb"}.fa-exchange:before{content:"\f0ec"}.fa-cloud-download:before{content:"\f0ed"}.fa-cloud-upload:before{content:"\f0ee"}.fa-user-md:before{content:"\f0f0"}.fa-stethoscope:before{content:"\f0f1"}.fa-suitcase:before{content:"\f0f2"}.fa-bell-o:before{content:"\f0a2"}.fa-coffee:before{content:"\f0f4"}.fa-cutlery:before{content:"\f0f5"}.fa-file-text-o:before{content:"\f0f6"}.fa-building-o:before{content:"\f0f7"}.fa-hospital-o:before{content:"\f0f8"}.fa-ambulance:before{content:"\f0f9"}.fa-medkit:before{content:"\f0fa"}.fa-fighter-jet:before{content:"\f0fb"}.fa-beer:before{content:"\f0fc"}.fa-h-square:before{content:"\f0fd"}.fa-plus-square:before{content:"\f0fe"}.fa-angle-double-left:before{content:"\f100"}.fa-angle-double-right:before{content:"\f101"}.fa-angle-double-up:before{content:"\f102"}.fa-angle-double-down:before{content:"\f103"}.fa-angle-left:before{content:"\f104"}.fa-angle-right:before{content:"\f105"}.fa-angle-up:before{content:"\f106"}.fa-angle-down:before{content:"\f107"}.fa-desktop:before{content:"\f108"}.fa-laptop:before{content:"\f109"}.fa-tablet:before{content:"\f10a"}.fa-mobile-phone:before,.fa-mobile:before{content:"\f10b"}.fa-circle-o:before{content:"\f10c"}.fa-quote-left:before{content:"\f10d"}.fa-quote-right:before{content:"\f10e"}.fa-spinner:before{content:"\f110"}.fa-circle:before{content:"\f111"}.fa-mail-reply:before,.fa-reply:before{content:"\f112"}.fa-github-alt:before{content:"\f113"}.fa-folder-o:before{content:"\f114"}.fa-folder-open-o:before{content:"\f115"}.fa-smile-o:before{content:"\f118"}.fa-frown-o:before{content:"\f119"}.fa-meh-o:before{content:"\f11a"}.fa-gamepad:before{content:"\f11b"}.fa-keyboard-o:before{content:"\f11c"}.fa-flag-o:before{content:"\f11d"}.fa-flag-checkered:before{content:"\f11e"}.fa-terminal:before{content:"\f120"}.fa-code:before{content:"\f121"}.fa-mail-reply-all:before,.fa-reply-all:before{content:"\f122"}.fa-star-half-empty:before,.fa-star-half-full:before,.fa-star-half-o:before{content:"\f123"}.fa-location-arrow:before{content:"\f124"}.fa-crop:before{content:"\f125"}.fa-code-fork:before{content:"\f126"}.fa-unlink:before,.fa-chain-broken:before{content:"\f127"}.fa-question:before{content:"\f128"}.fa-info:before{content:"\f129"}.fa-exclamation:before{content:"\f12a"}.fa-superscript:before{content:"\f12b"}.fa-subscript:before{content:"\f12c"}.fa-eraser:before{content:"\f12d"}.fa-puzzle-piece:before{content:"\f12e"}.fa-microphone:before{content:"\f130"}.fa-microphone-slash:before{content:"\f131"}.fa-shield:before{content:"\f132"}.fa-calendar-o:before{content:"\f133"}.fa-fire-extinguisher:before{content:"\f134"}.fa-rocket:before{content:"\f135"}.fa-maxcdn:before{content:"\f136"}.fa-chevron-circle-left:before{content:"\f137"}.fa-chevron-circle-right:before{content:"\f138"}.fa-chevron-circle-up:before{content:"\f139"}.fa-chevron-circle-down:before{content:"\f13a"}.fa-html5:before{content:"\f13b"}.fa-css3:before{content:"\f13c"}.fa-anchor:before{content:"\f13d"}.fa-unlock-alt:before{content:"\f13e"}.fa-bullseye:before{content:"\f140"}.fa-ellipsis-h:before{content:"\f141"}.fa-ellipsis-v:before{content:"\f142"}.fa-rss-square:before{content:"\f143"}.fa-play-circle:before{content:"\f144"}.fa-ticket:before{content:"\f145"}.fa-minus-square:before{content:"\f146"}.fa-minus-square-o:before{content:"\f147"}.fa-level-up:before{content:"\f148"}.fa-level-down:before{content:"\f149"}.fa-check-square:before{content:"\f14a"}.fa-pencil-square:before{content:"\f14b"}.fa-external-link-square:before{content:"\f14c"}.fa-share-square:before{content:"\f14d"}.fa-compass:before{content:"\f14e"}.fa-toggle-down:before,.fa-caret-square-o-down:before{content:"\f150"}.fa-toggle-up:before,.fa-caret-square-o-up:before{content:"\f151"}.fa-toggle-right:before,.fa-caret-square-o-right:before{content:"\f152"}.fa-euro:before,.fa-eur:before{content:"\f153"}.fa-gbp:before{content:"\f154"}.fa-dollar:before,.fa-usd:before{content:"\f155"}.fa-rupee:before,.fa-inr:before{content:"\f156"}.fa-cny:before,.fa-rmb:before,.fa-yen:before,.fa-jpy:before{content:"\f157"}.fa-ruble:before,.fa-rouble:before,.fa-rub:before{content:"\f158"}.fa-won:before,.fa-krw:before{content:"\f159"}.fa-bitcoin:before,.fa-btc:before{content:"\f15a"}.fa-file:before{content:"\f15b"}.fa-file-text:before{content:"\f15c"}.fa-sort-alpha-asc:before{content:"\f15d"}.fa-sort-alpha-desc:before{content:"\f15e"}.fa-sort-amount-asc:before{content:"\f160"}.fa-sort-amount-desc:before{content:"\f161"}.fa-sort-numeric-asc:before{content:"\f162"}.fa-sort-numeric-desc:before{content:"\f163"}.fa-thumbs-up:before{content:"\f164"}.fa-thumbs-down:before{content:"\f165"}.fa-youtube-square:before{content:"\f166"}.fa-youtube:before{content:"\f167"}.fa-xing:before{content:"\f168"}.fa-xing-square:before{content:"\f169"}.fa-youtube-play:before{content:"\f16a"}.fa-dropbox:before{content:"\f16b"}.fa-stack-overflow:before{content:"\f16c"}.fa-instagram:before{content:"\f16d"}.fa-flickr:before{content:"\f16e"}.fa-adn:before{content:"\f170"}.fa-bitbucket:before{content:"\f171"}.fa-bitbucket-square:before{content:"\f172"}.fa-tumblr:before{content:"\f173"}.fa-tumblr-square:before{content:"\f174"}.fa-long-arrow-down:before{content:"\f175"}.fa-long-arrow-up:before{content:"\f176"}.fa-long-arrow-left:before{content:"\f177"}.fa-long-arrow-right:before{content:"\f178"}.fa-apple:before{content:"\f179"}.fa-windows:before{content:"\f17a"}.fa-android:before{content:"\f17b"}.fa-linux:before{content:"\f17c"}.fa-dribbble:before{content:"\f17d"}.fa-skype:before{content:"\f17e"}.fa-foursquare:before{content:"\f180"}.fa-trello:before{content:"\f181"}.fa-female:before{content:"\f182"}.fa-male:before{content:"\f183"}.fa-gittip:before{content:"\f184"}.fa-sun-o:before{content:"\f185"}.fa-moon-o:before{content:"\f186"}.fa-archive:before{content:"\f187"}.fa-bug:before{content:"\f188"}.fa-vk:before{content:"\f189"}.fa-weibo:before{content:"\f18a"}.fa-renren:before{content:"\f18b"}.fa-pagelines:before{content:"\f18c"}.fa-stack-exchange:before{content:"\f18d"}.fa-arrow-circle-o-right:before{content:"\f18e"}.fa-arrow-circle-o-left:before{content:"\f190"}.fa-toggle-left:before,.fa-caret-square-o-left:before{content:"\f191"}.fa-dot-circle-o:before{content:"\f192"}.fa-wheelchair:before{content:"\f193"}.fa-vimeo-square:before{content:"\f194"}.fa-turkish-lira:before,.fa-try:before{content:"\f195"}.fa-plus-square-o:before{content:"\f196"}.fa-space-shuttle:before{content:"\f197"}.fa-slack:before{content:"\f198"}.fa-envelope-square:before{content:"\f199"}.fa-wordpress:before{content:"\f19a"}.fa-openid:before{content:"\f19b"}.fa-institution:before,.fa-bank:before,.fa-university:before{content:"\f19c"}.fa-mortar-board:before,.fa-graduation-cap:before{content:"\f19d"}.fa-yahoo:before{content:"\f19e"}.fa-google:before{content:"\f1a0"}.fa-reddit:before{content:"\f1a1"}.fa-reddit-square:before{content:"\f1a2"}.fa-stumbleupon-circle:before{content:"\f1a3"}.fa-stumbleupon:before{content:"\f1a4"}.fa-delicious:before{content:"\f1a5"}.fa-digg:before{content:"\f1a6"}.fa-pied-piper-square:before,.fa-pied-piper:before{content:"\f1a7"}.fa-pied-piper-alt:before{content:"\f1a8"}.fa-drupal:before{content:"\f1a9"}.fa-joomla:before{content:"\f1aa"}.fa-language:before{content:"\f1ab"}.fa-fax:before{content:"\f1ac"}.fa-building:before{content:"\f1ad"}.fa-child:before{content:"\f1ae"}.fa-paw:before{content:"\f1b0"}.fa-spoon:before{content:"\f1b1"}.fa-cube:before{content:"\f1b2"}.fa-cubes:before{content:"\f1b3"}.fa-behance:before{content:"\f1b4"}.fa-behance-square:before{content:"\f1b5"}.fa-steam:before{content:"\f1b6"}.fa-steam-square:before{content:"\f1b7"}.fa-recycle:before{content:"\f1b8"}.fa-automobile:before,.fa-car:before{content:"\f1b9"}.fa-cab:before,.fa-taxi:before{content:"\f1ba"}.fa-tree:before{content:"\f1bb"}.fa-spotify:before{content:"\f1bc"}.fa-deviantart:before{content:"\f1bd"}.fa-soundcloud:before{content:"\f1be"}.fa-database:before{content:"\f1c0"}.fa-file-pdf-o:before{content:"\f1c1"}.fa-file-word-o:before{content:"\f1c2"}.fa-file-excel-o:before{content:"\f1c3"}.fa-file-powerpoint-o:before{content:"\f1c4"}.fa-file-photo-o:before,.fa-file-picture-o:before,.fa-file-image-o:before{content:"\f1c5"}.fa-file-zip-o:before,.fa-file-archive-o:before{content:"\f1c6"}.fa-file-sound-o:before,.fa-file-audio-o:before{content:"\f1c7"}.fa-file-movie-o:before,.fa-file-video-o:before{content:"\f1c8"}.fa-file-code-o:before{content:"\f1c9"}.fa-vine:before{content:"\f1ca"}.fa-codepen:before{content:"\f1cb"}.fa-jsfiddle:before{content:"\f1cc"}.fa-life-bouy:before,.fa-life-saver:before,.fa-support:before,.fa-life-ring:before{content:"\f1cd"}.fa-circle-o-notch:before{content:"\f1ce"}.fa-ra:before,.fa-rebel:before{content:"\f1d0"}.fa-ge:before,.fa-empire:before{content:"\f1d1"}.fa-git-square:before{content:"\f1d2"}.fa-git:before{content:"\f1d3"}.fa-hacker-news:before{content:"\f1d4"}.fa-tencent-weibo:before{content:"\f1d5"}.fa-qq:before{content:"\f1d6"}.fa-wechat:before,.fa-weixin:before{content:"\f1d7"}.fa-send:before,.fa-paper-plane:before{content:"\f1d8"}.fa-send-o:before,.fa-paper-plane-o:before{content:"\f1d9"}.fa-history:before{content:"\f1da"}.fa-circle-thin:before{content:"\f1db"}.fa-header:before{content:"\f1dc"}.fa-paragraph:before{content:"\f1dd"}.fa-sliders:before{content:"\f1de"}.fa-share-alt:before{content:"\f1e0"}.fa-share-alt-square:before{content:"\f1e1"}.fa-bomb:before{content:"\f1e2"} \ No newline at end of file diff --git a/public/fonts/FontAwesome.otf b/public/fonts/FontAwesome.otf new file mode 100644 index 0000000000000000000000000000000000000000..3461e3fce6a37f2321ecbe64707f04c0a4f05424 GIT binary patch literal 75188 zcmd42cYG5^*C@QQyeoNEmI+v3OJ1!hp?BN#Bql&0F(rUQ=*C61jEjsU_uhM#yN!)a zZ=nSOfy5~U0x2Yzbn+xmdPp$|WF(Ia_sq&BJV=l2St!J@u6Ld}hLIigG(oNmSNVYp2bu*`8&mCT(g%JrKs|W6VjPjD7@?@<57`EsF_Gij(~7S;$jX z2uy5njLz_R|~-giuu0_{g+f+ve88OQ{Hz6>Y}qGm4HH8LdoEP_Ir~wHA13xKq37E z1Q7#%ImkKEQfdVC%s|@tAvjG9rGf|G%tLS)wVE;wz~z*JdUGJ{Lb24ffiy>{sLuw{ zN=i%p4&x(nc7ggcB(4K#2{l|&I*@jvl#*QoX(=^T^1?vc`5_#d8Y8(m0B0V8%cxE# z$pBnVc{p_qq+KX?r%B0{5Tf&5n`|=c zVocso$A%h=aRy_sSr<0ddtr36w}@);HtI||V*&u5GQ^q}ChAOv7#*33dEO5J<`I%J z*XfL=NJFf*@6;JnrxS?Jv(dU>lMZNv>x|xJgST0)^ZvUTCS9nR;D;OFCALM<4|cS0 zYNX*m0;fd-nOKu<8nuWrP;pc;Wuzjh2ue?xfq7<9)2SJhFQgVyVemeL(m{GHV42{( zj*5ZUn|hjxr9$DY5z3R_VDViTHB~GZO+`ceH&s%?2xUzWj8p>r63nNdWGs|hNF|Ez z3_x2)t$`3h#RG+4z;(3FM9l*V{~4dWakP0RwGPS}p_WLIvN!Z%D)eP4^k@*r2UcJ- zU?=@*H?{x2(58Ba^p5QH?|rs+TW>_~_TISOtlp~Lj^1Ov-M!a( zzv}J1P2C=H+Z$+4xIO*0|LtdQZ@V3LJL`7U?T*{WZg=0lcKa(r`~KGyb$|2y)%O?P zpZ?_!U)FuOW{B$$#SnIg%Mkex*jk1-50MUW8X_4&x!rfW>vqTOPq#nZZoBom{jU7N z?Kihy-F|Vq<@U4NPi{ZD{owY!+jnl?x_#sJZ|;=H59|LA1MdHSc=vyM#lTJ^gTau`vLeC!n{ysFfXP_Uc`a;;df9b8Q`%5CI-q;j?f_Z z08@+f2t13LIfyd|dpIWbJ7SE2M+X6Y`2Iv zkp55o6=8%9;E*zdF@cM1gm+?lAU^<05&JWMOK=9?GfrY#nxQ=#37!98@E7s2C_kX( zC)VL8>pEDTzy|wG(u4WIx(CZZyip8U549cAFn<07M;srB30*Ni03+$ax};f-cVgcG z?mU=>^dM|7CT$V}dFOaPnef&?TC8tyti(D1AN0WcgLMzq`5)sfN=5Jn`%Q2L%ZV|e zl|>C1nDg+#cYyEwFueh|8;M1@qnrlv{tx2;EpI}L@Bj%;S(HBnvCo4r5Z3J3VAh|L z<;C|91Fq}f+8ik7{a@>YGGgBWt|0H6vm9+D_>zG%!GU*vgSez_v3`gN?0**q@gSZe z&4DsfsLMf%#B&~$%c2BmvjBC70pNldvK)OGz|)9*7$^_8{)72JI)izrZzX|2bz&g6 z5X63xu^GT)2Fno{M$)8hgZ%>hi3CQMO{9n`r5)Xz4^*h=``X=^^&>Ji>7z6GQLVJL| z_aKddx*yOSg#T~iaf59p@jw_#VuBCxViH3?=0bWXsoR0$7|#Km$Kk!l!}JNx|I;6t zQ24u_Le9kh{ZB$TOd^pe9yTF>YR?YaZFd!x{0fp_1!PlmxoWQIAlbaCRI;O$No?ms&tQPAvhI zcLfzlZKi@i0oH?3y#tirbSj%Fr|PH{s)IU29j9KRy5UrMnfj3Wg8G5#rT(J&;SlaD zkxPb1R1%Fukc^g0koZa-mn@S6N`fTOk~m4Kq)<{PX_a(J4ogl*PD{>7UX{Elxh%OM z`M2a}$#0TBB}j75iFF$8q;VSOd9(^983P8*!UoeWONP6bYtPEAf-PDhGoA5e9%B|W&ob+o%}g+} zor!0%nS7>*zlX3A#CmdZBB z^s;1GuB<{3O7?^7SJ@vjyIdjH$RCx@kk69Omp?9FB3~hY zP97?ck{jen@yA4hRgPR6M?4L6qa z zy9%44-&Nu&cXe|e?y7dxx<2YU+11B&w(ES?CtMe~E_DrXUFEvYb))N6*AUlm*X^#c zu141c*A&+b*BsXZ*AmwX*BaM)*Jjt9uAQ!XT@Sh*bv@yF+V!04E3U7*zUBHsM0Bvp z6ccZX3^nP3jiGv7Y=SP@5T^rEoY8DD2OCKU(#6D?ljFg15*`^HW7Y>n2OA@FW<5zo zn#_hMqb|mfpi40rVuB)L#mEqEHiUXs4$|w0y-7?aMuwU7@FF5MC|VazP#^`i7&DX<)1tk} zk=!0{GDn6dlQu`jh5?RPWFRTxg$IY~$cO|bM26`MaZp`6>27Q&40mu`5NR3E4I_kr z1lY79%_e=YQ3vxC8byX4tX^?JA;FeMmyr6BCv*unaJ31gP1Ud z8g*c=(i>nNNwWv07Ros0I3ySbQJn2yqtTG)7+Nvq7)~)6ALn>UCRQ8;!U(_=ktw>M z@c8KHfut!WI67LF6dD~I6a1hh5s~3$Fye)WM?yoAflXkLNgNt&FzH}OVk2WC#FoNv z#p*(Xqjj-iP#aj~3^AdGm>8J6nBa(5-GkAIj~g5t(j24CoT$^m+!*5G2&GV1MB%_g zI-{e8fi$Ugpp^+aBbWk%2OF(77$Z}N-7gw=G$<72*lbRW1eP<3ts;CvSXIn8*fa?0 zG#a9G$*{^y15GrU_3<$wrl9yZaj7{nqMEMi#cu~7sM_|IsF(ntoqpS$k<48aWzyeH0I4A^|4`iyr2#gaSZHP93;}hy z_|kz4)q@a=j}Cz)409Qw6Gu+0m+TIXoP+Vm#uOA22Bpk;1FV5Kohd#N8gJ4OZgJEY z92M4KLFx*{R0vo_m3`OVNl># zoN#lDA%yIqjz#9+RFPkH!~^q*t#PD8iqNmvSYWlm9W;7y*+TCh7EEN29uiI@t4o4* zi2HJ=fy|0Y+_z0JP>${VqCg%1PX*1KJ@+A5ZUU||!jg-OGn?W= z9EqTrbA00BQ&Py-MCxD;BMBX%6a1YbYJo`~sf!L96zz`s$#xI~k`8zwKGLMu!9EiT z3l1(EL&IRvJ2pabX^P9@VSroTK7zY941^LXFt&2BCgutEv>&3VoZp`9CqKt_l=1{Vr z9xN(RB7~3`2KgHTa>Zxn+y}6M`!5iQM1T;i2N2TwL8vJ8{*fVXgM55^A^0W3HWeSD z6FV}HPJ&q@;b9oayWr$7n19eAf!AQH2Bb)2EMy~$!7<^W)J1_#6&pTd_Kc87mPcQP11(l~fAE6f1f>c9p^hIRIw1W-IdJrf%cK%EPya{+ZO zpw0!EFOSVFUBT2u8z$zTeZ24*L-k2%VmWX>=zGf3to8zXy8wnY{q zYm)7j9gzJ?_MPmOtXFndW)n>ff_%Jun%q}D7mN*0%Gb-c%6G^Uqs7#NV;?jm*JT!y*~ckyx==`z-3xy!RI8(g-6p&#U8~0 z#W}@0aNz$&@r$At4*Pv@)R(y`T!*@ja2@YD6At)K!2y309PN#+X|7qWd9FopptrcT zxbAY@=X%)nnCnZfmt3#8e&Tx5^()u!T>o^%N@wLzrA9eMIZ^4OoTv0xE>=FRT&dio z)GOnaY06w>iLz2zt87>9Q65vCQNF6YqjLx(`o+3HtDMCLFgiZqS^nw)69*WaefT2nCrH8J29+gL^zW`P$lw>KXxEN7rc%`Ct`NVIM80kB!xH-P=yD z)8Zax-L`G(1RRL8JeQoFp3E`RSWY&T=TxX06}9sXY&*Y{7i<>$Db+YuTPm|Jz`x*M z>h$RJAD#@MLF~WGlurXZ!z_p(*eV$j=mt zic5-$)hREIwIpgYQ?rwEljVuUSe2fp#@@0tq)Klu*48G~r8K0w&34$+O-WWb*;5K zmyc}VYET<;VqP^A0a?Au?;M#b5xIO%B-YPzJ zp3bkf6xM1iwa57j7eZLh!rlu^0KO`Oz_d1}r3CWN^C-}H;D=)tv0OFV-!q1_^*qXQ zt+QfW2k{$ELD*Jd&_T1mu9Kb}K#SY+u7^ybYe@ku!Xj<;{Jmpn-u3!^h*)X9x04H;T1h5z!i7ttko zCHZ;k9gU{_O^sDGjaut-D2r1Oz9%d~Izd>3bcC?T(fz=n*j;9IcQ!g!fi}RwM^~R@ zxh7s~53~lF*`25~n{@O|zpc{Cq8q4D^!AGOUJYu7)o#!IK+xp+QSYOyn(hJ#k% zC{1ikd3mfb7d?XJZ9q?JF27Y>_lEH0vp;R?-LW@sf5Cymmg45d$~O5ewsL1iLsnzh znV=JqU&^^s6ezU@_VxI)eXrVk&_cdH$hMV!W&OmHi#2xNGrZkbw)o`4S2k#ELH*lk zbLR_uXP02jv}WC8IgLHC)E;S%RCBT&EH@7%L)Jt#lb;A<9(^yiG+L9ER+OJE1f>{4 zwyM4QkZkL|kTWUT{HErjX3fF<4IQ0=b%k|-b%lKaozS^I>!7B&xxBhbIMcfC)JtkF z+C}z~;Z#towmLnnB2A-g<2P)e^YaUHa@Dz&Io0`ED{tq~vpn!%xHX)vuCBDysyX}` ze*HBh$8!bzxD1a3!68E)Y&uLYWC4s{e-6K<;Uf5i7M`OsGxJhY&@7hgDD{$2QchLG zV+JuxSo{_K3e9Cpd3)d_-WrG=;~|H>LSF%EqdCC;ukliDco@q)$JzsDu?JZJjlp9` zso5-IF!Ll&kO{1m5;_*d5h1i9%LIR%K3Q7^XcM3YrR93gkI^j^(|iK{?0?8PHaN6YweEq^qi1 zJa)gul<)yr>?FJUEtw;Aiao@8VM=z2&*YJkSIvPAr}3Oa40GdItHtiVp5?+y@!Eii>{SLG zMJezc6*yq`#VmIbto8OD)deEn_1GWzV?C1d5cwa21ugTrzUUh*_Y`Y$$30K6+&jE& z-hLi9XdfghST2jb*OLfU>k*VhdM>k}C9hS(Enc%`F$YqY^P;o3@D+HtKV~)CW2zf> z2yb8+_PUJcYj8MDz>nwxgrv;Ogm`s-ip<=Q(4MI+sH-ok*VH#uRM)}g@B?cHuJJ%p zcEbjb8z98&yazDT4c_y@hCdw~#nBB7H7%`bZu6dysH|1cmqB| zV|P3s)iY=ss;FzRv{W~ER@7A1l-I~BnDV@eyz0EJU=P@Ut7uflaNjJt4!f|K9S8G? z+@Io!*zqp%x;1M!NRes5oFY^<%Ts`adC zpvzO4?2?QOwS6&2KgJp<{9*f;)@SJgXXsOZ2$rke5lGUr1z<|lHjQil? z#Sb`D$5pzmdS_Fs#(IZot4mML7ZL*K>RDvQus*U(b26Inu8 zkILQIT?x%{PSuvylmblaKcC;jr!=Ltp#Yx4!?AKQ9vUr-vd^Xs3?4FW93BFT8Z88! z36@_sGlln}{Xyw#s4FY46{;)CDm6v2tek>^-0a*;PdjbjL(i~&A>-zOaKOH;JV%te zb=yvN6K#Qr1T9w@%5wdI;lR7u&{Xs@h$u9N#_!4Ofv8z!ACDGV#ef&mTm>kV-G8vk zJ*l1MI<2YBP>`I&$@Z>#y5VUJmf(o>u#`rki1i3=cu~YFXr#bZL(QBj=GT}B6X55- zgag0+dVuC;vlliz2_1X^C&Tjs2ZC<~?`6xH#8;3VsefbtM%X*@i}F0V6&E(V{q}_m zZv#`i%a#H^xJ;gmUEud;;)oi?q+eAq@+n4o!f)DN71lwL7u^*B)WpnmFXa z|Gl<2*=pcoG6C8nZ1-vOG)Rk+cm0`jXbg=CnR9py?LQKoVz`>xT1&OX(@IXqNSij%Ro&t8ev`R=44NUJZ7N_Dl`Tb z4g<|u!E?b{V`5@LvhmI|kNU=jrp9`C$8JuwHZbg&$y+X8zj5Zx4?cg-cdpj{7xyTu zEUqc4$*;+4%xlhR!U9V2!27w)c>bbQ%NM65r=(RG<)x*iB_Mh9?K!)5Yq`dZ_R_{i zPp+QSO4j6()fYcF!hdja^%9soH{SXb60RZsb>uDeqMzhozlS|oh8M##2DW?-#tT*= zx{FTYllU&D`V!6?M0vH6aYUndSdbtDGWnJKeirND)Buu$`(X9OC0usf&cb$0`_9U` zHUYMOGlxp?7PJK|g)vxyM#HlNEx{1uC0q-ugo-SjMSH5EYGp`)Jh)&>QK=fFtV#6_ z&pqq^n$VD9Nv=Dc3fpyGQUu1z`cK?d=fpZhtR%mkFr~UO+xuxb*Fj>c}QeCY}qql(e)IuAOB>Mu%3D zhm(N{f0e`cf%$VlWJ@__G1~+)NVm1s?cS}1xU2=FGVr7)Y$`v&;iR=CJ-JNaa&wCE z^I=D8ZGm~{W;kQEDH%9?93Bf}SqtO1l+^)i4AcXS!9mCaKaE1L3#avR?gkNv+@Uep zGQjSH-vHeLjRK*{aCXobI4i7v4%}BL3VyvQaCV_`DXN45j~A+mqV`CrgOsH3zEj}` zl7A8FjTF3sDyeSCI>~y;M#*N$R>?L=h$KOhBzal#yOWbsyVD`3Po-0&I_YldtIl%g z)y`GUztU6b)%3^A2-zyxr}AKMyC`%S?~?0s&gCAvk=@A+8INpxB=(UTLj#5lA9mM0RrTa>kKqf4hYYV6-ZA{ja6Dqli0vcJdCc`l z_NefrJuj-uHIp z_ag5-Bk7SbBd?8`JgRzB$EXvdxzVqT2_JLe(TK6hDdQne>}%&PT|}sb7SXr&V6^@?0L85$Ikz4LBeCnk3apyM*md{H!eK3@ZOUFPv$@M z`O?6p|`6^)U^1oJ;tz5tI=SWf&zn@w=LQBeek&8^x!KY<3rYj{2rPcrU^5J_3O6i3Uo(wU+Qk_ z?uWaEPYe$V*N5*2KO3Qq*bs3%;#|bL5&zaF>a+E~MV^VYZEx7#w7q5fPf@d@)zBK2UJENyPuv9$Z?JJR>1f1mMaMttUy z%vZCrvLDIbl`|rDd>)gxIM0%IG4F2v)cnN!iu?lw`oc-Y5v9kfL(3p?(2J)J??u>?_IvPZtsu#zSw{EfZsvg!5fFx93FYN_Q>)V+>dQI z_U-Yk<|)<*&W> z`s6ocZz|t9`_>!Zr0qi+^oOZc(eIt>&=}vJ8pJ%D82e_D7_J=EEd>ru2@r4 zcqf{QAY4A$@tOXzX8>~2UtZ9$Qtyd(;wdz`BqJxYGd#W|1I#Hak1j~iuk;MSPWqJ{ z3oh$D(M~)SFsH86CoDL+((@{II=b?+gv&?a1)4(ROK21eGyrSLW&LLzM=yI`MNUUA zCw#W@sHd_Fj@q_UAeimGR-z)}z*tDyeL*GO!%tzYkgOGLBUX4Xo69TvGeHmQk=g>$ zVb!kWwsWjZ{5ojau39(DR^6AYjL`AcUv0 zLt*N?Rm2>bol{bjqwVj(7CJP;5FV_)x9Kh3wm}AH*|h!0TfEY{6f8g>@1;4Q$j;=C z@PhI~ww*m>0Xv6(0&BC#I!vAMyAweLaDsEbGZL^|zWk#fAOBNR22OZ?{`kq2j|3zj zIU0kUL0@p%-QKyYqf6dzk@dacJZmnNKC@nn)uXU_B=#IB-?nbjv?ZDnri58C>4(!` zCiT3F)$o5uKI6kRzad7w5O(b){PFxCBiNIUsY*aw_h-myPPo^D+*oBO-{+3qRll(X zyz&M#w9i#_AgaMsskN8%;CSmMdS_0`F03Ys+g8@l%Vo4o-;y~Da+ zb=^MK?us_qm3UK+buNAjU9ir38?CkuMXT*Yt@BpUXvd}h3C+&E|7OWlq7f>Tunzr> z&uXLb2rS_B@Qgr0G+NFgY9jIxZ1))CgQ#E7ECKiQJ(9pH(S(0NKaf9bbq`p__gVTa zXW4s}9QG_|XqvqW>gR!J|q1 zy}&`!_WLZHJAmj@?0=V^IqwEZG!$(gEPoC;p2zuz3F33)LFXP2 z6!Z8Tkamz23*mE)3J7t+{Y5a$$m0H0p9M{1$ti|$Tnk_`Hp|4@0R$;#2djl!0ytxv zWj>&y9h%AK!&-T;e8kfB9>;ZpwFfWIlq3*HaUJCj|Ic1 z85gS2WZnu|D*~-m+YgMRg7XVGMnFbJj^9Ukt+JyODZtn(MV4Etw)7^@5d*;>3x<3g zc!@_n(LC@%v1wTQmq&FjDHw@0c@%cm!r<9%&pGT z9^3lD)+3uzV=`j0qwq?DM_N&4GTajwWpF#tTBJn*adnYR+gqbNBR7W!MQ)K7JYwKaYx&9M!0>Za`1YU=eg+-dlTTiLVOUp~jwf5`QSo?K*EL~huT&%X6 z!A`WAM;5!g70gA*WId~@Z!GS}sK*BMjE8k{1dE@S;Ucsx_~_EoV7+I5sQp$(R&hdo zhUeQ0tMY3LYfC&WCAAebRkmf;8y>c0_8W9TbxmG>ax&@RE5+`)*l}sZz_*GSf7;h)GLpXekpa zWnHKTJ;9@u=t;f{_t1qhTd6%lbu#N@+6!8{U*CRucXr&aI1T;*5Snoyom`fY4!kyx zNzQ0$D-)VgAQZo7!Ip7qA9-(RN)GG5Snr@u#py zb!MAec4)B08pwbd&N2fG?qI`1Gg&L#e|VsoycI4)cD7aR%kJ`2qDT3@JJvf#S#$>m z{m%dG9`Z-PvGz>nNwGg{<5g7+MU6RixCixkfUUbCSCgAtl%FTy>-ajIpI4ZhqkfEq z3lV&$nn!m~pscZ>wxLSEe^@&v^RUcofk`LBpaEx1Mi5Ga5~brEWN0+R7< zumN|#!M`)JBe7m(o zh)@Y+E zW?FVmdV!Dnu%GLhH$f<6S4@X!4I}?hoiG4OH;RMxUPr(&!N2CAdu+13M6MhyB@I3R};e z(IDiVM>&3SplzxGFt9ie{?~x(*zMlWCgxT){?LgQH0;Q;j z>^Fh3ORRPeP@e>vdK3y|Pzm0OwnF7jR8^rr} za^G;GbN8vU;(fz&Y!H477S;?+bZk|VL3juBDz{f53&S&IZ2%rB?8t~sH>Jvx(lb*` zYPkLIV;kx!s_V5kkQU9q4*FK?H`p63*T9TE^7>^&3;UZpn~tf;jva`4>Y%OA`gYc) zRavLmA3?v{pNHoW{JVV`mb8yNIbPeo5v|xxW6A#C<{?fKC0>eHd+OML`FxaY(wudV z1qn+V=%lx^ufC^7ucKE{EBXnZS8*$TeOY!u(hBX;O#0KHIo*>qhh%#8kPLCZeSswV z1+?OD`+550Z|!%HM6JA+S!%OL*Ro3ceb6D?AqCc!Q>x!r{yOEDwlX)TELWqCHADzc zAbAINg-71;ggRos;b^U;tg=@7)A7r{{0_Z>vNOQzeRpP8vi!G27s1e|RAc38EE~T_Yf3g|#-+>6nW;$z_4Dit;zf!UK|v^wg4Bf8 zB^-bb;-knFh{ZOicBKnVxh)0Fx%<-grR+(P!^z6^7rYj4Q{!zDA%?7WN0K4Mkd~I4 zT9BSAH>Ibg#;W~T3%R7xg8Ji%fFQa=_EOk8_Oc^jn^J+nZw$}$xjQ=&u%oyS!0uV@ z4O3Z%f$ls^25NMz3ee#`&+0zhk?3~^V^=?LybX-I^dKc-@d5(aof)P8tFMg^CK(T? z#tz8LFfU>QXNK7kz#-8O>iQrV8>mKuY0$K;96WU8AR2n`=eK`8cnF@KuKaX`{2jdV z^G}eyGUCc`YgDN<(yCV{z&(+8!Mq(Vm^<1_cWJJaslwQ-?9!}Fe1oO5Uh`8hTVE%d zJA>H<3mVBMw(z^!OWQSQ=)jvRf5*eJs6k|YScFsO&e9IBlLqsh0|iJ)fD8?GBz}T7 zBFgFrJ}SC2dJ{j4k{&u(dQfvEf_JoGn1|ibj1rYKvedfW8u@pdBkkMOB4y=9a-`V^ zHx|QxVjsF%2etXbUqaWvBEYr!R=U&FL@c4{+s$UJeY<@-tv|BI^s45_;idSmzSF9-_Jk(0r7XELF+T}+-!phbWNk|b*W8=N1U}VpF;U3fRc5JekT+Ob zDjGF58-s@JIfAC16VTp1ZPU5@b30z}JZcQ?*sSRT#F~8$@FpElLyvm`hCG9aw11Y4lhR|T`S9u$~&jgP&yL}Rxw zOCEdfX``?nlpJ`I#|!t|W#Dw8g_Exg&YrSVR@)zlKx6yc3kmKJz{3e9vz;Abi|o^> zhGl(-AH9sHy^1HxOOldGk~HJTSCowx?63BZR$Y0!qW+3d-qc>*1ZD)6L?qXgS;{OH zb$jW~lAYQ$wRl{`C+g$9sCmytt#w^7-4X)LzYw7gUzZn`uf-z_bkUBI9Xr&OAnQle z!_P1@EENsYSjuWG>YYXKXg9Y_tKPmRy*~XwUdx8t`oFgRDSrYjehMx1hx?6StJwpt ziQ$p2WBeI>xL=R6?e<_yJ=#7c*0Xp4O-`XE^no=LeT-|-cf-1^uQsbp7cFSjwL4{Z z@2czeoi06~L4HV`izogl99~!Z%nCJJ^Nyd6lQwN?+!>@zw`Hh?b(D0LlBc_@yIb+- zuC@F`G-y6rxD3v8sd(IK91;;;RvjVOkKc1u)u5-)(=BM}H{axcqd{lU zyNChzwQ&3xjKP}IaD2Inyxv1g)u<7dBMK*Ihjnb-QnpotvvE#JAWlBeO?pK&cr~SB+Id(wIxx@72B@<7t#t%*V0!A~Tle>9fMkv8$q= z$_+@Ar_7?s8I`kopn6*aav$NvTmy+bzt8eHbEawE(Kun)S9mCz6?ZhKG!6`pL-8zH zAJ=3!qxt-vWj+&>ZqV-)5J30p&y?;3(<0!~NB5@h3(|Pmvb~(|qeof!rOHyY`Q^j% zj{SeN9@Dg<5fy1oLPL7tqGUC8k>Rb?L|IWUufSdL8#7sSqzD};K}WPDFIAqaIwPOIQ2U*kg=qp}twgXjTcDt$kirf+jmE^=yLeZ&V&~ z)6~6OR#Yq0le1<{S@G^)+2b!j?HS1l>G5Tr7TktA@^Kqf@8#U!g*{bUTD+5mdlsgx z<*zMz?1{OAIBi;HR!X8eu|B0aQ=70CRA=s}=4|R;Z9<=gNlx`XdlY#hu4AvZxuL$b zUEQA5n%1E0h{FKXYm`B(-Tez<_n8PrA2=UcAkzn#P_lY1J z2%goV+9G1~1IPxBUO`|)a0WlBK~j#~AgzIS4~Rj24kFAv!Tm4rQ5MaUS;yJO(GK4cC7KHMOVIdi?tOtTvV9i2 zyUOkh25pPof_;%M?t!B%4$S0bw?NYn6>=~b%dUV>j{=pv)XUZ_+X2=>|3RxDC`VFs zf4DbMQ2t`R{~l%HOxn8G_NgkrIKQAkYd>K>K^GK2Mw5|aX{;`(1%9`bS0<~62e={A_em3r9&C6%^p6L**l&zWG z^Lovd%W7f?fReXVuyfq&0Sh%K!6SJ>bUKX9Fn_DX>aOZy*Sz_mc39T#+OCFnZDV`) z`yKDe>np%ZtTh?c!~BVU*BkTG`p>oNKgZiq*F4lIKb;xU z5v7R=P1u$p%)^~v`|nymUp_2r!~EzeW5qIX(LDxO?iL(A-KBjBbVs%J)}%KW*qq?R zg(uVK6Kk)^l2ekFlY{@je|Y5Nq?P1Yax7)d77O|V{o!G;G?!U&ghv@y?gpFTgEF zMSWw7TJ)>|PX*+~Dn{X2e;#Gq3RNG$TDH1-G-RgMq-b(;ii>gub9SnEhZ+Zh%F^#W z8(+p9cr&OJ@io~(ZgpKj-GC!NW3{EJxG5T?bfJk~{3!qSQ{??3iqin62QoWa%$?cV zqFM|1`n0x?dv#FO9sM8|;vhQ)yT^e0s_dYCSzLj(3qA~RFqVJ zo7Zvv{CUT)dj7X@MX9!zRfi6hUWhsbR~t?qQHM5^Mn&~&`ZXT71+_S`p4bUHMMafv zI27e+ebWBqp{NU`hYoq#Ubnpt`xTrzEU$oEw7Q#lxUL6BEQ{#WiY?d@0w-@fJaCw3 zg=3lB{S{msXAIa02*9zBq^DgNWX3Y_}X$6ErwB!A=AQbiMVi>R@Z> zzUWr3zH7DwkLXronjTzM{bl;yX$M=iVB{rNNB-dKX#uaIKJY5CS|;-M+(A|S2W%zS ziA2oftT#ASFw&Q>O!W@izwr-fmu=%myeILuqaFTs{Ttt4JHTdRc?c^BaNl72Gsyso z;3RV0^aoh`(}A9ow8{FK%4oDC9@T&?;;5y4w^1Mz4?y3ty|All8ju5jHfZ7u9$O|6 ztr|`3>j1U7*30=i@F)hEsA4CZUhs$*9OjSx=3OL2gm;pY!kc91|rXf=R zhmEH(JOE53z!U8!0)~T=g!s|w3yG!ge3(e z2pYgzYQSftl>on+K{sU9q@<`*@`yVQsfOSYU}}omIszp?2VP}ur;$HzKWRTX(6Cgo z4RB#|?}57?sqp*nK4nn?POwh4PWqJnp3tra+NcW8iekaI2v=DH-xUO|g*}yp3kWb9 zS!{6Xm^^y*6Wg?#<6<|O)upnN>j?FEIQqa9#rehTZ$zRVM*MMts^}2XwdlLUH2A1M__Zl$mYddN3?i97W+GzK6O`S(EEkT9p=LKJ{#%xO86>;pG_85*;V_)MS1V*oOd zMG^-6fF`qeG_w&!fj<8jjyf+#qk-gT8IIZr_OHh_;wU*D4Y;G3^Ee7H9z#(Z0Rr?! z%TUyL1f|ZSC@8fO%&UDjty{q37tEdDf0Fb1|;<4ZWj6@J7 zzQ70|f0DQGU>;IXibhc=01WZOYFlfIfaUS%ZL&D_;e8%>92y5}@zF=g(l`fKZm=}0 z^Q`k|G;)rk2<>efp~A1j5vUk$47x#S-@NtavkL|0!)>`%UO)BeS_!smm`6dRwjrrC7nEi2ZasL%u+~Jbzajo(yNJS~! zrM5fcs@&;pwcdr_9K6ALpyYx1xtrbB-Paj zZB=@Adoja7fCpILCLbjXRMJQ^tPIewpxFYU5apm?g6|T#It945^!olQ0uLt}$fF`*XA$VjK z*bklIE1nN9VZ4rkZ&&>2#`>qir=!4UGb-MX4wW zjYofJV5b7TeWU8DaNuNmcHHLmfm*P)d)SwKhJ%;N@v$km8Ykip)%ps3b)>d3anHJ( z)p+B)(dvYnd`pUU%if*QSN?qoZM&d3d24y<%R=<`zop*Npvh>`$@h^)0PC$5ZAM$K zqO0=8t2OUjRf}#t*jMFn#uhKxLGRcAduiVt75W}$!IuR4(J*aUNl_VnaOKgdOK`0{ zFw#CujlV}(coEulV!LPvHG{IliI6 zH-Ol31OVY@G!6|1+raeC<)KRx9$TQsrDzKlKb}LSpCx=63M*>*eE4u>=+AhZygv-i z96RFUcVK496wG|f+P;ND+U{Jq!P27Ff%bPO7$Xfv_&Xd7(r&qsnUHG+x93{8$!YDOc!|K7UM*WlVnK3j{fTJH_E zWGa?@%cA>et*So1F1s4swWnN6)?{YqXXgvgO{D9eU0J<~TpzuSgYcVpqmYr9XEdpe zHKxWyE%^E`L$mQjw9ZGKof7$6syeeeyDndw+41x0Ht@2quB#T#e~Tilu1IHfBe5sk zQB{?zkJ;C%_7&|b*r&yZ?Iko?_%4!xI<-=54Fq?bJ$W4&yR^h4^$2>8+X-o>`?>j!Vc|6*06ZV zmYhDYhMUM5*08XG@fumNl~rYwq-75*;<`p5#kz&AuBfZ2B8#|sU=in&MO;vko3DNW9Q*0i`iMtZY+fm}gk$i>8+}p)B*#i(Mx=h0YUYFUOydlWPVq zIt9f4HuzTsT*bZtlO|zb?Ca4#1^HxGWESS;d6L_Kyu6~UvK-Iy?CKm#fwc-B^1u!7 ztm~%Bii=8%G+=iSCQXDZ*Brnq1Am6v0#Jljd%#soRdsG{VO@!5St;C&gKa^$bqhS8 z;maM*b!Z)Gfaj3CiWIOEdzMtdeZ8ipro6HWe4=jE)mAkYHF#oQ+j1~C`rW#975N5S z^&C9&xgWZE2#$Wf00kEmF%4%BDKQGD&~WzZaHL}Uec?}kpZBGeA^0s2f*xr zVGZmzgH;%;7B(?<lmf$OnUFs(7Jj$JFq)Y|3K zvFC$IJ_Rw*f$EV|=z4Sa#rX#!%5pGQsnB0`_(a8?3(up( zy&gToYj5*arjFEIAtr> z%U%U#E665AMXaERiq{1du8LI8Bq!y5&q=HI{=Wb6eMXvX=H$%GnRDLdd7k&U@ErHR z<#oZ03PxHu7@ie^V?LJ<{NJC<(NupIDt;XXK_OYI0JowwrXEg7Qnx3Qqy+b3U40Ck zkul7hVIBoOy-04vvNc1K`Xt0F2}BKq6TSWO}Kw)Zhk`O$Zj1WF!?PsuPp4 z(%_|Z_=80Ty)iWvR70Zmhl^o9#~3#p;C$L;IF&;9A{o^R;bIuq_4Y%XH~`8(GR(GR z!Gvc~01=`EK-UOphk|X0;AoMaC#==9;)={lbtNo(cromEi`@27pleu$0dYh!QX|)U zgZn1S7+OC^!}-{2GE^g91CSQWVK2gFbH&FD=Fg`Cg+U(CkTqiRYFE1`Eo$Y&ZRjuN zo*A+S&xwnwN`N(}&8*L@;e5MDACY`=OF>;zv#J|y7*2X?y26uWJ)8mN0nPzd1=N)# zFoc!}Hx);hx;JwVI>aNWY|-@jJpI-mCQ3<41)=7RlluLf51*`dXY2QV|{?;T}Rz4z>b_e+mU*5S%UbssBq4su&ktW8q0jd?h_!Vxa|5u>lfr|!r z(=-1!(FGhDqOJkz=SkTEypfdSa9d@6#v2fa#DoEK7?1)kI5^aWsD(?6;At>kKj?mq zJAt~odOl~{pdlB?F+&uWWPimbVTIv@0IK-kLCIE(Cf{(yjy0P%t&5W8XIe5dRdf&C zg5lDaJ_;=G`JtSttlV6#{`tGT?|#g`V4Zj|`b(+F<1u;El_fTN1wW*6;;nlsz=$kd zb83rWpIN%#U_^U|>Y)2T#UAcHY@`=nBCljhb4$(TWhx^5@kb)Pa3*HmLGGCAXhmyX z%JQviSMPkwaoByZT#DH7;xL3&!VqsnSR!2E(;`mWPbRbqofPmsJjRO2a`Jc5i@f?( zdrn?6N7qZJ(kvRXf&$&KLKuh4Ld0A!NW)CML7Mq8w`Lv) zxjNc+mga%We^o((*UMTl0SH$WIDAk<>6TI%n-==wD**u_1b(%6=~YVFNwCO!g>qsl z0|tY*6jv9VoeD&7FL9cNXCwYe1m49Afe0I13-46h+uPxDDHwY-YKOCUCs(}Fxg$!& z-uD~%b%2$-t0_C9fy-#fZrY_{EZyI~9@&rc-tN*WcF|^1w&?(efOkQbTKB>Wx}86c zt&Zoh?7?yoeb(8AJ}6ZriVh)z>2`Xv=dm5{hL9+tB*AT;b#mSjT_bv^UhlTIzZ-yN z@-&)6-?<}-ufF+wgSz(i?OH&m1~DkwlfGaEDD=AgF2$=0=1+Zf{@JTNq$i&%=s%wz z+{>6ypzry|C`t^TG$0S3tIcf6XiRSmX*#rf|E@#Q0tcXcswN7+?an&Ro`X3Bp#hT- zphMa4*y0%X&cYBKu;wKuqyW`)jyNsDke17*FE?t9%c3)53^D0c@}06EuwxWpm5)Uy z@Q9Sd3jo)&Act$-xO-F6`t%rmOx8~NLaY+u+|+axoh?Z#N-r^Sx_lIog*C)-K*1r);4HKv-cDrS)@9V|8?r)b0i92?mgq~=WRAF`xTvIn z_Z+vMv7c-#tS_qf5XmrQZeYh<09N;Dtm5rdS7dUt(c19_oN z>9H1-dQ`|7|Ed^`NK$^#Xyyw5I`2{-2>&5T@`n(ajLU(g9}M`zG7TB^<9$RZMzgqk zaNuzPp2-HhdW{4RCBY*|u>3c9CvFz)6=qIv+A(aUnX8U1SsAI4|MroF_8I>M6>;=2 zj8H1xcaT2JS1x*C|3Y=7H@I1RgFH$mojc0c@2T6pRk%Tl7LolGCWB^fe` zKB6L>zsl%T@$UC3E_|f=Aotw1i`?Di&mQQnj)+WyW_F%oKV%~)#cQ1 z&Bw~mp8L;np2u-+#Bn}Gf~Ws=sDk_+67U^YWd07t^f_~9aI{lQAGtG%%8(h)1lyiFQZTMhN!XIcc^LW zf6h*$_|VP|hwa|5clEwC2iKpUxs4A0Wsnq6h_t=x`@bBxdz{~Mq2R*%s*jQ`Y=4g< zQ^hz19Fc(>%JF@={%!GgU`h!U-BMU2i!>sOB)|*sO;*6tnN26=<#GN`{qOoe6V8fE zRyvzZB(qdxFIjLNcIO~6o{pS-imQt{VX50CeeV<*4^wpzLj7dHJh~Sva$lq7XIa2x zMf&TG;=l%D3{rFe`ZK8tEu<>;%8sUg*fbkK^^WcYTK5OMFI;GiVL4U<+*djN8S&51 z8*lq4yfaBk*Gx&NFHG^;vPEM#i&-*Z+3EK`Jay{EjpIwE=kvlB55g3JMDpX-OE1mZ zxMm$x8dA;i2`aymrdT94?<0AaEh>^Sz$8Al`^**cICEje18D^Be@a3OzT_|skZ%Yh z_7-%ASh6Xe6SULVEDxZcH=M%weThC!UZhG+a7p%RfWyX66$dDtz+v-#*sx0aI6R`4 zK;jSvim&^VL@73pzD$j^%~Iy^lv%lxLV`$`5U#dHZZqs4Sw9lI_ zaK1~VNihfs=1{t99rxz#W+1_a0S7jO5od#e2BfV_vcca0%?8>E)=sO8E+ENt6Sp8z zQs2CQW)VE1=Dn6@wZ^8z3Z}QB^kgJEQq(EQfef|Quf2g)*sm22MF4)VM$qD_Hq@5Y6(Rfy zZ}A@_xF56U-X_5>VJ*l*3dy@%fr!d-1Qp7La#1hQpzPs@gZJJ;#miR4EmzBDY)`3e z;*Zq4`L;?v@Mg@7n<|p?5osZBkmtGcN3J!0*eKom^>_PzP|NeMK8RM3M-Lrx9a0zA zE#?AVZg-{RCnUaMcw?1nkvqC_1y{D-MgP7M^P*MJt|uY7bDTUcqdBu=|IwnikE-sk zyGg~|hK+`eAhnB*(MQ#CJMI1SrghKo^1SieMs1qDL`wB^dN}=n9#D;`A3t_g+}f2Y z`HbhT4gZ-tactKyA|gRiM6A9~{_fiMGx%UwXH&?1@^yE3iX2xsEnsqU+11Ny5{ecy z&)>7KMOwBqa`(15!|7{_)X`h&OJaFC^H<ki{B0JlXt={}7idVfSth)a$!Eer1An_0|O-fal+u?w}y}MkMj=}g$CX5 zxg-GIyrIcrte!iHof%6FvD|Ch=@Toasb|b-tewr%9iP)ok~xm-km}xxzW9Oa$}#f9 z`@6ZKx|78XYP-W?vhx)=pU?qiJEZQ!8l7%6eRAdoRYFBfQ4;qFRet{>QBIK>D(aJ} z4qYZs9#PlU#_22hrW7(@iX%yCHCl3vm^-``VVbZbq2hsXgtb1uVt&l)Ni(xQIDGO_ z-L=`9UX6Y^O?qkG=tD!*AnZL&pP|!YY%z9RiRu!Xg^@dgES2t9k)oZeqCsZ|{&POJ z*t)EAO`X(iF_~3#80k&>l7ZW~?C7Z6D0O^-)t11w!i9KrD0wPR8custVBLnOqhs=I zJNXwtX`8s1%u);Alg|XbFsZ~+VlLq?y?y5Fk#;FkwaE9M@9kR{D(X}eL=P>bz0{Cp zc>y?V2T!ADAw5nCyDa3q*Fv0gA({$uCjR zeprnT43vVwiI#FS%wgndu>V&DEg>tZgNUfJNlI!Z#Mwj~2;SmTX`iq>S^MXoBZYyh zEx&R`h6rb?0&gsxTq{-^vHaI==`t)leGo@O ztd&LE5bCY0a5m=Dhh*0$RK+;xykknlSe*6QjfoW@NtMygm~1*{v2q2OmlN0^WT$gy zc2XjUV!RTua=v?$keHl=gq)Zabe@vVX^U}2W0R1?q-^ZoM&~H$ycKMN?3j=od{>zS zZWmA=_`^1F#Dq9wsuJpR$h;NG#dJ<~V3UxF#K!D;Cz;cxJVxg^Vk#3FvP0@~8l4rD zi0^Ysqyaclnx`_WQtfc&=R5d%XH}J>{ur63By$#{``9pq9a?t%VloFJOvmaSRaMUV z5J%w9qzrS!OeSwQ2?kAKD2&?^xF&a*2L`|36^;BZEWr-Nw0ZNUar7&3w<`um>~9lS z(ja7(=p-hx(ayKNeems;HcxeNO>vF1)_sylo7A_iMGnER7&7y9mC*64 z%r6s{wmRQBqC#$2@lQw@$~&oQ4V^S}KEHis#JbJvq+6q=k6h8?Sjg}G>3CiGc~jg) ze&hY$w~-+A*RtvZp2M~`rDTE_LW98Yk}!DrIGz(k4qtLQQLOJiFm`})8!k2G5V;$o zP!lmU(0cEej}sX$-&dJmX{+GY*6Pl_t*Ud>6<2fe4oE_tWAjve>3dFQWu zc=5sqywD+*+b#{cOoCN+t~K9kJV8aeVy;+MtSgCYS$uF+>niEX?N^8Wu5N}2PF(Gc z?Cb@?DDn^BYOI+4bxRb#xizA7`#aJf=C2`>s7lQM(&2Q%YUi5Lbv(`uhJ*~}1qUXH zl(M735!%*z)>m(m%J-R&O-xhGs-AUt87Fs}jUu|xOjP|D=j7qe<^%V5xvl2n&j&84 zVP~^Q%{8p6KyrKS3V8=ES1|HZuc#us;6MI8?CQ(y9D00kaZ9`>t~jn(s&iB6$tKmU z=4*F2`B4&ldB`OMMkOCyxcDI_|MbfFdDD3Mm881voswqtJBJe^nvqz-8B@zU-ae~a zTg%%jDy@}j^4Qyxs0jX+T>)XO-mq2Yo47;E&}Vg8s@asrZ>nDJS!=_ElaMeRpp=H; zU?0IjbDUo$DP6b5xmrypga<(5Dl%!!5A*qVw&R>_mdZbEiTZl_3Khcs=-*HvB-lX$ zp?2xO&ovjhgZKCRPJ&c8=)kC@y_dgCWt_YtF)`nk#IMyY(5+I(#yX1Q`H0B%i7VAx zSC>}pWQQdGl#TG|b1#0t;do!4IfMqQheTex)ks7qYK!^W;@aYxlC~BM?N(_=`*&A= zS2Y8q5h<1*MOrWz0}5RVM%bfUSrK|M@($!T<)0E)7f!;%k)50Fad8(n{d`GuagMo!-v#bMY-tlTagI-gEjLscp|;v2x@$G`cGqwEknE0iNRLzt<;FwmtW zj9s4zl0yY=m+Y;?X)%?QnoHE}?bU}*@OEU%7Mkx96?vVxD+Rt10w^Pv<6bhqS&Tf; zd|MV8sy4i!X}4moZSyi{BsC0Kth@?Xn&yP7gkZ?IW1Q@-`xsbz_TMXte+o zH4(yqlhFhPj~dMqv8Edc6hH^fC-X&qGsHu&FU1?y{HHQTx&Hn|2GT(fNWs$#=%WZU z@+Z`&8-LWjw`74#FiR-w0UH00#uw}6_usb%TKlstyE#&Z#^h*>^#=zAAtH8U?1zC7 z>OKs~0*&7+0d;78;4lNdu;)jD=68&|+H&KI%$j$a8eGS!3QxsX5vfaltqrOEMt_CE z?L;mh*PZ9eP0y4(n51gYQ8Gdm|@Az%+k9PQwws^bxuQ? zJ0mVxUuwv;>kT;tIr+%VS@VkxHnY@d%FQ*Z?dkfoOh|y~vhqwx$r&-t+0uN=R&zdY z&9HBY_ZaLsO?mFTVzVWyI6c+m);pzoM+zLiRK4DoSDu?ym|@N{8h`_Kq!;Z-PIXH2 z3vx|1J})ENnUgDp|7XZCdScRI^P{B+o-LJn&Sl(faut*~Om2Iz-Q#eS=D%g#y2Y53 zha{&dLu#_y^X=*ao86{z7^?Cd#mdX2FVAEsPIhD#n{3go4r^M@j-qsDygP5#&fKItV|IL@G|iq-l;%uv?QrE( z<&;?~GfSmKIZ0LN>SEn)TOP0Xtlw8yWwpf>=H?d|^7ZyiJMx?kgFC4-&J>rPTTq!> znC(fl7)zv9FnsZ^Jf@_eIL&RTHk4#~QXT0oqiyrs9$SLZ@Q$rmYB5>zRRzV_@0I22 z&3TPByS1P+HQ$85Z6Wls3iZxxN1k$e}FLJo71r>G& zsLUD8JfwFw*eYwCh4s0GMydR($?lwDeX7A}Zpk#JOC8XqD^$D8*7yQrNle{|0#lN6 zFHj`TJa=q5e)Rfew;?|+AwMlYr7}HLiV>V?$OUjXEiExW+3GaM=}ftdlxxZ|8LWDv zq1^7;mTj)Km0PN^+1@3_Y7DOeM`fPFRGgEa4z0{oPfU5C&015G<&b7MGb;*<3f+}9 zdx^BLHZreVRphami@BoIs$wTsQfG2rN^OqQROvRSN(&0CwtQ87nj@v$3I(%7Qy!O- znQF~6=9y#TZF%XX@s?x^F0iSxvvRX=RC&3^B%`^=YIhepq;&LyhZJVJxhP*{E-QDN zOL51zt;N>z(&A!wvD;RgS7NNQ)aTaa=agHK62xV-I}zA-0;XQ%sIDzeE6RvT_vi}> zbBhZL%PQOnWyW%&Bgdo9EvRx@^QDyqg?f*n#88uMN+>cp@*tI%>qcPag~7DXbgGGk zv0EJ~jsP3BeU{9t6kbx$Cr>@qxr98~HKA*QvIph#J8~<}YP=J@6Gh%W!gNJdMrlF< zO{D`8w{mpRA0qIn05+Q-ayguCx2ibDWpHw>bDpbtSzV~<#*%>9JD*HK`e@oE-rZc> z+5)gg0O!xVZ1d(>?Qeq9fL1*6qYZ_lG0gAx`|2<8f4s@zEq%J^$@8LxQ@m&YRx3e4Z z?JP!O7h96RUf6GpY`YA9l&poohiH@0v00!BQk?Mn*-s!j)g!F)rAGJ;{=<@MQQv*9 zs6Y+6m~zVlS7=bzEW}{_!SS#pX`JGwjno5%6yJXoRjXI6E-YQc z+v2QoajF-ihAo-Q-Ou~+jSt32@pHfYcnmlLuttBM1sR4i08_Q0;x!M#$wE4uER;_U z6&--*Nv3H;$w@JpOh?mI0kq3HvL4wq1N7f^7uQx-aa&uOHk?$C(a6J2ZfM%t!c|w* zx_3cT(U4TZlMQqOR5*)bcdEJ;dKW3SXXxS+xR$Lu4lPx)bmY=QJ6g8#@d-LZR8RBr z$#etRa94(0)1Pguqw854&~5a|yA~-vjrv%7hGScaPA{6Wdy;zml*olze#AGTch59m zyP>)s)v@R_7wD$kerD0jyCw5BzZzMYrby7YL3jE2-fkFbgTN3CM`cTAL0YgP3?y` z%=8|B7qPI+dkP~Z;$8?m0PrE-DEt=hUXjqhU2-BlYOulQH|4I7r`?*#; zKBCo~r$-Ii{k(eEr069J`2|a&COId#p1CrRJoKt`(XF4i|EPZV zq`T?}?_kp9Ii%0aN_iXY^KxcRc6Lr?NY(14?uF{-2X0?9il+~~I&EO)Guab%O**?+ zy7b-a(ch_m{MYW&w|MgKM_2yk`pwpo+mg8lYN*x%D|z^Rr5BwN8C^_KxCryO3!X%K zWs#@SRuf{a&a6rDNJHsL?*K*Y&UG29)N@{~Iy8r;y*}Ld>&17abq%e>Z>uj{P1tae zC%vX095830bW~TGV#A!N33Ju*7gwz-uG`7ac^AaaULQ&iUHqu(qWbODjMxVL;=+vs zXs_u~GEML*Km)g0^KG_}LZ_p!u&|*)d1GZ-mM9@39hwn(B**Dk1q~mvvmvW6r!cE9 zB+qKfH`y`^l?d#Jh=>u1;1|s5()l|?LMPyR{u|_TJ0vY^1tCzk{&4YzWy!h?Jh>^6cQE-e@!~1lHf`el&tdybo3>3^tm zwutHc1QZ92P{>=MdVESkfAmgL1YQYQNX>Td27HB!p<$p_CWM0-5-yRqc!M8wDj4?{ z@EG~!?k^-jq7`7Qnz3dS6FJ6fDjA~qX49?L-{X*X`%H9r!=l=SYWncVk@R70t@iK+ zUKr{h3VC^Gv8b!ho~_1nj)V6P6^4pZ%M8^uszbY)4%XCUrj{W(=Kl=*;rb<7)u`8B zAGK(4{lSe~SGl)BwBp!~%O9#pKV&l{fwHC?&0gCwu8$kte-;U83qiu*C23AuvZFy3gWr z2wcgrqD3ltNYO2%rH2�HkOrW}z_vOChkv2rItMumE5S0hLwoSA%-~AW@ztW0A|C z2xQFs43$deYM>At)Fz$+w1rRa>wFV#?EmtOSDPyP?=AaOH~(GQghyxSxnb^bP%*KKHvsZf}z`w^*CiX33fjTbFKL)v!?6YHQD1s9L`%dCSIi zRrS%_f)S!Oj<&~NQs4jjJt+8Cy%NP!V)^59sa#_FjBIZq164ndJ2Q0B^bOOta<}G* zn#yK}MX)uTH8g zuPSxpZq5*oHIE&u3KPr229j?iAVjtv!(x{zlj9bLYbxtjS7w@_V)TA@t?eJI-~yb17}Ga-{v_{dt&$TJ^LH$YFk=r z_m&=zHeK;t{aDpv+5>=WAIP~M^~RH+F@MObkA;f*DZVfrPb?Y;8DFzPqHg=p-KZ zjAV#Z-j*ix$*QoZ%=M-!kE+t)ak)6Vz0v-Tb60+oz0oO!Ov?-%Q?{DzDgT}Vl)bGvO#!91nBx|GIyj94rCXHQC7&Kb5OZ`ip$ zBOxvxbF{Lj>Ei5VrtJX5t&n?%xl$a%*#!SOj46}p?QHiWuevnJa5~uF@K9X zE!|>H=WQcI#d)Qc3bQm+bS2c60jdrtVTYK8Qg}B~KnT970YZ(0FU9;3v;*rk!aUtY zN;mhMywNvT z5%vcoll&1TB18K^EGREsk>vYakw7I6-! zRu0&*p(5OOVi2ty;9`aP-X;q!YJmM!D&~@^9R+GKTr5unIuWGAA^VlW`q(KMv#UZ#s@RIS{zi7!dE<`@%l)3PFR(~SvW zv^k|=N0tG4!XReA%$Ewiz;RhbBS1PhL&wuNYI$kG(UUv5H|VRG5f)X-ysh)1R!QSO z`dEKmeFfQ07ibIv!Pa;Ol3~YJ-=x@;FuWnvx zSu%Ut>i)VR+*tJYhMGKm7g*vQs6i4$9)}ocG8~LaR6C<;)o%1R#hPtQWc|%cHzo%9 z+YkMPVxNj^BQpWk?jmo&nBRn+o&>r!mgbF_c;sX>x0=4f`WruH(b%mkrQV2Vkgo&Q z5a)Q8@MAaU3oDpQe!%+?xvKbj)TucD`#^Wapzcqf-wH9w$4ST=zy0*vAuIt?gf|sG z!n~y7Q5#;F{M>0^_{Cqmb?G|yJ1J7UBtAR;;OY^eiwsT}`x03iNncd~r?X-L@IjB! z3CGExt4A-KKfrzR_Feba4ykTea^pc&rMnVF zCaZzW1Na?qUHJi~g>walEet>?;>?l&8KOm|`2q4c2cE)V;oCpeL||h#lR4vXEw+#q zC&`>wp?hWTgpCvHO;pHrWQ1nu4URl1Cfqk7|0prMuID!mrM>uh5wSw-arPc$wCtO9(mQ^|F7z#RpdF57>U zKeG2+)4OUif5%7B9=Lo(O0iV) z;NR^6;99}H4hV^{k~)~2Q1V5E2muqA0~F}Nzb)88=FH3r>|D_A|6#{hg494Svvx1A+k%5Cr=xjU1RkZ=$6YY+7E5p0Stc znV0np82S$s+qa^+VGK+}5$)6wKnIv#1tu|%|~ zK4RDQ7HQW$#3g(kLEpUmaX7%Qlf_|+M-O`OS1P)?f+sKF;taz-=ygfoxJ({?;buUQ z_9l7w_R-7u8kH1=0mAzt=_UQ<;+Ma&WJD$T()%;{;z@GP*Iz-ud=N{%6jz6e{-Kb! z-8H}Z2^9fSH)YD;=dMnIzizdlirdH6e=_r-LAI{#3UZc?A{Z4Moi<_M^fkN{VU91v zmV%+V5BhQz@`Z3hvfH++u!cKdclzS@YVznY@C|r>Bl$wo2N8eQlX5*6ivncoKx`a` zZ0f@CfKBy7X&j>1&Pbb_G6Iyk!=d7Lk*mK0B_)W?{JV#)w{crabaa4V4)W3yBA3fv z>`{4)#hET{`|g?@Z>t+>iz+Jl{dJl9j0W6|ann+o*yXCnHJz+u!R? z`rsd=7ubVWkp<99h7B)hA%r{GAE&td#@;dUW22vWYWCBO&os{NZ2Ya}=9M!y9KQ-r zC|!H^RqxFNUTbe=)t0OXsqiknH(AD1ys)#Dq6shsv(YgAP!2F#{z(>LRoxh0 zd=dVhCeB`wQUxZJRsALdj0b>yUM+r=Tm~;~Dns_W{7*3zOx9<_i z?&5Mg($%@SW^*p@4;w@#3F}2RXnr_UwF#9moQ2+$#3!XEf=Ruq>;1g6g4AL|NOoay zt{c(~7SwPM2LDQzbsaaxd*W-dL(F!&xj=1`7!Vy@I_<70&qhf;e?td~S9;@BdUXW6qozGv-|UU^*lhD35I2BY;WZ84sSr ztbIaZ3n-upeTMl(WUF7Q_RIVa(XIYIFYsoQ#gwPoDRVgyd*)7`JALp=^-o`rCo~>) z3DL-Ip8rYx(@nfBQG4+A3%vdE^u|T!_#CGb+?5dsqk1D1tm?ub33TG~tE+3w)qi`M z!Su0Oz<~9-fSJj}RN3w6h9ma~-DOd=3((GZS$i&&V!BZ{Y>n*-SCCT@XbPSZkqGS9 z?dGyOTknPdSz!pd`IF`W+~;mr7m$BnQV+J~luGlY8Vpcy&Il0tl!l zj}Ha)W~Z#}kLYPTWlVHCyzi`?GuAHW664|!CY(BI?z09elF~%6fr#e*GWAwMZCrI? zjdbntogcKTz~)?yqAIU(au4w0tLfk9N`!{`A|6@{=&1vbVhrZ`r}qxOGKrJ_aAnf> zVTEDRsN|%`t*Tg;t}K~LNzT;8shbUQ%B=cko;T zf9~X-%ZT!4mGDg!<-1!{b(ys(%KOaL-2PKqnnJP+3%Xy*&5CQ6FUL8nd*g?XI0Wyl9QR2rOwQTsil!!@{!TR@A^#^Q{DRJYGHM?qGsCm+zvQ{1lU z*%Mw?-FV~ps25cq$^I0D#w!#Xks!Pn*T~85zBao5#xQkQ|AX(3=HsICwr*9?)spMc zr(Pbbl3)IlK63M9$ES@PSuJUGw3Z!&+Ut__fK?*XKKhR#B%EUc=iz_cAy~w__08$O zzru=#0f-02A^w;DAn#<+5f;=CrG#v6g!)-HS)_vHGhLQrG@Fgw zp}4h;E7Wx|@VRPhobF2AKLA?`10?#&n(SJ2H@<1b+UN~&y!?lJBlKw1&!UgLAo&1)J6<6Z~ULx(k#06#hG7K4gAPncC+Ub+u2FAq1#Zu$q;q4autF@Us|+vz%jmQrw=@MLNd(|JmsOqm4nB z-q2X6@78zVOl30FGMLl=J1&y7_jHa8)87N=EBPLz8UDMQgJkljdX2zo=xY6rE!(b0 z7N69|Zze8gAtN~!gy|b>*gF7L0VBzHu?SA~@M4F6vzsfE55};O%jC6s!PSh@ z3i7R3zNi-h%UaYtYlTw|^S>7><26SEHv=8|3PX>~VcxC0l-cEzWjzsqdQ#b%kn@xU|S#_5EGNI ze2WT0VOJEZ-YG^2GBN5KJ%xuDb)|X&1Kn?kmQe_y9*-OKW#BV_nsmu8V}`_U$y={$ zZB*x}F)J_Yvxu~|TbeC^ z*5bswFdZPSnY!6BQ9TuMV>}eFaQcBu2F?{KZCc30f)nd)m9*n$wIaB{ku+H3*RiMe zSD zW3Ztu)ImF#wh*3}xKPJl8QU0}0{kPihCv?fsBd|1uLLYc)EGp0NA_4J!xA?a7DnIy z@KtZT)1ybBs1c!!m0Jags7%lbU{_fg>n+V|-cD0@3s z_TLTSOAo#bwDo@~T8br;6*6VQ{W;u;Wjmm(hF|N%udx^2R{YRkGI%f;g;rp08Qj?0 zL0DXihHs^d0>b%V=(wI956_bRl;c^NJn&`6;=b-+ubxPs~haoDgsq0yE>Aw?4f@U zdcGrc-03ZVWT#lYdGqSkoA)0%vY-9ij11-m){x(YV@E@R>#sgit@m36`*H3bm^rOw zsDjGO<_9hmJjJN#1Kl4lQq$0GhZ8?C5R~YM#jp~BV-YsR7J<*;wa02;Dr;jg<*oMO z{NM+5xP`)zj+R#o*)StMpV>Zs+^kvS#}AVlzpv@)0Fe3a_#1-JAki+G7{a26!?<|;{VRIqdxBn&o&UL1BdFyy{N^Vk$DzP}Fs>JCma&o2B?q+wb z6cL<{ASxZk2;?vTa5iuqU3k{9%i5v%2CHV@Z@>-iOV87ml{Al|vFk>ivl&^X5xuWOQ{rl@<2k<}AzYVxThpQu|Cr_TNTHu;rq2-3qp!EP_ z4p7nFZu;oS0UTnm8bP5W6v;CDnb7it&Mnf>tgkT4sqNz zXH%)m;{ssg9mFSE_kPsUrp8TGvnP88)-Veht#~nP=~PhPUGzhd_s4HEKojf%Io)TuH34R&?jzjM@Z?&6Ceuo zA`{fm%6b;@pphqdf2J^fi0rS{$OQ!%xeVljUUUM$u0SvJq9d2_`iROcd-W~){gv*$ z(mz^${uoGS67=&cVJ*BnVt?XZcZ<7npMI|tt$qDxYw+u|i)3BF01|kEp^NGgv_shP z#$1gygn+yq80}M8XdVI6wv||`8Z=V^72dU9z;_4^m*IS9;WxA*2RaLD`QJ6&nwQWt zxO#TMR37RS!Hm%xkk#ZK1dA_e=zd6SCXxLRw2&RY@f{Bpqw(Jn*>ciXjSsOQ*$*&w zfCv(dmCJ<*tlQRMtD5|iXh_Bfm21W_tFE(LLv{b75IWJ-%CHl@7^}hBhf1jOuwGrA z|6?0(XDvJAz&736p3=x?^cu_T7kr2}PxLy4{c$z|+rWrGGeOn($-t|J*7Ou#r`a?} z^513H*{=g=@iZo9Jto~T=wsh*BD`165W5coG~h9TN<4&vnyQeY*gBj3Z658d-VjlU zx&b>%L~UWuo}@$7kPi-_H6U)_q>?r=x*WS%6wAl;tske-D=&f}-)kenQl!$^$8 zT3(i4rY1vvTr{6Zcu$VU=*gABO(d#yWW)#GAC=PACBmej7njlz6RGN;lq{9x)Hj$K z(RJi@=d;d}2k3kjE|gvaQ1N3jBq3#Co=|aYZvjC{gT~kHU-dd7_nWY0eGFssXsBdB zZ=s85ShZ-_4@zc4Ks#>P38oh3-{ju}i8ujI_fhj+Bz)sLrLdP9Dw6H9%atkiB!e;8 z|469scO^v9lgf?nB`eE}6-D-P;gL|$qe|~HUAzG~EzGl_qM4Z20dZKa@b?q?9f4+C zKjA6S6^|xU)(lKp64?a0&Z2=|^R8<Xi%+iU9o&+@oN_VLc2=F&)XyNEs-F3a&7nA z_YFi?A|gwQ6-VAmdvmS}g~ODA%3+OZ$t6i@izF#2Ejpd2asCy4^UHHH)7HMVCPe5( z{}}1d6RplJ+qp;WE-5H1<%LB=AE+{xRSGDwdQVxyk!*gXkVpPa{tyMAdr6@|bqY_t zad$$c)DuV`8Vn|2ePH)?1@BBx+wP1CiE`E_>}HxL9pdd(F}t!k7G1Ne>uNkTZr%$_ z1XNJ5HenSPPQ$8!xpiCQzb)wsJ{ou}5l(l7qb88fds__Tp}E*&smkz#q!%Yx(la0e zW>I$C28Hw`Y=KcU6D}O?-U%{qC)G6ts#!ra46&j+n4&B&>F*#+CtnJ4SkZ>764Zui z3=>X3yG(xcPi3>fWPYdb?<2qN$H|wn7{Sy-v(IkjO>|?w)pX9h<*AF3m&QotM}-{8 z*_K1^T~*1KI%R=vxUP$!3oO{WVfIwjpVi{8Zg_7&3)djId#a9%IDrcGIL^;)q)Xbp zZvZhzzHJw@?c`e+E78I%Qc*1<6V~05QJv6=gYOUz(#&SOHA&&uDtKZG{m;d{F8pugGBrE z_mC5DwpX3{5H|%ZVD}TY>w2QXCGEp^g_baCXd;6At zTb^8*UX_7%D@ZnNB#n1vbwv&8hPnV~uK}NARfxQgjsBkp;cpdMZ^?uqWI{Ew!7bi^ zx%r%I7FN=WsNT!9`-4%9p4q<$Pl$RkH=QMXQNhVI2dSQa3G-N@ytU_Z9s7K+W;eXB zefc|fZDB>Dw(N-7lFv7FxkOv?cSk{I)g|7yd)GdE~kz4Wq-B!G;1;IuNJpO{7chPaj3gRw3n2h$`y3C z_a&@Z*wI}GPkakKATKbhW4x~^-i}|jYnd9KZrYNvBNhw91J~A#S&OSyg{-Q6JL-fQ z+a1_f)>MZIiauA%!NRtLx1pRR#F1G~V)dA*=$wC-N;oRl4xXmovaP00$4BkSIr658 zmB_rwS&N+KZ3R**iu&Xrk0stoCF-eDn!W&hj`RleT}2)mdH$JxgHbF6ZQRvPQ*DXc z7OUf;wyn-ts~$7P?HS7(tn(l*D24rQWv{Acj`pFwBk9AcF`w+XdjEb^(QjP7+YJZPF3JBi^4e#rPj;X9 zoFfl6gXq&oO&&V`^=~|LSgs-(pNRzwL7;6iNg;~iX;9)BBt8_8WOV%Fa0K#5Ya~~P zfDJGPNHB~+#3vB;VfjbA1lks#;u(*r93nadp==}y>x6F&cielvqSU=}`Qy{6zD`7-e^{YvLqMq((z%Bz*l zb2!MwWb8eVeNg@9FCsW0L5{sk6v}6=zU*~3{G>gAK8b|z zGHJbofC&x0gNhL@U`=MhF>6*psA)>TAeR`^jo)NpM?2w@9 z_Oc?2qDo^>(t)m;`7B**G^9j&HttE08eK)EBCw~~8ez?c%IprZMUCq&rhV5xk73eZ z)z#W9-i$B>GNcbxBML6hYK$8JAtVSxi zEf5`5RHT$7AxF4y9JNv#w_yIf*XB<3|2;uzFdGmNXIxcfc7`>jNZ&q7nG+Dy$FiJn zdSK2-dXw?NTElu;yP+`pv%8c+ZJE&$h|P(LBh)6WS2J%_~X?*#Gw z-5K%ad_}xHGHVN+*43dT{{&c#yyPtq!NK(PBmERVYW&NE<;o*6fj#{syZ4N;Lq;#q z3rZ9&y3hfeq(c9mTd5Vne#Y z2G7KbeSbt9+`!iK!jI6%y~pev{MLVVA~k6EKYKx=-SD4o-MfcQv96#$~+;*E5nD3neY z&+mCZo!<5*(~Q%$*c|pdMleJ{D`1+Ak zU;G4cceduaQ)8~L=ICgNd@0oq!yF+G8>%7NF1460Z=_Sc8Acxa_CloAF>m6w*J2UHgwl#wJEH3yAl47nv_k+7lzU`4P|%Dq?t$hBOc2cbW{=*i zQ06S=ssKOor^pvej{Q{(fr#MM^rgSk!|%z+Ve&g3hXcNdaxrsXe z$;l37mA)9TZCyruf*v(VPqTUjq2eO?CV5jn+2`_IQTVU;uaGPBihzg6U)ME6(M^bC zchLjkL0#ROmb%yw##>~!MO~%h_;Je@%TK^(_=j@xWZK6v`P$@b7SiY1HI#H*+TnFo(z=Q6UyVuzp$J*?&E!7 z%I;8YFBx1+4NMIbe?asqOasvkETy{FHC-K>Fs>)zGW&xS^AX`gypT!hbOhi!Kt{3B z4X~`)CF$+6`Nk;RHMxx`l?e3)D`R&pv&2S0054dXl9(4=6bHI*OTgdvSI#N>5JGcsp^U)Yp{Mx}nk3-FP$1x{Qo0J#H+0ep+EB)*G#| zyTU2yKzmwoOk8T59^4#TbXg*kQ&e{AGBF`VWm#oGqrO&JqmL_%K`_R9UtGbe9AZdC z`EHS@-rgyJ*@^my5A$I6?6jF~RtlSi&40~K22vBo5*0-IF7ATz-oij(vSP^+5i6S^ zIfdMHsc=Yrh1q;gAsvbI%qkVJ zyboN^RV3FX4P~`;MO(0sk@fM`oh9rdYn92xm4<3{ zb!AaGB6Wy6l~h_A^wl9m-8Fv#@(b8q7_D$un;O#CpwueMGZKs9)$xgjp-x!+EAHX4DBma@+{eDjn{|7>C@v-jWJjf>xrw; zbJh9=Yh{Um@0I1nMU~YmsDkPc|9SuoexG)v#-|NfN?PPGekKLIeH%!U0@Z^Hv+P-* zoMz=o%~NB;)!=kL{V(z&r2L;0mwMc#HolGoSzV^0oWc-i4rr-r|7x-6ka@4ISt_K8 z%X&5uTU~iYInIzmh#F#(En+h01Jdt%GXCm^$@%JXV|h_Q`CDX!(pqSCcpqDoUh@x^Kv?yIfoJTh*12DVNZS|a%GXnjQXWgdkzTbz*wlM6Qa{&Xd+KzpCdsU`s8rg zPk#Ae)~Uh6WxjbI<4k@?oIjHlohU%%+eGdwNDkd_lfHhHqfecoect(9_5C-OfC?E* z9t*<{7Utk2S&Q-u9d_4EGC=7pHbL7pw*V2-hw18CDVd5+s*#>$m7-@z=*IN`#y&@1 zSJ48Z8%AbKgFp{iM_37%e`1^S(_x*pNT&f*(xPzlQj2= zkZ8g62L7om6Gu|qp4tf>3a*m z^erzf0n_eF^41TU-*8&qx<%faq`5EYE(;qeChrT^?L`)FLPLsj3=X}TE))ZX35$m= z^uLt2I&N+9nvj%(DTiaQp?Eh`z9uxN0J*PZGLsIwNSDJ#veTgwYLcv9XEv|niG{thOUzrh zTDBp^NVnvR;MKh(AtEbWK-HzH&5=-yIt+Nf#q5CesKu!E50E6}Wo%ocwpdM6WaYNe zSt9uwvQm6tzj?o!7E18bcCq=*R?8tZMUZqTDHIcT37K)ZmgH8DB`^Gw4%jD^SATQ# z-OtlWh?GY9-&COD>W!NI9Qj^ypWJ|$8$VTuR)APjUlq=g3zC15`bPR1&%7m<57EYL z;>?oFVnY#woGA@O8Ll*!6rw`;{|{mB0oT;^{}0njl3Qx6EnI~}?saeL-rKqmaiS=S zqOxW06-Y=3SwJ9z4Poz%2#R})imTSvx~ z+}xYoanAem9we0VST{eYn*J-X>TNT(@%jr+Y%!11)!RX`tp*y|nf)1m-oUyDb1+^2 zm?D&>{@>ODe2TtsG6fDs%YXh1xnb37K4bMEf1JJb&7Z7H_wlD_iIpOW7AiQYJcHp! zdlb(*Y5$`4!+R^Pb=3=dXz=cgm1JP?-kDhW-s*+@tPz&4p_vkz$vJ5}gZ@W*o^=(9 z=bmIG7oW33{kwxq;cv#-|76wMhHcnBo&)sp(5Fz{fG6M(W@UDEfC>*h!8-6N*WI!I zZ$m%>*l70t$;<7{Fj`>OW17RjdInmtrFR18{lk1mthVYhUZLr2L}0g2URvUR8}?C zfi8T`4**L5$YBH6U)y9@ixKYE?`A(AL*Z(!wpOn<6cZJvsxCa_-&dh^IK0rFazBvh zB-)a=RkYc|!{6W6-P>*d)+zW?FFD~S4+`?*_mMoG>Y#ch)u6l-c{PIYf@+#zFB&7r z=Y9+KaaFqDx%zr}`^n~x{L9Jr%1R6C^i76VRjUYm8*`5-P7paM)uLLezQuU{G>fjV zVVbAKNh&H3iX>-%12-AL@#+>o8kx-Pnye*OB5hbYkc=Uu&1 zkdX8f$3=@o8iNQt8{t?rXbgfveXJjiXY#Bw)`Qw*2wBgoH{=%=8)AJaUtZrAsF1|* zYrZot{)SonfQ#I=lk0IEHn36f+Qy^@BDsVcIOY zpIpZcQO2k6V^hRQae{DBem#8+*?r4vkyZ)|sj`^hY(If-a6)J_EsRbM^5A2V=aCth z6GMd-RwOhC>MOG=3TQ}@&rZ!H)S2p>V!qkM^bJ`rDu|2_$M{0so9C;KEjAkR>nWz% ze1^34YnrE;5jCGm*t*Ako0N#h_86$h_Hf~b$6RbrZ_C`%o^XMPdaQc+1TvwXs$Uj9 zqOva@Z@-X1u9vAH~e@1#p1B9>>(IE-2e<9grF|@EyS_O#aFkVY$RSxWW zL3wt)psqY2w2;n;&J2WIAI5`>tifa}FCaKHK2#7HuPcz!DOrkq7$J1tz-2sZON%&_ z1Uf<@HT3BO**SV+E{z&*n7KS=Jvu+qz5@BbMT1wrz4U$Tk9proUS>Rwdzo`f_A>4H zOEk#(ZdLDo)IlCiC<%#=m&V6a_zW*TH&>b~D9}$`Uy=W-4uS(NXlCj8to%E>|f9nK<}Aln(~4NEH)g#Ypkj% zs1r1lMSB_O%&1g9H$GH3(MvrUsESe~QHm%@j3|!q3G<49)D55f`Vcz0RNQi!k5=+d z>zWJ8sQU7T{7ykfL#%H(T@b4C+{qscMx8vj-0+&>?5t7^rPip68u>31xaPll$B}Lc zVF7`{(oPC_@j7!#s;aZY-6-tEGac%akcfcMeh9LpV!q#SVVRC7f*$fF6?TG@A9##{ z1hAz^j$5Ob5TV#o3D773hX&@U@aN^=npUvn+SdCLA`(u+O)BIh01enCl@U@}?rXa* z6n;;XAxkwldGPojVn&xiEGF>ZtGSAVE zWqn1g1Y*mBaO5(&)UNHvfp^| zwaG-Plxh&rG*iaJm{M;6mVm>#3_6ukv09j!0R7%tTO~LQD+M^i>?}=CCuE52#2E$% zVL}paLq3e{po_vd>ho26(=qU)*C&fKLIFtkVouOCdNVD+^23+!0YPEnV>s^$Y4b${?03?L<-a}ykB$%>Dl{5jk53i`$ zBw=(go5LiMXtV%aXqEa5JxC#cvxSXRQGna{%k)Zv1_pQ_jod(CVID|aa+z>&Smvv; zOPJB7om7E7E5Aa3HggTy6baZjM&XGgA&&$I$~I(#C^A|Ebq~O_q~b(*qCh0>$FvLy z#RHgDHV8=iF|DEmkSg4@Efg6dBY?X+42@Btss11_i1>BsooNQ542R+f6%Gf^5Eyt@dfwBt>;Nc<9)G70z&`WZEI7!gh*@q{V(4Qhf;ky5Eta}+%MGj75Y z-f*x5j}byTn3AVftCbuzk4a!N#O{r-d_kJoRlLL{OcFZJVUqB95>zu6&>P&$2+Ff7TbS z=E67A0IG3+c&1i0@L`6D6ynLI9UHRIWKQ2u<_ppTk2fvHjxFH#Va{i&$YppK^EWo% zN5eQc)wB*mh2}D2%s-%^PdH~y&|94pfY19lG&t%AbEHuN#+ z8yxIQeK^DQ4X&uCO(W1KUcy1?zI}YGLw@)W$^#LNA3B6|9ny}3HW-7dxP2pdxQVGI zVQ@`hK1e^8fy)~o0c;Al7e1JqF9(ZAJ_cQ66Ec&Y{{Eg6Ud8qFuW1H^iPv0H(+u~b zRq({$lg0~SOOOYNEM~pH7C_Ecs<_x<)-33Tz;hn9crgpXWXnh{vUu?VS+JVh3T6o! z3BMIKPn@mH$NF?+k3DmFSWkcanXY#{+{o}n4l^DCQ-G^D2F>A^3%O(P9L_W@v){Ci z+26O019-L$ss#8y%#SFP8Cg2Wbk4Mp{BH7@^#`e?-YRVUz~{F6AJ;{X2{gz^=Hek! zA%0_si2YBzm7yUiKb?F2s0j_fh~`c!z@rHy0o2aPX}V;A7*CAGQ`LB4;X?fko#UmJ zbGHmv^k{P(a#o_v0oO(M#7DOh=RXvY>iUNBdvgFk*=?Sy!Y9%0m?YcexV%Yulgg&p zou7n;_`QopyM0iA0j>M(-T63VTlp)29C~+y3}kfRlPc2K^(8T<*|+bAdgJ=0~0;d4r~rS z=$Ph^KI_rf&$Z9BH=l~06KDk^ApP5RX!m4dK{2M(SP-^Px?2)-sMGzL^r8e=B%qI! z?{h9@-pDxGK^*BzAR||2O%Log#z@>Lzn^_S6V1y*i<8kTxAU==!khQxN5}$G!U&ZAmL&)?d=xYY{!F(L zFNxU@;u5mUcfY%rySGcw<|qOOpk?Mp-kQuExn5L`SA|crU-RM4kTYPIaOO(VEy0xw z8QI`>kae;6dJTbOyj{zdg)SBB_s|=C>CoJmqNFlHT%L0N1)rfnvz=_VU~E~Js9uDu zN!Rdwv4@g~q(km9H^I)mnc0WvL*RKASQbK=VK;F*AE3 zM%sTE2*}9*xH?NF%7i*lI0(Uk_%Z@KEyH;UqJD%tF*QLeMhGx)s8oUw2(pcJ+VqSJ z3jN90X!WU3MzZ@iYbT?(lGJ1=vL$+q04Zm~QIgmON#JdkOyNJxHWIOdh36AB25B~2 zvf-U70atwj9sO*B7O*9_Sc5YLn~=zs3}7}eaUc*{^iLpklGz5ohe&9MWahuI8X!qC zHuz7yBwLZCvCGnA8nXGYTFWOu(qSv2uqy6p({S>Q6|k|BGbpnS`cte;NKKU4CCa3t z1U~FD9tkWTXaYpO1g*#*qd=Akh7d5ieQ%oqHC`Q`y?&42gut~j1bstpDcE_$?Kw>f_b>W&&p&eFwajvHD9Z70PM7wO1L zouYcdlc!++{gl4&to3o(_k?-y2unSgse}j@WriYCp~FP*eAnGy@BTVuu43Y`^!kjF z%*L$7(#FOkM`}8YP7sA%`p!0%=w({QRFJB^W#%(H)3Rxt5u8xVK6o@=F)icu`pqXl z(0!A*y)^!UQ)FfNfqm?o*-Nv=Ix2JkMZhmOPr<$Rz#vB4+e}8r78s5B1;*n1n8?W3 zmFF{^mz+&Z^Yy&ciyhsk|k zaW{3jUZ%d`s&Nzt7CLvn6Ba^Ia2JUhXf*Kp9`90D*JT>V_nsqfqv7eW^U`!XXvi$Lo9M5RZAxZRs#I<#O;Ld3%1~-tz=!2W2SGj zC_5@vA(zW?k_=IVwZ&A)G4`=vYfw#A|bhYTt)b;pRg_U9I51-c9f^c1u zG2(dq&5ADQPNt;9Kr^mI#OR*6xknAv;xidX32S17h5p-{XhMy4@AE%;l=qbnD*VO4>9@3b>QarqvHaB`H0aR1@S_n`iTcjqi*s@uiGq1q-oZ18JZTG< zw)YXH9#RgZ70Nop!Xilt2As4mRhE$gpk}f{QIN&@RK}!)63l$On@kfX#U-XjrSCm% zEP)6P3k&#mR#;d-RiDy0CFc(dztFhC_zXOfg&Hs%UIh*QVAc%JizUIU{~lfy|JjW;@j@?RnU&GxZ8x5Ud5k( z%XXtIM?hSfqJLEMUr0=a($1KBVtz8Z{R1+TEQ8Sm9^ zC9o6oj+Drg6iISIh2H~bZXLcuy|EgD2uHxH!T(PL85`ESF9t%qfQ2o@ zwE4FA4%Q$IN1v1cI7C7Mm@3o278)EKtvXy7Wyef0Pt{5cGK11inaa8G(>4*@nB)Y0s8JpmJeTFXNM=qxoy> zYpe4r3fSBHYfcBYvVGWWdOLjS5BO`LZdPubF8+?l0%L! zjaAHa4zlgw0T}U`6I@UoR|{UB<~gP|g%vC22lg{)72!V+l5|j&_}Yqssy|D+Z@~+!69^GaScsa52yQxzKK=cM z-LrEK-P?B)F?kgcrv#@eiwpAT_7e}=pKkwS{bBrRuouD1Tn|UN5kt$ z^7Jw=GN!;;I#ry4JEqyP3n%6UsS@Mt@OrGq9k0ddVntH2og^6!4L-ie!yQvtwvt?I zCl{;1lp1QBYG{Vl$r7a~O>CDY)=G79)G@^t7KZAfHkr~T17R{9b-aenz-l&VRHg?@ zON|zE_V9kFW12oipQ_8SgF?7o&xg%I9d9_+r$LSn+^7Di5b*h6#Yexv?FiVVgR#SG zyhFf}xcaGE?Pwd4qr&g$^`pF?D{Rd-^UxW5hT%0erDZgNbp8oxD3w)37e*HbX+lMW z@2cgoO9WX~(C9S!>MAR_eMdt)M3tyaTpFGiq$JF<;_-L*NAqkxnre?uq6$diC`DfY zZHh&JfPdl47D;rFL|)Y}9g0zbR?J;A739spZT$dL@I?E`_T3{mBA~nWS^zs-Hw7#Z zH`%iU&lNC^aA)rBfEqA3`l#Ms2WS?pyk~D$Z4afum9~9PxELltR_tAS#7=NfO~5uV zx&U1h3}G-)GOGbXDE8r~@L=%l4zm+wLnf?%&1?Z2(Gh%WRmc|ZZVupzf^1k(>oPPP z4OY=$leU|KX4&5Z-5>I_ZM|Lb8hrsn9FR(d18Wzp!DG-EsMAlfr+{$+eoG^GLAf9d z7WS%1m9TXVXwljfoQSlzB*5}wlOz$;Ui{hSF)Fb9$AK=1kvW8GP4>^=Ug=Z&d};~h zpBb)Mq#moDqjUuyyHM|3MWMVssl=a9l^sll{;lF4@$xqggzE0@vjz(3(m6<=c0`sczD#%cCfo?d5Ez2;jA0P>%u4uX9(xnt zMnHi1$Y0Pd!#8LfXQvYn<>M%89Q zGZn8{+m=}AU+J$skmw1WCb56MUyZm%T$it}Df>3=*|w_yB!T!4q8Wzcm0ftQFD&FG z3G>!^X}y}lnzV>piaz&w{MF;>#n{>#4}#eu?;_8}#Ky$tqO3;ZjnxS>!yiI)tk5um ztzlaR_>yoiTEaoObPsaf3!?cku=Q)OC9xUYrM~b*b^-tgzo@^2KBCQ%5gZ+fKWu`C zv>x+NKHk~`5^xUYQ;;(~3~uYk(9itdVYrlpovwl#@rTQlIR+3~FxNW=JORTfuq$HLkoY^4i_hWbDt_(rvY+$b5-LVDK9>(lq@Z?QUSR2CZF|Wg4Q;p^gOy&a>KX!D;WbavP zfDGw~4wy$nziK9!Y&0H4lP>_&sf0xP={QkIghoY&vT-;xYEZ+~${7sKPQeyLLcF~j zlR^O>#W=$99$XpUphj{8p6tNIoaf-WMKR^Lm@A^r(_G*3n`wn6hzenEMB86V$55CxBJp)^4B=cAm8dtyss-Oil-c`iC9-R_)O zDVTq4&E2JEkwx{{vg0LP>79fgS-9j*lAMKm$AUY@wU=~H6>Tn6Ug|wbdkJ7xhy0V4 z84iSra0obqZxz@Ncn)Z_fX3zuA7ff9&BPtE`stVza?o4hIlxCsYqa{R(aH=a_s~gV zY$22HCS%K5nSeGK=#Mu2N*2J<-~jlGJJZS$ngE#+SWRF)!qO^%$kYwg3Yg3CnEt=0 zxeSDM6CyarOco4eK>y19Ci{k=Q%fM{+V1XJeyw9S*h)}t+VzH&*~Eumxvgubm5v54 z2S-Qn8ui{!$E3xk3#ny_tqF1bxC;sQ6;z5)4g=)4zAxn zRCC$_EB3qcU4!=@45SuSb83r?bxr)H$hyPD)Q8`&kvzC^a`-qwAonM;2dD0;N=0A2 zR$E(3*Ve+}HRsJ6LIp|^8wyE|pnzr-Sc)>R)qngFe()Q*SH)G~fMzT?LV^Ft8x=j} z4cuDh9Ihp54}(LlK(#^TPkjZeWtEYfwL5A{)6=w zmc|PeDR5nx=e!fmE5(%cY&s0(AB7vv?uQIR|sT@4o(ho`RjT9V~)YT;yCb)^&9AA8x#~km_r| zx#Vbc9bJ9@7YNOPu@4%7XJ43c zcJ@W$K;`y}XZZcyZD4($Yu&el4dHHM{p0h{o5=$T-WQY^*u)(7 zDPg1VApQsr(L(<0cRk=F<VX>4jbXu>z8l{H zS-AFn#kbe_<}?UzjqRJoiM)ANbWiZ(lf23Yv?5IbvIv4%(%VC(ho*)E@s~!;^Ef`eHNsnChFyltOKAz*i4c@8GY;B*72(?XiyozI)(PG|AF@ z7_4e+n8VCraQI^%!0pTiCctc3da2)SnR?036y^`dpD7IA36OnE*vfz8wi&U%`pf*bX$0y{((NUW06%iufe~{liFeeB6gpSjhFg=K7!lt;t$TCQ@4VmAT$D5 zCOB1Dv8{$M)v6JnSU{KiH`5lf=YvN*s&A+<1769+?G#H&`=-Xg2qWv%TY(_QPM`4VEBFN)+;iy2NY%V4jX~ngdat z$@mjH&xqiId-(fGJQ~8Ot>!gKVB%&-?W6#AN~ z1iH}y&sG4>yuj9#0`+dcv+KNk*4dT%ue0kXrr*ddqU{IvQ{KLt!yu`)3fy8FI_RSf z18%WTS+`gkTQU(OxY2&)_0>pv{@1(SS|tQYSTov+gNz#k)_@i5;{hvL>!yFq zX#b#V&|)hvx19#&wzgbk{~QiGU)BB6`y;rE@4MWuy>GqCbceY~e(Q8~#R|ub%U5)7 zx_9r&<$Dx!0MR5ng|;^SJCR+8GOag|=!@~c<1e=EjPO1LvG>2>-50R84iU`9wy0+% zXPo-cfV)FkHlY$ACJFS+`jtiAzBW3P7xr{#`9j|$zWV$NkNkCM*xV0Y(@zJlz@Vve~T8= zPy@I88HnTa_(ck%yol;)>Ad?GvMfyzuUuMZ>(RqH{yU#5N&>8wgf%OoKXCwK*7bh}#-8-`-4?r00GyZ+ zR?5Mn7jDb1_oKzSI8{=TSgeZEiwXDkp2#->HOyD529JKzV{AW4>-DNUv3_7N0@tEo zvg=T*>u!%juC6TyPIR>%>7tlcW@q<;puAx7C z$%COuzb+RB+1!7WvTNwxFL{t^u@Ho@)L(t4$@G}im>52U+Ni<$_yV}usNtHrw;;7Z zQ$V>F1-75y_nbY~(^MZDQcV4F1M%C@+Pya8VXwlJ!iMC+v&H@4TJ)J{!O|bg8gYd&~>8a zNLQCf>u#3ha2HMa2~GM5O@{yI$3dp|CMR-pCFcyUJkl5%5*Zmn;X2;PS#w9?k7hqZ zA5nnYqR;pcB0HEHQWRNUZZrbg*vR|)$H#yF{o}k*6nJo?;7}5lo&%OG7PFqcr_krT zOF=)DbMWW95MyN7K$9=gWFG#kpCR-kq5#Qa9a(;WYuESx{QfYg_n7G#iH2`NE*Cgx z1P{ew7Z3ypA^2$*@X2DRJ`3J9w|(2UyLCVnFBj}mah^&JL?tmB<^!;EA`IiVq6CUz zc;`Ah&zJtZ5qmh zl)&yp`);VsLOLw?jZBz;hf?NnlXIUl16a+_w{Ou5CK2HW!kJk+|7>~rE-FF`*n#6RHqOm*)nEfpfHUP;U*BO+I~T|AfYGKnwQdrTtTyxoG~Hgn_>R;Il>U9vRs_5FW(C z-Um6Rp}Ys__ZrV#ZfYs-%sok@W@oFRpuPyiM&s~0b`{J2ZMgV=M`qUlH2eW=;+3>_ zWp@dne>ku-(~H)_r&7cmgMruYjZ!om5|%74LLowFOgV)Pdw;N>A=u~UMI>PR!?FmfKpI^W0Rl*nLBfUnaME&R-DY#_DBI|i#F%J)WMQnal3Dp% z_Bl!?$`lzS#O_;w%cNcqJVsXE^>oq(kTw-6QukoX)iOUKB|z=t&yQEdrN&Xxl2Un@ z;KsFL1zeZz7T=ZMQ`Xta(5HU63vQ*P%QPvPjC5OlDhFN0mVMSBJ#z+6n^VZX16kY{ z|6<{-HQ=jl1<2c2AU|b`iAyMv%+wTSXF=p-{=q6)J=IdwrEb?F@p-faS^tefjYo?* zQ@f-|wiEHHI5)8Dw!wqu;bG2r*lxg#BGjC3d5KC_dHf~cQo9Xb?^`p~dw*L!*++mWO~{97WGSA>k+vO4IU;!cFt6%6x*>K0n&~HSz%%{4 zooOsF3CPFT_wI2H+?qZ@YdFkqb2%yGI;q#jIY~3!ZEG}WML{_q!s?V7%Isz$$V`x$ zCJ4eKMT&4bBbI}XntREqytXXyBaZ1exV4aKo|5h7TPjkN^3+t0T0^SU>_GYH2+M@i z>>-i9n@p9ai4zkEiDc=H=}9vrcxdvOI^ifmsTp0gN!BYbQTwNEdT)XUCPbeRp=rR~= z*|~{{vu6k3p;ee;HzRWW!pVHheKj3%etp>U%19y0AoO|l^Jmr7wg{GGhqN5XMp{PB zd5S-)!Gl7GU*hK98!Nz^>C-WHQqRIyQM3>Kq!JH*HKRJf7P|WIzQAIg!?tDzxA1Ce zV3li^>W8i_yRNPWsxH^8L|a(%RF0|fLo4}i*^>!5R3)`!7A>pXs3UO&gFGC{k^jDZO zX6~{HFia-u@vy)dGXeu(_3#7R$AL|Sr|b^08&h39ux)k&Zm%+E1@`|K(12~MP-n0O6O*jW$O!5(>0m$d;&ZKNOC!LLi7PJ90)MqB75_A zrVU8Q`H;_Jjy@s1;G*t*Z6E%4Tn+MP>fZVzhrV$f^B=ttBy$Vx0z(iU&K-eM$@W$L zv4PQk@pi5dkP(N!5RAuPwsp*;GZOYzB?-h5iAV~h0vWyOG1{^5Z^2`3Rb56#6%A-= z>kp?|9c<6Q5sBJ+?*oVS7>Ak1%TCgYlKMWzhZR!Fd=>&=%r?Avft#Y_%4CS@OqMDX zN|{nle7MR}s+CHBATwoJfgU^~WSMz1FkMYKSP7*XHifYbYIfbM#CH&C1D|1R6ARFk z&c639cvG_8lk-U+z@7I0#;XZ>_;3I>d9AG3Dd?NSx_Vngv663|l}X2Y?eb{(QK~Qe zL&zK$%J$j(`xjiBpj*fe7FqLefX(0<2S{1}kApo_>sG*cx7)tR3W6H@?&3BQEwkDJ ziO4q{c{{;w&Jtc)KUr?|Kd)fs|MkN9_x_hQFevU%+hGAP5JGnUZ?h9H)3%%n2p!mu zkzh4<7hYJ~BHf3(|9?$ja0k>hwz3J>Wm#`9+0?AMwH-PMdD{X0F?tu0h2Pb#U-~v_N46%rIkb7l}qrM)3J!aw~Yh zS>lnuVt2Suk{1Bm0G#7zGbCA#18?}h}wc#v$$t0Q_x`#Z1H({PC^`gtQ|382ybEG?E~1u;2d`I$uDQ*oy2RGkgAI z=u?fvmKU%cBEd@&5a2nGuDu(Nn|yLScm~aZ(eo}e?iZIo@JBSz4!c>SC+A)%$iJcH zPzIF-D2M?%qQiTi;o)e=9%^6T6^@Uhf;DV%<~CGRH7MwPrYjsYO?^Xo(1FY*`!=CWQ~xi{gldC=JmY(OcLCMs3|Nsy7@rm|h>w@c zgmj-XD9(4s`0m-k2b-L|5fvI`ASyR%z>(YJ4AtdPUjOCfv;!Xd)n#0>uvF~Uk z3*(1#(5Lokz(Gk(wM$i`D$|tgL|d51IcluvIL-$oNQJ7Iod`I_sQMvFhZ+lS!3fKG z=xdv`XebY5nU|61%d0E#X9jQ_<)Xpb2lvomL7w>`TpE@=MdNAHc&<8EotFm!EXePS zfbMk-WMX>)Pqhh@bS`kF2cl8GB2TdT4B;*fn{;rwU_|eg6Qs2fy+voC4~~Z1-vvj9 z_4GrK&5pa6dJ>95**xo!Z+{HJ#K<-76KV5VCIgBoHVm-ZV}L3AF`Uw~R>0vo{V0t% zXD&VjXDI6}AU@xG8T+$JG#fzS8*l@_p({@^H^A62+u5p5Y#u~{S?MR9c;*tXU2A;l zH$lf%P2|Ht$X|!YQ06a9m0a`(zD-^^T5;pa82LOWZ=WxH@L*5favJt6 zfNT2pFnR29`Ed|2QD8E3VD=_#53Cs|x?2MOel0))pThCC5=h;66kY-v3?+~_rgLW; z-|>pF9w}x%CRgmY&V9($saBmG!3%r|m0poaOFmqG zW8p%F^$QnXcX;^l#`TBP2$S+RQpwXK2-Adu^*fv$_Ehda8V#K&6|XylqY#M{BEkH1 zJx?C@^gKRy%71qS-TT^{PtISrZvHlxniC;ZeAAJzHo=WEXKuV$V_aKFr|Pp(4T8r# zYvLBz=g4_IlLeUj)mN+|*iX|Cx2efcSWBBq0hFFg!QU@__}f6E z0<@EZrm^@e02u67R$pT}Q}w76Z7KmnTDVZpFl{7V4jkOI>pfzz28YIP=kC=X;DUU@O?dCj@aM+%#TaC<%;%`rLP@4#aBh>KLJ zR7xpp_tvQpy%e%O?y%cfG0*)xQ*A=%kwy}-%k=mk&$3DIs&VpK$OnBeQJ7jECVaN*A7 zQ~S4O(~J;G`&mWBnPus0ItXY(r*nQ*-@pGx@bh;|rvS3bEFEcY%p1XdGTd~Z8AO^_ z=Pk=p@dIYL;E!9sD%{`hdMbrk5NMlPoXc2p%)^;Sqv%*UDsN#L4;CTebHLeo1L<&c@O z1z}EKdG8F;@#fdROwhS%HpT_*2Zk17TbPJ$;msTr$b53_3aE?5;7eq*2uc@V6d7m! zsD8DI|6>^%Ty*Af`H{S~)8JWSB%%}+GUIcSe|a{=9-08e86dBPmz${i)^H}L%`g6pYztNMzH zx@(df@@|?r$a>R@d%p+rbT3BVlR*(tp$U-Nok-olgD~BQCkPfS6vZv2<%w~!BtbxQ zX<2PyZi$9A{`@-oR{@MQCwne~+aefTh=TZU&|%UqB-l4jl$jx-zQJGMl_&5v!Q}bE z=rwdoyd*^^@C&Y}tII2{)zPI-pBJ#+t!`-N?ipwrT^6s84(7ulrzQ{h26)Da)3rkC z5kR^Ao!CP#dbBurGA$PgW$}W8{}~k`B0xSd0uSRZb8=b+BA#KqWmlZ;gM{a2?)@uQ?n6M-&%FCi zSC&ydBYIV&m%qOksD6fVz5HvM`sX#()HL-k-Bjc6MfYXFwdqyfgY=%1U$Cn!a_;QT zQ}IhO$_-&<&~?CmH}P91i4r2=mB`2JXxq034nsVOC)P^z{cF){wR)P7^32tE9EZv3 zoe6h}VO;3r!Zr6i@9Nq6$9`;>hql=wA@>^QYaw<>n`(!`>rkK)?caY*cs2G?B*CoU z=_Oh*_2JD2u+-CD28WRnJZW(N=4IoL?b4zPMFr^udtYxkcJ>q!oM?Xe*R4UOGC+V5 zlwxs$AW;nFB(xAE=P*T_Y=a>yTQ5pbQ+ehh4ywaGq!L{C<6vfU863Svr`1rJGz~-&X%w2lW3@8KM&@UkA8|gkA(GT6<>@kk z3X$6s<}>a-M%K$DiPQPV{biFF+vg2ez25y(^vo@OA>sPZeVxN)Uu}e!yPL;tY0$&*| z1%-<;iIDRW`-W!VPcon)7pu+@<_q$3a`K@u+dPib`%57S_952D8qe_Xk_de%qzwlr zl)X4d;OLYX;Y>$Jk|nYH55sveISKg+iXCN@L%y3eu#aa@K-huA5*_Id#*UWmFfM>U z;9zTBf`36ntZ4AL9EHH!6WLlpv<2%YISOX*%uD(^PfY%$jN<`~{bMHoR`$XA>PRc= z)yy2O*#M~Jmg6o@eE!P1slKGXO6XO<5VW>r-8<7LHk(?VmQgD&PRt>!uj(aON&G(tTZ|0#z-W&XP5o%>BSntTR;xvg258be1nb=Jpl`hiA z`lG9rrHQsO9dN$|m%e|BR{u%AZ$jg15S>fxfBZ{ex8QVcQ9&AnQm9oFh&h37Z72o8 zm!4<~ou^$d@b*y14$%GuK?R{j0QZ>hnx~Vw^~bK?yWlw9-911^Fr#~?0urW9QY#g5C78PazNbi(3l*`71Vy|&4%Q$!r#h~$1Z@Hy+Bb>Jt;ns+tt1+6 zS6(Z;T)*n*<}PX%q&ph`*U(r1j03 za*f_dA2AlSpW~m7YV$TyS&_jRVEa258~fkIq|@6E?|%pQ6z-DvF6#C(O6Vbwkp6F;6C0IoU~`jxfj$h@{bFz0g0e|`4PE;OzxZGS z_{IOY!$A7U0K{S5g5+d=az0!j(RF;?7BcH&Gh#sl#gFW>0eUwyK7P^HsNRpAYo$*%r9E|5!8uSmFq8br(+hoBbb(^~k;| z>_tLCqFkH=d9I6X@o=zvfy7dH{*O`QfK4RR#>VGDAec^>7e42){;u% z+JlB)-|^r1{JP-*6<(R%T3J$2+?G-tL_8YT34=ddKDKqksnGJ&wzAUl(l%vj2yt$6&9a63h5pO7Z>ACwVx_SH z_TU}Z4cLkQ?gn`OLE62|QRwBdSs^xgR*Vhr4IEpHNI|MoQq(B|^fg$L72rb7Odet% zKokiknE&kC-GBD&pSAxR^)v_83RKQB5|JuSE3!lI)F3R9=NRlxHs=`9ibOefkZ_s; zL9!`^9C?w@V7IGTXo!OTmz}8{pMkdMj3_56O(?S4M zyOW+dqM|fI4y+uV(Hc~F5`$fzh4}z^Rh%!+H>4HVA84n$~yuXq3`ycX*Vf8a3IA?00FG?z-CN~zBqpE=C$^%_|x?mi{kBX4R&wQkXNY07CHce@GnYTUEA*inFIKo=f{&w=T|+7OU#tX_nN;YoZP3Saed z6rMn7xT#zFW{7P6ZRXX^rNI|Y;Y(1NG@72@Qi_H zz~-?83h(EB+d!<3cjBF#f}PI#ErPAv#W6c!0*vd=!{FodIs~J-MIZV|Sk4cMG{ZpH zU57r0c@$z>#q1P2Z{cs%Z!g$MG12BF;*a-nH5X_mz^0`me!C1A1`OXgFi1UxU9b-;&Ti5-wFp$gR(M^P$f znmNME!%u*EycZl5K0$M-3CO+;1)u+uP+fy4m0D^n;&D_Xx9na(sWfQFH}5DY%s4IR$m0!58&4}6*Wlg%s(?fk>S@9?tH`lChJbgb!uT{c1wP9VT0YaI*t?O zdShEm^V!j^?G?>gEuk@5??hK%$H^$YgjaNc&>NNlqlj|WNFiu}1A z(u1;tN;?N0YS047ZYrWt1c5!7CuGD`-}CNW;9WD%)_SB@`>vWTS;vvoHq+lP%~#;- zCztxu$FX!v;x2zLcRMJY%yW13-4?OY4ha`?l7eMH0sH_>kPgBR;};t@)^BSEvs+lG z$^B%&#YDS3IGK}NQ=qfao)%x_&VHydK4t|i1Ui}wma{~xq`Tj zP}qczaxk+PNLX-JQ9`M#K}$IB+LUc6Et1%|wrG41vRVFmSJ8+J(T>u>nAok+TP+MGd1=(Ig zHz3-si}@Z!lV>((9@xJl$$5LXw4JhEakMMz4DAi$vSZ;#c5RFDba5#@d=~J{Ger$2 zXtd}a87GTPiAy0eV$-2VGJ3<3aZ!}NEJoYAHlM zE0o}h`^lwayh3Gx9K>oPxia5WUtj)T_!DkSY-)_a1?(KXwEH?rOEYtdDEt`@yuNpm zZr<*D_IMpRcD%8@tE*xEUZA=h2SBd}3M@N-Snx6O0%p`fAo%TrOQ9byS^})om{-N* zoTV|V){Zs&_~Kda?Veu}X9J5egv+RfvyWBPYrI)&#FF50+@zr(n{Gl&Ae^N+k&t;K`+_#krG2I#W~ntl(( zKtB&Pm?w@w)A(nqj3)peTvYQ8k!UHuD!EczK~-dwXO`;-bh~dcnbM&;+QDZ`aCjZj zv{5*et2v-_cjue`=IvAMPuWMIP%iT;+)E=4dx|^+D--Tqq^(CXA3fn!R;5%40Eb-8 zvzDJ#oYg|iNEG+~ly>cLQB`Z3f!TY8{mu-X4<>bny+@Ch9zCXrN(EjLJz8j)qN$}; zrXVT;qQ)Q>xhT#Iw_&)0$W2kXcpZp6WzqdAew7owTy7*1#U@JR7X@b$-9^ z`{VoEGM9auHEY&-*IMuUKF?DS>sYtW}h^=9LR`R|8?J~?CZlsEtKvE=W4@yvS{6z;|D^X{WY&n(&G zo~e;PbYJG!Nd7Z91R&uHa+o%c?_!g_Vj&3nYjMD>-hxc~w9~g2-R==@`#tr013|Td-^vMu`aY-oGC5Jf@AytJ~a|>i~9gPu{ME9Zl=l zNAI$ikTSF5(3!)>+YV_r?mw8?4t(fOSFZeIasMIR$Sy$av|PR*e;`-Lcpg(b=B00%*z7i&WZSmgw#^*1Bhk7xTl+#(TJn4hjO^8IA6{mE zs{Y$qsWGQ5zdlR5nrXgW1D%X7+31qXr!7S#pxh|2em!Q}yf@Ch-TKk~PYdz~0y=DS zSmMi%{P~di)J|q-W#c9>X#(>HH&=F1ZhiIc-KLZAug4yRXwPDnwvf%1)4m(`AOe0g|Ii}6l^o4--TQ?;wTW?BoSe;g6Ss*tU6Ds$`p0|t(qM{-f zM7EuL;|=_^MMX;8$)0@UD(sDlYCF(|f7lx($?5KV<=h343vk}aHvCu4^;6DW6@>%+ z=bk*EoVyc(1nlKG@_DvS#+W@+{#dS;zmcD2D!_dnmHjQ@ax5!k{#?@a_mi%h>uMdj zb(Ss1GG7BH*}Ir<7PFi6bv76o_f^jsBRe7=LBR84+@T&B>dHGjvv1z-+F9Ktv8QEK zBzu&@6k7!wa32f7gmHxE+zP2H z_s2U&Ir)1{T-An#3@OK1WOJH#Ru@&2TG%#r%)MBi^D0CmM~Iut;~bk(`))LFQ(9_b z?uNTJS}QLY=vkzRuiVf83UFLs)CWk!^{=r@?s|F6tD^jMAn4>g=>RSzbRX=!jclo_ z3^DkMZr}%$1r!#bt^sVI=nj>?Vc&Q{5vrXZhS)Lab?;@yb%GWNbRv_u)!?IK?Tv!6 zG{QU!QCk;S*pavmM*rV)`dhjYsy7Z7ltBlsDEX!*%o7Gj)J=ETyFkguNBPPtmR~XLO*tGTO_-21Avo9> zY>rA&R$?zMG1*ub*Jl5r zb(eH}-?z_Q?!Q^c#H^4p4>-q|qf?)c4f^@miM5uOp_&zA!790JY4DQN)T= zfIER)xUnT}_iD+rfkz7FxU__+me9Bv3+IMupA1_!3Q&qa*N%T_vUD`G^NG)1IJfrG z%{Mc(o-AeoZto2?G*F(5m+(65+EHJyQ_8O_Evd}c=2z9^RGC|Lzlp5!(?Y=K04c!z z;p!c~NAWm}$4eP6m3CnC|NN2|0a1F7%iVPxQJA&BVuO{v$E7TPU3bPSl*thB8yqfp zpzPAIR=lGe?hbJOcpU5OwE#NdZ6Asd(l5r4$uSG(S!55J#W_kGrFO{n*h))u_c3M9 z!qXRHJ~J~t@>0cgN17uYCt}^#F>i8nh#C8k=sOho05d+j*xYg2!jxmSbX!`w>DL3e zRO%Nj_@`0!9W@F$2EwQt%(n}fmrTJ0$WmvK6zw_M#d zm<`z3LxJjJY)nCC0aRxK*my{bzSA?)SRRwSDkeo%FAEA<2J~b?dg7LNb7p34UZy3c zY|DYN<}(l$(qbESM(aPfx$MA}vKVd8H0Cy9U70iUorH$x?Fk8kA|kj`_shP`Nbm80 z?EpB-LBDbufPDh&2YCEL4D+3T%hK7|&|q&*Xc*)_V&*%5EpF#les3%*weLzT4Z1$C zUmh(j)xNnj^?DGvpcGN~qN0N$v&vRuzlPe_YXj5DHrdlsQ`795%F?cl9q4~gomfl?;Kf7J+YFO}CquV=hsypp}Pc@=tGg}sq8h4tKs8P^Q5B||s+z8vrJAjpt6HX7qsmnks)|(yRPCx`s@GNLRqv@jQhlPj zqPnH}QPr)wR@$R!&98^$f*mU1y%ESJb- zaxSittLOG`&D;sDo9pF$cnyCKZ{#227xPQ`=lK*qlh5Jv`C`6_e}zBEpW{E^KjJ^( zFY~wfpEUPq0yU#G<1~+H=4%#dp3!7zax@N2f#zk++nP@`S2Q;?-$Sg?qg81+EosMS z$7>(a&eT4xou^%>U8;RSyIPy1tXNt-!BC(!B_AT?iB)sQ9_U~S%?r83(JKUAg`4uBndl&UBXL3r*K*L zUbsUX>Byfh>2HjxYeY(-Qak_BbY~4~_ ztZsuYS(l}A>PmFGbh~w}x+A({x;J!h>)z3I=|0kZ1>z00-d{gJZ_y9a|4ARBpP`?x ze@-8xkJBgVQ}x^Rx%xtViN0QcKz~Btp?^!?seey@L4QeqP5-^V*WhdLGYl|T3_}eg z3=bHB4G$W^4UZe<8I~AU8sZGehHVC$A>RPwc03R)C;uX)(CjStuxEwhd7~W3fM8w5ciV<@m*h64H01q}n7IXUPd4GqND#$v2d(FloC+~mM z;`v`Q-X@DQLzD=Du3ht?&OKhB>4Js$heT40fkc`~0zrJ9_$dNCCA1PhT%@~_*qQkX zW|^SP-km;D2;|d8qI^I!Tcrr7Eo`wO1uyNJ!+PU*%&J^;n6X#2%0_DEWUBjDoc`HMP>+ zdt_#S)(#hp5UDk`DVm0YGJ^QWel1pD_tgG^$&vjf0~K9=+1y>~zJlNB`uzz#UFG<8 zQ~A-5cJAO&4+dknNNfnxqzIH$o>EPnCc7N7bQu#Rd-T=Cb&`F?u?q-wewh8zG$auS zOx<#{#(AQqxwb|tPuVHYJkMS=eYW@A;~i3FP5ejgKWWd^u;C-@rmC~&UFXc_&SzN9 zTI_82x1F1%mxjbo%G|6yzHskfLQL{8c^2G`FG_nh)GrMmW+!mxEj}?rP_#`$1f}Ap zLE7|rfvU?>k|-%vq_x7!BK7HN8*2smvV577D}vxi2b+2Y&+y(ZP#~E8#t1`%p2+*~ zr@0?B^)On17!fK^bW<#9QXoE9AcqLKGYz|E_;vSAcFzemzzlpiMp_veYj{+igXQ7xGygwX zwmHGF=+I_lCS#U}d^z-ox0H@;L%RW)i-pb!y$|mJflHIv z`*6NU`yr4GSt!{Lm_0v;%afvkoYL2oVA+O{dLmvUpxtjxu*)?HT~4tm((F~TXj}QX zHbVo?j>8IN#_C&UOtA-V%x8bJv^Y3uzZAPnh^hcDIjJ?Ma0(XwAC&&%qKWu;k*0{9 z#Y#g@CwR$vTyQ88dl0|w>Iav<@WS$ROpQR`c0;h{m8Vr;vFtGK&2K8$?Y!0a&m*6{ zsoi?&&Fr)0zL^MPRtNH(UueCK?|VN$!wy2#io5LP_KgD@rMenn%zL zCMaTvi99V6VCP1QJzdLCCJ4N-sRslW4cO#VIhyzu7*!Yy7t&`T{gP}o?L)G`Siz1p z1*$Nyrwe(`n6_zJ(PPr-cT+^=qJjNWQthwvOvqAjF!~T@AbzhvDdKeMF)}zvRXkFe zkAt=x**1S*VRA8#;LD2%&mq?)Ye&|g9G*TDkhrYqy(r8G5Gw1NEGiSm|Gp7_ssCH_ zmEMJX6$@FN$)#xoS~m&9Lu@ob_l{{frr4M!7F7)#%Z7&32r}?hlQ+Kx(O>|(Lb8b?K5>7cwCBqn4#vK^UH=`-)kv0Sf?y06OPjf!yj$gq!Z zDz)fxW@Ut(d+cN7S)zQ@#MB?)y$FD-StX)8;4}fXiP8%^nTRmm=g!22Sd%-GW(&#) ziIf%eW>0`3c}VhM%ug^wp)8E29h*Qg+regwbWylImb#a8FM$m%%ySN+V9*`}htpt1 z%wzyN48N=n^egT1DyH{u3RLeQbcdeEv1s}$1%J0()c)&BK54; zvE8MOHPzBp4Y6Uu3bbAyNo{GtyD2|rIk*+$x`0Dn6zzuapIs2#dXPzW||~?g3jWG94m2kb>+=1CSra7JNu!! z%hBNPE~wCn`&LwhIEE28@F#az4xQN5*=Z`bRqQC2$Z0RMIe(MgE-Ndmsx}$ARx%0- z0-j~sw1YBTyLOOKmqhU!H^#?rtZf8TP{bD6Si3PEp98vH{32a2O^TK&A;&2jN$1Ih zrD+x_gPeA185KJ7i(DpZNoh{3m#CrPu)QIHfa;ZqORC;l-)L$muCJ~}Iw~m4tEx#h zJ2zJ>uUuZYqAst_SzDwnY_(BkWg&*@ZXfqe&gDY5Z7HOa2@yVT6WnoQK?(g-U2Se| z9eVoT&OR{{39}9(0D@SL%aTN(P04_!-(CgZp)@Mev~G4KBuKP@!T8@D8lXPNVD#~0 z{KtPXA}7Y$J(7bA8HgZ8ax;by93Lyuw1zZ`7&tt?T^t?r>WzY>z#jlKS*g$d{ zOOj!_u_a+^lgI=HE2iE7_(aB5M~3-18_WuRMYN%Im{DSLg(m7-nkUI^^2FOfR7@O= zQ3S$*;C>-Af29lj_D6qL=mRdWVP@ucX~m*j7Lqj>&o;v)*Wto+3iz1rj&y;n$Wws8 z6`Why**RoNhEcDoz#JKEgSKPxJe81i-zB%Bwf3n7!g#O;L@W`&sD6_GSHZaiX+}Ai z*b`{PNV~IBQDKSGQc~rrF0ImDI7zz{yVwa$RCKO@0W?@~>nR)f{|GpKHXf8|;NC<2 zG8r$4gp3M?j0y@wN*%%Pfnn@n8|U%Ylvx{+tJ5i4o1LAxJp+U>yfuZ&tAHBOxblm@ zG+jvYvv=ljkfvqN_RN9BoQmNC0|<2|V$niI*$+ToKb}}5dIrz@Zrx&j7E&O~Xq%!D zm56zHf7z7BfX^vDF*$LoW$T85^*fU&ICy)od6OKWXcm%7G|1DT*fxwzs1H=VpGa72 zX$WA@VI<{2+Azb6Mak>cZ=D5v;O(PqAPS%d4$Q%)W!MQ+DL}icj~%(BtQW8tA#Oum zb4rU@DS%6{3gd(uXmBQ!TNzwQ>cwc$Vs2?BL}!0Ulp9T{xg^h;2%PiCQzdT_|D{OJ zF2v$S8JJs}U@2pr(H2sJH%cx7{S!}S`IUw8cStaqc=t;}@AO_`qXh%pZPnPvx6;1= DgjuED literal 0 HcmV?d00001 diff --git a/public/fonts/fontawesome-webfont.eot b/public/fonts/fontawesome-webfont.eot new file mode 100755 index 0000000000000000000000000000000000000000..6cfd56609567bc9db55186415c694d1d32808fc2 GIT binary patch literal 72449 zcmZ^pWl$VW@TPYcTO1a57I$}dcZcBa?vUVai#x%c;2J`3Cpf_!f(H)}Aoshg`|z*2 zx}KVOd!Fj)nr|~z-9Qo`fP@$b0R1=M0sqs002mPPA5+ozpY(tG|Ka~*P=()r|F8Q$ z1Ro#=a09pkyaAE`KY$Iu>%X1Le+mF#0JQ#7JAecT1@-~#VHLX%`UPP7~z8flf#N3 zAyod`(sc6-$1u|m)*_4U_&i*Qfh*Zpn%@Q+D5YE^F=cC)gIX%E&!~G^GT`ftPcWrZ**JQVkzzPiGhS55^vT&aADntLBvb-o0w^(vBNmZS#0E++kzrO#|hgV)J# zy{aBFzmqvGZ2Dt@Y>1y+AYb+`uMN;b_b9u^Z!^J03wK^2r0V_YhR}JZZle^DR2M^H z536e58wqWG`U!#;5Wj>`@YCRq(OGdfX7Y!eJ~BNW+>e;lbpvVw{H*4%p-`f;?~oa# zKl1&bk_h28{^k7zKiMF1Ja`$Q4Ka%}-!c#MW4oIqkl2h3ewW7mTaJTeA9fMFLJau! z0o0rc-(d66aZ7R1-4k)#HS>g8k_uVl2!5O%DoKv@NvaeN*7`M~@6pBEm$izebAFtR zk*hk}P*V|{1UYrXB8|w+&N7sgprf0QhYJ_6ie?Z;9|BJil_V2Evxs95q~eX0X)a{C z8}l0Wy8(F0Heo#Oc$C@|m+gSRX|XtBg&Hw`0`UfQ!q{-AkzWx3pBJ03*MU>84+!=% zSWTMY5jd*_b1n{X&PtYwkxCL5`>)Sq%KhHTs2Mi&Ya+wA>V|pkq=Pjh?ovXpyZ&fc z?t3ppAY#TpgOZhY)+ib;KO2DF1%J{a=lI|gS~M=c1Ql5(j)cJ*jW#$J|Gox6dYmja zy!F~s3|}<4bT?Sw8jhUD=$$rw^xu}_Bu|n6Su52a39drPK25nmU;JlYMd|u!55ubT zsAIl&y#x!Z0EpknZqATD%*D1*&>v9Wwq`oS{uaSi1xyJsVxa zYj_6#>7k{GuUfJ|!2|y;xY-B(I)@2A?d@CJQp@sPscBd;CPF#8kc-)%5{q1r*$*b*YN#OY zg|0bxedFuRyZMd|g7{SoIR>@?HGr(uM$nc@Z`s@&iYEftXD9-G9{J`3{M|MR(C5-v2uvF{h42rACTe3 znc;}~T{p5i_fO;Jzo&nm6bedH-5V6&US;|%+5i&@3w*is{}@>H?4FK~^9!-LfAiWb z-&{LIJ{&|##pt^Nu{}9S9F*HJOg8)LQ`A<(Bq_iBg`CHDSE9muTAK~eES^`=`Lp+c zTi3--VUWuE*pnHQRN%WSHlGxxm)(zYY|2mq3R`Xl!V@VU_i5fBY=dlz@V^fg80T3q zB_)>=hv)*aikNGC5(c~+(M_qtxH#qIaUysZfVb7&dju+SLCZbb$ZShN3y+yiIT5Dy zK%1McS~~E@Bu>Tc=|szVeAR$r+~HtTb(rEOf9KgxCZ!SxuPp7;J7juEF$=|7raV7; zSqhoAVP=T9$aazb`s=+et(Ys1<6Kl{p8{8Xc=4V)#AMvEN*AJo<7e|QKV;@}e@&f2 zx^}ekCDF|8aXyhz`-|$!694F~T)aV^gv@V@9!cytB#y9BR()g2#LNFv(d+pYzLZM* z8#p}U)liwRmMx;g4QCcdfx67Q7&sIYF-s>Qr^5AiX$ig$mDeenQ*W`mHa+f2=sJm# zcBhPR^P?m;Ks^(NJK+}<5dxHA9*6pu8w)%BdhTlXD#u5=(%T68fQj@?f+lE(`SDM+5ZNLgGAcxfj$*cv=;Cp2FJ* zfR6JY;|HNUjlVwTMmX$6rJb?Zjcf8Ue2JCn=Wf(8gzj$KmCmN7Bda(|q3K)8iPZdf>(yg_IZf7YFd zy;orRBdk<7JT$!4T*5-NQc1xAyVES>m?lC`vNpU4I9#ug(@sC#g=$GvPLWVnMzlg1 zBO~z`En966ccd!aJI9oTC{Fbc?VKhcU5s%}Kp=Fb_1AthiI#movdTD7&%A-()E`=9 zeV{R+ebwSM!T!1}Kq)TvFo~sRec@B8(7^Z5#9T$%mUDmNIX;UD?3s z{kYuWF+quv$PyFTvfu-sb^fSFJtfv=hZ)cK-64Hm1SwmXh8^EMFxj`#f)AbDYtMtVa(wD=#UT0+5X^*4u+ zKeqB=WK=);!kJ)BtS^#XcI`Y~w8^FM_2C4)efx7CJ6?f2%oo$i8t zPhZ2B*WCiR$A6m+!=UA-99l$S2(u3QzXdD{5Wml+g=^2maNhYYEHP92GRCS}hBTl^ zS;cY@-qjjo!B!DU+{+g7KQk$FW6Amhy~dgYlO6IgV!p`1>WmZf+7kpOT@F|POcHEA z@k|G7C)Kg8tg15EpV0@V0E{|kv7B%V4B1iJL+P}dG9E>zT)cq05^dN~Ki+KSxl9c1 z?(0fj;NKTyluYa6oTeBLnsNAOJt{MVKC5YH>N3ke z!X&kYZh~}S??@Du8bl`8Q^@N;EGAXxeo^sti<*sna&VssE+@Ih+&Y^aXG*((tF3MX zy1`eVYx*|#3)0D2pWXU~&zB}w(~xSb9bwzkt(%c^SlMr(2OHXK_>Kc&M781p*l3u& zfryzcCG+|Fti|V4)^9_$SLoGGTBIqM(aoX}4#BdWDpy0CM@GG3>h4y-c75y`~fO%|;9R;h}$tySQ9`i*Gr-eQgFjaAs zO^sBpfWWX1@}=1?+;)bPr+m=$JuVRP6h-c-|JURT&)IvrAIfx2#-n{0T~%&FN@unI zg?QzD|0R8oe9n0dBlO~DvAvSwC*SS%E6)3AWC%h#S~VXl%V0E`$PXY&4D0uisLuFd z2_|`)DkFd7GTd*Vm44L>FmBTl5eJjWKupN&EVf#Ci{Az%I+%=*CSHnD_hX6is3KFn ziob75hF#gL`=TSB)>kf1NorIDoVD
U~M!&>g0b zP>w^~Z+#M>N%zq`RR3r6Iv_h2r+{E1$_|AX$BAqu#`-&YpsT8ToFEi#V3WRo?=Iq0 z;zSKrc0Mr|!-U7{q!e`alPUc;ZBIz>eNdu5UVcipvm~Td!`BN12uv%2Y7p)*4jM^3 zlrM8uP;Ra<2RxP;hNh&gMtNL;lLqkQ} zRR~$x=MLTIN|2%rDk}tHjJ;7ZWI}a13JAx$*A$E9B&T<4B6%_tZ<>UoVev*xWVl88 z(3WD#{A5=lV<~~nL{F&*3y{RQ-K~~o0*Y5C5=??m4nwW{_!U=ei~IV=q@ox;?O;Eu z!HbAZ!j5E>EUhHeLJnH~>&VE!*Nb|{Gc{b!iE|A$JR1Y3{}5& zVmV0E@Dl0BS#0(>H8Vrp4#H=gIW)$GEtn{i@(AIekOdlhy5+QcZ=mzSL}*tsM*9a?@Q^l<6kDFh(XPMB30p~vDD$zx6^`y@td{B@ok@l; z!N(U!wtN@$BM-IZCg8_M^|M*q&s2fV!0`HF z=+n?79pUpPL#Yv~slXpnSb&9!+(ZIeTsla}@fa+RJ(R9#@JemkJWpC?uK2Ts0q&u9 z;oV)Z<4W2Sir%sN8yoB?5r_~UYsc#a1fXdUo1xi+rYP6-U%MLXXl)SSdau8A_r!iA zC}Fz^k1gi+L~bun+~!XG&Nbm3W{D)jq zuby5|i`M*}|CWFf+$ea8wOB!*DAJhgK$0Fv(i}u8J0sWb@FwK!#$PNIm z_ZX1}{Tav6jRJ1jICmcClETGh#v|kwTil)yERQxf@dnEI3gkR{N3iJ-)Zy7r5R;i> z%(xMzlh(vYF{9Js<`keoz*#xx-iEQ1SfxU-CY*WG=*pkS4WJ6en9*}HJvc@0G^}%0 zE#!n`oCl}*v(;P=1J96tHB!`1r>Y=PSX}yXYhUg;lXDBSWL79>lZWg5qz^p&n zkJX;w_=tN`$D$E#$`$PD>l7x}ABH`-8$wkY>X*jj3|qf_^5}L%bTAYw0wY1LF6`L9 z!Vv+%9N^77O<;QVzF7IFYI9ku$EygDeA$(Ik%NLIu}+9t@TP|g$ngnX11~&%F!z2n z(8sz%)@751T~33TK!Ht|X=I?~6dm%BTrm%7pFS4Jb48mT^zO=} z5bMV8u30LL5`*vajWZi28`^a&P!Ip@!nl42or&p=Jsh(* z1kW3lXMt7Pe!R_&!ZBXD)al@R!Bk^9BLqj#kXsWh)X8T5qL6EbE_5HIDo0w(z>%n2 z30(MtHN5b=XUR@vfiyr^3`HKlQGM-)v)hSxk&#q83;NttQ`)Gw#EhCZ+}$074Ez&; zU=+*yQyuXnvBgY4rP|3!y^H7+DK(z{_e9+jFPgdQU-^aeYtio$G?@c^gw;iV!HG&T z;l{(&+IK$o-X4V~q;!syDW0-|ZyG11*>61)c=U_B4-$5AQr@3$X%R;)^c==IOW-C&@X` z8~T=1pnh?2UV22f`Lwg@$v9Y4fJG5DfM(pWE%ScY*iR_;%An`Mk8Fz+xdj2bOG%iN z82lht%#<|Y;uT+E`HL}XYM3W%=A%Vni`gd6U3CSughYKx zg?qfU-UZ~a*nosPC8+KXTyCv3wq}pjNp!sh@$bumNM_K(5QBEf>cHCHrsxZ_B;UV^ z{^qt|1FzSMjAzFz}11}UKx^1HP%)_zQo;i&L9`d=_HDl zv2?mED@^#)bJ?E``auXTjfa!MxbsN{tGb29bz!Wc8M7{9lw1!sSpt(Qh5!XeOT}*$ z&?oi-t*t)A)&@;H2TZj;F4TGW$-Tlk(?L#PD{cgtfRPr9lGu49gx}5JH7t#TQ-n1wq6s1X z)f-bDwQSlHj2L{6(*t4}baX15_|j)OdLO`+AY0;iYvLiSU4GKkk0GO6DjxQ+ZL$^v zQH{nJ%euuu;#_S!sdCZHseil*eG*b3t^fQpi2-IH$p2iq6Wwq+hJB0m_;FkAaWDH* zu*)U!a^ay|iT&?MseilDIEK!}!gm%(LDiFd!QSpHV&8oi`P^_NYud=ESwK(F0j=Ch zfHm$6wY{jtM@(k}-)qeX+JtvA@aS@fEIBP$K^yrp#U@um1XblF|Y?d;wbpNxi89zlH}`;Ahy{_NB)3UggiWDpLlepwvJmAZ_GX(=OJjU>@M zUgyws_&G63;t);Fk_4eo zSu0Y420r3sr@2tfqj0bC8O>AGWXv+?d-T|}^xe@IW_dI^EgBzUbAC$;-lX{_+(U5> z4OfD9J$I$sLBe{tdbsoAU7H6fZ}8ec3rW;FZ_vGkLsVQ`ESKVqh7_xX9KJw@-m3O2 zLszjiH*DxJAeIPTWg%5`(p8S#9_AR2QWs;y5QTfIf7*mzi!}kUD+;9UJn;eu6#t_S!rV3Nl*jejz@;ALfpkm#gWOZ%iG zbE?;1{~A$vUR5T5)FS0REq)N`QH56e%rNMC=7Y458KtkI?USd^p@j-wR@!gbzx<9nd*0}xU8AuK)0*4^0yq7Kbj*smwZ zEgQ9K`n+48tGHthmL%P_QM1P!1Xw}M$B)dx=B8UYbo#95Ba8kC`m8Q?s`I}T3z1TS zw3-xg4f9p&G$yb12DmmC;SAequx5nWvDQ^%9$Iim4`D_Bo7MzlI7f8Q} z7#mLR*-V^ghp<0RSI`aa3+LfIG2J-GV6MFdA=u6>P{CWJZ`BoTX$Jk-!`F-N=ITO; z*Kh5M_IN(B=j3KO)^rs!>9Woa(#5dv$BpZ_ET2{NF)O?qEzRTcJw-}ED8CD}+^}Or z*Z3u@EE9=|1OfZU@vm`?IIDMyVvZ~;qP0v@w}|i`J)MwDA-{WYvyd2SG$Up@eDP6q z3m*$yr0g0nF8L9`+2Tq=vSgiz9})k?YZ!AU5DN@B2P(9*<556wZ@b#QMZL!sdor<` zjYob|Q5yH%ClsKkzr~*)%zdn0pZZ zkK7Ray}9`)hx2gJ*$oJR;2trmaAK|qsM5!cTWe`Lx$9f?FI$Cnq8xn{lrnz%joQy|oV>F&4BqXn7ywxi6{a;B1mzDl!TRmo`says!4D0yE zgJCIA75dQ9Mb^*NT_8acrGQ(5l^WxgR$)mu`}S!J8v}$D1gb}IA7Dn?(G$%z>r`c=edOKKfB!A?rFgFYI)b-36fF zYJv20$Ni`mx!woNG(!`F)>=#D(Co|-DQcmqjnZxwOq!e8KspChU>@ireQ2nYKB^3@ zLO5o$)5!^im0H0t+2un>l_f-p6+LCw^Z`9HZbE_( zJWA~Ae>PuOCi$!}Uw#OS+eZ*XGK3v}&9OnXnMft=f%8q__{^a8(9)8Rx@JE@yY#2* zGw36Y36OR8AL-ApwDIKJTDHMnE-Ob@iiDq6$B3XAHT6@Gl~uQC$HAiuOVBIjzQ=kZf!O>&7QvoraT+c z4hC1w#zT&R;km#z`5M?Ve9u@REm~Pq;eglc;3zs+iKxyqcFGi0q`a-Gik1h37p%!j z`Z3HBLChRizH>S>2VScPRz(EC{U#)uYw-SV#%&)oI2XYMBE|EwyhTe9tsn`r112LB zX;JKmu<+!fGRwxcgb`H;(G*ulx}AM8Y|$EvFow5wCTfn;BVX>U-6?4P7|>7b6F|FJ z-Z%F-x!qTf0Ij%TTfXgAZxK$Na^U%WfduyF1@JkAZz83q?3Vv`Q`!I~u#Le!Bs~ zW7fggslMo`Oxr)c{XG%nP5P^jZcs9@uLN^DUW_qpnGw&MFtN<_f>7FbYca!~^Cqpe zQ#M01mp&Zc0CrV_Qt4B7FIn)pz2s?J{F*!M6T`;BultJ~h;4GnbNmP4eCn9N3ZE`U zzGH%0&?8cx8C46i$T->!hz(Zn2GHWd1&eV_(Kz~T*wYbU`&7SMmYXC;rxSDgD84pi z#VnzFoY<`@q)9J-l_$6|+l?XvzkuhXbhNaiTv5 z#yR%dEwzLJ9|*D{Kva%+R!{mJmhf`T9$>i0`Bn+v$9eSp7ilgAdcDOVv|Fk(pY*d* z-RaFL)aZq@D~U252V8M`8DY~YWxyl0Bs;WtJqP@0pmV0^Kz}O)l=jD;z+5d9 zYR-?hfBQPgU!oLB^G{!Um{LS_9KD_BsWogR+VJlnLs!Dz3J9%q)ExNyZat_$GHY+b z`M|+1avEKkKLOiVhQ=8ugxJTPLL5JqJQs=SwgzR^uHUrL@R}87MGEp)yV^!w;1J13 z{kl9&>{SJhT_|5-A|rfd#JxU+N)5txz-jg8XcdEbHWH!VI$7FI9pCKEB_rX9CGPxs zJ6sB*3p-qj`nH8Q;iKid@6LBSCQ^$CR}@oAN<}U(hu1|htWMd!LQ$JCzRyHdzy^gi z;zC2;(oQ}*czLLzx_ihFk-7}zXdnupwJTf?ChN#G$Vn@TH({71S|FBRDin65 zohg&uhaU#2&)cWBXh*6=+S*}fiU@hZEvMRKXx%OdZ4NDW3t8WZrC8Tz@jTipej!JO@~SZ~17#kfSvwO`QVU>qc~&MR ziht;9h(Ri^_#>pNC%KYqtI)(UoX=8O29owdbva^WV%=6`t;K<)j?htxff2kOB%sb9 zhZ)T`NB=l@Dl(K|r_o^CUj%oeQ{Fdk1T{5-gWOqdSa`O)^bY7yTc)#gWN(|D4_ zs2f5RQ$2g{x_PR?FvT)qP0jl88&B`5I`EL?9Q-q4yDFS!Y*N~4;1{WKJYfnnc%Gqd z;?0vU82Uv#m~lVC6w_0ENeTNqPFXv*uk$3MT>6GdOd=L;2K=hLUNVA*(=U8?;{kWa zd7u#o5Ij4QR@^`Gq*V#ElxvsX&{WSmmp^mq>UsObckd5gD=dkDg+GV%Ao@vb0=I<8Bs{TYan*n zMFo}zW>m#Rb6fhTX~h@U4f0ZA>ZPAq@~Ids_RfXr{lqS&U>^hGzXk(FC&Gq+>D{mU z?tKNLbgI~FwMTK5yCre4m-a<~Nhx-Q^KFd@C@#8)-SL7K9bVoY4|(+uE=r0Xei-Ko zq=^&uNZVMz;tb)UsAYx`I8;`sozTQg#}7~EsZVlyK?07QeeX}162oIT%~fOlEpG>N zMRPljQSB@|!qLAn^ZvOD)DZCJ$mh)e)N?ay8u30My_MS+zsoBEOq5)4g)Xi%~Vbh`D0xgkXp&ubVev{so8xFgt z?T!hzWm4kbN#LLs>CKdhaDtOvJiBYVza&{>Qk45{1z_c7MCadi=wHNkEC^Qdrzr{$ zvML=bGRUp1>!xTJ51Jk`;xIr9e?s1Rbc^#b?xLjiVCz`<$00-Y62*wn>KT zRAId;{M2!3e|}`3`K{-UX||VRsezlned3iP%{NEUDy1uQXThzIr2^WPgZgpW3#gTE zQFUDe+|(PPEo(J4ddaq~q$rkCO^R#Zc1=pjns(SU(BMBRjHs~uQHdT3TjhNepyMn$&oZiyNQ#TvZDHDD%Ml{v+5oEqA z9wF=eje)UMKgGicCa}Pb5=8WXqMAd+?3aDgr^+d1=c!|kS!k-D2oD5rbPO``sc~Sd zSnp?U;wgg!1*zkv>$&^QJP0GQn9XW2vWsLO^Lvo9yz8PZZY9+{Mc`6{G`Y!c2J)O+ zewh3U-?38QqVdD41G+}^hkjP~$ssQ9wNlJVL89Q!oUn#q0I)6KWZA^rgzWs;>Gq>v zwkw}^#ib8{0NAgQ+N|x%#ZL@rmisfs8@-o$*<8_d37I3`sYBY4(ZARKK6{a-+-zBq zG{T!4{T?u;#KxOH3d2jBp}#krX$U#W4y4dE%v>XPFw@!Y3?s28*r{fIaE_!<3`N&g$vOMt%`9k=+_l4DD?|9qSA6kc>MC5%P(Tb=P#pE0+|BL5_;*-)Mx)tl@kSc#$J?i!PwTSyVK%V_BIO2jnn-(?b%D zXjZ8;%p+#|`qU$3iznWYe7m$#YBjMHJ zf6YmRHNn5Ay;JidLPJX#sICe6a*S@k#r@#^9OdY#s7j?_F7$PpwRoHs7fgdpsyaw3 zjOZJ&EUUDjnw;*;U5uz%3d+#4%ghFA=_fqRhAH^_g~#q=FR3?Y;mOAo8&+nSQO)qb zT8vi~zXt-H66pI*JnirE+(S|Ady;FKlo7Q9`J<-{#JpF2cdqEIPFR4&ghJxh%Mxu1o(Uelk2x%6E!{LYyoVZZpGQ0=jHupM=>)=PWOkfLQvl%VUWRGAA|$0F1&vwasg- z@VcNq(D*Q}eyGOHLMCTMOViB(UIg{+72to*en28k zj0oC2e~`&a;5BWk=h5j;fHRWSgl#`s`07#}kS<$Rh!Pqlg^5OYTlaXRi?~})!tWD# z@v%=8P-#ZOUT<Epah&sW^m}#g0SdzYY#&Od^KblG+DZ!UNR}>a7#*OAT2&tFzUr zj-4(VPC{$Vwi;7Jm~{rD$Rp7D*S?upf3~n;7Rlu17;)f~_YTNr3eSxHN zo~H}C$>dKg6r%lN3cTfV83{?C<_q9Cgny$#ul(9!*fhn5f4FLIizxnJzXmr9&_kv# zf2H-J@t2G9X>a%9VCC_%BD>NQ#EAapu35#9L$2&`GOc!<#-20fKYY*sHC*pVGkptX zb@#(3z2gCt$kbkcJ%&k;M4vC%=RR>zD-+U;UjxFx$B;Z>p79{G{&JG1q|^@QZ|)%> zHb|g2Y&O6FR!O_}uxV#6>rfyseLE(zj~jjTbVQVN6JVc%CDYV=C_t;uXu}pshjfDA z&<+bsG82R1O04`cCxQG~u@w}vVT+9tJtxM$>N`Tk@!4r>={zla##3rC15X(<=<;v$ zzuW&~45fE1?|g0gSca_6Z<5RkFFBu6m4KF&>7J=kd974|_#(%g_eHZECAs98eLWFK zyYeSTL3eB~UCU5{N+;Cz^^$!$eAb_|avekPV$$-0)wMHU!}u|P9p=rWiNhBfEK~Ab zAjKpm5>F6%H69^{4?rCnKqtY&M2G!u(}DDYln}zt*?(XRjxzGi1GS-A+s^H6gDScy zERY<=pcs*b=Lef`CFf+p%_N1eY!;Bu(|vHG?F02-0Zwi}1o zns;&O?WG!5KWNT|mxX6gh5QY$qpQPnQ#zl2l)V34(xxX=&sD#t5o}n(>|b4zO6}!r zenh^;qzHYp^BQq=W(uy^T9X!p=1dXXg)gsOL&}+C2Q2& zb}7H5FxSv*e5bL3L3%tbyK<aYP$hd6kD z?||pdfGS3vHV~JaAHVnsL!!z8)!Og#48`*DN`;!yd;wJ!I!MqBFKY;OBzXsI*t4u*VEz;?KkE;aFxkGIdN4~%_Ge4insnE z`K(VWO7x;zGe_JVp$}|P;8hr_2IMHl+DL~#ls`cRh%%Ysx3(Dp0*FGJQ z&n}Q13Vzl;@^K?Ow(nE)N|W_;xIl;zxwKqA<%$d^=U(=`7&Pp1$*a?kA1y$SNoC1X zIUpmfs&G^wql9@&n9@FHSf}rr8J=^@uXcYy*Oni#K>;Uh1=wfMi9vOmDjaj zU0vF%zu09ehjOus8vQcnYF1XipVZJ4Dbi1kGnb4j`@rJzPwD2u2CcPbqbaX$FyTO$ zhF2i7C4W}-*!V-ZATAlu6k`|bJue0}m4>>0znpScDwDauxMcm4k_w9n48uGFA&zw4 zHwmq>=gC43e{nEwI{@{s;RJm_Bc(abg;7-{-HqACiaM6O?)jS!Cj2UUi*Smd{ygcl{TlgLQ6MRh#JBy_IjI z{?WC9{eWiO|C$x07q0Oxk_rG<(<^sAn2j-N4A{&fb_Rqtf}t9Wk-0SF>|dJ#=8!rQ zh1g-28{C^$D{5Q4;oTJkv&B;kta((PDg3reEzMTKq;gr^;hObo6jEyXTyGs`a{0K6 z2CHkA0@Kee0og(*ox;OQtta#lD4GA)P|e>zi1DZe#;f{T!tnTi0-F%2(dFJ$vmE80)f(Z~>{B z#BOt-8EPKjK*PXs7sa!L?^Qu?*t0${WQ~I2d=G1Y6@Z926Uo)4{>(Cx5f&uRFxu*( zn1sBHiis3on+-W6DzGzGQB?XO*F&~kJg)j94U?}|wqiy|)L4WB{H?8)pge)UzsMiN z#c(e089Yz%R(urwVwCJr4^j=`#wrdi)+WOY!M{Q=pl`$Q1lV5LMUur3p)SH3kjp`^ z7LbR@oMGYoCW6e2^z}`p3!ID^C>GsOvqQsnFXv1wNE3}uaPT@5ZlS^_k%MqyR5+x^ zJo;!S)mc5oR$a_u6heEa1z0-kx~?|ZScR=P!#Ute&+Qo@i9D-MtLFF$L@J5mse80o z`W#~mum6>UVq`hYi9OuWmR+}KY^k@#^{k?tKq8298qyWkirl(H;-_j2pru&}?5 z=-wt8S~C4|fg3Wz^9<)?i0syCv2x=ZEU;Sr99kMd)W1V7BfkZU3C}2(etb)2cxr^= zpwZj}s8ict^}GE5vE6@o8kM?ycAm%$aO{N7Q4(Vp+voosKaegf^jPKlreOu}Q+jKgZnJ zXh-^QU>z=#-p=?*=c?hheYA)B(cP>rGZsOgb)laul6y29Ryt`FQZI6TX%x=e)nVVD z<*;*8YwImd6U%pV{8aHN=E@rod!;K9RPo6+Y=++%6()K5y$$<=w&kn15BbwR9FT%; zXH1Gx@dAsXJt!dmLhy3Fa|&C14E>;cb;bxzA~zi=m50e`Q|-WI#odRlFBCpl|3u8M zP<s0r67)jLqqeW!pMX2r7_gXy8R?ZL~Y4n$A2f+KJn|#e22b4)mWn7$!1~IdiBNI=r zhX;2iLFfFD^OGDy4dmwV4Cp;v%<*2erLTU{qm0Z&wDKZ%l$+=6lL@z23U45Ct`(TNN5cMGxi>wh@H2e`0 zKCoS2DJ+BwVVjbJYPe;?*c{a{pE0AIu)-?Uk(viV~41~y$UhB>a$EZPf@=HxX+y_qr z$=rmlXh<$qn%;~U2WUxI{6WKRH1*~tewDo@E?imZgw{BR-<0=+u!l4M#d3qFi?D;a z**ZIWbLG6C5pe!XYP#k-s=tn6zvbU@mb-K#0jP3MyoD3}zgxogneGoQI*&nz842SP z{?8tTn4FUBp8 z91fEpf+A7x{}Ku12`?%FVyPdY%E2FXrKaw|TiEd~{Ut3sh_b|Hxm_GEcJG2Ln*cv+ zZ?fl1Pijig=|W;J4;Z643fiB6UZ2ior*0kL*wwPbYdt^68Rfnn^PVMtWaW!m3gE4% zn@3ovVk*J(Q6e@7Wb&g>nNV;UfmJrgT`!tzH**5XY$hSoEpuw^7TKnft z?M;@4XU#SZq>E)v3_sfEs4Ok1M3v~F@4>eGwYLE(%(I_JR#WiuY`iu63m3g;2Djvp zuJLKpDHG}JRbx_<93;Ob)LW~rH{Xp^Z9Q0ij0~;F++v!WqzDd%P`;yGtj%)D;+L_HK=Il(-YOAf~_COC~K4_w+n(v54UF5C*&7r2`=)NqMkc}n`Y>W8? z5x$pVo8&m{L|EtG5w|j|s6-sMM;ya_xxpP4A>yLkP)kK{w0#JZU2N^=LMZnbp`>}K z_?LpBU?-8mFVbu+Z3U+|E}kJSlrc>0F|@s^f3X5RRFb$wApO1%%C?R=ZpIAY{ll<4 zy}@BYbIT9*E69_IGUA@$J>$4?_XTZnj}Rf)qs`F{ zb51=?v^(cVvz77rC|uU^!(J7nEP!)YtT>)PJeE ze##uiE8pV|BnQV(dTYQdSduIis#THcwsz@;&Q&(wVRo;3I0YXzNVU)^Rfkkh7dQ;haaajU7y*jI23N;(PWPcFHq^L~ zcn`9%bn@PihbB-&XAQ~rDU!4Qj9I65r_mm(8s4_TOtKl$VFrBK@9MYi4ii(7!!hqd zT>a@@;ixoHZ)&?`X}ba!oF*R}Fy&#ZVv9EycCS6F4ih<9$&Q!hlLU{)F74}D$%Q2U znhE*TyNEJPAA$6N@opiJ1iX}+fuND{-m@DWL~CJR6&R+Y;l-TTYMC|O>gRhy%9w}o zfRuP12pqNEa$m0_?}kGj7I~+ZA6=uqF$<+@zV1d*&r9D8^VkaKSxMm_bH&XXlOU8C z{r6fT4TnHLf{%S~I|BASfWz+}WY;hx9zGvoGDnPR5v%p}7pKx`<+yfA7NyHUE&-^6 zzlzBsv!FQ$HX*Bo6prILqZ!^Qa6qWhR&!~ZV;F+k40dZs_} zor8&3k%fIPsdBH*lqxPqaP&6MA)@z=5gZMUT9~dg`IAhy31ya}`oOf3l*fSMWmu}p z=1kz#O|6rF=d+1lS=}rS(8^>>rx=MIHQRum1c^N&gd381wb={qED!xiK*U%U!!aPK zVfF2;)>0V*NhYfyB@;9Y^~v-$78N^#*+3}7pcsuLEGWVh#-lhs&`iHzSp*k_N|FTjAuSz-eO1|9M32FYCb=^TD&C zv2bDJ(8ZBJM-+J*`-8g((-2J3?}Sq};TIy!0v=FLx#8Idd}8Lz>l(2qA&A3ud91}! zR8N9iA|=1)iceso$a3|DQrhXGSk)Dc1OQ%?uyINvSyy7pL#CfXzCafDBo|eg=+hD&JJ@{^7x-206v;!du-$`bV`+(;nJAt^ z%{Chy{qyi<4kK-S;og8?RV#wCGaY zsjO7`bXf54d3*Ls4bg5gW(f?c8RMi;QuKme3n2g}JS(`Mni}$+eL%GM5D0n+@OZXD z0}V<9f653uG!z46#KvlmD4E$2@Y*%mtB0QeoD6rP-=K6r@2sUe5r~eyfP6ur9+Ukv z!CGs)#O*j@o)7^vv%)wDB3M81B7z`SaxMOsITsS)eBp_TDD5y3A;caS)eDl8z{7=w zB5&yV8*ikvJuWF~$N)3+3=8wK6dBbpB*fKmrf_#qkTDvzL(IgES*Wsq?n-;iPEI>>7J$;g;D%-mCXDd2QEUSr6nhX(AHS@Kc5?lzQ!~Gf7)56nej&$;o$B|K#-K=OsCt2{l&_U zw?~#6gBb;2qi5JDPfk-F0C?{$;-~5P{slW^vI;iIj2(z&sC}!5G>nKLZ)c@kkg;*_ za0m7{0&j%j_u^)CL^&uhf-uWhiMFqy$MPG7czvsnIgY4#8tDWzsCcuT&Y}3fLwDq=Cim+UB@O{SKEzlV!E&Pk0_}kYz|^v@3;v7= z#!O$^sAzL4h&h#H4f@@x7j<5q5xOC3XTYGYAIGxY@S-fC2qxc;ngDNXNet)vw-*+n zRr?=Q)KmhWGa10jcgZ6T~ z=6M7mSLYydM{u}FuFdGdLm`}-j+Y0w9Z2hLKYG`8 zMx~B`Wd#D?<25Lsg58(eIgtecyB!w_ACaWUZrd{c>IdHK8z z@OXk>jYweF{5ovV-whSU3o1bITG&&z)S6?F*u@;3u!NKpriS!!ESW8>Q&=9NZMw}a zM(!+-B+czAvPkTRXBgx`o^$cOG{6%=`)b9X$8^vJ-CzOGO#s1B#?vTK z;0Dw$LnO}lk^RCF21^f^B;Z=fr9~v-E_v<(&1C|~$pH|#kT-MOoP|VIBMgvIVIKC&eJ{IghYhp6s&L+4D9hx6g>ZfTl(cl^(LIfc#kxHSX#B zQSwK2coNSEt}VFfu{2^XS5i0zgIZ|OZccObT}?p ze43zDm|fO+BHZk?DU{C}DLgJSfS|OepoM|SC|=kF`VZ2VSMi+=anj~c<_#)ihK`r+ zwV5e_{9kvU#EfzvBG&(g+^ES?P6$Miv8+fPWbnzEKerwtE|S3?bjleP^syWe_N4q# zL++xX$^8aC6&h#Hi56+nJEzu%s~QU zvP_2L!F(c0C4&ec;JX(&jE!adJcXw6-Ps|ZO;kB;itmr7NH~qbz}l{k5(%y z!a)siHj6fuvc^v6j#ef@*bvRSSF#5vjbxcl)2zapokzmUko*W~NnopEKiI8${@^W1 z`Lld1+Un?8JX9odR1sK_5NGiKu>YwcT+svqDiCy$vV$uAhd~H7f~$fqfET`$fco}; z`4Vl{=f*KNz)*zwcA*I%_f440D~^q<3safo3g__q=~~o*4$essgd{G`$n#3}!{LM* z*t@feXAGK#2OHs*lYZ*>GL@)PuCZFF`7?Ynk~;wo$WgKxYy%O)8Y7hp|X zq@*{GpX7ujr1k5eb)1`g+rNamEp8N>gNNSYfvD?8nh+Jiu@ZL=R3mz4qM-KB=)bzV@3K<=`dYuvv@kSXyQp7RA=OJ{JBL2N^$sAnRfim_N!rn;wB% zkEH*L{?~kIBg~o1;a3XW)xv=2fjYoL;<{%9Kg-7rOt>0)5#>%dW7e0MrI!#JTlkmy z!X)k{<^-Wn8FwI)flOXZ`lm#Xr1{qk9ikXw%j9;UN9W|6*{a2;Q^SjE_>i&jp9>N$)NrWuDpq;5`+qa>oNKEWmi8& zAWV6=$Y$(LDAcj|6)R(oC9t%4OmNm!rvf$ zXFx%K>}W>KoWr}fBB-VzJj&#l>|BB-V&OKSHdzP}2B2a}BLW?P6}StgBJ;AirXW9< zO1xz;Oh>JDkU;Q1)5fCn_%t{lzmOvpoJm56?D6RZm=MuQeHNXaVVYnpDQ4x=SLFi9 zBDmF)aU@83P!b_>pOrBMPkmsS7%XgEVvcGYF;&b1T7DLWMqANlJ382@fWF^fu&8?Y zEt6T?j8^!*L>-$|MmqPARTmM-XJ3F^s%GOTu|zC#}NXtC;gQ zJa57>2q((pWE5#IPylbmj38}6d@yZz--Jyd**?HNU@qZlmvq9HNOM7x&yF#uC8ctJ z!)d>>E%CmjG7rwQVOEyG0m7d>9Z{wX zj8}l51oxuS8N^oLX_5+4)MuhFXjFk{_0hcR0JGtsQG-cKBptAisM!CCA-!RHBgvr> z2uWI+GHeOJf9W*Cgud2qEo-3hLG)&LnkZFtN=K*R-xl#wFwkEcvz&)?%HWe z>LH>|&&M6RVe}4w;Pwtq1`8FJlp9;@gJeIUjJ++p94q7J4#t>_jijPK4?!EUJnw09 zMFjA#BiJH*a;Q^%p{szGE@u&ID&@65qJ%CguE%`1-A~nj zh<}Y;^MugOmm;)9|GuX^r!BmYmkh|vEv7c5{`Fj};Qr}gKx{;P$;X#4$3>DOK#NfeA4ekZM zt3Yt5*LS06ztZYY#GxB#Y#ZK zl6XW27{5U3X<;z5R8T+HR4*lh$Z_vP?DqM zs|IGxs){0X$d>(4$a`N38cd)NnUo5gj0xmUE5v|fG-h!Iw1N_og|I56O9ITC1?YGw z$`zyNg$W>JFJUBD1OQtD7kj(PH^t*xZRdcJwR{rpb#5T4A-nNsa3`BC?m$7`7Sq>7 zu@{BLE*NFCz&22SC(9M2c=p)iU}+;ZZ@CaeX2RXo8lfzgHpGS?xnGk&VkAx%j0KDn zLoyPs2sPh^$9_^#_auvZd|#oF*>o-;Lje=Z-7BSq7!)L0Be)*%_k5sg*o#EZ=sYrI zGBW6wEhm-v%Z1w_h=0Ns3lHFla}olscZb71BHAFy<3D7Yh7>u4pBF$ZFG2MQ?L(o_ zY9@+la)>i%O+0{dAdRuLJ*8`dqE1d5gt(=LVl%;5j2rm0KA5j84N#~;nv&r36Hs|+ zQN)q@953i~g(up3YGwdIKv0IuBhoYq1(h@}65ik(0DSgGuKPJ2n~Bh%_8vsg;!mXZ zYcvLu8Ez^^B{4dQD0@^%If*jiTnXn?_#E2)m-nv}_^ zZLLSZQamJ7y3_-Ww-=!b_`)-WZqwa`1Op)TuH26>a3JPEw0=?n9iUGN6vI9j`2>j{ z_+cP6UnQCmLe}cWek_LIC9)u7Wa_s3* zG4TXtGe{6Wy@-2Qbw-**`*fi$O;H!{aY&qoLs*`d;!U@4N7*x(KQ6F{>G19(XCfi|4PmjSYh z9_nCn5Cla&5>D&^6Jd7?fM`OqljZmg2uV5k*GvQzk{KH!I)a&AQ~1EFZGzVY_lp+B zj-@M>9s&q%8;Aph*UG{FFQtRR!ls>X*zt@Do(8R`{IMZ~)eKngll1F7RLH0mN-l*e zk~&rc%S?=22_=l2GDTh=Yz|Kd(|*O|wc(k+5rHK{1(^jalaOd(K=M0xwWKC)`U}#T z3Wr_O`;}D)qI!WvR3o(%d6CTv=+#ZlCK%4?DlT3ACMc0-4y5==37^o8u@Nz&$&a!^ z`ve?_Iuf65Lz#=hBK9Gk(GU9jXg1nvH1uT^6NfdCVPL7F9>o?%MzlPsg>ke@0Wwc- z0xTRbQQ;Msp}Ikt;c&4XCk^CoVwnnsEgAtsNS2uZf|k|&?CCEbYyoz+OyCTT>_JM@`D~kUvr6g`=Hz66YIi&mt-Kp+cq^w z%jpKy=oQK+Ol-NqqEsfu2W6aoHM~7E4*Lh+0^$^EJk3I48AR$aQVO)3HIVKvB)mKk zN9$56$;fnWa)`81mjt6iUIJRIc`XQE%j1AUOJSfFdl8ct({CVQ1T-HV$_If#Oui303_GNK(iHhq`N4$LFYOo}cFoXpV z;YicWQ`h6Q0fp@T?Pjv=ebr$I^QQ@h~PPQ)Y*eT(NR8}Hg=epa=~ivm*QKkrMiXJhc+`> zo#X~k|IMjbDP$~TuzeF^^}^ug4WS`Lc57Bh!BDXv-K-W$P)ChfB!{Vhbl}K_V-uFn zU1L*ZB}zmdLJ&Ng4je@WLlmek0Tk9H01zxDCk8)`z$PnJBDozUfKI(^1drX|^xm<(uY3T*G!A%YTdQZ&il z2hR|R5qWk-J7UgpGF8xk(DyG6_#8Emhymkmr=#(;cz#y`OvDohHGn*o*i8mh3jWPB z3Z$i&eBg){qeQew(M`w+H{4d8pGBI2@|4*m#2N+q$y$X{YwZZ1<1vr42&4B~K6WRV zA9DpGmz|Z7MiwWKET-tGsXrLK?1IZ74AHm%ZYDLbKoCQs0vRPS5FnMI;>6$*0Mkm4 zRLed1+a;w4(sf>hKmZJEer$q|`i(nQj)~7E=taLwO-3Fvh|J?mt>GmU`OSho1{zKI z8(F#ptn1q{ZcY#J!FW_$Y69n5@=9kcpc^JWP}0yecpQz`u^al$<~~jP2K{;9T!C!J zM{Cjde9q{S+hSz;&n69oMo!pib`{`l4_B{+;CPDL5%v1$xX%bxbIQtL>}ur@B6y$( zcudjGwr~eikW8pi1vbL+vEd~5o1aW8a$>64gPX%ug#++4q+MVzd_<_7h}>2oh(PUh zU4Vt&NSD?Y>y_TL2@(kOz2GOOmGp!SU~!9=$Z<1t4IG>oegS&N-FE!a-la=1j-XB2 z4uXEjha4r2q=ZljUS*cqI5)IL5r`rahj-I=(D*EkOt9 zvqf>!go|Y4kKm)NF#WS0grOMXzF1(agP78iO+W^j%D#vc|4Wd=%mS1W4AX&8Oio7D zhx<-q6+!q7F1}J}o1+Lm5w{)=67;q$W!ixXpq!4`OpIP`2ZQ2z4-5@t+ll}s;wi-V z1`)yPE+Km08xlR-)3fd&5YjS#yG0=dV?~@G7P~RbWHnfM4PhWr9~p(%+_La72Sa|{$#4tyXU3-eN20Y|q0oj(h?^n@B$ zR&!?CCtqUNUW%`gLq=FZ<1?`A5CAx~L|@&ylSLpcmJ@>-4y+DpHUYBG|fVT_|Y*B=oU+az1ut?K>Lv7n%A2 zU$)YW9CoNj%hq~)p&a(&*G`~ET|cnnjb!)@7iYLG-^;32vZipbp%O{by&V^ZT^L~R zzv^S9%F@pFbXdC6V(*0pf%$t2UnG1FE8($Usgl<P2+XYFAXCOktf>@mR<_T@vMC5y=paLph`bh%lpAXW?(X8y zJr&&x7QKujfe4A`(_{cM4j3znf@H$G3Je9M(bjYGWedQu2$)e5yr3Gb$%^C!D%`SRjojD-jaE`oF?70nqk1Y$Qo50Zlt=2%Wp3*rNa3ZdkH z{7sl&Rbj0&8xx7giC=L-gH=ezlA0Q@@EHhE0Iz>n1%V_G@L_+4sF8R5{RyERN7EXQ zeQ=%4V0R0mZ~%jRS5zuP+ql7Rh+QHr$yVG+5Q{-I5qm}Ni|L1nNx_5!2$<6V_LTg) zdTc#>mYvD9^u&0y(O42;1;&6-@F>oW0Jvrr?7rSsChFyYs70@ zSdNkNH7L))<;!<`*dyy6_AsVbmn2&;q+_PMb&I0kRg~t2{gPJsNj1(dIBs1o6)dY*-yKY45UDWuJ(yAYCrU2{NS!OAbe$=hEJQ22a1?>mMrb{_2+G);hUD4#bPnR%(| zH+cW_^yR&hy%@e}(N~FEzY~o5lC^iZ^y-%28RAnk`Sbsx3ee5@by}og?ZvI94u+nd zv8+S|x^NztCZS5I^lX>0<1gIMiNfv_HK2qP0hamdDmM-Tr-?ym_ehvnuo9K@(j z9>WDh2xJ02W6_is3-52wH>pw{akVkPF3P3pgoFn$4H=BZh)euQAj}PG4^W_%Sb82F9W`T^$u+@q9&t)Dfs-`+8i019l%67$X>d4Co><0-Rt!Gh_K* zIaNSTyrlzRK^)-hqlE0aVnTv#aw@UIcAA?VPgK?M$Pjk`;sQHjp>gb|Ac#ezBP5Ax z*3J8(LqVbUFn@&+F=mE^>;LE5>Rx8#H!jd>B>;(n0+}mpMDu1OSc|8I-+=PCu^v&h zpAvTyOCNs}kzn}qcE0HAP4yyjr=Y|dplI1+{u zHYuv)YIDpI=HOwaRLBVFekQr5Rub#*DSuqB)NPX=fG`wHnqX`y2ceJwHB9Ws=ckF@ zV`}(@gy9{np|qAHO%06WR!l!fs{=qVg)?P|2V&4$XZPR%=(jmdXKhb?oAj%O$Y^qP zbDYZXAs{z*Z3Za$w>sVvm&(b7Y9=~}+B3vkw#}l@7o=ds$^mO;hL0^lW13zVLYyzK z7B5_SG5=0%E2r4Ioc+f$kv$x$1N@M{U`yb7lEICm1V4KEjj|3n9bjn^Z!B(CVmP|s z4}iWNP~kFLoj{YP9gM_BGS{KBg`h{si7x{^EKIWJIsuR7?|M@x6o(=$3;3g8q?!Uz zKsC64MVI-5=#&EHM@jlazVql%T+kv6sT*OgoJ`?H6f!`mT#QC200%M#tbtX=fZ-DT z^W}PS-J|LwHdMVDkYGm|P{Us~pk{CV&@8_Z7E>>00>I|WCpkPi@?Kk@g)w}J8%q7U zK{{8a$9P@WKd<<6nikW_@O02!vD8M8{{mb*Zry~5T|`A{fnE@Zb97lVhbyY!-GWZ0 zixGA8^-b@Bp?6~ax4ii<%9`hN-#dn4?G$b2bfhi6=_g4jUXiUrcp7! zN~sLuMh&Ki-Hk6oN`vPhmv!vU9Vu|!oEE5WEz2_wHQ3p`FahaeQedYo{yG*f{jeyE z9{FE*`nw?H(E=nS8~Vr9#jdt&9zYL;%DXF2rvFM(St-LaHE>@opd@ zaw&#TPs3w}1N)H|+~>)7?KPJo5MmZU!@(p5#x z@r7;AQmxx=vkMzM*g+&rMyUGC^#`_0RjE8|6a(P4rTBi5tic9nn$^Y?*LI}NPT&rF zn9o@?UNBZQ&kSG`z&Q1ZZb}e2MkXVb@pkY8P{M4@;5#NA>RI_s5J4jx`zlKzE+o8Q zYB8JJJ9f*m=%hrNgg8a$2}W#>gSY5GwX)V^MtTIV5NgTLu@3RFn_jcU?LI>lwYri$ z^SO^bVxDyhyPK{e(`E#WJ#FcT`1}>A2Too99!RpK($Z{zZJZ#BJ!8ru4>#CSDGs6U z9!pH}dkr&2#m*BmA`#F4O6bK`WmI~tb%e=wf6vq|mobG#Pp(j0;Zd+*W~^(J;j?DD z3god)PkD^sXm$BJJA768HNhUDp{w8ko-NA=y=Yp5a)}*?fc(K~+MkmxDme715K%~H zeMHjNDDcBZ&_#q}B9*Yh*1tE`g!V&-un^&J#5sVH2taUiUI(P_>mDsXz{6{pfso0h zQh^(vkvVrwPEBnA|Ks9T#6vxl5oe=`E@Fs}Ho>(u092HGx*olJaWHPg!!~p38=ujx z#KHg-f#M9&kpK`>;i`_h`ff=CuH(AV`ZP%JowXcvB_t3~eJvOQoG>Mb!844O?X|j0 zf0viS z(}uvqYaaxu5h6B_I4gM;yD%@CB?ttkIaPxaqmFMXoL4e4M`kI1`8xSbaUaRkm@Xaa zdygZ&;53n5WD@0&Tr|}1rPkUgCg6Rt4O?TRMF@gCHvtIL&-Mv%AbZ>$Oj zLJ=zndkupya#9|yY*QbibVFll8&1?666`e+L@}5JjwE6biBsr0Cod6pKMqiN<4xl1 zfl)*)wX-W-_$v$*<7_JRK1#wt zjH=Q~J0Iovk)e=qOz`rYAhj_52!l*WnU~$Dz^D709Fmz+^8vY~c#*nfy0HZ|)coOxw!!#&V zsmgXLtt}yt&@??|UhA>;_%S~`IVi$7wwTI=cxi}X30b9Fv`M5kRt`=Fy%>e*R-0ZJ zd|FVO90-Fz#Hyt{kPQWuI}JM%^*_l>Kgm%6=Kq#Sie`!nz$ls;HTweDp0)bvo+zbn zYMZv|-X(aEm^VOsO79YnGlR*xn2P}!1(UsMaHPM&?>Gg4Fr2Jx?g1Vt=*gHu(RPp;v=^aKX)tCm)*%aVYRE>&Lk%f|F9H|Xr7mIw zGA7hPK!U{fSuz7p`^P{=P07V3Fc(0*% zdba@u_}?8FY9;jKKT@XD z6ywQsWuQu;TY#n$!c7}EW3=FM0O(85bM)8E;k_9}g$?O~lq4>!d2ixkdv6JIR_7pO zLdpZ;cEpVw0-|b3aJy;L&RHSAiK)4-&ztdLR2BZ$LzW7L_409f6=ShF5S$_eL@`Gmt_tsALyS4)Nt~X~l(QBA!zl;sYa)j&9472KzLxsb^#V{c%mhev048(|#_-u4KmGct zD1|P~q%yD-{w6`<-5@-=kg>B&Sn5q%0=tuFIrWnZ4(k&#Luzn2)_`*5rDy*Z8eUPf zt^t1%3&j7iCB*iixE}(4W6H~vk6yb76J9hU?h9(CXX1x)LLiF&K{p&Eryme(5Ttkq z-9C9VvMrO`fYgO@5Sic(ArUq}D*_?`aAc_j_Qk`UkfcMNA7}s)_D?h+ZUtUgf$7lX zD&Ok>QvR7rb1}0B6$Q|+4oL100z3p|9qVvuXyXIsO9@ntD;JKSOm>Ln2KL_y;HgC;yY+r*cKxa^ zu=fjLSPn;VHv9T;?aDZ)hh;hLndgilR>gBWf+I08Sgh=xIV>|Pg$uJ{gGSv;_*rLa z913DN{IdQk92Erw116^d72=#}queAxU*alUu&S=XVd+|KK|sQ_C(hhc%RN)F4ycCV za1BcU+EZl6ws86g4(@Ox5Ri%~aDvRk>G?lM{OV|c}-Z>%>gw&26hyQg*|)_qoxekb5K1p#BQWE7zL1YInC6}r`U zv*P?dCo<#DVKl<6&^-bf6%!079Uc5e#zbr&ks-Wj zrHU_*AS18`*PWjc5`lNq$mp^Eu6z zXlUV9awsT|=Ljb>QTru>byLm}Kmi_b5^nYkcLzh|>lcX)m!aOx0U9je#`i7% z9&6lx|KnfupeULkZrh{|4Qmy+?E2BOxIG=%0T>J#COAs$2XJ}dYpWoSZOV%RO9@c0 ze4?lV^mQ60J6{fpbZfYWSJn{K$Bt)3P*!B*6V=nVEe(Ku5?H&Ub{fI`06RQ3SDAE>rgC; z7+IhRmVy45N_lmZRGKCr37{9hg-mvL0s`3oB^_yJ?D7qot5{;LV)Nk>PwJ9wU`ZkX zg0UQfQbU5S1tR0`L)jO0=Ts}_Ve1F#QCCTt;EXJg3ZfCg(iWfFfN?n=MDBIyf&l+Z zT@FO~9sow*Al0rFGAt%BsdyFd{3y(TPu^H7?&{&-p2pP90XT4&S8olOcpwyDGcaYc zJu|y34?q}0?x-jr0`fG71AmhHAP;u5vs0!Ff+InXC_!UT!-#!?@E;kl55O=oN+-d< zk-xTF3E|-dr077zx};bg$Xp9I<_N;M<+iElP=jYax3a0Uz60?Optg-Q;JMn7r)Xbt z6(>*vd90D47W0(ZMHV71pymIF$6}rY;3Rf&Tuu+9h*PL$LWs4*$U7>dYjQa$2yCqE z5Qs1ez<&u)W_2r>onu?xfDmbP;i0Wf-+9n2?F{@=^-K^>R)Bo!XI=xJ5rVv1N=<67 z{N?AE+S1{JDHZ6pB6!(CUQ@v^fN=Fpx9=)$-4HLP>prctcoiJC*wD7|*N5US9?j+gm;uBg2cJTf>S|E`(WL z1N=EXNq9}tfpk2g*gm)!AW?fP+QLv*_?#@PIyhOpfb@6?;XD`+-G_QGl?x|(31Wo? z9#z;mRTfg}JM36c%5WGD{&UU=Q!*bm^K5@0Z%P1ZL_pw1=wOY^zLOsI*V&TPTs{z< zps=%e9D@#pf{juDm_%r+Vm2RPICMf?eT_??pka`i*2_S^6G94Q5S>Slr%ZQQ6!hp# z!*m#SJKUF;b8&*MA_rNX>e~duydM>>5(*UuT40c)Ym2}?T{KA8V)CWRYl_u*WeVMG z)cRN>MsK&okELCKqE6OHaTRN95zL*#;w%l}aD+DbEs8hqQ}Pd!og&f3U@L{3M+`g) z7lcLjr7F8M=caba?*`kXjetFFZWWbV0w2nd5t6>Y$-Q(8Equ>j&Fg<$D(e~08WhVY7MxG=`FU+E>2_%k~ zC-jZsUY+FBUTS7lC%49?0A$>(+NeqP0D%AZG$I2hG|FsG@>0!AN8kW<2?fiN7i|;B zQWy6=UIRJnlKfsKqp29rm5}7pmah^m^>KT)qlOe24G=sO^@q>Mq)63U6*El(+#RamvoJfc7nk)*16PX!RpMOBH#H zlE9`f!htq`+m@#Z%jCV2uBq+2QpjXgK}oIqHr%#3c!` z34&_d5#AmJUY5|+m$WSu);%Sup=1SrF}M(P%7#6$Sy~_xD-)rFo+=@Jv1Ox^qQsOk zB@K1Tc(6qYfzQ=UkIfa4tbz}^#V8231}7}V&l<%p;}i!dKx=MgiyWs=+6%>??l6$^ z)Spd{g3R%jD8)gSbb$jsG7tx$4PTZ_Xlw%svM(1>QfIRgX;%EPjkvop&Z^09{%5!@ zMTAg_^k*@?Ps`S%{S9s4!cTb=1X!^aeenL44ejdKC>q6)Vgd<_*xAh)Yc2@Vtk zf`$i=aO~tpf(hm`;nd+LIDueM$Y>ZCct_z3=)nFe+~5v8wLo&)4d@U!?mrJ&<3Jf6 z+x9XWSp=4qb`a_ zC_4w4jx5+n1v`n^wJFL*>}Cae!i*M4VV8e(4MQc!PST9z8ycDbJ|yZz3s8&DV8lQ( z9$nXqxWT(Gsg;93B3g>QP|6h;8e-01$>d2J2rSvX`!zs*hmWViq4^njlm*XExGXa` zJB|0($h*Z+@;sG=Dv?hXZg3c{nXuyjtN7%7FCgX&BYAOX*`4CPUd{#NQ|hRr&ao|3 zCdUP)7B_W>h;s2%QywV)$U(QxQSOEfuro^W$~1F4u;IGERQF*EMU__;k-^DcRGx;S z4~7lLL1_5##FRP}h}gnOk~@eaz-?p%!d6lEFX1z*$_T;a$h$p)#~!-i8_Zn8SwxS( ze^~9Ji)QaB>`e@Wz1uPQ9o*As7qJ%Db`?Q>>TQ961_cQP>g(1T^AJQ0M?TRh;fm35 z!ph0MBo-E{whTrwqu@$(U=2_MaKh3kG-G(j0-(?v`By?m>D4-cET8AMa2PHCzYbvx zJ0l3q7n}-%=QG9oy@PGt>z4~wQcOqeo^lvqAc360Qk3EflF$1n&Zk0DP<%`J(} zfWp27PGK91mr-Qg3T%CMYsaVX*V4;_tf!(u=FD`LGhfSnkdOHA0KOme7F&|jn3Pqc zFU{mwfN?xhr&TiuRx%WTMg?|bu2?h-c)L;MKiYx1jfCFakc?O+exl)9L?xb5vlGHK zeMep(Ysm*bfkq@y0jxqMh`}F0aDLf6wVBaw?Sh3hnd0$Khafc;&0?f|C3kkU1?K85j+PhJ~F(uz1V7A7BFAxB>*Y zXHoy6f#}UlSGq?y|88VGYcUolZXoEiXhji=ucDP)!~=M_ZP)}21)`o+7y!G&Rn4^S zv@8Ig#7Y+;Nn6urN$~(ZW*&)qlSSw@lM?2LuRgoqlD67iEV5NH$ex4%0v@+Bax{U1 zl_8VWZR&LkUyp6$6@;mfJcI62wU!ly>9tOhE# zP^$`&HHk@7$|+6rJ^ReEYmH+K;{vLv3YRp(cDzsre79E^&Ukn!3?#RSY3oA?sdek* zo-cy@d_&Mk5Tzp${jWo%NVMuI6rD>9yiArhCD4sD2?bqTJ1HRLcf<3@ZPOV3SYIAP zO#9?*05ytlsQSDobuQ0>_TJ17jAc0wC0wHx70=fShCuZ~ECuOlACY5PY}`MhD%vnp zODUA*mZtK!tQH14j13-_dU9y$JQY)GEwh9#F@L;%&>U`_V|%C@dz885DkFA%bw<|G zR?xb&EEo&=9{Cz+Yy}!leLV-B?Rkq_EQ~0hzi9X}x08e&VHLG7`B~$JRWTJ)iji2} zO_bGe?h3JdIZ=<+7A_(~@4!BXEg+1T>}CY9nl&|L9m#gS|}*7 z;t3s0ASVY950t}3zz5tW=5gz3&?KVPV1E>G@ibI2bcrD(J_CRkc96)_Gl_sF-6t}3 zyiwZ44l6SioI03Eo5zWepRoqS^2)!5w^er;mq5i z;f1`s1_B7yMUS=E(JqEWG^G|m1~{5|7VAooMtbCO4RiTtu=S%1LkAE7)EBYn;}pAU zUYvaSq8)I=qvr?zHvudenJBXuZEhJ&1Nfvl$7zDtQtuN7iZLFnKeSrqtc4J$)Dh+u z0D(7}{F=1OSt}Mn>848sjz#NvnS1KlCE8BQF%~}H?#_o_!j6P^^atX80Wu-z4rJB` zJmXPo>IVX#z|14EDUJT1pq1Vk5rCXeFh~WI-fuV3g@vGM#10r4x)Z6bkazq~K0{IR z>A3VWR6SLj7mytn0qyuGJyV<~bLRESG^Sof?0z+32_NXkr!fMR^l3gD z80x?HEb}{B)vkzPI#u*ZW2_7r2%QGmtUl~qUI4F#+hXV!V6#FQR@bURPH1~)F+~f` zQODi^T>39#+|H>eIL))*MT)-@-lqZGOe1=Wi^ce$kq=J|S%qaOAsCTd<#-HHLF&5( ztK?MoO4Pn>=qQ>RRPypB$L?FS1w-NMG?vKuGt6V(wp_BeihYo%^mXh(z>1=ezcu;zM zD6X`#e4CBZnkfRyk=}S{7ilD=P?50|B0~@UP_99Uh+f9E73x2`%G& zeNwf>0${j`dysPdNpO-3t!ZWEa{_||hao1`q0t{vF*ybm@u+c8k`*LD7s86V7DPYb z5M&h5P^zrua&{un0%8(-hV*cblJiLpyYZ0yTPp?!Yf=Iju#})CauXsut|AAL zbntABb$NSc!BGW0V3xfg<-!$kf)p#pKOMUnWrLy!5LOGl*fqSVS!h$$2AT27D*DR= z0TETkNWJS;ozG!o2!@RMDS-@y#kwC;{YijV98tIG=ZT`BW{i6l0VYzodILvOW&%4~ z^h+P>l&lx$rMk~zeg=U9pNR=7EYu7I0xf(#{E$m<6xZZLv=&Y-l z!EIs#%;a``+S4o1;cRVC4r!eUT%}G+GO7txl}(8qyr?+bxludqq92H|<%V@y;#PTL zTipo~N&_$>StS7%w3-28;_273Ni`Qf ztAbKB&zz#phEV|nAVT#sbbyU%*i+vxk+3)F2xTcNSbK?M#3}5?Olteh5(*C+>6GN^ zd^FM9rmN5z*Lv)}V8X;(;Fy(HNoXiJ<5#@}z;8cOaSBj`uJn|_jg5#b9~J!E6`K33 zpgf2&Baod3jk$fL_`*`s#>WdG@oW)TNc0Rd1a>DRMjkR1Y!L(CM|5h;Lr&3;-1?r^ zn9+&D5J_MMU?I8(n**lcK)>xT2%!V05Am~{*UIpZ;01b~kp(m0+T_};5di6F27G@4 zV6WXX#Ww!!BLYy25jh6$4JzAVM`PXCnYE;}9oHd{vXmr`??6~;Aran>IT{)8QNdV8 zoWW-mfVP1iYcho!3$96yg$s)DY2`M{fNdWHDU{NKyNO6>gsoFy>yQLcfn=h~gw;$! zh%F!vGlVucA#2ppHAEqxL>5EI^U2Xg6!?j_8!%okqVE&RMLE`B%o5oU-w71aGIS>0 zBWfVFSulZg0H3Df^Tx;wBE1g{*0V@px1`87yT;=zqaW za6@paj2wv9Zg>#2Qhpd9CxIr+e|#t!LD*JJIdec*odbrNuTR!2jhXTTpo8B~WtYw* zlav8EFW}mG>*sh-(6qzTke`A9&9RTWekK(X^=PkCcSnReEs1M8DbO4Q^wL7&R4ZnVS$!aDL#*&p`4N4wWwIYyOFOAy+@ClhIG5fmW zxU+FlDJQ3L=5Fx{VSXdW_?In&zz}TL_k*uUlc%COI0M&j@5+cFu0vtJd%!eIMDZML zii&quK5}e*QHi`DsQ5#4nxK^XsI)CV49wumTkG_9uGq4(C-){d5O;xzjK>;s)-m#x?2z&`JU$)U+W}IorIP zK!`d7c!cjIV+*B;bi4SUz%BlNF|oHT7(`{#^+LTBgTEsW&l=LiK7sq67t{}H2Zp2K z>l@?zOg={8rRvIL&G!^eEO@EV840`5-k+gHc}ELkh10eu0FD7$0OvBU! zGWwPa!7}6rNg_S}{qT!qzZWdmO3WaFg1NcWh&`57XW(!mAmdUXReZ3Lbdz1=`$z7| z&gIaZJ56vnH!%km5B059U(i9sI!}R@(obsj87DU$rd8A8S%-2E0{_1{R2!7`D?BT# z<~|??t)gqF&^esPrU{}MFe-hMdb^_;=PM}3343@BRFAZGPM>I{iQV5Vz^WfJQK}l+ z2q60)08Ri%1gdOtn8W3h1a60}pBq5VfZ|xet98Iga3}H9R$)>2X%#v!{E4D)6}7Ax z4I3tg>vs~yC8(Pw2?%|O82+gAf`Hx~dR!*R@9yg0SguEVw?dMZw^&}$HCPy;H|JooZ8~dpuK4D5gcMv)Z{2V z+9sMy?p*I9Ix*niNaN49x}?z)Eyyk-w{{T9hmq2>}{1E_2aeNlVwc+q^ws6Vn~NG+$rR#6LJ zyI`Nk0RiVw?z&xU9mHS37^QNi7!Si9Fwl5Ff^P=L^w=L`Z;3yD8uk}@4emlx==^8U zU^1#h&C?J^BC~iH;ZR~+Wa&*}a|PA9|JDa3pRcXgZ|tbUQKI}yhd4F4WLx)?&oC;F z9OS_|x7$nwfs4bg2^ym0ZjiqBGU!k@hsn z;x-FYEKpEx7)^wt`(uCcfF$8fAMx2Af&8dQLPxK(wz1f*CnUU#? z>?SS(UF6u*5zC#Csx3~MGaKn9^-{4EW3iTLGA`ID*Eyt-)V7&kp8XS?(PY{+QN4Xq28VZE5z@3f^F%u?b zC>FoP0_kb#@9KmPW17I)%|9UEGSM^wmrYtAe7gQEcaHI>dMOdfN6qFndlhIjBwtMeiN4knv zV;D)M0OONEpxP29!IPhOW+Lv>zpVnx;9=zF^S)W3zouUy65pn5|2Qj%koB` z4KeJz6dNsYlSrYy78908?=AO5g$nSO6Wy8NG3-E z4;qI*tI6@|p<7ey*Gi2V4KmfZQ5@`6Gva0Zofi###CC-d{20my$>2sYqu&=#52Gs* zzG1F%wr467V1@2fL`l-^DT7XdAVRPNp0 zyO(CY7?^|&bAOz!^u zaQe~KtbXGhXFJ6%p9%D~k4bNI640?YgIqM8oFNlx>OnDv@~Dvn*dhm43v5Yca5n6M zi3p=~vO>9f4XWW$)Jii*$QOf9D^YGz9?})v;`UX*lV17^H#9s$_=QsXo^Z^387o#- zaX6-9#4lw&f-g;k*8|GxkHB0t?sTW=v#9h~Qeah?&32f{HfaPn`lWOxCE5;X$s{sU41RL|BCadwtZb{X9eo;|BsV$(J9c_vPu+= zg?8N|3P7Y7&w?gk*=YsIw3~w96$toyNUU%%>w~$(Zot6l!OjT3g7d>Scp3q|5s92j zhrEf?LWJ(@UF7f6G00d8FQsFqmp>iIstIS!$xS+tKbERNhDt7)nxgu+_#IY*)uSbE zffWsP#}5)59VfdDuh8$suw}a( z+6IL*U|(st16I!$1OS-8MC@;pFia1mUw}s!u&}Pu(mn)6z>v*q@{QlHKsp}5#uu;- z2Tj)#o7XN5%mc-k9p}PL?w}toG@x;0{oqORA0Pf3`5T}Q;f(6iB~Ae@32N|Sg7{H5 zVcHN?crXoMVTRE6iiEW_6z;`c9`4uUfVKeKbP2`y2|Ae%H0!Xb zbBoDNl2r?LmDov*jer}hPpMcE@UT3zx$)s0nl+U>dQ~lGN&hJy0W!uJ0G&4={qP3T z>NyRS9Bd^zfNcjvJRXXz9Kh;PHE`KwNEU@8&_aY?frum5b_&dE1j?I2dr&4JF3O%` zK|FA3*3{6WkH`FlUY9D~#mAaBrS}uH!gh(5Ff~|u=;Z6l6k#Un{GUKCl%t)}xx`7j zAFPu^`YY+lBblO-J{s$OVhm`ZwP`q6y(S-fkZ?2}9%dw2Osl?(hUh#=oT|+{EYNL6 z%u4XQzVo`%Yz2ma%N{Qm?9@PNunSp83qbQ#<}Vkx69uE*W#_AE%Sd$qwwJp=+lZ8#mQ%n z)scOKl)i8aRjgAvL_TSx1x9zW;EE;7P34%hhB)2NY0 zRb5$?gll}Yx_i>^y;n+>4!S@bXidE=??VHlZjAQU-i`Mbfe+P_0plUTssxP#6Qi*@ zv5oj=iFh(0W5o5YH(|g^^vGe$AZ>PW3Jyv=q^@+dt3pgmfDDc(0`WLu z>dZwqqPr7?cqOJmXs_7QY}Lp2JB9z14U1JTOn1INaM)%I>06c zQ3$H#$yO#75=2oXilRL6ah+US2B%}z?A6EE)V&*r@@3G*o3nXZA zt*~yBvqF2(0?PN;K>B49fAn!68jp*H~g#z0T4uE%4NYq(}#s5i%N`B!fu?q@MxK zRY%8*uE=4xRaHak0*lzLc6r}VCW)AC_88jMYljBak-Md#KI zGse$`6$0>p!RZGc9w02fO%fPlAockXlno$5LXHEB2qD-h5%535k=<#BfR2f6=YdeE zdxCNB3*p*67;q9vo9pT1(5yPIOJ1&g^~%>2E#Bf(N*+zCUTZ7H>;@ymgn+%=F_dqy z$2!dT*5Q=1W}Dp>z3VKDBvC)wX8`Y_L4d zvfQQ54|PV875!#rLuO^pJL+BiE3|9aoMi+k2>8$C{PHg3NPk+y^|{B72SMC88vs5A z(SMDN<>5rwyVytz))B6dv3>QhrsLD3)v7t=Wq~ctn9Yo+DYm*9L{V`@&0(?CiGbO! zBVI5>O?X{%akETH7P01u7-+Xcm=L9V%Lv}pp?n5~fbp#&`9j~}1(KD0J|qlwW`v?O zTA?Z744zv73`*cxU(6B=^s-^8PZlAG=efZ^2Baww)tLk_=VHlsbPX#J`XYWuMbRI- z6<7$}0($fj4(B7Kpe`b9?Fg(Mgcbgb#uo~1sON(dX*JSHeljK26w8fUB{bY#6DT#I zA>8ch6aml(@?q+S^38}ui_Q2Y-k=gcra*~kMA&m}&r*fg30V$kQS86pF78=oDW6w2>_G;!Mn%lxnEJ5w}O{K4L0l$W#k z@W-;U`5QIdmFU9yo;(_O$iHm+EN(}tYAA`chy)w4=LiRmj{t3Y=UVmVn5ecZuHUZR z(QYPATjqH;rTg2&r%4t?|0&wIW!7OLf2* z2+lvjHo^yxKxN4_b3Gu)a0Zvao1`@vUTBT#vAEwxtvT7C3Xd{`4hj3iL{f#O&1I#S=+tZQvB4*Dk2sWLdvl ze?zE23*Jovta=p}k~yVE-(rFou_z=3Z&T<&Gw6yrdb6rop9_Y_ifAc0qFFLNPIX^s zzK6QPSA*6hl7MSMwkGgB5D)jL2f9<%tuTtrMK0c0V6Ick+cUk7h)h=Hrr)oH7fp!b4+=F1U5wvHv_bHuAruAc8087B%>W%5$>jy zB04SB7-NUcEs{M%?tR?iNgyEgJBCAHgDhWBR7X|Ps6x)Oyp~_|4zUs~>y8uxmn`jW zQQ()59#<$i25CYKZ$QYB$a?88nxaG;%|ko5WnH9i;EiB}TJCxvAZ1>ZgBMUzc9>d> z7xx^4r!s-|9eCi-EFm{aY$@2-l^nWZ!+2riKKd?NNO&oR_>4i^gg})erUTQ3XA!L1 zx`FU+x=Vw|qqYmyNC4<)U7DIj=TviUTD#swo>p+cAs8xEKT=Z4q_kj6-eC>#~c zE`o!bMbcyNUHQ#X6N3HE3}-QAl`m#NEQ%T)O}6hfi;qUtqu5?{M$R4gQ9p20m@T|> z=_#)fQ|i`ZOpJcej}7khhf63Iw%s_;e-d3EwedM4QI3%;qKtCQPU-a&f{YFUgA3=@ zVF+qrPn-4uiL?PBdi{~+-*g8309y*8K9tCK%SN|#G8@<3ew?%ngrg$44>j?W2rYH? z*&-pPS}{;F88Jl7u-?;BK@mHN1kg(eKKYIS(fP6xs6Zs zt>n%jQVxo5x6C+dTt$1(ai}PBqa}x8pQzWw2~xWQN^p^;EZa()JHNQ)myoNgx;}JV?+HmXNTF8OPb$h z=p@|Xwf+WzZ(6CQyHGdkIvGnM0x8g)zVax%F~rCwQQnox%&00xj*eY2Eg)2oq2y6l z3&sd~Py$q622L@7jgqK`V`48vB1F&uU>lRd*Z~k{&x1m43cjxJm8&<|Ch~pU( zb%#iX1qo>dr*#nY^~S+VOv_OMoIQQ-4f`5)d0h=r=``1@XUK*f?^bbG6ADb2ixZi` z#M(d6m_tg1s?dm2L<62XqA>@8S|Evp)-3e@unmANCb2{I8&tY}^&DHaDtWKLMpGat0-8|G874$Jm?y;Qhpa6cI29cG~>rVtbJV;HX| zqv9(hnGSe}o*n#r4wPkJ87ALA^laC5uUa*baKnoIdUtS9xp-+<0Y zAVm%09`ODKzzx7naQUVgP&cD9 z;>ThfL|NoZZ$TP#YLN&a;<28}eeNzMfNuC2JX`}s|K*Zmyab<}%3g9amxGILJ=M?n zLXvh$nGTKvO)-V>F(VL}ksy5;6Ph)d@JYbkIipvCU@C&t z2Z%~76al!bo;%4m5=XMBP);0JH*T~#s)a%Tfhe8XLy{5)Lo5?lcW6Yh1T4yCH+Z@+ z<0m%OeOj@I(*vvanegagR0$CggRKga5=M5JP6JI3JI;ZT^TD~U&ae(03ryg++C~UF zo6M}XArGlfE~;r<(2l7$(_OC|!A+{*^1VPX^ z>Ug^umk0FH{KSH3L$bxh|N8NI;q+Q)rlck}gtCZB#H9`N5EgZAx{)25*8Q&_)eirbzz(LcujA znobP0H?g6G(Llbz^sqWq!q9{%YhikGb?B)vH#8E(^$uWA36e4s3NVT-?}@{a|I|lp zu*zH^g@j`FKLZO)zMm50TqTrQ5%^Gp1Y4YUFT(iFonfqyZRP0gzOY4HaYL zDDVZ@#KJUyKR|sr|1S}3e<8w!hKM^rn}kD?GI3Dxm?Du@NfLr(1^KAhhb=z8ZU>uM zn;bmY7w`o@rZE3yrFZ!dVNxWTBmv11K^=D^LP~JH4-jjUOo_yC8Hw9?q!CcGEOdIN zwTw?8YxUy~bFR%q5KflwW5;+6+Dch%NMtIa7)7c!gh1z7eS=R0cr~OW ztfp4lfv1YiOK376CCb16?NxY!z6$0nOwSM7)6Cj5#4u@4j2!wu?mBxDH5BVoFfvVkL99avWnSij@Q3S zVQcc|wUSO1ej+~|o&khD6esIK$wO>Sh`oAAc*3b(C ziDY0e?s$!cWJ9^wcRL&Nyg}JbrW>=B|Cb7)SWRGTM-~i)zg6xjO28~d1 zIS*I%RVd%qW0RSSAoFS!9=H!2P|pTWqQIC7PcEZ6gm^^;IS?T*pjhxRIglnG1*NtW zltd*)@YygF#OU;iv1gG$uLveDqEfuB21EQA)0mx9B0dYnwpuLMige+6cb+uVfRVhz zAM((^NQR-c2?@YcAJMvo#6rZ6h^6}*&`%(heDHLWvsvv_@T2HY3HGn1bgAuhS!eVM zB9iaosPk%T7AsAAIn8WCjL_H^Z_plaHbjKpiuM{#9&6L)e#v-nac^WEV4!8t*g0No z!#NwBT6-OFd%=V_Ra)Hq_HeBurVf+(pD$QWk*=dbdw=dr1J~$;Doku9nUcSF+6v!l z3v3rtNLQ}}wZ}uMyeXnTO8v^i!z-{UJtPLPj~O|kUDEA*xEh@fjUZ= z%<+p{fs1ohqJA~s2~K1-=GWJU^OQNt+s1k5=4nBG6*c(0O29KJnv{qYHUYcU??iHCrJq(tDb^F631615`rF46tdxH2^Ii7Nq5ff(qZY0 z%OjMe@OYG!`;mM$5O@$;5Vc!vG z1WC$j6wH}+Ne-=1bHb$IvyIKQkTw3Q+5|lcN4}mPg6AV4gZW4F47ubOr_Z#wDb&%}Z#4&YQV499-3?#lOq7^oay%*7E!hx)Ok#0$inTwayq}<1NQU z20D>C9a&)ht}JW_;Mpchmfe}jNF&h7xPpzdd^LfbxcXiXQm(E(7JIR4bOo(M{YI32}J> zLb3xa0sBKnQ32vqIF86kK>(NHv6^c?zd`Pg-4oxUgV2CB-43Wk%DL9ZLVFAl<(x>c zFG%vbObmHlr$XP3| zQm*;qq$j(DLNvhUm{98+BgM4HEGkQcvU{O4rU{2Und+DrJPd;saOTc8;?p{ znzvX+_XH)NUA;y&Jh1H;D7;ld)3nR?0x9Z488GpTQ__!FgMBYagmjmD>W&m$1Wreu zTpluV0~E+v2T)ERfews*ko7)dM)5m$$E#}dG^kF}0BQQ*Lwuo6s zx{*B<5yV2jE*aW|Vlgr5!ke3&`VnX}j*g=%2F|~M^R9~p?hPhLb4;S5(x`Ld@7^_HE5A_(ChLLH7FC#PPq++Z!$>`I?{qzB$!&L|3(}j zb)f^KCT7>OJ`KBZ&|HcOun8O+d`Xm$-R;spoUiw{-(GyS=|C7K9jR!NJy_J+5|L^` zCSsS?BTN|!S@|%28W0}=unXc0!^qLI1~Glf=z#%)Oz-?$N&2YI_evAx@(Las{~O^> zzDM4BANv)Lk0sPL2;hL~FOC1W?NC-hcjBTI#No&AsWw_f$P5~PvJdC~S<^vs0mV=EvcmO#zbASNL z7A)$hE#vyp{JTd}Me29r#EX_-Uvw?rFPHe|3L|^`Oy&dC5b~Q2|Y%8u=@G{)K?ne0{l}WFay-=7 zwFwQ@Ey3Xg;!tpHU|#Jz z;>w$jD>re1n%F}JcJ$B~qAU#0VX4>)w1Cdw6asK^a^l>>eQcn(Fh|ND(STmzdTVq5 z`eK-s_IURUe;jpAU)PO>APra|f6jBC`}V7*RvU(U_xNC8aF%IvHc#KfO7q1YJ~51! zdoBxN8p>Ya$PKuCe29Cuhvb_Aren-69Fbx%aDm3lXiE|_KY?O%KiMZssROC#rp$8S zf(jcIeXZM_s#r#~g{=xZY zy~E1rYGf^ysvU{Iac`9%0UZ}@D#I`CX)ILt1^Pgb_A;9DTl)HK=D0NvCcBrHi5r^h zU)_~#uj*Om@p_4+XhuEl?uCc!`^t7@!R_|CWnZ1d^fB@*yI>d7IMy-m3+t>)C^vfe zZTe2m8XM^dPMr(2C82JZ+6~lMUpu^`fR3~ph1ZjUK} zN^-VXQv?!`D7EomKnyH{Z%y9G`SFVi$qo!)ojo{I2KjNlL7B#WDB-4<uOuF zlQy=NPr8bAJjRBzlP%S^NFx(B9_j_Qo2@tWZh(viKQFI8yfXf!aCkW;cj);z>GA?; zpF?_!W>1wM<`Q%PlXd1>o77tf3DymhY|G~xG!##UiOEpp`%pnaSuUDw^Lh zl4P{>6B%dCmYKh0UQIc4M2eOW8LqWytMI~$jO4S1oXF1f+0iM=hS&C%6iL(Rt5X`}_S!W5KMr4=;vVfzX z_EpiA_gPZfR)VvIf=kD&8eL&&y356osAajBe-{r8d%9W?&GZIVlFHTj8P_9K<6(v- z2jO6576M>wJJDOM=+)hfEieLY5k4ssk$IN?3Dh6|Z9YySArT`m589y%LodJt6Xwp; zBxOOpZdMjf;ex31QI4@D>UIa6TcRnzt$~AyLdj6TC}3NIOmtGf^z?>i0wGV(#YI9b ziqKSKMC!jPrk{T7;&>qg&BG@SPpOI%APE8-&~PE4W+hl6!j(lig`#t;3}v$q3DTCr z3nhgi2J8R@C_d)SilU8W^aSt7Bm;dJ81uSXFc9X5!Au~8tBpgUK-=JgK;XGU#obuO z=m&Y5Ov5MDT8*%f7)Wp!pHPVtNkyYcLafil$4E)J++X37qJZ9XduK*}kqUE9kA@4& zf(PZq9gYVb6)wC+kaTJ6K zUx7eF2*417AL^`y{2S(C-kA0i@skM{Mvt32%BTID0<3m7mKWehonM}=Kvo4kV(>%* zI5cL>eZ1T%@8keoa3v7cR$$=Jos@%ctG5be%nDZ|f@L(^zDk_`Dm$3}>48z$}sf@!Y{e838J<96_>r>9}zK&U~ydhJSW zQ{cK#5P(3chIgAEAk$wbHUnphOrIKGI7z!Xmf(;8cw&4~gC%hy#(So7Nf)!*VPVl!MUXXFcAy9%&Yj^Xw8NuO z?Pcl2mBE*v9esvU)45xzJW3wn3D}hn_Vjh3bm|5HYCOlL;ENi=(uxjHigOf!2NwYk z9W2EN6{5uiVSGe!XSVSsC4d1OZ!9B*LElh=zdFO$X0q~2+Wn(w=Y{S9i6B#1 z95gTk1gnUZWi^FLnF>>_jFi#FBJ>t>f5U3uYXM|w%|8WiZ2QwIt%=t1M}(g7TQ))^ z?#9YbM#v6mp&^@J_YBX*r}a}0DY6iO|2AZww?u4SIP$1FfEcEq;J0Tk`wRCn{G^d^%kEK^R0 zp?u^W8zCF)p~Ww-J#kj$?WnvCEJ~A99cGchEYg^QzqF~y4HD!6h?$ zTFqYOPQMUGD<3{B=yq`vWZ+bM!tLUwgX8h@Jm4I0K*8$2cmO}xzIcQA z#_S)lkhttoKBwUD>w2{-`Cto{yx%I$M{!;;Z`E82P)-t8DbX2o1EIj6xDeBipzyiW z;WwUH(aqsZ-7TS23$w*RV3k|rvA$&Zzo26GOc|OzV~(*Y;RAxzqJ)5850;FPFfJ^# zq?E*~)Q6t(1!P+WHAzN9DT`!v)@j%pV4Yk_48FL4I|^4kHl-II5+Vd88)`~HgyoQH z(}aJpiEf2-oh0Y69R?$eCrgT%Iyz%PdK6wRqe4ogE}>;2k`deSPzKAwz!(!}b(+z< z5+-1R<--&Z6}{L&YwRBiJn&JXqk<4nQk5kGX|1H-e#muG9V%*J#NueqTewOAEFLaG zC~4l+82^q6yM^SS9%-fp=%L(}*n}3+!30#oxbWGKC68>Qtx>vZH%)Up^MV#>!=1%A zx8MP;D_~X12EVKFU^y$`F^F9$7C_t8$cikE8~dHTYE ziwGgpL46#PD)w2E;pP;CYVvZJt4bquJE);5f;MhThy&8JZNg9!Y72@64{3L-lnGL> z-=#RW98AF-B}80p5}6a%CZ9H30y zqUnvZQL^FhU*w2Zc z!+XIF#s-$Fy^;F4_XA#dNu0HNmxYzoZBRn-V=NSm0W%plKr#o0zKyB7RCv_(#Lnl`;(7+BfJ1T2WWIX=XKXh>ERoSVsc-0ooI1i#gD$i1; z-L#}-CPt~F26f*lIZ}A^NO^|Pli{cyW7Yzl59vFIt4Cyd4#1Wn+cjW5D6PPHzH7@y zO?o@X@ov~t2vXL?O2pklCQ(zJd7{KPfkuwgPxaKjfMDw0go)bT&aEf)LiI-WqVMSu zqRv3#lfj`^KrAyOYWk;S@JNpa=JmlUL@0js=S{LmP%Gdbe;n>p8P)@r%0L^CHBcZI zRQd<7d+@S&%=Jy~oXTOS(7e^hG%a9Y(mXm85S@kRWTe4{R3Y6i8z~q1lcr{DF}hPT z=gf-B4i{m;tJr15ssIKB2dkWAxiykh5yuE3%t>Md2fhdiau@ZuUv`0ejEOvChZ}dc z2+LZ!&RTlALhPtZVFl};-7R7g0A&qYk5s`QsDe1IZnBuD7#wBT8>Ltp6Qs3lSnVVl z4hmAIk(V7=Ls6liVM9K`26;TNQ{utUOeo%9;g9lkuH2cT+PMrIOfdB&XPWFJFp4`J z%6OrAmhn_M!WS4aaACUqhSfWP(iht&X1Vw&=dh+;!s+BGhft*)f{{7K58t#+>;uk> zbju933ANm|I6Bhc(?f#nP6@EM9IoIho4?du{S>VzF!~s&C@}Q%Wbgy)6lmr~&yj!{ zR(l`-04%SJfGo;EV(*1gjl0_@O;hybqu^7DB}^GR01vu~j{h3~00000Q7w%4&Fn~u zfCDN4lxU&F2|2V9ij0ZMy+F!t=5t~ITN7`^fS56`2NKCWHATP-o%+AW8 z=9)EsY*-i65u+{&sL#*mP(_(^{HMqoP%N6skO;3s9(qaMdr6#q9C-%m`p_=N(3f_A zJTcz`+m=pe~s`i5yV)f9J6aau#0Eh^d(H7Ivuy#Mvg(w@tZ2 z3@0Kj%!x|2I|dglxUR?U3INTYo1Kjy0Rti|tIDgOQaFMPM18s*(u%Z#d+{mexZy{X z(Kyljwl&n6O;o>!O{P$_NP`xgsB|_C&V*eG*^o(qw2IOl-i+X+ zjadNaxV?c-a|D+S(VP&8Tx%ZR+M;De@x`@4X@FxMZV#b>^8V)D$E8FT*T>S{jwUXzzzl#P8=}M%M$um11E^<;oFD!V?xi9?J|csy4{5jLzwdR(pP84#5L2!u=H9dwXALh6lSl?&vcj zwrMsSDnJ16K~O=~*(v4d`BrlZ?YhfUhA;Jro0+efFww^y3!(3<-!6y@K#JVamG zp2#Jjp1ZY(eSH8{{cr-Qk4FU1u3tYw9;k+ps3d9zq?!e$j~vY8@YCX~(@s;Rzgh&(+Sa-WwDoMm>WH zQ3YcxU#}a9bYJCsy8;q&3MNiFhsc^4HL_6s{@E&MB>iJ&3uf$4K$j4zc2;b*R2oF%}TN~Sl&wm70>lb8>w@+Nrg_g%qx1n(Y=H(hH2+ zMN$O{zu|y~WzK0M z>RVadP^j#&$73h+r9wIps1V#B>{c^cwIyaIOd0=u&02!>M)oLx$8S_`0!dN6{3ofK z{jowgLOck#7g?Pu%Idcas5PKLE6$KcuHV|ajt$2s>F6VpL=jX zLsitFPW}`gv^dx9&6mK8@K9OIc{lEZ?ch$C`Xv2VlCY?u-CP;Sg5ozS&74Q@DB&zO zrFD!I!nD|vPuFXZEwY9Cb6g~=jhHuh0;isR1a^R)_WpncEg>itJYedE3|$M^9r2^c zkocwk8lvEWoTL;mQ*sR70|`=cnq59k{7k%lFh_$1=#w#iYVCiB94d>nL}V-O*=_Aj zfT6~|>~9GlM(-nI@L{mLjS0y1_3ZQPx;hb}z$gfasdqw%lC0cpz?r2mp9bdV25lyn z08WyjKUkl2#o0>+5HbgWq_f8?edSfs1$+4=TyO20Pnogb?G`wF;Gv$~c^1IdypbyL zJW_-;Nl?kURU<^A2kjmk$@v)ug@AZvO;aI>Ko99o4WTR*-70XXj&2?81TQw{ey(t% zX6AQjesti*FAA(2sYb$x0W+|gA4t_m-QwP4;Fg+*kEIXXh=%YEO%ADsn0QLPr7zuM zffE_Kfzr!Ill=s-)j}xc(ebep{^N9EVj6I(LTy#|Vm#n`w0R6fY&}h)1N;Y<`Gty} zrlJHUfW*#F?DdB{M7{`QwSXCaV)pj&kU&UTWC^OEwQwgOJ_Ag2zvY%Bm7+VQlsHD3 z6k6R5Err5e*Mlq!2r{HHP3v!phHG6!N2^iDjOW3o|HVzWKc zb@OGpli9873oxOcl!vmG4D1Ua-yMk&AyE*{2lx;%P5>5g1-z_}1l%VJ7!~8ak)tfb zey+vg2=Pds_cfehFv?_dkr4jT{ldIj9>xZ;i#Bi#!!V!*AjSXy5@}OfLXZ8JqA1*u zfcT*SEgUw5tH0jv(5(+}dW{E{s3HU4YHI*hyN$F(n6?Jm9zqpC0y!`I{2KxcGH2BOC)o*^q{T2>fOuhQd4354f^qaa9nz zp7D02#;jc37JEi<;jt_Wu;f?e6nF%p+8>ZP(K>pR0D=tiG+-GJ2`qf%4$@f8KTUvr z&Rw4i7QN?lm!?1-Jm?Mb0>Fr|;uk8>RPwYz%c;;3{}HKDeKA)GN4kguU8<5ddaZ}0 zSWIk5AXO;J^yQF6Z;JPHHr?(g;KU0BMo7t0XQT|jiQqiRWnYJYaRMGHFhq5Q(a^2! zw%i!0q2Of^qQ*Q7^9qV`Gw^2^hK%5pDTGWxH!>Rv8o&M!FDk|GyjC>+EOkNVDno0VZhZ^dQtTx-25OD%-cqfkTPQhNthIG|sFXBWx z@+&4Q=TuS*Ohn=8P#L<#KFCDw(w36QtUqYYp4ZbiDPUva$s0JQNiTlY>H%Bs* ztr1u%sS#EiOAC@JBsXoih5Z8)Cd2bhd5Lq*P_Q%Z7m<`(%AL8OI)y?ZWOq<=86a`E zUS&oUiJEZFvT385L>V75)+Jv+*k35i48&4I_zUTC;S4C@yp1%ji+*}AV{DRC z$yJNt`?AQ=HceuL*50{x4b=6x6*#v5Bdrn`v?jRHZqKnotW89~VBWmf6W^~20Xh+Z|uFnax zE#9*Nn`wkxz{T5Q|0HcQ3}4gP zBNhv8Ya*-u>^&U)Yje9QkHl%|RfWxCYXp)8(qVIj?cT%;XZkM@d(;Lfromu#5k?7` z$o~=B%j`V+FMKf*Z3U}H%u9r8aXj>m1Yfqg%^_YFx1jXIDhgT=QJq$7dF`4(ClU7p zIpI;8ZN)rd&a{~c!=zl=lU0nu8ebMJg$fWJ>zvlwGt(dXjVs0EMg`j8oEveuln5cRsH)_d2-vAO@);i5V23w(;*Od z=SGDEOSQD1w)#c$2A;0~pd3<5qtnM5%Lg6@wTY48= z^pJ=FTY!nMJ}Z(C2(Eu&Re)_FgKWH6v7q<_1|~eIDPapU@x(Io2&@4(z|q77CA_{v zXsoKEzAh6)e^ksEXtL^DTl^V30?N0KVDE@!S48e*;{uQ@eosrdsdYT%4?|-!;qKf( zU*54d*T;pg%9A?jTtSjQT(-ELHLOk*Y`&Pc0&Y46`e^#08Ho2x^k95qODD)p$f{JR z2HI0_Kz!Dj{g-ZftN?O5Rl{eDIH`$1S;aJ{X?|QqBkyFcAs{7fnu&yv>$nqu%-gox zK|pm;7a}0Y9u7M?@s~lQ6tFno>mbro`in0-`P3bx`<+c-9XNk5k}^G5nU#`Jo{IMX zx5zLu{4rX@NH;yxU5KN52C6%)F$JuUP|(7l){1AO{LMiw?P-?BubJRBelBQT62y{i zF-^f2Ye=&7e7HO!aaT1F>RU>FmRKl2=b%92ILDlaHTmSWpHIKKF5e+cA+?yGo2Qp1 zU=y5yX~Xme768~@=0~A0C45YFUm+{tHndmVJ+cxI(_usnkp@vJSBtu^oddVf7R5c| zL`TKgpd=k4{zcBOJEJ5sF(JgIYKwWaR<@MOh>{42fM$Yfag@wD0&55WBYI}&ikV5< z5Ss(V{L#D`x1kF1bbOh4K}RPkxC+vmy`3ZL<1}XVPQ`K}0gUygs0CRB!CPo);A7Ai zxkafSvDw3NwpM>A3kttb4;ob`@oi}+Gt4ZcvJxe_=AVX4IWpSBu#6juqVO_t!J0Vo z>WGh;zkJ$C&bZx=IsXJYuKGeH)7`ANGn;6!z?s-*g;?f<%3MNh-UODeRZTg;d$>(T zwFAqw9+HWeo_#Y;$bat^Nk-pZ3x3DZVY!E*f|p)4YlFKaw zMib}?uBoTe5sEW)4J58ITBSihv4kcHh3Qb_tIv4e1tK2kD~(KPh3DlW>Kb-PQ(_MR za#j8;C$p$f&aC7oS(5Rh&c<)A1LNwJ8?tb>w(1UN5s= z{%EQ$&#Lii^9?<&Y_7t4lH05-T?s`7ULz^FyrEzaf%*Zk3^*D!0yf1JvOL(?s=a89 z+?Anf0rFXu((pV@kl+1H+ELb#w8^+cnF&Oww+{$FZH%H^B1%RS4jS)C@FXi1M=1hr z8RQyen?k@xU7{^JAhea=B6_>A;EMVvb&OWrEK})|;X@W3i|^iu-00iC2s+}4ndd2W z!$+T(f)@xdq!J{YmzXL97YGanVhx1~kwWW1QYJ$I?ABR(UUdzc2(Kr>w;mjuOY<#P zca3lC)8n#y+wL!xrGg}cn5JA#lvPkGl$>w25 zIv7O32}^_`G%%fiXwRZ%Vuak*mM?Xi-Psl?A}A|PKYo2|WS1tgEAo2M(?M0GY9p}` z4{Uc`yQtCO!=;)`G}XrzcOmeHVF*EzErR;XCi>+Aq7*ALLm?`w~= zDMZwgAnybKEj=#!Lwzlv$-`fp&Jf^3AJ9ZVP*8rbe*Gm&OZ%etHzKMM@U_g1w14lrY^Akv*K$5NH$h zv5l0e$NZEZ-gLO3+?2c8!8DdMnpwb3dF)0#wd><4&1BedZ%AgIMXOKDq zsl}s2b)f&LvJTkfpq`(>SWF^x{E?dZvvKa z$b?nN%tLU-1Y`cuaRCP;Fr$}+S)T`$9J4vd;87H*etn>$-1S7vmx?|KAS%l!AP7yA zmg>TXU=EN7N=oBFXu=)=Ajs&vcoPiGT|z{zlEB1*0u!0F5o?C0loRUh=D2cYXo|6k z{sd*QTE-;Ek5z6`!VGl;&wxhM!32e_zNSL8HCY#5t4lv_&8tDoLIT6|fnb2xu|JDu z*`OY{Hes1i1lfOv3gBqu55^^e41*oG25~d0j&!QYJHvR2*!3-fApm2<%dRo}#ZG_} zUp@5>3pNw}tdiGO$*=G^@)#p)QeMSPoKH5JN3nq*F zAo)zxu6A+VepJOBnG0AH7t`3gn1<*I!mo#;)&Y3vHDJdUJ1+eL9Hy6kg(FqQ?-`H~af z7*Sz-5#>B>hRCcOo_2&8KqY`TBPh}`i`@~d^umw$B(Y(y+pYe^#l!O~pI2(Q zxObM;^xfvx>{)JhxXn1c6VttC>wVvB2{E|5f`|5E8}}x!a0M5yM7m2mlxdi@ToTR_ zJnMf;0#_w|^sp_k^1{5rdO+CmR}5UEYuo*CIBzwr0ba!(*c`>SZi9mXQ?_0v3aXbX zC3<8=nIE~lO9MuIeZf1dQcH;~cNPITA0?Q~i5DZBU?r7=SK>g01hV7z+~L2@8{h-L z_q^Z{Ldh6V#*R1j1c1p5SzZWrJZ~hXEtR}S>1!U8N5&?X*UyPX#iI_0_1q2)Bk#5cyF@*o4AT9`GgD~9nRr}6fs zfyFq76XXa2`6`8`L_kzxSdc%UxC(c4ZIvRv!IAX=i{!VAS*bQQK23myTMC1EL|-98 z(4?-7Wt^^B&(+$89;+bL|E(vOAf&DaknghHd?6d(G|3CPYv-x zppdt=U*K6Hh3yCu&Ir(;1{9kfWbka8p+}mBIg124{4-iU4WLCFatr`tTu7sw?hz{5 zP1oK`aCS=8#1~`Al;FG@D9B~}vW$d18q8cV`BKslsj)hfJB5#P8+4Edl1_$wFcOiU ziiG_sVLJzEOKRwQ-;xS#0~T9AXnjn;9#B(q?jq5XLR&+5W5E3Ytpu-5LbF?bZVa0!9f7IFVZ9?kAbHc7h}@ zUYxSYb5_HupjZEv=YR!0)Ps?=*kUpO zp8&wrQ%StF7XqEhRX>s|!#J}e=Qy54843VFoOq3QKcd z+5WO6zj;0@JAaw@R9EEdF4PYr!lN%J&5X$~?Ai{H8Hyd(?7N~{)qztp0Dt0Y`YXDN z_&glr%ApWym$0`^y4wMgjyIkpB<6+FutO$qO463YOpLr{tGkd(-b~?gwjXlRD`PDy zO?uEHqnb)|9ARfb9ObK_0@BxQl#>jEKzs{sihc8nq&TFTRX!}pHdMOW2B_m{`^wS> z#4{TM+NS;dgl+Ov$bf} z6c(sx2C@9CKfk%_0i7&nKoW(jfNC@0IV9c@AYGOLB2bM0YGt}-@04(d0 zuDqio()B7>9x;Ua%cR{n88qffDb+KLoOo~;UVu7xYftjW zkqw|TKMos<$nRd^Nf{O!z4REIC7=%FE^2Yxy2@-oyLA$mv3_d#X(0 zD-QzZW)SADA)%ow``(l`-jj_(Rj_FT2Lm%nd_>pR*!&!LTw^vy#T!@gN)=c1|sk_A%5vaYiB5C{7=QzInuP=@=0a96C0zzc{Cm+$w&Fw^a7p zWM(Y|7(_bj-ebFsJ3tRi!Aq5i<1Lr-FiXWDm!uU!@Kqruy|wzMAleh;3ox; z4jof8!ox6yiV~)_W!h%YU@$g}k_>Qt=X8Lw#Y#<22@ktx3`FnKFjbU&QEIcX#Ry#k ztg~qxvbBt{+Uct|HnUSCAsY7tAZy(Bo|TqWrqoUO1NnVfj|bx(4XJV}z%>vNR)Mfb z8mH)uFQ>t*V;F$D2?M6G`1K5FkWGWNpvTsVslW;GqXA+n2%{biDa#CIcLUT$^p71` z-2wK^h}i>^>;#_*5vK%?5?BjGnq!SZn07WL+{(Ib1F8vAcSl7Kw5WtkP03 zxY)gMpBasj(4g*4dn{NUWID)*u(Z1wTS8JQ-MhXIne7%rjX4a8HwT1eCS--oEKXM- zn3`@nFNO~kp25ta3Rzv*d7#Jdq%75rcCq+d#&ee%;tYJ)4=<6J6=enfYRlTxd1}R& zl^T4YiDZm)bK5U6jkL}u1^=Lm!w{~Nc`c0UYc5Vo4(J$ zw+TVd!6HgyCVcm)%k%$kMn)*RJa3Cs;kbym;1F`SNc)5eEJbEyH;q46*qWV1o4m5^ zApoHO6^yu6P(aEB6sFCVZpEo855|A&r6uYW^E$j=n7A7`M}Z)HB(H@=dH)8S4;*L$mRONipo0kB^ii9%-8qwLZhYB;kPh}=WBSz?MchZ{`ckv15fzGg+W3TuOotLCLrX`zmyigMu`G zeQqjm2cMwmBy2T6F_?kg95drSooO3eRr#$Zi7?}bKjiU?MVC}ShNTW^#$phb_-rMA zc0zPrM}J^2*j}IOs=PN{e1)=&i?vkk9>)db#|VS16Jssc{TK+&S;#QJ=s9KVY5TX~Rp0!dz^T0d$!LU3|9m72mc z$-sD%05KOy&MFtpr6wjgWKhfKfRC`A{I&#Qw1P1!7MoI&OyYv10X1!U+!^Fgf18^M zh~z*Lkiv_)OZm%W9;g{~IC$p;EdV^DSOwuO<`-PwoOUq_!6k{r19&aI_9b5eaw79u zC0)792_hy%_dwxmdBhcgO35YH z$KL)&G$ozySzvT@adNF&_cbv06{I z8F52)jmC&!gdG0_f?_-qarDJbkvJ1*xGB`m`55>CY*tG>hDh*r?VfStoaKES10xOA zG`-{j4=S}BZG^q=4laCVwxFCx@Kx2QHcp{HFHEySnhLZPV7-8N$lk@xVv6=UL=V5$ zjwhv6C#ea>Hn$BHN#6%LvMMBa1TMy-6F40s2pFvm!zu*Ty8+}F_xhS$CctVEiICAV z1VTfg#ZNixYW+G(h=s`zIXV->d#K3eEE!Z9XuBMspzI-0!-S=afTAse+)oA*Ik}aUxEISL-DK)-#Y-&^{|PG` zA;;Z92Db+Zgonl&E6Nokui=n6!3}g|3;(exWLXVGH6vLntFBR>%Yxwd?0(}VNf}+z zFTK=+$nMmL+KI*e2008=FXVoAmuEVlXOgxdKx|PuqDFC*qKoPhF{3o|l|T$GgT7Y+X38)B znDlk??Y&)aF6)ja2I=%1A+eFTk(x4d%s2xd1(h`bn0Ex3e4jjMND4p{-kjj82_Cv& zYdm|$styK7!Mb9^>P(jkw9)TVBlJd1*_!2~7HuyhnXDquh_PwSb|3*HHnB3ylFgNa zkZOkT!ew;oRWG9<@VH4rvK3rv0Y9plGUIV~7Fm&$e_a9?3y8M}>)GgTGXYCiD15^G z#0^G7$^spfFdZEzLf}7Jf_Q5IV`WH?^x~t_W<)~ zR>&ag-`oozywY0S%8K>7!1G` zp0O}G06hid4p^s+B_Tn)ll-dV)aC(h>}YSV;Jn`?bim9MyDTB7KWk7!N>YS49OXwA z7?h>hdAV67z*b<85;DXlhCnY+e!-8T);xKYw+S7ca+456JfDK|3jc(5`| zIV^WjEdfxa%NiVbFpYR0mXaW(En`v}4ocwdOZ=yDkZ=Y&Dr_oDeFvog};?r}&kDEIHbGK2yCs;Vfnp7vFB@F@d-uqtw5o7D1%C#n zAc=_Fw?%5HQdO@g40w?6&OuF=73Lv8@S1CkUEI||(KSK0mHS3_3NDh!-XE_qjP86W zemkt1RhRUnLqQNfpilNX7|LX3`M@vCSm3+lctcrim&wcChK~JHhgw|$fT#W!{w{GX zMR5?dIVQAJVY@;DTP!JI$$fZaxyl<7EGsXUtT?uV6dTH$ERh$N;IfV(Y^1kffG)Vb zc5b#R@T>1JBNUB>MA)uY%IpXbWRBntfFcEjCF_PXNirhtC1l4XfSABPLeaoS^!g(z zaeU7~C5aCuvl_5Ms;mEfa7|6HwN!jVsAGiL(of0N@rg7=lC@3}_9d`78n{;}!T7=t z=Zp;52QA0XmSH0^mDb4P1q3lZSF9YoC(4?JVEfG!{kMvvjPE2DY}((qx2`nIzB@!i z(GU&-Y}W$2I3u(EWv_H2SDwH?hUXT1B0oh+u)qk=Hu`cl^GNra@jay1jC|^BGPD7` zgbd)(77?Yexb4v}`r<()5-rclKAjW8`e1QPY+||H>-=sSVA|^(lkN(G5LW7(>6uL8wiVt;nda%o<`%spD3lP zes@4TG1f8D?Pn0_JCEI zNnO(cMwbn%PW%8SkI?q8C2JAcz}#v+B#?v zhK#tJ%;lc&8hO>jL8kVS2x?(s|h>C%`0x{GH02~fs))_rk#Mul~w>^OBaPG@&wpCxqiW% zN(tb;F$G-~2=~oQLMu)0giTLENYV6V4KGbfof*$UQYC7`%!KmYRM@mK3zr~Oveo$>_cqQ?fIyqVxRRqvz zADWdhOXw`psJFz9iWF4@7e0@>Z!b*)NF+fW+p-cWP7n@wOqsF^WR8#x?TQPnR7xl9 zjWe_ACMqF=In3{q1dq}Me{bx9b)S)QBzMQQ{qqiUd(K$5&A!Yj9q)IMpffD5E)Tx? zv27MWHB0Qpv=Q(^EYYdtDvN;=+My(nDj6?s83GNGR0-tN!r0KbL{R_G)=~s#2{JIjl!Y8s?FEiUHskee9s&Pobv-ASoZ=mMDz+F+oq`Z5@__sz9q52WgNgK{4g&$}OW>RwSJ#t%5pKcN z+gfAQO@$OxCiK<3#2l6_$r6f@?KzW{M0h^tdEAhzr3t8rbsddEU?RoA5MZ;jgD@Uon)zux&h z=i5(W*vx6MX9FzY!osLzF&5EI)u=;z`LqV@aGU~Fpf@X--WbM!*{n6R1pYwTtFf>R z)_=1@l-3w-(526|X|A^ajVBP+Hb;z+ue0Sz3Dh3DM;24{Xoe1VG=ogeL&9e;xQ|7F z7f0S~q6&_;6dC^voZisSW-X+2iTMc{DG8PTvCf{5M87NxuM~_S)uX|SE2ulVI+`JB z0EwVwW6C!qvi{+9Du(iZb*Ph(xLZi(`$+G21_SA3aE}?>i8MRqPB4%%Anibp>gaO^ zd(94}(na{`PB*2E>>Lsjy+;oLIpO5w2(?B?r@d!{+=Id{I%yGWu(&DDT)Fi$A?V8- z;oWL~hazDQC@s0p&h2z%p_{~YKGgtNjn@%9Qn9hMXzk7$L<3Q_?!B=k1&pJHPAw^k z12+a>iIlcIBUx&iEJDqOnB2^NnlGGO$@?CM&A!D?_tG%(khH$RE&4O zkc^Yed6gracsgX5**~l-N|ie2Q(X|y1?Br!jhv|2Esltn zQ%e!QvqAe-X+#GHLQK6npe7nKJjPL)97p?Z93oPH zqnocA&KHcJv-Wmr*GZbq#k!>}eP&B6#)v6}4YU!suf$ESbgq_;>lHm^(o3EDt{Lr> zCVM)a?J{sRU}^t_2E?GiX6Up+S|CnLyUKtSld&*&W7E2!x2jpRawTKBp&k{|A_(}1 zfh53{Ofs045R^0y@^so$1U}N7!F_?bwStfvAf}Bvm}cYeW8iXw2qe&Q;dbRz>|^fK zSG3|tPYvBpHKI*}dZsiydV(P^VM0+8i*D0e7+z_ZS&_R_C^WajISp1tRa!`oyp0^C z7eP&gQPWCmIwX#UoE9W@M4kh{yW^^21^i1Eekx@kXy#Z7a7Ab~pkn_<)ljl@xPgU2Wn+jSHTW7q1Pvb7{XYfF`gJ8D=rAsID z&@|#)1VumugE&GgSxV{zDNmwgUpu9IGqQbN75EX<~s!CNGezs5*Ip;;C_|z6sdQ zqCx?LciVLhSw!ZjE&c26QHq)0AAyCYA5*5`5;6v0Ly}mz1eYP1F{PtphEA*9de0+5 zMvf>X>ax!iEx+-_^;&VN^+cd{*%3qC`=c6=+O_y{^6kFk(H4$cTm`XA`!hMi_!M_0 zPf7>6(E}=euSAcP3fe{iw2Y#8q+v)vB0rhhdMLiAuoLFP$$EFh_s!#^y$CErrey$K zC(%-~I1?Mh(@3I9f~gU7hbL!EAea||@G5bjE_518MF)?B2akj-a5pYcXgCXz^#n+M z4!VL=kQMJ7qA&oQbQTu2hbBiEX&Qj&by&Wez~dNQ$lVx&xujx*^~_Zx5xCcDIfcmf zxsa$Gp2#7(i8W45qEwoohTvJD;IJduR0u2K9DlUb@V~2}6D=dWjC;;2| zi%2bCm+ll24hG1&i)3i*3!>f-9F(Q4$BbCbxgP+MknZ+ryWFF zr7ZDj#8^Rj9f*KJ*oqE$P-;B?pyKNVlXKbP`S|U3t;!G^29U*0v~kSza1A*8s#*aj{p^hY&wDasx|1sT()xhz{vxK5hh;r_DaGXRJA?!aM~U3TM9k_F#NI=|WrBh6#VNPnybrFQe> zsN&=mRnw%H8+QX@P0-&Qa*{LTr9Nl0gDFCP6qlSR^WZ`k{>pkM`5KvaDMy%t(C|)q z22tKJ@T;(K=p{pt8VlrkACEni4q)qs`&Ox>D+VR4jd_?{7P4tEU`L4G5Hm&~GUQzw zNzDA!i-W{pFX8Si1Zt}RF+5zAK(L7pS*ZwGq(HT*IJthPSquPhcK`wUF2-~c?-3)J za7ZQs@M5l6mnmV&Y#^o*2xcZoIeK0C36<(?Bi@y&<`KJ85kq*)y`8 z@MJgk-VIQkm#Z{91b8SoQ9bQ=G8~>EdiF2G6CJdChZzmRS*NPTIs4`H{V1Ymau3Grc)`5xG+Go0jZW=1WdW< zA!SRrK$0qYQ6?-aMo%QkRv{p<1N9-aVz&oTA0AN*D%cRbv{7JysR+J{96%XDY@?=LY%PT3 z6Q1!!vmO7A`lbX75-gC|f^zXB>OdYMKppww&i-f$6zC-(JSm~FB2(fppeu?%Q^q7i zB#UnIs4qx^Ww#zUlGp#&$nXKlFHObFk6Ab`d$Hy^!~ zfv#)RMqCW#uT?;5K<7`=q3?skq(DkwWF|r?E?Ub6uQ+pAPbYxb-AXfCtr`oLiw9+D zoqBUbl`5(#CIHK23mH7qUO-sRV*CF1Zzax}$^(5R=$p)!!(vV~6N1 zGC0KVMi3jROHK?zeT65BEhMWl6BzVB_q?9$Ejuy|TP*(VZID9rmx`oNRFn&kG}=uQ z05RN)L#riVRl!`1N6GZthY(MMBCMkb&4|5{YI`LbhUPzrX*4)iTS#N^2GK9W)?-%_ z*%(fW2*No5PY8A%;G^H(N8$6U20{pM@dAk(8bBz$#nH7G5*21kgtt_I4wWqPESQbV z2k?BHlnqpBG{r}Gs8g4}%=hV48C_P54d`q=I#Dx3dd&}OpqW)j`0w# z4@~E7sARsQDYu*N##tRzgKusJxyt7c;^^Yh+Xaj{0;omDaixHmpFmj1oVEs zj1UCpLh6B#U{{Gnp**3!2Pb(YK(;L{0%H<+M;dA*;uV8q4gz@uE|@`X zEuw{_h$c||v}dx&z~q~P-bOQvVS-5{3yKkUNcJ8Nd*TTLM|euoe`h9j-46^P*po8( zZQK+jRQxGVQr4|)bCHG%Yb}D-YPr&DSWhjojO||%aFbgG<957VVhAOJ{+6f95CxuA zxR%OQYHwzVtf1LLfrO)mP(Zz=O%GqvltE+z85V15{U8HNGLN~ZxngEfzKwatF8aMo zKkfB5Ag_g&kdq)&t$zc`fdOb8dE0P9MELa`XZS@jMmbpksA9{mIS6Jmm9ImDHK~b| zkuvq*XsMFr7^i|@^zjX%z!fe}wDH2~_d^1d5FlnFg$DbG3kIkfXKg5gcr%ZdQ2z=f zMm8V!bU6&qJh}1(PK&#(;T1GRso7aT%|d9fi)+hZ3=2?Hv~dUhmd<#9ka+6VWRLax3=fWA(#jmUG&+$kprEoaYqR+m&a7KxuUNeNZ&sxA)d}%H5{5D+TP@_l|ucG;Sq^Nk*Him$UK#O>d?Aux)5e|wLW|h6sG6SSc*2zayMu;#}G!YN)%pTTm?5NXJ2E+6HS%XQ=nYK}f3v)9p zMOLowxeUTd+%m>!ku!@m_fq3Bsq{sGGFph4yCU!u$pyN;?|adZY9eN=mBXY9@Qp0% z^Dq<@VuGskvRxtc@Uj~KVHg8P#@D)?A%}S_Y>wU(9McNZv9TI53Uf^@Vro#lij^Sl zbDoH&wsq8k6_m5sm{TL~o=!To1}PseDQc*Ia3HMQndtI)k>0y8CbDT6z1P)J8MITR zoyA;@Q`8P7|Ff#Zvw($>@InlkY(La$v1M3q!B?D%D znqN>~R!vOVER#TZZaO2SIa(zNvm!DqoV8p{ZmgI_DxNHGcNj$|yY0Y5?EoK-ujCHB z!V_+i(`Ll6=F@PrzGinZ*cv@tVw$7`EPq}36OgUi%NI>TWMqSt0RBsFn0DI4W^qOY z^)NdpaXOIF+D`0oN128VxyTWTQ4F&wTI%3g!M%}uXmUUb?-ymLt91(lm+pt`%xuSf z-SVE^3tP*p2isRTL!03SVESRRg22eH@q3R?i2mX*aX0vSE`@(Yh}qjQ38WB zYJ(7<^eG5?i{Mpy60)Pok)r^RV6PzYli~o%@xo-(YktTb`LHU)niHlOWk#IiZ2T>c^X2-5g5*Y@p1VzDj&MtO}}^I_IFz8Ua>$ zPa4_%ikB%GljwEZMXWC6ORRIpc+(-=m%X@L2IwAw zssKhXr?JyYJQ;3g1Y{Rc`r-hr@By)avF{nMTj%@O=(~2lTQWH9#d#I%A>ehr?Ya=; zW%4S{l6?UxX8ixqt4b5onV9T{Iq0vOB^GM2f$ROMCCa--X($8lnAMS4V5 zZJ%2BmWJ+Eh+bh7#2hRX?kQ&6bZxj(5|9_n_8hy1)MG@tDjxOf&Iw#X-KKs6oQ=^} zrfO;T1kUS_WdnFL$+0FA8z=OO51hc+gLBpq+ijvk28A#%H#m;+D%`*l2h!bZAy)d_ zd9?{4M-{T$jg&CFa+|}Y2#5Uljfo6QSRDS#>4_`EHJijhr1b;TDmNgTSK3}lGX?C(csv1*v$o%c-&uuv?%b67(qLzIg0L)Y_S*=-YC;_2m zVAKE$9lKnaN<&mvaEbnHzA~@j zz@Z&zQFE-$X7`GAg7F@DU<{H0!!%og@%pun<$ez>@cs$OlxUEc9q`Ah4inTaiHCH! z?I#`FmjN_Doa;kn%&9ua&+LKWg!U<6pv`gh2*Qh{^u3^Y0Op*(Cy7o>9`^MS{)GmpRw+N zI7q_>vK^3u`@sr+H4RkKKQd}I*5s*|X@F)6@CH*Z`5(!a$M?WPr?ty^eQY_LixvB< z@i;W)pz(u*!{i*m%>(`K zmeB%Q={=~-XP**=%fpS-6#h%<%sOnjAW||Rlbx?=2?DSxLq|$ViFH3p%-sx|w^|-C z4Gb`a`ZgHLsg0_$MxlEW9u#^mvwH9}ZJ`J(+c8l=!2)5ou|SbT`BhJpeO=B$O3}c= zFzGEbiSL9Rh3Ia@kTJcLcJ>Z1gsd6P#!xaAh&)#xP>^UIY!Z2oU4<)(lCTK-fw~zJ z;7Ef>$jcDf0wxJ!Gtke2C<%h_o0X#yHc5D*L#kI#CE&@8O5zf^N88Z!yT(sPq!0JW#MXO1PGX*Bq13_555e`k#1qs~{{316&NQiz7J)xS}E+c)Rm~|Lbcz=B1p~ zi(KSa;~J0xR5rhI@M8db9YF&44w4|M&i<} zMSx}U&p1a~C80EdlHGw2&<=n!MJ0HKeP)@EEFgB}Xh_rH7RWcv*{E9(F@mgoxuvhV+CW z08H{7Hs6ge*vu1AlU5|MOn^e1e9+pT zB5Rku(D&n5zetGPF&n zrh9CZO6i<-e09J7iNYe{eUN@vGR#5PmNgjLl0-`qB;M(wZ=iuS@!k-?qJV*jspO)2 z_@Z}#Uv9Ja);jj5I~ZE(*M#N;QIjeXZnkLqNT)YA%0l4VtR!g*m?Wl2dV+>mfszL% zfF88TMi7(jFYZdx5;?UYoAFey2}KT*K~ZW)&4_z7u*V-y^U7G)h^ zLa))n3Z)vb7)&q+2-x<`V7``26RI>LW2?0aANb}6Bc*PTC41p?PDK%+x_~iKd8*hb z&+3QbDjwL^jyo*&iD%20IsT~3As@%=D1bdVf*JIZIDGD6=mi2!{yu%A_cY{+aQuM- zMHC1DHibUOaV3yD%q8{K{|G_M8NvvY;4$o0pGObd5u}BDjU7!DhFIPi_=JWDiwgSO zJHWWHk(cPrL3GlMrt(hVTghuhwnPl3B8M!H)4qLVfV~y_M)IhefLIL3(0B`^QCQJI zMyv4Zx^vGYIT#+REnN$$vyB8BI0a~c-7-l0emw{mO=WE_=l3?EDL%*6ByZtv!s4QO zuOZ}#M3S^r$tSTRZjb}HTIeUuiRLv2=h1N9gyH9!WIkMw!Zo%>h@dAIR?P_ z`0yE!3M~k+Y-FnL(KY&tsrWX7W&DfMqB6{;AgEE@Yg0@0pJaI+o(lm#gFuQ%`V8P= z9j=M_8R(fdJSY@EgvvD*(Am4t z%|X7*Yv}_DC{rLAI)oapRs^H0?&h9irMNz{YN0YA2OzRJcuL9RA=ul} zikOhZV80mwkFoFC;k+iz3{V}Oy?F7qE9o9ZTxn8I#!HMmY_f51eU5_h86KfaP%0tF zI@Sw?=rj*)i6K+`+>L5L@jXdDo8(1Dn-z1Vr6&-DfERMJN6hHrE#Vbt?ogl3!0f#O zP835&B0Jp3UHJze!WI&7H^!y10nFQx{=50Bi!3I`b>CP{YC^+{QBwJ-1TAi^yga6l zm%=1XK6nt644{&!3i?3zx(lx4XM2dw+=Bk5z)`6qMX2%C-xl0SS*s(95tNju_{;M( zqr3Mwi0w$rq^y%At)OQgskBHM*{eORd8XnpsN%U8K(gj`xj?*&V!jVC^UUm?+R+$NkV)(5hKVkA_ zG3M4Z9DMrp(NrqRK8hglK?^XoJI%6St^fcDKy0RhO~%+J49bKelp#$KqM({0u^5SB zMSj@6L}f?s1n*qJTaY^F?mcm8RKT7RKOi6k0;H!!FODH#9R9BmOg!d5i)2LrJ2O^ve(f1?Ce)ULZz6 zQ#T$5h;S_o`?q%utJ(h9Sg>Lhc6*g2Tf;k!ksw*;5-kQ<7e**T>o_o(SjcpmXz{S% z7GjB9dPp(j-ca4dfuT07%HP8*41>;ixxg$H?vDmf76@n==nn zG)tk4MxC371SOYZHif!loyGdVEegmK`xwVKn zez{V~3`VYL#7JxMBfPIe0OV-c3wUYt%nDGbK4L~T!3efs zGroQd`qvowatF1x#hmd&50*^tHRkwZd6|A2-Yzf3zu|OiO;c{Mq_U*N!Mi1 z@Zz&!fFoF`oCKDnLJpjBc{$d!rm=OWP(dN2!z~2RxL5=T8}9c@>urSHZh^YBi(RWT zwP@ar{kZObGcf^|{D!linW&Cg_sWE5bx70s!$P_MK4Uw=liorG z0i7kP0+v`<397==qb~}V$*@Y);p`pvJYy9$Tv-kcRuWJ^QXM|20cR{5K7f+!h+0`3J?nk;b=U}lhbQT-u{^YexDclK3s;em12dkrRe(Yn&odAF6nKS`q5}q;-beHXOI%enx zH+fD<1CJaDVi|(5$nA+s3Jye~*#ShT&w%STQ<1E|YoFN}`Z}vRHch!69#b}grXZxX zP*^55FcM@>gqK)I4Jxt7B&d)I>lL$9NZc5RS`2mdy29G&mz)rVB*fdM=O?QWgB6jw zD})@f8LcRDM;uT?#azwwlmi&eYPw4f2YP@$uA$W24AVR%Ay3@J3|pE+CG*2)hO{h;gF%4V#QN;BWGZ%ZQx ztcwJmLJ7E+ZHs>22S#EBVx=~7mg-i`q$tVq?%=nhWlGdIq=0_GHSyONxO4^m{ZJT3@n_2i?Ec`EJI6RBPwd7$a0w6LbN56X58Zqg@ zDR)c#f|RB?>!BhK|gW%_Y0+K)LRJEw0Msvs57#s=FdIuQ2xgY|^S<|HGlBva6_Kr_0AT@P}1y<`S&SQaT@vv%x> zJu=csC8S+Qu8v$}QyW%H0Zs^(AJ#M6mPxQEfDWB>w{Bd<>Sq3fA|}v$XE?`b8v2u)mfOGQlw`$ z#of&y1|yw8GQzD{9$fv}!=aC^2-hrc041cdOrhg9&bkq?LLcpvD4G@4opC?l- zL#YN(U)KQrqs&}qA#u|pq(j0wKCtmI`h$jj3<}U%ai9vr=tz&DC{e)Fxv8XG36dni zYJ&xqli-_cSU_3gO#Ue62+h$<%onvk+QqXcj<8a;zOp(YoW@1kKH)HSTEo?kQxh?< z>voq21H8YD*3nN1k1}QdN6yl>Y!qf;tVLpOMK#b9w zoy%MYXw|VaPuR-$(D`0Rz#~A7%z#sL67`&Yr#YPAbnT=AsV4MNUo=?wCkgkADW=GEEs})Xox6*WR_T_#-Y!FxageQ zT0PFzBNU9aNC*p-0Iqf$JKl^Lc$#CDwcNa(uVGE;YrDI?Y6{ci4FpYZI-y(ia*`s- z5|JBKbEkfF-nF78$A>`kz?2(_{kv1Py=wu!AJD5mB-sWeOD#-+*lyxKGvwczkLy99Hks*kpJ_DcyAO6_fGL{Hf ztVmQ!Tp7GomhITioA6d!v{$u1uT-E>sBd*tmztxi`_rXzLBUKJmw_M#dGm!>iV__J zzKC#niWHjv0e1o)t6*IVlZy_xF>BEEF6?Pu1hZ(b{A;I)F{y%V&&Nhf5mw-q%0}Yv zOK?AE_Qb8o&R&wGuXEtd_1y1V;}>?64?p9KPgQztr-;BMwA1-Z5~oUOqG`sLAE?|tuA^n3 zOAfRUjd~(vLs8#a31l;aX#E`F?;jlmc64ZVl6P${f~DxDMy%8MfKBEiVRS$$FMM2Z zb4;|~+GVD+s#9rHpBx1-LW5JFEp*$4FDPn_ybhIgf}jG04S+7LTI__=2JJg!4x=1w zs}fUV0dhYf;j*q_~Yru3s=>FJ`Ge)u#VA3-EUG4I0 z==Rv*L}Fu)>$hMsd&bxi6)OR3$^ywTB?W3FLBs0Qw$eBjnrgTB1eIJx8~eqo2`Zoe zC^F+;B<5V)=AJ$aV``=pW#iHx(5Fizp|z}Jp`5SISCf)rY=;#;L^^rn2}P1ZWmcef zp#6S@RFU6*=2)x1-<4KX*4CHTE-;ap!V@T)R9}hN#?qi9oW79Q$w#GKd#13N&Zcl$ zDKPi@4iuSF`$4KC7b6PWCDoR->j(EbrXD>QMJ zhB5XF4oo=i5lH412u(6Ti@)czI8HmDi;-c;-nCa_9Y25n!Ig(g)aDmImaa=x7~q+Z rhmB<>2}j|R2=;6fv*Ztz6$g7z0F3wv71UvW1r>skf=^zPpI1ryYMn@i literal 0 HcmV?d00001 diff --git a/public/fonts/fontawesome-webfont.svg b/public/fonts/fontawesome-webfont.svg new file mode 100755 index 0000000..a9f8469 --- /dev/null +++ b/public/fonts/fontawesome-webfont.svg @@ -0,0 +1,504 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/public/fonts/fontawesome-webfont.ttf b/public/fonts/fontawesome-webfont.ttf new file mode 100755 index 0000000000000000000000000000000000000000..5cd6cff6d6f6cf438a882e366420dbcc5dddd3f1 GIT binary patch literal 141564 zcmd4434C1DbwB>@n|(CPn|(AINi&*Fn>F$*S}kcT?~-h6Z19RL8w|z^HeiEs2n>M` zFoZ3H5VDD+A<(ADdm~6m8d4=~NZNF0+VXcBlC;kLYe`Z&p=q(D=im3-H(D$Ull1rb z|2{u2Z{EA_zU7{K&beoQ0uuzmg^ga2R<7K%_J)>6wh96Zqcyy0`HGcdEzSt63&)Ww zHl{NVi6=U7yamUj*B;t^@)On(l? z_u>5B8+PA%1nrU_7=MXh^9={@xc-Sh8GIGTZwXBO_`bcnuQToIatWg0F`Vz%hX$u; zDdG6rIF9c-boBUd|HyS0j&Z%|(M{`Le2An=zU!fJpXazmc2*h-?VrIvGK3azwP$Dd#-== z-#6Zh^Mx~|Gq0WbmovXUqn>q~tvlOxw*Tz9vpdh;boQ>ZkDUGF*)N>^ z+S%96{>#~4|EF+)UXSkn{LI~ji|#I*k8?wQkP z&YTs_N@pWy+s_uxu0K0^_Q=`d*~iX~ot4i{oc-?E({%R>Ke=$-g=;Qsy|C%RvJ08h zRsZ^ne|`C1e)q%kKm5uY^-@@>k*cMj6p;LqPx4A0$t}4gy`+;wiAjRU))IVYXx zo#&iyJOA7HU(Vk-|I_)F^S935*nXrz3~&Gc(;o)hnVv94*g*g1{=rF_y8jpcn2bTQ zA!M;uzvIggO8?LPu-^zrSVFj4xJNk3Rtj$dlm9|^S@<>~ZdnoA8eJso zT5k+S1FhQI0e7Q#NL6d(ANX)=t&y~BYT2C&=Ek zTwRv!879}I<MXr_+& zye8&~X8c}bEZUIFb!4M1mb@n37%&tAjq#SL2UsDLOok?lv}J{<2U-j(12txIO(2Go zQ$jMA#6O)N9&e%d1DO~FykCp(tWXLFLW^8q9yinn%q?6i3EoQjEaC!wGb873nf26skSUf)3Tw= zf2gZj0elZg`x=yIPkR@oN|p& z^3aIvWg1GpEDxt;J;t>zEeoe)sVui-WJyv27}{WlMt21eQpq=9D7D@4uxmV=Y!33F zRX@877n#D)_$mv{iOO@4Z4G@}hoe57zCg3sf8+$59kuU%&lKEVxhb6n%?|$T2;`tH# zT~|o`@YP@n9-lg(4giaM;??St)w(+pmNo2KO-*X|8cV_-Qa`EMOm<(b?U%o_)%uJM z_7>Yyqv5vp+$cD}LQe)Z&V6uz=@JGVOH{G>uh2B_4SvWnYuE{P$7+^Qx4rVp!Y`D$ z=zUV^KdIZl^)2>U*3{4LQs1Y&A1Dv=P>&UTlRy(eOtTg|Qm~sXEwU>kr_yo^_}a+l z2>i9WJf5f)z`&xMMiXVF3G^5hfUsh>oNy^Fb9c8~?Un=GV66FEzky~lL%gNVKm-WB zDo7m>zhsP%?*phF-zs6;|t~<6jfBd0`bXRNVe?&M{MSR3WV{u|MX<KX25@y?GI(Ma<;5o`yrfLl9oS~m6w&}&t&A0v~u82 zaE>Te<`8g|OOf_M2K`);5@aoT3?n&v6Ym~pyV4e^3CN^@v$*FbF-uzN52nz z>!sUQm6A8d#D@(i!Zvt zAA0|tgGNsGZ-efO$q-)v-*v;#Qzy_`ImNfL`+DK`y~n75KldE*n;*|S@#l0?e#H2l z=kK29ts>uQJ+%GvMc$J(?{*8W6KZSIG)@f)B|CBRRze9m&Jk%z7HB2sAa)cqK1P!) z2eFlu2#}#YgSB4n$|y_uyw7Lj)$C%n&gS98{PQC@QOJ#qnkr%{{p2j38Kus5pS8!QBRF*@MQUK>n5?7Gh zGNtYUb?wgKszNvI7NWQcoC4A!t*9%BiG*D4lD;O=4e6uXCHuPNI%o)CPyHMXA?$;c z;^~$LUE@Nis+P_q+_I%xj<`y!t{Rul*BBO17<6DOy~Hc9TKj7m1XN;3Em&W%X-M`l z$dMN-6~p-jm5L8|?590;NYtlEik{iMRM*%)e5tCTMlQLK?lEs3+J$|y^U#*2NvObj z@f=uJpqK#^>j1@<40?|*+Oz=N+Wt@BM*7P%`~H1lBx0Z*`_zQp^9MkN!1!v%;>f-c{1b~`VuObwj+W*dBSWX| z*oW@8YTq5Fh9WmMw>Tn))USQ%<8;A^*I1Z^MZUmK(U$lOluxdM&XtAtkaRz8Yh5xD z4{*kHGKT0uT-YwRz#_4p!v;bO)@KP2A*o-JWgy5j@im(W6ZA(^x~8mb z&?MR!n$RdAfzcC~8zwm&+3q1(XlD8Q6 z{yEy8#uw-j*9$iZ?-S&;X?cHHzKLv0Og_vZv#%`gla%!sdmtkZmE~G&CFLNF^JV1- zaAzO1A;q&1IJ4fR_%`5o$UT1J{zEqrO&xS8b*s^ocPo*VKqqDYTJ-MSji#Gir0iOe9=H|#`H8;g7WnT}ktL8|(Sqq=dK)e?H#Z?~UpO-puD?Y}sD zEWEhs5sTAqyC-fkJ6F3y&OftDlI_bLZ)~;IQuCPK=D4`?2dz#=)msaf|$b?*92Dyn}r*M&k3c*%8C?C zEB-c3c6C6PqlL$U+1;0x>&X&Vs*e+4)Wb?hhB%0*6?9*Xy$xk~gQRT1-tMxzTjDmk zV7U}rM3)3TFe%;$3}}yIr7`f8sL(C1b}K7Zb$2UUHlTH|Ti)%Gmv+mG+_D4HA8iE7 z%`F+(wBtHVyf)$4D9tpOWj(8K%obKL`{Z3%UzoR!PQ$e0ihAaenJ0>=jT%k!+vk%X zXd}PUxsC+abY5H$g%bUgdKI>KKs<2m-QE3ba6Q%R^uywiS!I@V6mZEn3CDgH8M`&WFBl z70vx-yUuQ&8krig+3e>2e`Vr;IKYx2wRk~LpV`b{Y8fpsh&3YK; zdwUiPw*0RH)EfoXNXt}yMyfL7D?h5-13HnfIhCm$Seh((hr@C8V} z#m3Pv>k2n^HJ*b|Tr>#kXk*uupewTDR-5`QTkV(;Vsc|x{dRb?@q7^y^J={S*?LSZ z*4kLN&5HTrHc)Q&t`Y)5D{)b4nrxlTX~=`6a5Irgm_#_gHXLXWF!I7gYL}E+3@2GG z)h4M^Z4jN3lHx(5sjReNWVLq8r&Z@9%dg@|;=m&5eKfgBvxFm)U2xMWe;5Zwn}^|m zOLZ^ z{pWL!xE-e}$WCht`{LY=ue~O|iazMc`>Sq{0vqM?k3CvjGSIEoVR>FGEQ58p)J}L@ zpC#iOEW-n7*#R!JJguz2da5+GV_B#bXbtGhbu!`y4aC*`WF;b&9Rq6!kWm{u9Vs0( zG#E`fBkVp6m2Rm#n#r1E(q%&IS##XWHrl;Fc(?sIyBoh=JKN}uo7uCWwy6SIyl7F+ zporV4H1e=)c1Et{JKapEgz53cFx*Lyu-j~&AYHQ2Fx{+In7Ydm%)kf3$}TQO|I z+Ms6zYEUPLhPgA+2uTbU-$k5?j|n9=jUSR%S4P`4m*sp~hLUM5%X%o2{aAHR$qg`_ zOG*|f&{>u{C8Za8&T^^ONf^=#CanwrFB+;b-)2)&Gv-^)x)du`Pr1`ACxIANGeFtY zOrX@vF9CmMfH> zy%o|Kb31G{_3IW3Dzu8`N)j`ygkaJ-hn0}!x;D%~@***m z2w)&6GcXA^ULGbOP$=`vPcl|T+~o`PWmrj@l??z8tl%`yfzIWD@`TOC1}qkJLh^Xk zF(N=V%4Jp(dcaqFSTPb6kCPvIbVhSN1-aU10&|I{X?Y;SJp3RYO~weo2T~C(Jkdb3 zGYUVFE~;~|>R(&)AzdMqxBj|189Ikm?VD`LE>_sZmM|TAeQL?;Ojlq(?(Y*Ds~Z}s zr~bLGU#$a9i=l}LomI!qsFG;AWIafc7N)HS6+8y}n_>SIlqH{n2h;PC-eT1SNr#_1 z8S%?c28PywxgfU@$+?%AgGVCKdNC4-Or3VRBq?%P;7?`5V#4G0s1xoXw>n`l&-$|X zT9+jsbbA`?s?^X9Dik15KzGti8#zA2y0Vfd)?N+w9=yLUvQ-#dirG42c*th-5a=Py zYZH=6LZ*l{I7BF!*$j#O5MAnED$Rqm8wGc`+rs_^USkX!M?XrrNljdsceUG1b zZH_J!7ghUnV0i@WdtUn{GcL0xtaE2#U_Uq7M#$ANo1xukn3dxm+QVBQ1o z!x4cF7XWgV{@+4>+#;FtJUF=eeYd!-3&2?_s&A>|H(h^^C#mZ(F&kS87<#lz(edPi zT0dIr%(Pk1c7Aikj_N7TwVDzP4`$_DS-vhq`sSTkd3jkrnwggNid@=*`~*iaJPHc= zp8#~FYc>69&SO}??!l=*6KH1rmeGAjjuXvHuXnSsn(-P}+(McFG;PCbNRqm#8MZW~ zeg5$uY9wF4-UrjW&dx zP%MX19RwLz;2f>Y3fT~0D&-c$Y5vQiup_~F*VPzdW_E;`BP3>!VVV`V{yZvTf8u3k zR{#6uiLS<}37i+dJ+c3(r(g#bg+j&d;}SZBErJXI0k#{&l~hY|UF4KYZpCU?N4%*u zPlleZwCp@3L+TRfq@k>I<2}tzyr)joSd-gBWLsSa*~%bDCeC*~+^FR>&8%}t$OB}N zfG`m7XSu7FGcYnUw283>?piMl?;kGkIWI7w-q-WXFCX~IUCB(x-PdfihmzGb|MX1X zdv`pvWuJt4!=Y%Xu5lb~&9y#Z zNn)xP{tG;gWLP*Ll$MfY>CMV58v7mL6x0S|vZO4>?7)N3SC;#@2N&i*Il|q!DVzZv ztpyO4w?S=M-K_-sXyp3l7K~g;xzK0_JX)60RC3WAroia{6Q>AMOT`LIVx~q$fJtXZ zJ|{x`5PjZylH+G|&uNP>tTJNq{?jbSMp*9j{Y$)G_CL5~R;ONdTf_2N8SeX%`cHE0 z@`l@1&7Rxxp#RI>CF04CuwePbiL&~?KJwg?i=!J4L`XQ$^ytW{CAM9Ao@B<4e_TEH zL`wMC(RTVH>#J^C-d2s@nuMX|zNhaE z8xmY6x$tG+%qom|5h8UC2zv$j#x#6bOg^~aTgxelR&YcIl=91HH2F4+rZ*!mlax(p z-&-zi+Dq-5hR}XZMma>w{pgKg%63yr|EdN~K)?T>14LK-hzQWEbp#MUlvoZBoa<*q zc4)w93jWbRHq+zMDO(t1*QL6=LmM{^dAlG**zFJh@gF~Ix78%~rcCvww)lHao_tTd z4ZHm0KdS0K+Ci`jO#Z@P{`-`-*4goymp{|tto5cq*}dwN`kFe`Ye@cmJfOGht3%tF z#4=3U9;(J+AdWuU)w|W4diQn%k+wiGq`>WYIxMSIi16@$E5{JC(gOQl7QF7;LJ3`3 zO2O7#7Ir;zSy_|^o0eeE%X0coQwUiVgs`$wU5hhJBDGSFK)WnhwcMDY=)v}^?1LL1 zBRkV_a~AwiPC%9clSHHzBpvWc8@8HF+?$cHi2JdX6bokFo{@EB*@&&iRN@&5FTs5g zn+H8aiL~RX>9P`{Ads}Ag3IB>GQ(82%Rd{`48%jDAx^L?~iAbq~9ndQA#Nv=s3x zYFDV04mfun?RtK$SOkorf>mUjxpPs2HFEBJ^dkP|>q04qIVm`o=*>3C8w^L{jjion z0{jotp%Q=?z@-QH$X+KYX6#jAo+QPFJtvHL8n6LrfZ2<-01ROofGHwUQo?AfFU$3s zdjb##xZ`L`m5Edvu?Lf23!ef&p8!wR+-zCS@+qiT6uQvXTb6qzWeN5M%9T)!#jdQY z6aW7we*?H`pguBCe^>pk{$2GE{M|XQbAbNT5A52B!vRC_T#*^>K6lUm!2JBftqOXc#3seCd&fn|JnziyO`F6Ie z9jLrhUKpypm0Xv(=*8fJoBv`oyEH=xDAPIylVtgzx zX=33;+#tKmNZ3oK=ZrDlR>w{yXrRT*4sl}6(8Kk(1kVxwCYdMugcbhAJ23W5!gaz? zc>GHRl0^_7){~aEz-5q@;Xk@LO?IzVu$N zhbM&bW)?+<-)MH(J>F;vaRYYo?VbL-N{y=xy02ibq?Z4PnNUaj|GXKD;P{g<@7tZ#FeYm8Oi z8f)@E(%NXQYB0u+G+5dU_Lw1bENPBe%-)dMmWZaR{miJd92uIt?e-N;sb*z;NcVkz z%o*-pJ$YMU^MQ5C#6KdTldBLDGkc&l2E6`=0V~l(ajUSu*{0)GN$i6h3=5)WWao}H z_!VG=!1^5Z1@ysyFPch4J=N_ob(Oj*o~C1y!P3x$D0O>R!@2*$o;kvvSGPoQOmVldv#oea zns~GWqR0sja6DiQ*Om-~k5`rliYND!l@>6X8j4>vK*Wzh-mi^B!zAx}>d{Cpx&*Z9 z@tV5&5VcyO6lmgba+`%F=Yy~`;8XxZP6UcAr~e{pOI~BcQ~OV6J$v(_kl*Xco+gFu zTyg(XNI;tjGQZ)4U%&9euK|$#Pd%`B)vCo0Jhguk`%j5KnT;@?`fKX*g2wkXyjYE> z`K>}JMO;Rol~TdQLixY(OoHsQ;eQ-^&7K zpT%zIzmlo_p}pbWZ5`|I5>*`+LQuh}6!su!oe#n&lN z7HBIk3=6x3Cxy}mf?~Utnjs5id3#zez{{4FJGg8(M5Go32=}CA+bMYzK@gdeZIr0W zMpOl!EqD}qz zXUZ#&ed_rgt#a#r^(OXTX2zPAU3p?pw&%K|gPCDwHV+N5<4rXy26wILSrcZ(o%*2D zR+k8;eHnx9REybeG3ePw(ZfPLo8CK|+uYp~3C3Ri@O7WMenr^mH$0U2n{3VgP+Pzh z8aTRX<&C}J^UBaQ-Uz$mmciB~QJ3DDe?3PwG)BBnFJOMUg|k8lxj-!>#0exo6IMgc zXptSdDnVvLv5Me#-fA%*#O~xS`CD}5eH0j=!V-q+SHyJISmT@y}VLuy> zH^p$6;M*kMruepzwk33?M5dV0;c|D&=I#=jX%EwsMEn?>DcwS$%9t>jEwOkq)!0O9 zb>$CxrxV%=&eE9nJjhLPEW(~0{s%=u1QxPbIOTEmF2qv#HZj#n7GR(P#T=P1^F|R{ zivKX0KxaSzqBocEBk{1Eo!HNUed|1)=ojAG)4unEVS}UY(S+G%w1_o#xI{m^2F&%m z&R*40ReLmia(VXUyRH&b?%1G7%!yU8YI~JIcY|m#7%XBcV@)_c>1dDr$*CW0vh2C? zDyLgt)7q)?irnvjwdow@XSeWP;ll#_nB$4&MO!Jt2==c=8_`AMdmwK1Ezf{X`08Uj zgk$EWh~T?O{v&e>Jou%|TI!wYMU3Ct4DGI634(%Oe=p7-Eh~3}iq;~DNii%3nPgx! zUy9$o?iZ_qeS2;sS~}_)KX~ZGd$21gHUw2*ddR@gN%YV`M1%FKA5MDg5rZppkH6N($r&!^ITHiJ2hR4<3UH z5pT1h!}cu@Q2fz2OBm~_d=7K7-m4c4soLsVon&Y5Oq*&&*R`2-5ew5B4A#cy;|5*B zi2Bo|AP=2u>%pMM$V9!a>LbzPUQb;#)NDBHj;>!Hb$jpf_Tc~A1KkBEay6hj#til< z#*Um`U+d7fZnCUf!ORw&$e3Qgp>yZdi_c1jS4Vv6)zv51)LP=C|1;_fu47!D3DI9J%GTd+&dcn!T=)?L-m0Qcw<`1b*E8B=BOZ zt6=d8!T6HV>u}Vo_!YQw8!#sy_4>V#v0)KSRghyP;tYh_qk*}Y;jp?4eRX%OKiF(x zOk@iphRLEs&Kjm#U-gluwrAy~)6nV-9R^!XmF@O@V(9#zb@_B1 zttnr;J|>E>`nWIE+M)9;)Ce5n@cebw z0P~~#lOZFlmdViDd}|PBUrQD-^8IsstLJCWV_V>Rv|-P@%Pxj>`Eh9@(nj}g<08il zajfZZ+4+u_`RC`33t2Y?{;uS+rQie|KccKvoD%uL6t=Tt(`mUhbVi*W=A735m&P_b zQ8c#MDa6^MP6Bzw5Y%7amD?Cy!#y=Dx_1MCMH7?;!56u?u_TdxZ6pX!CN;!}-p{`N#8dd_L{I z+cAQYNMC=~4TJO1P@t~oc;9#5kIdYYeehj&&%axTId|Z(+L!o>J7zf{xI`<5J>0^} z$sVooMvBqqQP;}a9G1Ljg#734#u?odq%y6cQn=$h4l^IR9=nkb_3Z*dYIYw2OT@zc zat@1nTHFl(9Pe?S_nzIKg_(X9Bx-$_F4qG3v8VnQzlt`0AY5wazy*32=dJVLQXO0f zF5HGl!8#Q);rwy`VQ_KKZ~zAlBC}8ufn&3QFm%~_aeAJ zC*t@bz~b%_O0^KS$PY~(<{5VyEgCe_JdA{!ph%t}qr?lhixaoMz&_-zvDs58IChcoE6YV$sz6$R*JFPh*i~eOF&JCM&J~Z09XT=<(Nj9<;CY@} zN`3T%f%fxb6TF`~susjE)bWV6rX!yGO~U~|q6&7V1bj{<6N$NCoO+21xkxL4g$Zs9 zc+ufUR!jyA&5A)8OxUqtBtDl#m-S^kQ>IQYOd@2PhDHvjDml)fKKKy#f^e#_$qDsz z@xb;sxBs!s1UXvZIcU?Rk_}v^-(b9X>rG)xCYLpbZ`yjZafAB0x`;S*<^8(!=5w zCZSLi9)F+ZGY@_5nmQDPy5@Tiea3S4ldq#|>n4hvh=U(QI|Gsw=!~|oXl0!-{x@j2 z89vhvp&yau@2yypF%Vdi+Yv<%WY8vI4Id%Ap+1T1qjZMOYYsQ0^bTRTVMNxyazU~6Jg9AlBG(TUNnqfZ~5h`88JSHz`$ntgEx(j1=-hj*}u4otAxB)M=GBMN0` zx4FxXn@GN|feUU1ha6K+(@k)XZ_nIAOz#Ne7VE=1G~D4a&dspMe!K!*#96+ z1NYO&OogqSTM|QvNTH-1A%p}t*@NJFtJHJ8mvQTkS@pw*pWW zyeT*sWG3+g__-+V?GzaT1i>ptSY^nl5)X$DwJaC@Us3#BkKUSmMFdApR&B*QO(@ zDOL*M4_N0bNXY$6WN;%f4lzoo)&z506p{`OJcu96A*BWiE#IXL>P4U)MUHko7w9y? zBygH`X@k>9z@c67dfw^x?hny*?$bC7wRN|a*SCQKUc)GJrc!UpR|yaExyaMXg&WGh zsYKNA!WMdq_^Kxq@=Wzu^t_>#(ji!1od9|KP-|7?~$z zppkMIpwt~8K@-Er{*F)Lu)ouAx8XiWY61%u!|f$Rab>Iztmj zGzSkR_>)tp<8^9iMZj`^_@&Bgz(+eXffqk-*3dKe36*;qaZkXx0tc$?H4P3b8^w&t z5a3C$1yliFf;epnLN*+mtHf9N4k!fewvhO$)j~U!cfJ_c>Q2dy3>fDeT*K2U52YV6 z4QPI2R9e!Wf5~f@4IJ6|MthlecqP2sa|B8apyG4di_Lk%$~$uTcZLoFkkR2PD$k+A z$~!LbavE^vzt0@tEbszEhtM++i;99-n9mx)JEP4rs7WL*f)G3B;f*^9K0ure3j?wU zXD1bY0?bVX?avhoj3d+q+Ojuh=M7JM=E5`j=L|o`^EA5R;t>R;O63Rkj7R)AZuA@` z`d6aIgB?t2NPG_W{(0r-S5v>zdWb*Q_{lch^Lp)`bL&cIsx!PC+dLxfrd>^UnF`VM zM5Xv!c^EaJ-SZsDM-@D;!b&{I<$jo(P+^LY9jOzL`?ZXG5~?BhFUCqy3(x5|Wr6UO zBITu(Vj+>=L-md-MUs%ws1;H|{-#z<30YkbaptK5w@}s=pWbPx@&f|yd>w)PCY0nr zzx0Z^{G$rkXk1W@XU0{@Zo%*r&qd>MTA|&Tpl2z13KM5Wk|*YBG<E zsR?;rddU;2!7lAw+H%Q2*S~Y$nX50Jub8l58U{7fl6VBOh78-8S@Ubyh{P$yf6=T( zFm@OMYDo&Lag~hBkG=UI08v-eeGD54KXg3|dLAmax!HaisaWrJZwJAs`+kh=_Dd5? z>tV8a%0vBX!fwDtz46BYj9Y*&e1^6j$qZvkqI|A=OV>+wdgZV`9ix(|keZHU1b$nR`OG%M1vP;Hlz1dkoaE8( z6VzOZAF9|QnuVSUR|56I=8t@VP7Q9o)7SvG**M&6WX)>HP{1fEPa`Cd@oln&=}BDI|CUPS143WoRN(buXQs>59uLw}>S}k0#!HmNTqp z-%LD8i~PI>wlVVTLEhouvyns8;n4gBk^Cg@aCzl^$#=YX=580`M?mPkBzF-JciQ{Q~2%PO}anP4uTq1^uYxtv%<=EH-s_GjTi#@)H_pgKbr zv&^~h5V?w64|BFA&TvidG5`pAt_R;lP9(P1gF9{`Ui!vmhplemUFjNrF|I)k(79uM zKjgR|YKLO1cAiLpyj2Qpi1D#%7F6WrL0_QQbA?ugmkc($-dnAW6}4(#LKueN(b7L= zYSKztnIJ@+1b70Y2MYxSZlz9?!8f~DEzjur2}%R~qM6HvHiPNyHcOhKcF-fJ#j3(e!)h zkzgjf@E)2kMyp@O%}te9ZY-U6LwGQj=EMp0`*>_JmrsfhAy)fXDwj>+wOC@RkXtGW zcrc992jgg(Iu`5fK#xRX7;nWA!vv2!*2!T*0nwr%XnH8hi|iyAaH*;=S#=Nv3i-SO z53Jo}mM0U}Y+5&P5U)c|r@PZT3@53=*Bi5g9!`q+1z&IW^?_jYE-&F-ioh*;7vPim z6w*~V7P-uL7gX?|cY)|cz?e~?=nzv?femISpBy5iKTD3}Py~u4X-84NC`WHZ^Ey1Uufx9(>jB6*#6p$$p#w)&2% zj*ac@TyBh6oL-kD1VIbFvAMEd06GWPgaNu4b^^{?F~xNf-<{FrF~iz4=RA+G5wOx* ztXB2K$M7sl71r6UY=jOfS;CL0FH)BR&pW36=pN$z5v8m<6ym*S@{Fms^%nka_6r|0 z{MK+Qd<}RvXjlur1I_zF@4WC!i2nu%F7VEt1>ZvavjyLo>&}&&s~GY(N@4PLA(-0F zg9RL!l0G_%36PahHwjVZa3t6>rC>dsqEbkudY%_cg_J5~2Q>PgLFAeEmYG~qkT_M7 z>7rVejE8-zqx^vC(1=uq@sd{FpXM4oMidN19obQQ7u!)P=9BrZ-mXSH?uZKIh04wO zqq_LL$WBG}lRS7ouQZf~cFH5^y%|bQ0cE0?&>~1N0}zG+hM7SnIuIt0+HiKrMNY^= zsl?3a3`P_fI#koftm^ODYC?t34cOIa*4lOhj%(V~-!W_Dl=?e<3SDuE?Y$xN%rm&) zCY=2!%kq-0<&WZun{ayej9R8MEX&Vayk6JBqt(v!0@Q9sNId+sA&n2WrFlN4A~jD7 z_@RXad{&WHJ3YA+iSDrfUtW}FpGMXAFFQQUZM8an;ILXHFZ|kWH#Xk+i?TjA^&zX% zX%!FIjApZOGHv&I9A9&Iymp#f9xsMI4vhnA&h0*oJ*p7HT=?MZk9Gv)^<)SD}(C%p88&#r6_uG zmXG%bQiiHOE6 z-nPE$+4}QuRoB#1cd^$eCe&7)w`+Y@J?ER1xRh?J2dE;6?=7^DBg=zjdwp8Ao|1dY zC2J2s$4U_FAwM`lzegf1QjYMlfJzVi;Jo;QyxOI>Q&5y6ZWQMfl%d7YnXIYSKEO-% zxKJ3FmI}mGLI6TEChbt_LBE~?DJfi6&^%4h9~}s6hwjj(qng(lp4Eh)cn&Q+;&}Uq z`op4S^GCjRsPo0~(uY&ll(!)jObtXNZ=3q&_fMUE@}%>LfRt|OudQqLx1M|G-$ zzM7rh2bt+hq)&Wa{lQO8cTmRuxx5wR1oh6m9rd$Ebj{A-#ckMZ? ze&f)=v|*?)Qt*dr^$w$*t;5O`-08VYZouz`tcp}1Ri{UcKdqIiK%0JU;1UxSUokp*#o|F7+xGB-+d8$Q zWqR#si~<^X{DW?E-F??=T)ldGcIW#TYua@5p3m=@ZW%3BTJWBb?P<>S#6P2`QMI~a zxkStWj9Bm^AiRU*UXT@Ry$xlm$)q%p=oZ0*CQxvTi@83DrZnvuuda&(I5ohd(;-9z z3Wqh~H`VD!87?G+K!U*`T#H77<_d>g!>7^ceVBa@>Ga=w*z0{*O-=nqO+9?@{p@k} zI(z*6PyeiszR94z-S;!9R2DvQwKp90zIR-#TORuv^Q-^Hpk8{A4l>4wNob(~0Fowif(kl;=$&o@eii}~I19nCld?Q0 zqTQ(1kyvQ-ew4k+>|3{YSlxzDye_Jf*p2Fr{fn(`+X<=l(X(3)evawaZQe5vf~fIK1?q zA6%iT$38ePao}PIPyXe7?q7d({MI9d(yoS;4TTM#{~FfB-z`c#^fN*=ogiV2Jp;OM zVFt1l-v?56VG4%V98MV05oQR4YM}A_PAX{$?un$tcU_Mpo#0xsa*0bP#1gLFhI2wg zuPdR`&8$lHsvlI@tv*@*wI&X zT3(r~Vn4Lob|ab(HJJitNvbN^4WAktDYWJ$MxLEo?Qx76na<88)v0f|9HSPoYVs8m zaUx!?8L*$u+a7?&cNOxWt`IizdYK21X?Uyf6M@7&R2D0Y>?31PDqR{}x1Y>Kjpfqv z^#`e~C0$y1k8Lq$+PCcl6;i=w-Ch8 z*oqD)wQ0b@F@Q>V5-(!dv!Ze*0gF-EoRNbWpZARa~v489~S5|Kq{r8pOvZk!aR_a^AX z{L`9D3BGAKjl8T8aLk(pvXkDxC9tbtSmwFso!64S*vYkoZIBNjIwZ4lKa%M(rJ;Um z9%?|3ejW+aUrie2EotRevP$SX!A95a+(l;fA=kJ)z3d9&nf>lkZ5>5i%mf-!Vh&Q6 zvovFKf>U5#j6z5NKXhB%sO`nh%b1uklEur?zKJhrb}(j1Jm)iy2b z+kDOOQaJ)91#Pto7Grv%{@87Jt!OIhcQSWPjJT+(>3H*E2TZ zaMvvvXzM>Txb67*tFuuYqc|SLf=(bncH*LQZrvj|{i7W(E$Up|RO_C);+hxv-n?rV z)0rHBhPFNdf54w8mIKRN64}Egcx_ww`VEKMj9VE|nut+^S3_~cHC?@*L7380sZ4Mv zqXCObGL=tuBuO4KbSA||&aja$y~RF$=8SsXTPufORnIM6>Z;M}49qIpL{q!3DOgwa ziI>FU`+oKLy?>&9PyHkHdw*j7;xdOBnP*Hd>76=wcL z8vEs3K7< z{Eje0(>CjL_%0F|pex5z5>%Y7D=-~qdZ}NZYTcxlT-ny#cIA>ZG=Cg^Q+-xltv>rr z?Fgm;w9$7>=$v-MtxN z&n3%%W;`J?FcuB6K*9G){@nS_+tYcE_%nE7Ydm?+XW=N~{@Ksc{Vtp~KBs$A^ABS= zn)~em3Ypo)J;IkbZpAnGeKeo(XK_>98BZYm;<1vZqP~cT*kR!#LJ1$$Y@zajYJ2gRl#fhMc75#p-=n94qc~mt~1rM9vij+++8)IWh z_LbQ~brkA|ODzThjCW^6+k|DBPQcVr2_Oq!#4Z8ShTM~-q}UGlX<*9adObz=!Y{Fi z)5l_7*q(|Op=5h)Mj`LSVq}}XWT^^zLsZsMP(sK+9{-h8} z`V*q^w;{F-QLU&YlIK7A=W%=H(%BBFvw^mUU_|z8SmS{3Onu-$9CLz-;VRxJFT0b-N=1A zrf`H{K@F!j8;bZwM>Dhnt=0mV3gR@8?qcCZXD#4J3}O#e_JQ}0qFpIt_o62vd<|)$ z%#=%_P!l9qdKE2tdd_=9cHB2PvGcV)^@|3!rk<^D`PiVo(2%cJW$c}wXvojL-`K9z z>QSTK^+)wF_HcF;YNEu{qxj`;C?IHU0<5$iSiz&0^rukDNVDG-d{|s%2_`$ucuRTe z2na)fu;SB02e;Y7^d$^PtR1vWUJ`RR8(~)f=K}xY(QdS<999D8Fi}**fllz4y5uAs z;Urr4T(N>l&`t1nq_UW1lqKL1h1IoqBS-}(I|)MP5rsDJjY?93Vy42rKqwbpa&B-S zNORVnj1?c`Jrnr1;ERaYPlxr-b^-0TwAm7mMQ<^A%e()i|6_3f7MyBZ%>5{|; zRDnW0sG0wl$$Sus$Q0oJBJY&;KsBSN8V6N{(hHNE4k~N1Qz!`AxiuA~MPTZMIvh99 z(BlI{1xvXT48naIM0~9@6UuK50=u$^BR~xaIp})HUDwdwH$Y6;>{i0ii3KH2^+l+{ z#QcFK{P2RI`dg|4x$g8IMlh;s07aO7lJFTL=^e5OlwSNGUX~}WOd@`p2~U3E$X`9Y zcQG4i?pnIMdg+S39h=`{xaY@L)NW7buUk{=w}*TOmLGjQG&XzD3;(%u)$Jd9VUydk zs8DTbT${8HzGri-$8>aert6kIRxJ)6bC~r5SF&wDW8yg#xWuW#B6zMXOBJXP`6h8I zBx2?(HD41P1z>6ogEvcx9kYw?>G7aKQg8ifB?&0;FXz>vUODAANYz|gnF|t1D({Su z_|lmtNYtXnAm*KNd9*Q1e5dZ;x|ZKJy6J&GI(>TT^zARq8JjqI`q7Ra_IH+NAAj!j z)YuDT-XRM*VE~UR&@(Q#-fCBTU1g8A;HM|K>#D!XSMOi36<#cAxaO{ zo|mel$)+~?%%$AwLJ5HeUhRq7RL5hfR;tA;FL8~>>sz!k%+r-(XJ~_~T;KsFR4>j) z1<4=jkdiZ{S9J4?OT%!8Qj)|uY>P(W90-5%uL@Il7J2nFq4L?m-TZSE9qzEZtC8%j zgFCgNl;`=ipqATC77N9xPpIGc5nZABd2$OAsc&N!F55}?g7xIWYU76h@5RurcM4=f zLoPs?=K`eZ<3|OJVW4C#KnXem5upGN1>;ch-2NL?V0~6c8Ji0#yVg z)C+mhWD)!nt3!@9H)MCd%yiBaP=xgmWCH)1iC1j_;gIbi$*X*U%0O-O-49M$v4*d) z%-Cnj_p)n8b!`oiJubV|xPH^t?maF`s-Z&8#KH2L?CS8>c-}EVewP&Q02p_wt84F*3`bN%3?Fu-DcY6b{uRAI;|hI z`nHvdv0a*aG=W43y+^U^8pSBzH0JnVjM7`=>E2{ zQ=xI8SXL^Z)v(AM!O z6W}A92jo6!V-$TD2jzg&d07h+XQwLa^ekBIwv>YindN8fvY;GU-*xzp;amEr~zQbVaXboJUY@n`Pb zcC~s|Cp`4a2Os>U`tQGdP}Y7fa~!&Iwj1Icyr zI@*Q6k4lo1cU4_h4&#UF^OgT&msX$8D#^A9Ww-uqdDnz&mBy>AHdGSYEsc-v-i3-m zIGn8*R6-ld1qm-%t8BYQcWZ@#*hNSD1Kl0SrbE3oWqUVf+~90k#C2E?eaTLVp-`7R z(yi128&Kg-P!3V2npo$`O@tN(mt0MsCzG%5mUp_wO`h%a38`txir6I?%BVUCn3uLb zaGpkd&4}+t0}n_i=^)+%CWKf%;0T#GfioyRnHd}N^1i1RTawVMKmWn_HKTw2o}+&CG?rOX<8p6A?1|cRpxy9~_uesKsEfJt zUT36bT}B-nEsTbOi6(!iK3UxwZ%RoKh@$!7;Jw57>O1ahPAoln?3!zzzG3T7G`@D3 z&%bx=L(eX1X&io(?wTwbO-{2*T=Th5owQ~sl37vR=VCiz*|k02>D{w4bldw|0?Q4V zNIn+V;$*SdU_H(t+Vcp5KO8dc5RdoVz&%_j1bQSbck}wM*Tc~Xe7c#-xTt^tH!&HZ zkDv=TGehz#t>xhkYu5vxP=<6TPH#pv>9V|s@CbpVJ0*D=?fS~&n_N5LTLwnmqG8n6 z2Y!1DFSZk$k78QzxHOvugBcvEvDFlv=FzIxRfU=+4tqfE>P7LrR zE|0j_X~aqa?>L%KP=UkH!hly1|Iy;tZanhvpRy&oq-F8b`{edm?EX#JR6}D`(9_<# zH?IDA7O|vMQ@pi0sqgeRC4wQK6C1@h<|9sT-W{tm?Actr_aBk}ldetJBced4)!5ql z$p;N<_xgRy*2belTW@&!+G}oGzG7)2x@Y6nzRcQtgTtbRUQ3d~ZDKn*V+A zx&^)`e(sx>d_P>1)x)r~=LPyWPGgqp4BMd}qns$192gb8{6sYkk<@}O<0vtFVqsio z_wr97kw{2{f615BJH7PfQG{dbxS<^JSJ=^A=KJc!KNnYs%fH&PY;?!I<9k;J-Tm(1 z>b=MJ?HFCwa+z#*EZZ--9 zL|2xQ#NDA9^}~2oF7@+Is`dB461a#v3>IZTV?1A$tDP7<;`X3v3d$n#wdS#Q&ZHFs z5&ei0psWx6CF~xND&}cTRIeVUA#7$12uK+rm5M%DgsMwUe6@(&CM*JPyvu0SSK6Rr zB2s`&z_1}kU}QZ_S%d|oi$th;0;&i^d?EYJ!6|rjM7^oX%#UASFym1lSRLpJ+TbP; zjF!i>%;?!vML92=g_G%akW)hbM%65-x=xt@3lED&(Y8?=gdD5DEd;6tlW z!cfGMa%Z5CK@o$AhqO0T)}j<{SQZeqgpb?+RMjC+bp%yo1Ne=)mBktS!upralF(6) zF7o1;1w;#4p%tRyZq2u`2BRnIiZKNBaiJU~K`FSs!IaI%{L_jlY2^R9s+;w$W-E`b zas1*J?D}7roJ(4d{^E(_53CV?p_`+qzM%VIcEyTpZu#=bg7~GWA$DKV9b5bf^@Hq@ zXFhps?;zpI1wmf~-)?}udY3@nVFaV;%8HZ#m?Am?QzQ&9>C=j{1puPDp8y%h5_1&`M(!Od> z=;PwSJuvD)yK<4v1&cDinF9uv(g9SONDrU@0Y7mq`P{URbYA-jm^U|OMVAfr+D6oa zz>6{HiulJ0@A;-EXy5--g>SwGR$}Bn)v%u>*$L7qwL}2I8BRAQQkhby>abfVC5Udk z2;Wc8$h-sv1S*pm3d$t_fREO@D51RIg7Llb;d-h}Np932qLp84Y+BT|ggAfHCARZ`9i>=G7NLZE-fubqoI;r>fC&lA>|}^v#bYW3&=p-(iKzsDu)Yh3v*A2t3Bd-$ zfyn3Sh}OcqSXLR9nk;|?Q&!{@%IIo5WljLAw&q>RF9axxw2JY>j%JZmZn(*~rFS~Q zE4L84(A`BWhH-Gf+dGHFFbw*I+f_JTD+Ts1VH)ZuIg1g&pXRU_Uc&|ary?^Go%AA? zWsUFws>(>V7?fhchnQE*#BcJiFKdy!aLocqmcZI0DfliH)|65$FTq&rfYT)g?|Ui3 zKNXunwl_Y0LB4ZMat8k$1`cJGfTwh#_Jgt#tB(?d>>wzE|C_ou4Q#7C(}vG;j`n?* zC2x{tOR{BKwq#k}qjD^Blk}ot4oE;yZcricUUf>lO12#*Igb?)g7C4T`pEwGr%i;)yoF5PZ-WWYxmt8eLAw)ViDLs#E$ z-Ho?oPu_DsYEzJJA41)(IJN3-8nZXs&pNZ$-+A(0+8K3Zj4kf2{^h&&9XxVP8xF}e z+w6{)%S%Jy`bILr7WD#U++x0JBxcJ91!qNCBVoW(5T(`#@3|K?p$Z9Jb58iu$l{pw zD;P0Ag=0Vz2S6jzD!HoM2r z(!O=a;@VX;4P^%-;VZs#g)MbWd40{Q+RTov?NPnEsdus0+39k*Z5k5{A~A!(+_S8Y zsNOxE^H`IulEEOUb%tt-2hu&ScW*Oy*Xd)h4N|%{CCmbgOJOQJk~# zh&s3ZKXx=|N?KRlx&FrWTaW3ZB_)2pG0>ntwiO5NSlwEpsqQlvVzq&&O43^_;ACv` zdc$!uNHxQENFJ~BJaecewN|TEJ2ZNuT5B*a_N%pKlh&m-8Flzy>rttVCJh5Ag;9hj z4D>pfrZ}$>{8z*^6Gs+{Md(>dZd3U5U~qNWh)I1J7I8{7YVQqj`}ZMhYbvKN|v>7;6+#9Qi&z4FaF z{>_iG#t9$o0*W-Ta&QHdHtfz(+Hj1NwwFs+cuRZ=p+7V?b{6|HyIgG>ZUyhDRbN-# zxp;&)qCxZz>GqsMXh^nKEam7ylRYgd=bbWdG)yqpZd81#bi;mTL zH`bSXDytiQz+Cs#-&8^&wr4fRftho#q}&ol|%e0q+*h% z+CpsP*kqtwqR1+;fY3P)H-zIA@wSSdDnM0jR3+OIzKx|8ts`U%2dq-LrM<7+pmnps zZ`~tSSxWVewnUf9QeLO>wJ&il(MT?%d(ZZ5rO8a?YW>ckZ2mu1HHD-KqeH7|*tUI- z+vo!2m2*kEPgPfLadjoy9QsmAm3Ys$2ANxHz`ZTyk~I)Eh8$W;=|*3oEva=FE2L1< zDrV0P?bNTX%p?_Ak8_k0HwALW0u4`QtfHS0VldWj#m`vqA42Sh|8PE{WxoFq^Dmb* zh#v_UG$Kq=1T97KQiQYTPZTA#?Y+v_d#sTEAOt2I3Ru!ijfXTe?Sx7oS~@VuU{1jk zDS9bsAcc&?Z3SK^MLY6(dc{6+VqHy^H z3X9p9_3QHoRX;{o;d2MK{aAtY9p-u#41R04WVnW-*4DI;PZJQ|nM#F^4l~JkSWhn* zCKL)GeZ!z0%Pqm!Tmv`?hndXv+0kr?6x}eQ3Em1dh8qRFBLf7o_5!+2_7NhUCIq{J zcc)D?v?mLZS)n~p`Dhy^sMThzL+oPh&uE$)wZ3Xw`=f4;C@oE;)MXxnqod8Hb(%cV zt_RbiS);9Ot~IzMsl;FEH5i*xjs0_0x#y)(TeYv&(WH4M|L0wzLu*#6`x{eDMztmXYr7$8j(2p(Md z>V_+ZLzF!#NNZSA;5#X}Z!zZp$*l?n>O--2atHpXGFTR?JNjtqeB$l=-+Vd$|30ibE#A6AZS=~=Rbi?AfssusKRsaxSKsy8UU&Po ziwx171D3Ko^3(r*?g*ai$`7*A|AIc`5;6iJ(Q-D*dH|p7xWI$81pu_k4zGcb4?V#7 zc1}!Cq6`EpIk+_#@&aP}`M7a%k|8`lfDmxD2Bi?3>{kjOeE-Eq*F3qQi`7K(`Pao0 zEc)YDrcC+&UbgJD{12z~;%|BV2p>Gl``22^+l`?~D%c3`OaMb6Q)7Wi0Cr`$7UMzg z0-Q1Dv7b{(W?MWBLljN-ssMyLe`z&E$|^oRWUdBM9zeW5Tu_5_CKTgl^FR4TsqYUJ zx%{QSKmcg=4aW0hzi}ad^^m&6@wb1t1hrRkl&FW;!`yC${zbY=jj*>6-GiVWKS*Ub z_{Ph}pqD2#f=gQcHtUSs49FqF*FtAu>ja>r_%N$|_Rjot$!V z7P7+=F_P#*!YpZX)bg~R79<}^VWQ;e2qQ)-3>Vrci8_>*ag--y{3_Gt-}`EjAcT^8 zOcs(e(zwBZnZcF#3V7=cv#1hGn6T<0yrLF~8aalm&~p_2Cd}=q0o&ZXRy5I#Cq6fpU^kcdJS5 zsq7@BQ36}0T#k$g2$~qTR)SUyi548WS`36Pp!f(~hB=emznEx{kAx>&CI^Oq`IP%$ zJCT|dXNZ`NS~C(Bg=(B5NAuWGx81KEW7Ws5Ib{}|j`CB!YSEMb+RuGKm%}fCit`^{ z`P$oN(BhXp=&xa>afDXi`U77`xmNt@sd9(ieCnEG`JaxJx!ghD&)I-StQPGL!hU0Z z`)jY{gZcMMU9OPt2kcH(K5k~P%b@KG_6Rq6wIby|Uub(@QMiZKzav4R$YHSIfI=+} zKVi{!Lr4*Yo+E|q=r-bDDdessL!Xr!aY#n(`nzAINk+|u8!fr`q%1*3RZYI~&5&|f zor~Z&d<-TWH%jTf8;=V%YPD+>FKjXXaEU!E7p5 z*s@xJn);O5gonnE04$XpgtCvKmH~ilwx89y)Sf_`CSuIJ+-MQtCN9O$2Te$*v0$;Y zFbI+sM0PZ)T8Yu3MgTLL&i3gYgF@AR~Gdh<&8D z373ndh^P$_u2I2bAS$^3Vh?+dK&1PY1?B6Q5W`c~M_fN~^8jx>-U^hvRt%BL6b6S8AiG21Ag zT9{5~LW-021l5ARBZ&8CK2*k}t#q9_RaQ5r6q~3kyYx`4!Blzgy%k17?d;9xmx-E04?Tc!wv5t;6dx1$ zL-z~s6!O)@fKj5p1jRbVrzTjq_H$4BdcH(mLH>3|*-{}X&w55t99b0MlYx_dq9odj zzN6T>kR*8v4+h_|9$l^1mRm|H_)wCjJmew+6axCUd=O)i+?H|^0lc?>B=RM7%pK2A zuPL$T{OCx%IJ;~G&aR>0+fWttGX!-xCZg@V%c$ItJ-33V!dt^V;nK@4(|d?TS-;ptI-` z&t&Gh!v|ZEL$3DJNUX2>-gBuiS+$;H%Pym!R$BV@Gg22;Y?;H{8Sd7&c)iKqH*l;{p@%Q~#Wr09w zaaXil1h!^b)KbEn4v$;6bThic^kiaKtzao6w(s$-{+sR!WqQ`S(<>x&3cFLkGBpj~ zcIUto_o)Z>dfe?jkMD08obgka1lF(3WW;PqqAn;&8gWg=1N%oX?CtK0jilOLL(|W4 zW82Ky0#6EX5~G+Gek6?Vr#^wk1$WDC4z+=Jx1Ialwr@t`BEBA$Gc2o1s1v|Kfr)~A zaLN<`5eL9VitpPzmD>!DwJ}D)U_Hvv$I4>1kt~?olb|35i0}Ol+0$QWhLi({bGXAD z%0bFn?gPbT=pg78#qO}c80D>W=}68N$EBFP?9e4xI{+_Y_OjCn;U?zKJ#%J|z~!cy zX*jZR@1jgW?Vd!dA4R(pH+TkcD2|drnveiB?=YfD;*c-K(_B}`IjJvGB}2uY%A13l*%}h1o-xT`7ti8+#`BLHQgw+JXB-u5frOYsW z5k({b%cPB#0mnYe*BJ%Me_>`k2Us7Ohgcy&2Z_ZLrVXg4Y1$)}L~YSn@p}HL{Pz4) z4UVnsAUq0N9gf%7Z+Lv2;WZ~15?jHCxOG04h&Y6j`7_{B#QE0{r{WL42H*uQMq#ce zKx&4aVfMYeQ-tN8eJ_QFbnbg0Msh;Z8&tfv1-+MhFJL5+L9GUF=RuMO{yumi#O>h- zY2WkSD*+$JZwfEM4&njnv6a`%8y4mvExZYpMnTj{@hwRwSg6hLZVR*-VTKBA7P_>} z=-mXwF5yk*F|+ZvS_CRALI+|Pc$Ef>K)S^%vU%^;SbVTcs-GS@f969iHaz>%3slL1 z?}feyoq4v+lvRX`BZc?!Uh-a5zoRdDA-SV3^3F)Ff|(rF15D-o#Xj_2AFli2D}Ly` z26+cX8!gy(fJd^>F zyEf8r;KJAu0pd%m;jWJmC7d7!2+!I|mT256t(+qhtp}!QO$50@TQQUIYZ2~Cxm_XY zB4b4uGa5~6bcWVDew2AQAV1{6bEV-{@(}+-g^1aZp0fvB2COB83l!XGB#{PNOQ@AD z#jo)%1hn>mHmNm42k^74^c{x%TT3Y}Tj{SiOzxaTj2;I;bQ+SlxXGOC=V3e(3ez>X zI>}Grg+a1GavGgN9!G$^FzjFfLMi%BrLkhuQ{i{%ci{K*AkQ@~q49<-FvGJ*72UEG zTeuB5i}?Ff?MFQ10mq&2aM**cz;EKkYg09$h=_|d%!PWzdEA7a3+W}1+5=%rjqu3f z!NPb9i;A{Tqo_A1jFftEJ|V12t5%7UL9bykrwIB68v?uGU}mCZH=BbRQF546Dw9t1 z0({LRAM)g?G@{>1GNY)&Rg%F17a-Clco4!Zie{5bQkUusCcD~Nrmc30YNJ+E`_(9j ze7KcxUnB3IUPKaam#FrrC9??lH`8lGBfJ5OVA)k#vy<@NCM2;`A<-mAbF?vyRjVd{ zwofhTB(2&Y8g*Kvi^U(S)?i>3yUMN6BKfzL>ERq#>rGmXx>C}LlFB36CCOnn*d&u) zvWr%a-7i`-q8dM8vxKYcq8FYFNi-Rm20RxAq!$;hcqU1$!ObKMgjdNZS#1W59>2@1 zE=kvdZ!I&IsU$!7;zg!WBYUP(rPX^i>S|vQ?_iQdNzY7LDP&cf!71%jTO_?nua-k_r1%4*TsG>?c0@%4u#r{n;pU2l^_gUSe4J04wRZmZg)NAg_}y-O`w^%j*`#JeEs zS|w?nr6SM?^Jft0lUl}X8ja4#%IqpMn*}Y&0udE6HAqqvN!N{fjXI>!l<6@jG!o+M zU3ET{+O3lCpjx-hBWg-r23<86$utHL^{zrUs!}<1%pv&CISYbx4T7K;x<{ z1|TI6$$^x(dY$BO>X}-na@zFxC8J~$;U3m$k-%1G!!I+V3ZMx5EFum>gGOy=G!ozH43?32Ht}l_)MoR6hHW+XLUIfTYjS92^8kJrrs`V-)^_4UhWL+}j z_Byu)=`7K=)gG%)t<#&4nwVLvNUK4OYBi~>>Jp3r12}G&13#e03whD!e9Wq|Fq0L1 zU8_e9duC7}+op&Nu4LrVPf^;5%kQWRonC`Nux1Q12DGw!dEqh>d&CU zAj+7i+I47V8Z{DX3f)Wu<&mWJY0#66qFzz~prV!x33H|0XZ5JGrL>kyg8Kuv<~GPF zX7Jg?k>?vQKImX@N8&8}luca72FBc~q}8IRR4+_-0*^-(f)(&;!K5c!;cG(Z81ih% zk^?$%(2>)SeKQHb9;P6YcOi8Z@&CwL4poQW8>QDV}22Fm15H zSY>?v{2^)UQkON-ch|F|Y!tZ0$j2Rr=8*<^4fzQ!iFW{S-6kXS{8#gpL5-9(q{e+v;JuKty~&aYovfDZ!UiMkIAo54 z<^++MG=L(~NNERdd@q0n!H0*oAkURJ2JtWh!iBNzz3+3-0s|8sdEprFeHXH#kf&hh zF?N28Dtjy+0E9ujgJpZSkC6=+m*ul!0I|+g-Kg&(wr?q_9B^isc=Zq;cw`^97oobX zI7G{S!CIskcPRxG^hL!+Ko(x&a>6NCt)r2OhuE(ClMgxlCR3D9Ow>3y#CAPIfGFbJ zlB;x+y@GY8^H+1&(s@FWd@2<5+mGDV~y#!j9?CCc2uDTVCUh)#aZWUUM_r zmN?WN(i}zHYz^Xz4+vinC_)>?df-y|!jOwmEyEv#I#*)|ALME~tnOhY&KONrP9>JX zA7+!+V(_}Aqe9{HK1&t9SjaYZ;(Ps6z5PjI17uGtZmp*IF_*n!T1{Ct5KR% zO+uIemWndaU(hlrKzSn|V)K)@PvIDX8o9Lw)=Z6U{i7o{+&J?3$fivjZn|OJ_t(wa zKV0_x(%QNTDPVMJ+oD#V-&83D%U&;wM#>*86aQD)>!r2PvPa9xzK>|-d8MSkcz5KH zk@epjx#8vwn>OLrm+t;`6t}LFDouW$HQJ_i8Us=#!ll1gR{BWUbO|;}{g0GIP^b(i z<`z=sA{l<~BhrDi=ew)#J@aMsVqCbR%0$Ds0jC^Vf9u~ zy%s!byrT;bTqm;nH$Tr<=aSKbXKFw3+&fQQm?T!j$&){6EwdtTVD5pQGY3~Ls(9nn zQ|~bN@X3~NEpX3fJd+n5#vy@V7~oJ-$7NeNW(bOmgZ>SVBBJ0V9t9`qFh3v)j_f9m zsc}actpN^>BBy6nQ*INIK$@BX5mu;1_@qj{7duaW;|#J0Xi@EM?U{i#_FGJX#Ux4@ z_S?3BgBP+t75^gtt}E-x-o9D#u?H1kX#Uv6f7yJyD6khRYuJPNV>NJuVu@p%>p(zk z(K=x#teLk7cM10icL?LHRKI=H?^jOc)^hRUu6XW_soXUQiZFtW8cq%$Uhw{SF8g-w z+Fj+s|p+cO5)*_!LKB-vMgV#-pccFl+{a zS?KB$v^nY+4;;A)#gYGq)K4-rlVgy2JZYZLc|~!PhnE@vNZ0*v^&?H zd}O3wZ@%d!v%Y`ik&|n8YSp!|_4hn{a%87gWl`y_62~oen>kydmdf&KcA-pCS7gmL zyJdR#Djf=FcaEHV`0fo`zME)_tk}J6jq-J8V$HVQDS#X#&zP7?DT)j;**09q}ElM^~;y*&6Vp?4-9r5j;vbO^1x72GgI}l zJ9XNOEmZBwUz5MaRUNWrpmW~Yt76SfL-(iF4X^wDNq}dQ^dbK0WU{lmjy|SO>HuH0 zsr;h>F_X!!IX2c|taj<*e#r(wo_&!^s5j=nnqiNhhGU&DJBo}{$yt-zg)ZS?KDRb= zNfZ%Q?ciSGS?U4oZ{f2otZX{;86?fa7*%4h;ur~v!@U%y?I7G~oR5i|=!&_j6NeRK z2Zdf>?gjaS9EbUuf`P;ErNi)z)VK}kcHu7cG^;&lZqG$$L5DNsLiVD3!dEsP&<55* z%n86yaw!FSL{C`Uj+U{<%SOQi9Bu3GQdqSK(KLNN+6E~KXS?!QAhSndpl5;vVYaYy zUL1>#(zQ_>_)~lkdo~4Tv@K%-ox#nBVmQlU@2^*73!4~^Oi+DrQhkg179ibE2qYC? zHUZWN(u0j0i$%x_d`F1PM&K1iYlWI<4hcmuu^=Lwf+Y~3LxD@7CYnrasFG6qSxbp7 zhDIhwKme1>S)JJ!Yoh3fT+%K(1r)M5auy6cC&wmol2jT^7$_tu&{9Jy|Li_rPDs3- zS6=ngr#^qJc!iANkuPP7w*k{4DU^3+QF1lvzrfzXy z_veqF+I{i2$D|LQ`uk(kPa90OZi9H`(3yh=1~2}0(YnmqMdCn7xI9pr--~lS2KL$R zO>3{g-FDt{{PVjd-L=Iy0Ri){6UfVyFd*y}#z6~*q?ClRg3Ap!7x+&gq_>k_Mvg4T zVX})Z;XRRu5)i>R@vi{=j=*?8-k}l|JTRc~CGdNNjk2NWdN==!S0pP)o-elI% zj+03Di1K_EkS7)vlj1iF#k`Ar+!|5fb#p%1Lvul5m)maQh(56Z&QrcFj!sf1pbv4T zAI;r_E@Y*7UHx0395ec$unl!~3#$;uw~$1z27@D!TVtbHIzGkYD#z1w0&^7+ImIb2 zEJhlH=p9ozJ)iV%isyQhxnod=rgE9Yc>hf_U-kD8j{H^{ezK_o_k=pszJ z?j+eVyb9|fysN3i_&|m(9Owh+N|PBt$ykyw%7{;K*m7;uV%3~~3)7#ULh#ybG<}xD z<=ZeBLilq`7%L;3CS<@ahk=mEWgO>JdaFBF+o`1Q+5)V)T-k;*2=I>(EUSzZ@mLFv zAO*Y7F7G%9nO~)GxQ*1-RuE`%B0y&g5pt1G0qZ>%EMb37rjqVp*jaFa;*6M1!4KgM zK}jbh7kN)5%oiw?O140|55cAMdv*oV#~yQ7W|4+-x94^!_HuGvORV1OEA8k^ zwvQ}Lj5MZwT~Ad{e|}R#d09r+X6UPRFfsM`rfW?rlB>6AZn!;vc-OAlr=uo&&HMj_ zh{KuQHfOWg2bK9`hHon+>=8~1;{(*8wgDJJ-#kv2;sjk7j-Z>c5k7CCqt>Qq&H(BW zVrK1>ybrD1*?|U0fZ5WX>uJxebes*k8V6PpECSltOC^=fWvj6bodAP$ymJ+$e3om7 zDD_QogPcl{Fc<WVUvKYQ1N%E_ zrhR4JrV7}9_gX8g>QFP1Qd3gtpe(RI_aL^3^wAv*x~bt4<6k5u3O< zd*y8QcBiR2y!z%YM=30u@+H0!ao>G5T zcmKNO<#mzN)qB#-p~fbM+Z(l+bQbern)+w`r&i%wW}Th=cXR9Gs<>R)hsAXzg2nwy zKy=MXtdCGg-gwOs8o)J#L_fj(1#wNP?XAgbmHrOUMZrFs-GJMVnEyGEKmgTwt zlV}&t^(@-d+10&aqXO+kh}p|HGUosfGOIa)fnS1jg}Dynf`wc(C z-FXC(;5`FrAJa+r4XLLoU53hg2(Ml2LFA7Eua+GVY541~sChqnAFXaK?P@t$wPEdb z6>Swv?8nrSh%OYXZC^E-0IuDlstEi@&M+=>1A zxV-gV?1MOJ*Q40)ipz(dz&^=&V_ePy14y6=XAmm@Yq17Ty*?-@WjexyL_VsWBD*?F;zr?Y%U)@!wtO<05~qh0gF}A90#Q z(9#c{;Mi`G?kc&RK3QafCW{&9v@q2=7eT|vkn$G37m0k=37x-qs??#@0CVvjhvWVC z>3d{nMa541-~O$xu5aQ0#lrrN4zZd;fx^xwTj?rX)Jj)5zN0qtYj*B@nqTv+Z(S_x z=f6dlO`k37!ncqq*j!o=4Ke_$(W}DvVp{27GX@z+h*AT{!7w^5gj0y4gGo|JfJ`U8 z?>3r2t>A`cxnTrByiHVzT27UyC07H&AL^kl!%axDU86D=_8Bt#w#vHJI?y z5M`m~^dQ`wu%89-1=^5B6%HvNb^Zx861iD|z=pz1<1SJjsS1o*AkKxa6rAqgaV{!_ z|3W4B!#bxWXo^ULTqmP)Mv9n%7N>5KWj}A$e^a03L?BWN|C$64D5Goj#7nDi3qN*= zN7?GNz!k{|$WH&^T+~~tI+|DeJpf=^64Y{t*ALii-l0R=5P!`HM@1w*rv z&moXFiDOw)7?dK$et+c7lG(fva$GFM~ zCLUC&(}3DF0fYyZ$_!lKg3TMOX-KwGIkHwdz*|?~nWr^^?DmAHgh~l6BCHBnCCE%h z6pL7AuwGz!2?M>sMNyJX;KvP%bHF)oTz#n1sc&!{?7s2q`%nDi0|#EdeQRv>P=yY} z^cs8ejprYG{+>hKD=fMikUREl@a?jzUeC|OvJuSe^}rQNtK>-gJ@1~m<}YsR7`^qb zzWtvMm;%}+U^Ke7Jock!?)>9_-`E{GzPU2dd(Hag&H3$14sB((%&Ff&utShox17iD zgHr?&KNJU=riZxgoyTTy4nSxO{fZS{K~Yl`g9>68RoqYcq@pqNvgK5%J@%K%n(gfb zg3h%#WETRY1bHz?TF%+MRpG{#G@Y4&wildI#X3cdHxD~is+6zBzq3kF$wdWuI=0@c zuXi8lI{Wh_H@|#v|JhrwTNkrz;{u_wOw?5CeSb+C)-)01lMUSG1a#D4C?T>jac zHdTEk(#9hHxbDdtm$#4J{K?+Ep9`oBmU_F_*|X`)TTg%DxnFMVsye>0vU%~bk!8*K zox4B#Jh#2UTLpWE6?4dXFoIq!jPW`}Fw~kj^-Nf2VWUOB9Nd*uvqyQ&LZz}HdyGxq zfQq~V=wi~E09C!hM&fhs5MSniJC}#y#dx{W6AC12+fj4!6&ui@gMG_*bp1a2L}@ri z0+As1tw9$qB_q?QJ);j+raF?l_wFaeX>POQ3~{OhqX+#2(aN(jJ*Fbv;g z6LJKMLfihOK#hhue@8sGKbhM(C9mBJkNwUaG)M2;jVXL5=oP2NO*`p;=@1UU$>=4I zBO|g$>)XisGSNI}g@z=+@5l!j^1tZN!piKm5nH8G6P=|SQ3PBNr8aVC<#r`<2d4lq zA3u1A?tBmt3FC(j(&nKZSQ)NDzt9araWd6!!}Ntf^|NY2YyXn9)Yuz2{}Xb2drPWG zt2%_3%bW)tWCxr8FA2Kp2oF#&As{LjY|m}8%T{>H`1*kyp-S>5j4MoJn9_g`1zZn! zVT?#(B}3XKoP&cIaRh`iMwii${$-JzI1kGt=~*074qH9C13HD9^z6Xq6?Zawpwivw z`P6rpEgJgUqwML^cdi(09$3mpy!F)3qa`UB{Ok>MZxSZ13?kRmZ)JrY2FeRJUCrJ=?f% z-`bX7Y5U%eyKY?@33g8B4*%#!hkx=D-Y4(@Ul(N|BD_Zz@(mSbU$U>ILF(nj!rsM` zjuqxk#i)+qtw^^du#%V|GRbK6jz^0j)X z&ManGHhWD*m8A+eLu_LQ%T>0~(qihnjKqZ^juEhP;eK9F@)7gc`yf0Ny1ken9(!* zZipbj4aB{(w?(diN&b$wS7z?L1c-4n_o7ysW#XIrB$IRB*GUfs`z+>@EMFTuu;FzS zVrelyz@GxNOqrq)AxH&27^SsOHu>QZHzx6 zXH=nK*`t@V4EoCl_zkF&zjuFOb8m~PL>r?z3(t$b_xto0^u0^_3%8rVt}1|2zJq!) zPzV(L(;1h$3bpO=f_Yf%1Ofv>T}^Ac;5R5b6kHGxwH6ilXyL^VQ_OaKJ3Dx)ed+Z{ z#*)`BZU1AotUacHeny7WlZ&t1xjcXOHpAjrcPmh^-q!BeV#C(_A6NBU6_EVR;ot14 zi#IpN>u&!0NYllChQg*gJiLE<@2ZEA`3o6syu8}ss4kCdGruaS1G@$Fs~lvG!-5gB zQcSo;AfsFvtUBC>T@%C#VX~2;tc*}BVWzhUVZm`PK&JtMXG8Cb@g$@%8z)~3C?OG6 zgbpacrx?+OU^xK^N*NXpZf1v7!^0&A8U>Jf;R*-SBHVOIhYgVt?obbw01Py^@~|er zNaD8d`=i~A?OP|V-R)#6UIwg?EeGav>ApoTd_R9~&4xwm-A2`)t=O?+#qymyFSJSj za52apWbZaLJrrnatNf>*O#g-GIB;ShS&^LnL7^WM_|0072_WYH4c^pvz=4%f2$W*^ ztyP*5o`f1o{}9>A z1lY4xxodK)7w8>+}1|#Pep{%UFuL0-URIiztU5vxwjkG}vv1FrLHc(d)}lHu~YBw|yYQ z@C)=ihihus;p)~D{JXa;a6MeSf|ll6KCTHn7UX${`XI?&Az(=$9Lf^VZYc}RAfIv- z=PkTQG|>)Wg(LNHX>{n%$vnC#n7wbKIJQ8huPq}58Uqzy?d&5b+3FK}G^L3~?Vhgfb;=3le4$kKWxBxw@8(~6Ie+2r%gg_c zb@D7k>^T3LZXP-vT|LxwO%=P%-(V^A=kHJtNjiQm|7)d)@)xqH{JmFaDV>EH^l6pu*eISWPAf`^Fs;W&K&*jip1#FHH!|1HM)C$$sE7D_ugMB z>w2M1I^f@aLQwo8om1l=_u}k5(4%1{q6*r>dzw-~DPBRus!t(>%ch94jaQZICi8a6 z{<2CkggUz^K2+`_dXa&ZIKIq2KD=o&H&b*{jIrIea+r$DaO^iDGg2TFqeE@>a~f@( z(AYOX1`q0;ymMZTabKz4naXY9l}iYN{|OrY?7`6;p{la_)bPsBFvF8i=6{oaJ^!00 z*)RUb*!fSaeY~x09ngFR%l`4d9^b!ze7fS}@%01p45rOnAe#jRp%ex)E?v2_QVmU^ z04-xu#j>7u5*IeIxBjK7#Kx96{puIkeTWaRI*ijlGncCjcDw4^pzP8)%nmUkwObrM zyUvhr-YHsLB^Pe?iRv<&6y3v&@a&TeQ}C~?7w#57wj|f}aHIH3Rf*Omm`xJ7afIWRx|BxWNj@iGr~(MOt4`#DT;UV{Q%>;7ht93estm1}P6M^Orx? z799nPus}$NC}&QLj*7_U$@e*bVstdGoc-`#fG(J98JsL$N<}6ITd=Pb=I0mQQ^qFe zsqBQuVzY3IFy2pNa(HUIf0(3%eq@5e=W@sj$kywwMgxEsu7v{sg%;2?<=TNAZlN?^ zNY%JHo?D0d2mfi;+quQyZB(daS0@OHw;>^K#rRzeLRqk?<(42DQ2o#_4Z@X$m<57p z3nX3;Oin@Rkin40Rw?}pU2NVi7n{%!Nb^T#L{#?s*Ej~9oIIi7D%K!;z}A2L zK4w1ur66;fji%;J9sM`Nv~HEr?l7v{+SrM^Pw-ubo$ubz-?6FLWCU3+#pDm~9uD>d zAOHU2e6Oxvd|oY{WA?jOKl)FnMYY*!Xlz{31&&g?T~lr7S}}LKvC-h1{u!x{iQ(ad z*l#pWzqllZed) z3Iu%MWK={cu)7ez3?+357}6=}1wy)EQ72n3JV)Rak{c)oMJpEPIP4g*uLOpU7Jxr; zX(9_p0LfenBiL7GVL^cIlf~;2-=Le&K-Br6QL(nD3LVgGRZwF^m>HpcM2^^)&VYAa z0LToz8Ss38#qw{B68?uEW@alSnbGJp&H=yQruqf>*Kq+QtrdYL0^AH(vx062eI^Sj zWhIau4+*)-I1S^i@!TpT{#Zq}o~;|u4S{Ot*=m1T zFPIW7eItd1gPR*jY!rDWA#_Ii)`U34F4>2O42S>xB!4hHom$!eq+fk4-fG>Zgs z$7OUuI8?Ry;d5U<_weR@4V_)8xX;&MUexGXy?wQ-agn*f=ZmYlIve(7`wg{*todi= zEWY~(u0D18)YSuQ)M-xaTIuvV54RwD<*pZwEna-=gXw+_85nG##%W9x zWSuddW8IHlyMb#Lh+lH>_#B4^COADQ8W}yPr75vIpu`CdB~CQpTqUQWuB;}9P%5q{ z9(siF5>}-WowdMXi#dU$bRuOaf*O>Wfl*#2DEZuhK)N?ygLr=6u%2Zoo39!wJv!2u z(`+&!`L5Hf9=$Z(@B3pI--3mT1M9)z9+Mc%*cBVF0e9Zqq`gk%ooBGzDdP0yXm0XD zaTcl|#l$o!P|;R&#J9;qz|}|$*k+#kngr`QGG1d~LIRYV)p%zer|74Iwg5BAM!=|n z3k9TSLTwW$+e1!A-H(eW)Poj;fg?DT$ECxd7zX6J80Cx!^1kZ{ApSWfbuPUU0P#DX zEdaztLC;2!lbBs;Kx$!8=vbqA6i2KZw{3B**VV`^I4b;17>9@xlWS5~P~pbd zL@Ot`KDMEDU_FO{%QTfUDN!36uz1?!I?Q5(Fq_XajwCcm>Q6+u!2!4EXOzii#gx1g z{c9~*D0CK7)dtYz=y~!GdHWVPNv!s=P~*Cds5-eBPSKbAPn=E^mYaGcAa zBW|*yBZi_$j=5cDKPT9Ob9NXFnWip%7~&_5({zG5@Ti5Y%I=>Db@z=~x16 z;L>*ANw(yq@8FpLc*6qliSqA(PWWXFx_)4gjD_GGg<{2D2;sT2|F$#NZnd`bf7i9U z8>#MAckgz6x2JOd{>q-rnS-0l>u5=;E8k2B9%lFYPgEHeSGLqSty`}>b6fw7r%!)Q z34koz^&LeA%<{G-A2}ES8%d%95)ffJb=-3ZXJHx~ra<;`;k5!#BlyJ8=61CC6lHNB znl0FyU~D2@QMkc95n8-Fl>Z@OlUs05af3I(+Nuz+ti)FP6!(Ig>}Yen6KlLD2Cs*! z0n92`@8Q^x8$sodT*_P&7=oAarRJ9QE=Bj@p?L`}WP47CR~5lP2|%2J=oO}QiSy@h zF%}*zeukVMT_H6(U}wVCAb!_iAO3wnJTZgT^2J=`(bw zeJO9h{CoKa^6x$KQx%C?;TG6pVVM^zs-dhq@>g*O_#+PNR9A?IiW46Cq3a|+c&~eB z4>erRPIvzJQ}4X<)JfM5|CP4}m#MPQIkSQu7>iP9;~RyXHZB{=xCSv{beAAAF49_3 zau7yYFj4!6i__R-1L_u#PLtOF>Az%Z!p%2;3`KAp=5DVN0t1Br^rHn+vyxg@ZBOzQ ziPotk4{Ahy&w|{4a$5#Th~Z06;u*8kc*ndTjZ$XfZKD#tE(j-2s)aEw2VH;xA^Uz- zEu7qTadO*9W!;(K18fiu3gmXC_*kqp6>n2aWdS5^G`~Fldr;a26dD4Ri}WL zM!%#lr%(nCX~JEPzz&j}tvmreGgE^ubZ zCcCkPNCm{E$bQUFXUi)Z8oLSREV~hm_;O7+)jF_*6h~Ouae(vXy9>22S93v3OhHMR z8J0?me-w_N0TK(CEMgh56!X$H6W*W}NQt3P28X4X_lBTi3va`Bc!R-||8rCMmHkY*Fa93)o%4{Sf*^fDVIKA&mTIxE1{r;h37-(Ygj_z~7Tywm zF8sPUDrV+P42Pm!4(X*8r!iDbA}-+T1*{*x??_R9)JRaGsJdAaQqima$Gs|GYnFNzUW`SP)0cN8-rl=2ukLcaMqkqo1QrTR%?7~Oq^idjilmH4( zbY2;L#lEV_^233PV;|9D|M!CD@274)I!d23mW$gLGYgf@e^fU_e^YZjY!)(R7)X~i zco%jF|60iMvz_xagUG!mE|*k5=9D8zuLYG49Jw6E0P7UXAqqkDHi`Nw zF14wcBI;K|tmkT<9L0iYYJr~`^8SVdi4bj^d9eZ|fQSPU4)Q~8H~}ejVu!mQ0uqE) zw=K7P3U+dN53Y_PlxRFy1$b<`+L?Hvdt;mK!f;BT5}Zn=W!baRq@qA9hF zdrqPbIYapj>g*GpT>}at5k%k=F{q$tX9g6lCYOL`2{}sv&f22W4z|Qj$X>kbV-P6x zfHCxF$Y7)u!eHSpI{JXF^*g`g%=ige%O|hNBC0m)|19vd7Tq_sqT=*pXQ8Qc*!Fo^ zlV>)WavBH;$Tu0>jdP4BXdY4{=s&EIf~fr_VmrOuqbCL|j!W;tZ+P)7ewMd=(KkW* zMJMFb<-qzQ5rwSDptT{H)__ivyAHahCR9fEV$wDiDcS}kp-Z%las+KANY&^nC!K>7 ze;&(+Ol**6bB#R2tlL|Sb6f%8QOCf|+2jmPFX4&WewQZlF)G|ibU1Ugl>o$BHaezg zD`OX7H=C)?Ih$Fo#AHbnUPy_#Of7<;s0hn#_4N%GAJs=ikYXozLWdGC(IrsmSDL0KCpZwnP`044h|U0X-SeGJ%ee z6vzZJuq9da0XB9XXLVEsqL3-Xkl2M1p|{{W#>=A7q4tPV<07Zo2GJR8rqD(aPzJVk z2+jx#10Fl4ZI?wvNRI=+i+4sqbUK(0dbM^haBoCp4?ZF43ieuef6wBl%Q!7~(&xO8T!0aXwiAwd4@I)vz@VX%|8S%3!8^t`< zz>Wc51^V_ZmJhTuApHfJ7reieG6*JjxOEG?buL7!Mwt=dQ<$;O6-}4~kDdLr+uQ z3oU`sh_`bqR)8?Uj&ph&N2kUw^Jd(6GV@ZL4T(amiZ2Bv<->2rGW?B{C(TbPuZNeI z`);Bac|`e(eW*0vtw9)){fAo6i6SBEdk*KQL+HpSIzM;^A0u`*xw*YXTo5} zpJ4YGu;Dl48`<>>9u|{+I<6Etkw2ka$ZxRFVcy5hc&@)KJ{QO$^}r_rLNo&sjMH;{ z_#iml?!gc6pQ3x`8|laBxfVG5C?4w`JiYQBR1(FNOBXnd$3lG#3HPg#su88W@LYvQ z;#H;R0XefUzc~kol!{sCb@8+F5C5%lNO^d$C@RlRDNkqLY36Y8xn9I`U0ZBNURB8N z%&B!?w?;dPO8s4WaOkqHOOG|b7DUw8ye7wE{0%+W0*CQnjQW>&EpNvPSUlVchSWkX zNHST<7KRB49{zSirej|>||2;KN^D*;#68+wSeQM$EbD4g^-*1SS zRY{5ZLph%r?36X0zbJkVd^cvipB0m=@_OWe`siN4MlRRTOc-Jf_&sW8{2p+6KrQGo zpQ2)w-y_$UmjB)YUEngUEjcgOetb^nykUgW1~Ram=Q<_Nv5nRnU?2&NgIN%>Ipi3m zoFtflM#NqK=Gm4jAp2Kzh|Cba6xTr ziLo(F29$H}A!3jT+k0mp7w@6sk9UFIGe*TB=&u57hzk`D~#S5T|VC)v;#Gudz z?kgoTP$r3-3dqhu99K=8<1dQoqo4N`2+_`|aVO6c?leNLMA%Ffo*#-NqA*k3b&!Hn zULL^PlmgV5GqlUy1P`e%G)0d%$G8V2jSFitrjr^^ zehyjiJ5e)wrDnMAjpxmdk9Wn$i_(=U)Q_K32}ir!1@{TEl3Y6fSwu3X5^)S!b||u% z_EA4YQ|!V8j;>~?jt^Cal)c=E43$5+dO9<|nl5vkx(t*IF2_&8r()%Z-&)woz!}NB z9MkWdny7J-Uj-}`4SWN32Q6XZC%Ppqj>CKpjSSjqk#Z(z%e9komcrQR1(N)2*zG6O zWEE40) z-!ERV{p9xTC)e(KWZ%9=magmST))1vi#v^ujx{Mz+RiE#iyrFz<=GgTI``~ zwu@f6Xy3*Ex?$bA8`i0^oD%24z1#r79CT5y^gTXl<@eKNZIF?QdYVzF;BmmDnW1T5 zO~AB8?x-o*%$2XXO!RYtY$;53{_Hc0!<>YFXR$!OQm_|>b>xo@1EYb|sdd2f=)yEg zbin#B3iK)=-IUxo@No&UjuJXC;5DdDNgTw~kqkJ2kCFhFA_p^!rYQ=AQvaAfm0xdn zS@j`Je|pc@@%62hCZgm;Df}UvT^3kJ0rt8K{8XF3`leVLz>tLy=?%%;05PLd8pAZ7 zL2ZD8Qvap|Yn%B@ijE5RJ9+0ps=3TY@w^1wSZCudc_g*jf*EufC9>+#!(KLQpQvc> zBF3HEI)|J_QW^mmWppu*&=R3;Xav2-S(T_aJ6zZ$fDcEADZX}c#TQ^?h@L^zf{F(c zN|;)Tq&=u9pu{vDNLs*+A!j>5C1$tpE=?YO=Fp>0f9m9cXAUJx@9qwtdi2lEY#Yu# zd;0E!!JhM(osZnL_PMopJ+d=%`uf_>F8%V-$79!@9`kjt>-N!yxNl~Yz5A=D)^56P z@2Yj7z}n%x*KJ%g_V3@jW$0*ENUw3$_UvAKb70e*D;q49hLv}2y5Tvu(dd3|Z1uYS z{&kmr%w4}+=uya)=^%LxIyWX4%*qH!p-ziF1StoiC{*nl)H0v1Ir}8SRM4qpJ&3F* zAhXP#3!qx{u=Y@%KM?5Dpduma@F|z$#ugUjXqr|8(v#a*X4^?|jOlFkMcm+;ALbX??RcoFJfTz=CYhx}F!Idnj{Q5Z+47^q-)G(Kb?3+R;j zD?+TMS6sqhQK4rel4a!;Ni2mPWl;k3!5X*}FI!)Mw?hgnz!0PDxe%qp5#$U4RApBM zrY$`oc4FvHyjtC$Q`M?!cLD*YqXQmFEE@FSd*hJnV2^EV2bZ)GxtlFwJX#V8*c&P@vmi`oevl;VVUc3OB%QR`1%i+FxRe z`)>Tyr`T^5D>f#=f?aR6ouB1i%_o#17d+6spaVO&_aiGP2zxt;7tpY!!jN zIcfsEn`6C^V{d|bH)>N(k<>$7npbos7UBu5*~QuaVq`V{=n94`Lxx(e8yDrBA|CIf z`Y{-Ovn2OV<5Q`}vmdWIr_XT}lYN)h9lvHJ=7xg4k1s3c*iPs_R}}PpOOkSyan&D7 z3F6iivveOobeJ2U2SEf<^iD90k|adB&SL0lXZ4mKV%K=}^g+CQnQ4qQ;WzFD=Y(aWAi&vr6|ujo=UWqga8)sf0Bojrv&yzvMn-fV^F} zS9nZ#R+td}si2{wHY(!sVj2D_@08s60(x9sd}8yld%jeSkn7OY#K@sLpCGqYYkXp8 z&#j-Pqw%SimR@<{!Kdi3Q<-*O;;WcawFt+S1NFEOxowEPhcr#{NoNn$USP4pToUA zm&ko(D))3^{JF1?$obskP}{y@lkGSKQ^;8^;1-wvnU!CGyg+h-?h2I*4)O)J;f6$e zqYT!-xn)4HJX0QkfSK(-=s3R~Plo51d;Q9k1}WrLrryIR@>>~e^veU|Mu}i-4%ATlvy{kOI$Jlun8AHZwN_mot zGKDxUC;X%vgp&f<6<17+H?5%dYoY{$Sk!x`a;rF8Y#jw>Gh(@ig9|cIF$^23IfeUY zAWqq2a20`bN=9ghoFN1~QV0$rWnfbocLCNpO*4b;K9Q@T?D8lVA4i0g2!T^0Xtp>!#7m! zARt$HhzXUUjrTvZ{OC81hLbnF>d{wLR)!4PA3wHfNm*ve(T=_OUtei;*ldC9uU}2? z*p*I~)wkd9;`8^cU9|hT?JxebTHs*W4*LZQ%@L~qw0B(GCH`~B<&JfSd(zIMCZOJ3 zp=ou*p;lcNvIHy2Hg)KA&IgZKYkZ{^&o*)Y)3N;%5#b2L8*u71pB_ z*3WGP@UQd@rlEgBzd6dA12J~g9M@jHIS?m|7D0R*C3{4pTsNmtHrmfoqx3EtJcJ1~ zH`6eKXqcBWBO5nS5(tEBzPx1X9&oH5p}nJy+k)X$bzoO*?9twC#E4YVEgm*XMuKkl)4@Pga?xMC;TTRVwM0x|6SM)xjPH)3GMY{Uz0~28>scCPJ+D0HlDST#$W){&nzl znG1SM2*yOqJ^=(tQCQf6A|7y9B)&2c?cHVkDF<+h4+{t8f`$(s)sCos1wThMY)=b% zCiP+usP7;#Lt%*%q_Rtjgc3Y>3N?ezt-`PVv57&et^k zMYR!E+f`ok`@dE;-dwX5g8J4+CdpdPuO=M2gV?1*xZJ@M-ERk2i=M(5HTd+10oV+oHh98Qw4ZvlsKZj>m4jwasK_IzM~pOG{UoFDS*R zF2oOBL{6*o(0`-YZB5r8r%}S|R8vzrdFt&NiVqH_kv7b$mLll}w6COfG_c>i<0>z6 zzr%jh;0WeFy+Q5q+P(Qj`9=8hs5j(4B}F<}PnW3~IE&BqRy-vgNNbm~Kd-ILw=dVG z1NqPAO~D$|FMnyO39|oUJEwnD`5fET8-KsW(8YSGodEAa?j^GQc+lsdnQ`g|dM;)9 z2JE0pYjC*Kg4tH;K!&^NtUanWcuJ=yJz{Bn)F5WHPD`!xf)EnbA&;2BJqe?ZF$R4< z0p|8L;ZwpmA{Aq~01qWDNsPx@sik9K^Z+b)2vmkhYDtW%IPJYkkHdDDqub-T#7qvBLS*CaOkQ9m12Dy-lag>_Mb#Z-1f>?;yR|In-{IwlB8PHDx zIfYLJn*m$ifKB${Of|^0ZSrz#1r^>3h4$Q_5S+yAxms9}9ODjWl*EK;Ff7XzFa`_q zN-R?E;*O>@48?g4}?w!s-M~U!9tB0Jcr2{pA!+OQ5)- zMj#e^Rz*#rrM|uekpwOEt-I5U2kRpC!mfC}|5SE_?~HQWFxh!wAzsG6GA)~ZQj2eM z3wZ*towxdtVy>pHYt`I?@7x}aMSBMPO1T@jsaUm)fBmUqH&*-tu($|DcpY2e^|}Jt zhE51~3V$Muw@_1TCL`!lWDz1~K<$>{z#qLo}=&8kRA@N+I;ZP@f&W$SwS`+ zPxQ<69i4ssE7wu+J0ujZ3JtHK9skWJZt{35_w7G)90$0$enwH1lvG6U%X_tj)IyXD zLQBa0g3G=TG8$3CRH(p!;i{&rd2p~3WlI`y&=5M{)~A`5hmI7Bc@%s|fxHVApPApC zLp&?4=h=$bu-p9~`TtOo5S1~9BjnEK)*aO&YZ8sC4}|~2+?#;6QJ!nVdS^7+m(ggo zB-`5MU9n_a-eN1Uvp5^hPRM4G5V8OXVF_CjvlR*yXn;VWl$1h&mKI4)3KZJZ3mW5EGNPQD0vcbs`M{3#24r-?yK6RxvV9ihaL00D9AsoJnN*SpoZ(Lyt zRVYGXBK6I;z4*FS;{#aCbbOMYz}xm|^ttR`6!pyz)6Qq^x4gK|Raf%wV&{0p)zePx zJ?%^G=RXViKLnvT4jD^%AS-m`P8vIiA;E{FN3{<<1e-2iO92AVpfnyUR`8M)N_HgD z)(DLg#v5^=w87_A(u25_oSia8K^z{8l9|^fP_WcRp?VX+9wrthl_t74_a1pP!BMSg z>t`aQH%q3&Y{uZDH!Q18&ud86<^%HEPVWs%y0YtM&Z>{kw<|XLV@$?gIly1U?^oHG zrDxmy%iA_|b%%WZ6&0@Pq`PtXJ@HUyrmj#~ah`12H-6#N`2o@eurzn>KkmtR+ijQV?C#f{7%U zX^RFLVkf8cGJ>a1*V7PV<&jnfj|<-*e8n(8aCp-S6c%s<@qMlQ#Ds<|OX<%WrQ`I% z9|Lh^olu2mp}2llS4M3?Dq+K@s0;k^MhYg4R2Ye0gG_&LH|7X#4D=6Beznodc>FF*fr=DA()q6n*Ksy-hvQRCC%IT9>SxwRdy-hOW-~?&#nTLKvaw zX4IvGktp7PHl0fqw6G8Hn8`LRBbBJ0{Aa!3^O$VL>FvyjJw%TW4rJ9@4Et4Jwu4&a z8ym6us4NAjRTuINOc)fj@@f7$gimU+r5%vXAz&X$?&Z*udVE-lt0HqbPxNe8F$F=L zpO1Y#OV+HVp6zy(2H|QcHb6ne1v8qPT~uF!94o|lN>Yo@1ITjhY|DEo5KKiWh)0ee z!m>*~7aTWwW1!XGQQ}h+(XC7IGAjzN>*LDa`2*fZG6Sd!W$We z!qb6xL!+;wd9Z%j+BN6Y4m9>BFNrXpHFjWI)65k(@uH%t^Byg@5(B zvtQWJS|tdl{nm=5^jp`ZA4p3~bXi(ElKqVXwdbr^yR3e&xx?4k5Dy4?6f@Sw2JA&W z=~`*{uW!+n0%@2!Eyqy+ryfm8&WH6C}X= zAo43Gs5o#T0WL$*f3>7jg0_`1HRv)6g3%?LA6pF&Te?yM2sVxwZBCg&1e%e+R}@`D zM~jTMZ6rD)&G@G!rZuG_97_btkH-+9TJcjgmCwR=MOitNm1%Fsau}UfG(MU}Qqktrb#;%43<``B|I-n04F-||KtgImt2j%zUu*By?h7v5MU8yrdeT$SzB-BOQO4l4ph}Mt z8j-6ZF@T_WJ~f7(29u1S4WXJL6QvX;=#!f>1}SF(pCsZqW42HYtP6F75y0?IlSWx`1Q26Ds0<-s%#}XQrQn7|jWr&3uUUN(?w+Su z^P+QFTpcvGlk5qUKZ9sdK!X@mj`6i$E04xWzToGFl^jJcYFi|iF#1VeQ+DymoQ28! z1PvC)fv(U?4PK;KZR3S`XT zpc~v-(PL=AOI9d zMbR51=zt}g3;3yQFq_LJx!Y%LZ?6D8%E6i(RyHc?Z6+K3=|vU3wiCKtpVSb=`!+|q zcF&vX(YtD7J6q31jd)KsV2Lc8HAksyp!SVcTNPo58O^dfDw~aLNKmX>{l&}1kJI23 zBRig|+Lh^A5H-b(?57&yRnR3)M7Yl<2?TtNj?_xx!UYdQJyEuBVg(yWH$bTcObSdH zUS%tUX#rZ?wghSK9`Xu^1|zw`pd{wqD09!Zrk*o#+#<7UhX!9{E12Z)++SY02dty& zu+eO@7VOeW_21P05DgAU|@FL+Z`4<+$FA0meM6 zVkI*d+``kEz0VgS!;hh#_;jDww7nx1tKtS#EtuFdC6@;gK>-it=ko}lJ?H@hcLktJ zkxN!=S;jbv0g4>;-1paqsK}9{sFRCqRKmGM@94?h;5#UKMybr13p)?~^%L5;R?xtY z7A=U=u+pO$ZVQ7mn{GaICIWMW6&EE>f(VBEeHNEg}hpQ!T+w(2_>h1=TJFh0qzH z@H^b>+i;z31@ZP6%ek=upK9ls=sIB$?bVL59M03OfaUxT?{yLtfP3|l9j4uD#Xq{& z23}A(3x6k-z@!o;9>4j_du0v$_He^=GyE1<4!3;<#^gV=BlK8wDu1Feb?n3Un$exv zqJ;ZIqT1yBmV(m}(`U9Vmf0*afP7irz-MdQ$=jXQUT1AwHhIH%l*tz64|vx5g=>r4 zSyLl`?$>+je!U-czwi?A_T|F>nM-KoGsZ%LHWsEg8nyD7?JGR34TduY&eZ)DIH!;v zv-U~O=nc9Wgy0ptuzh_wN{?h%0{uuk#_dxTvflT%(4;HsP=riBDwQPDdyb-g z^sBuuyq};0n6fzH!VyMC1k7Pc9x;H`uztiwuizsZQCvQJ^wO)S8xiz&7tK>vu<4kf zmkc(vkJqP7-IEg-^VSs=rDTXjsqS3dE#+F1?r1uimxhNYzCQ8Ik7a}{zL#IJKjULN z^z6dy#C1;LQ5kFFrbi#uUp4Wk-?z5jq5f$L+bl$mK0|hn?L@)wcjzrn-8N$LDH?Lb zXk$ing%fxpan_D!mm$KmXYU#P+YbKh7CfPZC$yXKgpR2vwBV7<5?)2*^EgNZNd~jU zjxG8RA_z~AcSns9?%Iu1N_W)EZ1Y%cCHp*kz5j#xo%-ifAI$HPeyjf1_-hN@6GZ22u-C0R=KS=1g^re zd<@=xN??g+N6u-obGwX~ia>N2;zWlb1+d%Y{0Px`6R%+*0>>J~U`uwe-W2C_6wh%L zD?3U}%kim-t8D#Pk(>)4)AVh#Il01Zh{sx&7Dm& zrdrUz1=2zu2d4#%V&t@d89)IAy%!65YHBHix-#T5nVeht{`0<3T2)6o=OTl9Zm0I) zzW?mo;xw6jY{;Q_OnSRz{a*D_wMD&j?|L&zQ+vb$U%2^Ux4dQTK96t~nm_#MPdCYq!X54^*SWK9gWxf7cUF+_l~;n4}q#$trx^;C~Fu6q55maPk#gVu>X((up>EwU&xxHqTIvg(oz_e%G9-7*F>iD!Rx_1c1VQK2# zbCcLEjB8}{fmsRqX=3W;OL7Fy0$VOnqrGc)tvQ&dX7+zi1vKsVPu}yXeWz|%ICXT| z<`fPeEe<*EhYmJJw}59@A~>f|(YINeGNz%U11K0nfHKUuE;Kc6p5V}3l;-Y9pt>!_ z;4Ii3WnV4uK9loK^O0+2+LRzlqvjaoS`{k2WuZXo(kaYEszat%w4GFpOaRs(oq`+c z^h9$Fedw}3_?nd|_F=n++12OXaCj8^t8CqmjeMWQDo9&Pe^h__pu=oAJS_vA**HA! z8+L_RUwhDwp#2+czMXmONNH7=@yF_8ui6!h+3_H&{$pvY#4HvdH%`-2LqLjB=#BCh zL7av8OAHYw^%G3vk{2Y8BXAaTkmu=BFUehMllmVX?TlH*vJqK!IRzvjP8_d}M$Vi} ze@(hg;73&!D5wOZxRZRow4G=*d|&z=&$!HhpN&tBB-PB|Nqo*E7lN1&Q@Ote1Uyj| zbh5G`WgZ&SZBu-uTro8=zgcKYink|sCik`PKHR=PnH;|YANJFSeIK~l4iqdDc0fZt zgpG+qYXxM|OuWQy-ukKKAO{37QzBKXD zY3)n#4cKw^sa!>x>ROCLgEW#038PMnYMcox%qXO5dG#sL)J`B38iWcUTQ zqRnBh+tIybPUd|gI>cx16kD1mfKIzBOyH81_leLo+M822PFrEl%=RcNXAM#T0sUyEq6 z9X89XFj}Ly5HwPHFcw3KQUeg}L;)2UougJ^IGLX<&CoxnY5;|;kjXb(y% zhvyed3+2cGuz>M~@=1iz(zJ-_(o8cvX)B8z?+>FdJ0cIyR&l-P9hQ@Sx zBwUJV@gRz*({Y@p;uQB*>OVBpq;2d()PguOGl&P#%)pp~gM;pL`WPfaTHGm(!8*cG zE8x^b`VpxGP4wCAuSiBH%jv_W44SlnfIxYS>{*aa-IE*yR!JQ$w-gsX)JgD@Lv$N58Fw$u3zJDpEovkoUe z5T1;CoqFEdQ+>jt)r?4*PWA~#E6D)lC!VEGbRKT7@_HNO`{a2wMng3_tz%e_cZlG- zTM60hX*j7ObuL%+-4lPBe(S86_X*B&ORhS0JeW$?R^ps#>wyzkqdwj%p0TpWPNUgF zh#+(ji7qfJ( z5`JS2>GWQC!s0XsA9T_e{CKf#yo?RJUP#*A(^_*SbflwC%bTR z^&z@eF6SGO$O_s^H+5$1+4LQ_q#-b-hM~dBMH!!7B*sqfLL~h2bpG*z-F=IzMi@q@ z$ghsNXS>x=|MX$GmvZH`bJdA>JYKC9LLoL<{eSi>QChRKXGwsC_AFB3%x5{ZG+?#; zh-Xp!P*!HUS;4QkY9@wj{=u_M^u?>$Xegu>s^jthvuBB5X8mtH3rxd2YMXJDD1Ao1 zOo!Am9h&>(O`i53v^-B@Z;zkecM5XlX#JzX_BYI@A!3s{kL+E9<2Qg?j6)G~*`kSa z1;Eu`LritRqY(Kx(T3|v8wyb320BVf#SyjSTFkQ zdcD(A5vq3V|8AE3OortdkV0xe6xsKk7PAm|G0CdNgZRnptt zfe?yHx&Nd-+Pe{jCxlDw?v5FXV~<1m3Dfy;j{Om!dQnkXFN(tOZgAP}2`2k(Hs@}u z^NNp)dPzc&c*$sVJYw@=OEgH>BQWV#V7i}b({Z$EFV#xn*a+BK8K636k|@@!xuSK!G&c>!(_zWL!D}?6c|}p4`l`XVT~i^fspys4e*Q*k_Koj+ zlB(V_h2i@)Ays<0fe zGQli`6B`!&LUG(^cdIua<=1@@mry&kpkB~V;QQKycA{JkE4T{5sfD)K%sH#IG!CRo z6VPBerwCgvgEpuhZm!Z6Jb!^wUZsxWc`mAqwOlD%XU?POtix5D5AT*zYDTC@SF)}~ zn=D(412bJm^i?fw1P&}Fl~NQmhclWn>M+k{&^QIk0LTLoRefNV=TDmERe(}Ywih>&tCE8)ZRy4(nc1~X6|R>acH3`pC>=Zd zx)p=Vw$$Ww*hPQ7XLa4it6X)-g-w~(_M!ZoWbiwWD2`j~?%CH4_E$)*FWzDi1go$) zXj*knI2)_=du1gaYN+k#T2Oo2kE)K?-HM}Vh(+sUgW@^pWTHh>;+6hY{lSKGDDH+X zm`U}_Iyd{NUj?6WC~o^R=7z>x0OW}$$LS3ir#;~RDg$T_4F*7CPB;nHG7o3g3(4F$ z(3>G5L8vy9{);vgGoA#SA<{CnIprYm`A>QQ9n9!sK2p?UX;{>5`|g`Q>r+?KpkWVp z{PdIb1ezJ~$BgTXwEIc_&%W>kOE@eh@3&;L`h!uku>OGEy=s}_*y>O&b=z;Iv#>dH zIe)wRh^MSRC@YGM?Rpi-eT=jO@dTc04)WSGCo0@rHMwFZNQyv>iLsR{_7fP4=T|o$ zqv$Y-(^mtV)J!w94rmFQg3WdGskwkpZCUPAsB6YZvLj+i768}yfnE0@2|w?q@GmW* zlTRLxYL%YI#c(ns&vE*|prX?IF=>H&kMiutnb>F>?a-Q%X=l>rB5_P@qeBA}QON0%&@&I22 zQF9~n>?Qqk7Oz~tbtZ*9^<&R&X<4>>!^X`Lr8XKf&t8yQx?<@3O{io+tu^8dM3JhT zEjx_V8V;&W5{74x6?bJyyU`$sw0zU}wm}PT%5rhhXvuGRuefUTt21AGt6Gb*tUwfE z9ikBDTM>nrJNngc_D>xd!jV24*+fUS(ljocQwEpEUd>p)6a z8RtyfadC&PAj|$(ZBO6aMXT0bc=5LFJ1^2=H>X}%p+Pb@Wq%+VtF6nm%^NAjNocOXOk{Y7Ad=(jvYl>Cfdwx6k7TIf^@;rVBEwmUM~edE?X?p+Ff+YCu1Y@_VdS#fky(y&;R%d zyjxwu;UB@fb4BF0@jom?rP-ywyFES^{*Kq9zh8=vON7G(hXPL!UfH=$yDgwTz_tan zR~ssKJ;@JgCrmsL2ngHo>aYmglsAV#C#wF8LC=yHs|T+ref~Lpz^(?;wLvzme*v;Z@E(5s(`p|h9N+1T4%{rBmHZP)sSZOWg)9~6~84B1KI!bj&H5kdy zUC7fB!67mSs>M8DfQ$X8Pv8RD&3pSBInxV?H;)+8G&_C>pXR){{htmeUU zuGu!zpxk%G<#uCk$>j%@JvdnRpfcahET+y>fAg%S<|=np!@TZuv*(zkuGs8`u2e#) zNOWfh>Sr0B&9Q@wRrf!}*!Vlbe~ufgyUw5el||u0x6iw1ZpNoS@c|o08N9DBQL@Rw zSW`IBo~W=Hga@Gvn;ib?rf@VD^;-;#Y5pn*QHW9EqSbkMa1j1-xac&$I&)EWgda5$ zA|OJ+-}?wuAU5q_4>%l$soufF@tXDz@Yk;YF8gPPL*3>;>J|BzroK1IS=y=hiL(se zFrY9HkAnG&Bp)o~2+5hbQf=0gw+?xzFpEKW8>4;&5QV7MYCEuvFx&!cSAZfBaqHQA zqySn;OTm)AtL*XKN3JMSK$a#TPA1FP@baW0r~vXJ70ZSO@!REF5V+hqc~AvGsT9MmJ> z>NxywS)y#3KUSX48JgxBF970g6Y$95uupO%xNUN9G-;?keTp!CQwq9J;#74rEsbwTW zAv8-ir12EJRP7e|9i={`tUX&5tEp}3nLj{XH`i6_C}neQK_I&&yFhscR6Jh4MKG_hmHj=S&PF@B!lQp{$NiI@Fh z&BU7~#R@F(-aks){v{*pJuHSwVH6)bqtA8k>B>pcTac4oiz1v6$jIQ>NT`autwh>T z1j_}|-;nD7_aAZ_kSB+1hIXiS(>u9c>tqa&RJPonr_O8#XrP$aC>r7rvSa0W{j`4` z6u&b&*-=c%#br=ZLe$M+Xd@|kB$?t}TneLe*+?jy{7@&Oh!{G#ADMK|Rz}k`nO?1v z=ebH<=uTZ}J_Um6Gt=FB|*%tUO_Wp5VdS^@2*Bm24^Sc8q@@sTgOlI4l2r_0kVEjOWVEF?I zA7=Ct>Rn!9_2lG*>?;TBI!P*`%H?uSs<0gC#Uq8~IsV#*&ZN?-Q}b?tmRFSr3DVT` z`pA~n6nV{)Ksll?ohc|Wwd240{10Z=)+yVNLQIgF!}L1AUy1Gn>VJV=QJ)d7C-8dK z*>yD?<);f8JeIZvZO<8-G`Ie5v^Ovk<+{!V)ZTqg7Vn@ z-?#UvwnV$~M$_7OdfT50`~BZ&Z!XKEAMo|79a#QVx>3#`=p`x{l2&l`2sX4N&`%(i zM1chOg}SrlLNB#yf!3-{40jCtlf#{0gj%5}c*&62QtqBb=XUqNR-M&No3l`}xY&(# z2*)EDM@SF>a*{HOT_bh%9Scdu%u>p!4EHE?yNp8&)$XOXLg}}stdIkQvvps6Opua@C9kC%;!;s^s<|W4c$(U z+vE0DXKT8v0;xp}F+;%P*t29+Z$o6!%=Vcb$=!1n3Duz>ihw}X;xRg%p#XD5Yrh#f z!rB6N6G6T%H#*%5C)>?A6>g<=L%3CIH*PCUi^IWU=OYW~NS;Z~8?8%(h%oX$BefL| zmI!{H-;8hy-1zj5TI?S;S}GX7cJb;@&vq?J++651r=2cWljzK|OP8qst~WVEMe#7R zGnyG_3c5XEtI=!@D$)MtZGnme8>N=lnr?Wq)zk{%dSvCY`e3M9STtvMvIDKNDAF+V z+$DP)o`4})vp5x~>aNLFd)=PyhIC!BTZyhN>=6WNHXRh$ld;V@+g!38mRFRzCO6Ptt*hGo|zIfo3d?0l!RS8r_gW-(oZvUg${dLN#c)p|fc~|js!p%i}Uv@zRdc z!^Df+)pPg#_@)mBYTa5f^9Yawl-)_=H5H8*AqWiQ8i~8&E;qn;KEF5D>W&-JZdcBw z0SvGaZ{>(#d%mvHw6)+SaH$4O&gWWNVy7Ye{>5XNRsV4z_3`>y7LVI9yZ%=7Kh!_p z+JH~X-WXh<@=3C$T;As|9{~8dS)hwWXvZgUC zi>$LUl?rv=KyQ_ucYV60<W2YwEnM2V1;#wTbz1^TS!0{XD6J8f(}d^$*pu z5Mc87%ImvAsZ_Xg(X3pM*}PVBrNgJxq(V=`aycCsLQz}q4_uFn0<$m+^Lj1j^BKM8VZJkZZjNo$wf0KTUG6M$1JbcHkP?QR>Cq!K7~Crf!Ok z5|%krOpT4q?&!s=!~E@#sjfU~YLBd5*M?n-#)|9Y(pA`X?byiW*IqR>c}weeLU3Hp zi3h<{QoKHkIXiO4O*i9&En`%f?G8*~x%36(N`Hp44?cibxpWBU9?lZWbqQM(0%&_{ zndY~T$;F1zQrz)gF)^wGXGx-gydUi37Ef@hA)-zs(^k{`M1rVN%64J;ts@ejc{IVV zy$Ta?`_Qd4t?$@^S$m+Pbkof^>Na9(KI1Cg{W$5Wk9-=tIxfLUU-|+ru4j;izAbK%4BPr(Y9ty zRY(!pn)}14zB$QoI60>;6+Um(sts!z!Ioq;yV|n#Yu5Pu>9oITEfbYc)!MbKStM6H zQ<%M8Jf{ECR!AL42I@ zoRP-x7v@}W+lB8RXbvQ2wy`(WkJWj_2)jsF_RL^1mrD*lvlMTs-nnysGH1^FCuZdH zp@EkNg6(a;oOp#b`ucv_Cw`6HrhYOi`0Cj{)t>K32F71KCz)#vh0M+NoFy@5^@aGD zOP&*M>hEtN5Ib@}ua*7_yaQ=sxyrk<>60-C1H~1RZEP|E!Msy}Tc^h|!PsYQRc1-Lf~Kb<;+>67 z**kt7oA{K+5+Rqq33!?b+Fu z79S!fc{fG?g3N@f^NNNfg3h$JEzRKc(T+?<1O3hMz(%!UG6hC%%W)yMwCR;h|~4_k$x(dv7!gRwW+GS#m>#a6RFs$T}I z-l_gj{hhdu^{T&9e>AcEq9GO*7!%ar4_&1GFPzVW+gY>v7xkaS{j5^`C-twmPb0+& zr2SZPtkA-VOCy9S_7VQYkstd|R*x6Q$&mn_khCWLMKGtmIZ`TX8qN z0y)o*dOfrU39C5j_tCb`f9hy7LVF@nItm^OY{%mKr~oh!zFQ9;_*ZO>Kt(7_sKlbt z#S2g%gUE%U6AVFq$6cI;jA9r$RK?4=K**5JwG$Zoe+*s91?Z_`G!8apWV;IL$eOC z>kmGAP)OXMK5&EZn^hCft`z;jiFrX9E0lvjJX!mX@W8#Or#p$22N)A!G~^W}5Luf9 z2$SYbTqA%xorEwVmzI)|5Fa3pdk_PI5}06(d7g?wNT)PaQUP^;gR5LU1Db9}F{BhL zu&!0m`WT9(IZ1nqtCVUun}|3Ga*vbm1-=#?6u@|b8>(cdPG;#-zy~tK;JtjQ{>r77 zU%vE%+m>Gb#duKPSdqBJGyK{OFRO2OKEYx~4-6kYI(&dVP*eHk${PMM=hOw4UlWYS zgTk%7{ri7@9dnNM_nO~*=9zb&nMtQU9n7Dx?mHYp#zius83JHXRA&DZ)LTPrV8DY zFGD?}E9rrSN9OZnO^WH6&+Z&5O6HgtIujIo;f8I3W!na|^%dx*XXFjD?BT=0h}y`q z>JRYyFse@sO4m!D!(8sx4Z=HdAz@%!xn{RDQ#>DcvMp2Ge5|ycZlsJPYj zY{HkSZCt+M0-7@CgQkyr9pB#6yKrYXl^DpIu4ql`za4C>s&ZPJl;rBBMV=o26KbHU zCG6Ut3hlO4)`nWl+3#Na^!OvP`QCdCv37Itg1!OIjEv|qd19^cA^m}H+-$52n@sV_ zP~2?FG#f3kiAUBBn@kU^+qtJ9e09e%mtyNm^)8CID5!gKPB%f5U#S}c-yiCFu7Eq1 z*Fc#M<$DJTq8ux38Y^xBy`nZMcVez~Yyz@>X3wJa7i^_IFuO_#bPcMStiT*zbe092 zp|L3}?$=X`E0kshf+o-+3cyz3f7;v9mP$kAG`g|f2KR@bx)81pkcd$U1>*Flx3+Xk z%6QtK*PDC^12Y*E`}Pqg9t~7i>t{sFuKL~otp4Su4XOIv)j?%lr&k!3C8kdy@q_+5zL$_% zJTdE_C%o3~NqL#|2d%z*v^QjnIXyEbdLC?F8fx0?p0z_UrYrP2b{K@m-2o$h9)qJ=Mz=&%VUA?!b1%-_}^)gs3>-+LnM9NC$si9EeGZ;3E46Xa^mU znv~7l<79?6oUdgusE(*Dt zl_DdRA8g3o2R?@{5;Tsb2RN^~zflNq_aCzs_*ELlxOvTiZ?nl}}D_Ef7~fqWpLs)Z0Re zJuEmmOUX?nbXq3k`V`Wqj0IGTg#@I$Q-!oBIft2_b`=}x=F7nwWTgeUe(IZ# zSt~1>XY@}W48k|miaC6XSG!=598TYwYZYC8W($YR_IZj=r53v9F9bn(oHZvygaG{^ z_n<)c>^}W5gnjtwO^#DPjYq}}(QoOPXc(RPt;zLi>bGcp;=C$a=n?TqU{N>@APwjh z;Fom6XFLNGWk3l}H7QDm(*vUo`8bs>MSrERRxj2Sq1m9qRW(((LS_JFR45Ao5PdSi zWe$p24w;04gW^0uL6$rirz5sdnhKks))i<@%Q_jDNHhka{K+sT8<^hx7Zd;RHas6=f+Eue=E?t^? z;J$l=FNzBn6q(3aWmRumTT-~@_XqE;s*1&CB?^7H4VPZ`?a;n`FGV8J7|xM|-`#i7 z&RS6hVUB+0!iBwUiWSdJ`kjvR*^n(jdUg#g0hv!peU?;a1778l2@@04x&U!Ivc#@{ zF@;oiq{k#(?#XxI3lpn^FDw*qAHPDpJtQN1p(jr97)tR?9uJ=Pp3MlydN3a-?dhp8TkR3KAoM zSy;_vUqyBQBAhdsKgk&lz}D+Vbb~k!swp24>k?;1@FES6&mRnG!ui3)h#pL}66$ZN z!u^zfMlcm}`V(X-mg=sr>+V|B{g>g3<{52v@I)A=Zmlz-F5Zd{LoVN<+|?fI&~R73xij@oWId-G}vyctGmf& zFxqd-zkJ2SY~jI)txbjB(G|bbUJK&)=<6o`jla&mT;J7I&%Z>cGwZDAkN40mPp~`K zBkXBV@w~`hVZUK-L4?r~+=TJTjo4PiawtI>D>`s97|xVZO|c&y*uep`7uN6|5yKga z2rkWG;U=w2I~Oat(E$WL@bnIN5s*MO`NcfKfhi#2>l_lfpd3)hpsP_*30;9tdWPSn z6mI-87!f3CgNlIrf)0TnqHn|Z`N`7eKimU&T1&b|Oo45XuE!cjXYg<0Uk#;$KH%Bf z=uVJ)*ot2?_&xC^W=P{`3a3Lg#Bn3|8B=ZkEZ7=}&>8=@PQxFR-wpQRP&!3R4mhBF zeh)nb#conG;T=$Ea0Y&c_Tc;S^x$GQC_+=(rBH^lMnf*!O26xG$!Bx0WDMG4rSkYz zzo(bAG~r9y(3bR&;7r74v=Ee5qrr_whk`_ps<&EV40+_t;#lRX3V2&1xflw}2{vT5 z#6&UXxjr7)GRt3IFDf3()ie4Vt$N51rOIeZ`cj@t95%hsGMJv#x+Bps2Nm~XoAYa& zP_e9*P^c}YfP2It_)>}tPkH-!HC;0YT4z|(k!VzOFo!cJhfpF%Fb4d|V9J!*7I1Af(InOAJx`itvAW7s=V(gn?FJ@#EKOJ4+~Bv` z1m-gvyrN$aT!PP;V0}xxdA$)?J4R+^mId)Zbam94u68o3*{j&?%n_^b>Gd9K+Sz3= z8GIGVFj%dir@JbA@=k@BYb!(+3x_HNW_B4Z2EEnjV$2h8c^H1klxB9x;_z8QzD!=I z3q>TeRT9lM&w#lhSkY!-Os=SNrDD;L&n^fCgVksk!{@a5ymda2RaM#*|2Zas8BE@Y zUNGn-z)F!kBoL3JUJ^y4@y`O%H$*G`8O+sgNwS*t(rPfg8uZR>f&i`)!D15~Ac{oH z&ctMgAlXHy*(_mg*z2fMfIJh-E`wy248mpp)mC{%GGVsqElMml5cNo+-C1V{*nC!J zzXPtB3X>t?5Dg72v(m1ww=9U61G2BOX@=t6+Sc#6t7Z4M&%3tX%PK>4kMwWcd+GMB zAFXblS0f0qWEEp3x2;l2I#%T8?wd7FiZ;h9lw_pBYF#kTR-LN~S)GEd!tX=z0lT7i zF9^v-#a!t_Lt+SpBNdEw+tIK#mvHf{3v3a+{}!{esYY~mH8%zNO|nUl%*GbkIX`7G zG*$HZE1CQ9h=#KnaUw@?^c%VXVuQ$QsXaKFqbS z4}cJZgO_O7D2E-?p(wsesx&gIPO?KR$C?S37G+W`2lz$fZwXXIlC>>u?S=kz=W}Hx zoW?SVOju|A@=Y7CrƓCICn66&u!PHl6pn& zji|4vhmc&@#AaM|-EE_z&;9A9>*_WMg4}lR{#)aJhu2WN@v=GB%`;!Hd)6DT9{l;^ zv;I2%#-WzK;HwSZ#jEdJtiPUp;b*})ZQWkuW2(Ki&fv$;5MjPbg78L}*(wSh1M2u& zuP^+=t=-gTr)-{T-3Hwu&N>hW>p+~eM?bhViAmWwRyJ~&rBNh{ZX?%p26+C`fXrDp zGv$FWT`>SCS#dz4e+4+hhUy{Q6s)0Q#6#%Xf$)?abVPLfjRopAfYcq(ZQ`JNC6lk; zHKLQl#K}`Mk~u(1De0p4)B6BM-(i=MNL3E8Gif74citE+{L7??UDy4Kd2wj2X@uppBnhsuG#6%a~C&n zs|wdC&b#aTYZ48?Ovmo0hx&(i^`#c9>OOd$FEThQx3sw~Tba%2b&vdZP~P=5^@F)6Hj$JVvEhxUU|zOBMuqq7UqpS9+x;l2KDrpFJr-hwDYwN_(mizJY zp5tnJgJWFian?DnayTYZE{|SNZ0dFa7vmdR)pyiOU#zRWx~8kMPTdwZ>uZIbB92WQ zZN>2eb&ji?&T*mF>AVWxFp+XH!Nwk#=F`(SMBsCTwH=2OpNoik%5XZJy@6b?5sW#_ z=!V6OxCPhhF*rE+1^O12lpAAVdOrCi@hW zot0uiZc*y!Rl|E~_`|9B0|%jWoL8n^q@&z4iWPNcitu^>q7MJDk}Ze0<0IrF#|Nhu ziKQ`75Od9uCqIu!Gv-DJZsn1d)^;Kq$CJSnBZ`qMHx+5Xi*YYiAVyg1ltBzlz9sK& zMG_7)_Nn5LGSdxQ$c8T*K=rlunq1}Y8s9O4$!vDh;ilPu(3sz8{9R=ZbX|vU{OXN2 zew7`s46xyyJJsPpCF-KGl{cvuIF(>ZeY?S6sf{K$pbd&nU`gY;p>4F<4(fYD>gK~o43J_)EV?H-mM%z|$_|!D}rEkGdbrAYuO-(q)f}lEp3~7L^{4$%J8+y6~jl3EGR!Bt`^nVzO+}@Cg950>ZY|s+4|5jHL>kJeFNS*;4g@W3KZq=e}GpGWnUUGvcP|*EL2D1R+n1U0sRox4UA6Y$ z`}baXNo}>mXxgCOeEieu?|*R3Fbdq>a5odzwzYpn{oavnubdEuKgIm7?lTCrwbe_0 zc-g)0AIvG$jvD3rf4k-fEd1#kP!#vtOVFZiUm1P8Tm3TnQKWi!h<|FFY4z~>Omd}p zWXco<-wnyih73KJu2ct7$aTD%DB_Qwf=7 z#QZGI1z9x6q2YPtG>Ax_r`Zw39GNOUMRM0;q*axO(ox*+YK_XZ%dxS>`gOrEmL?I1I3uhfuY(7bnO`aB~T-jD%6SfNm#cYuT zhtW{cZC700)~_yW^@JQo0d|YQM}|p$il|o~pr)Spm@!a66e%uUF!i%{z4I`ap#xe$lp1bc?_BNe0kvnDwI7 zo81|%>^`?SEHP7}bK5}8Y`ZOH7JP1NP+&I6RUPeYS(CE%#4^=pK_9GN+q3OzixWvQ z_$Poc%u;wg(z>O(w#GXXH*w>6k~39Rp_e>1n|IZmjEPBs_?&uYg+X$Q`r282fq`3CwZA4t&Azje4thtV=R(Zp^p7z;GR*=3PPzSFWd9`p_I)#hi!6N5V z9-f}bZJibg^~Ay70E1DzG?V%9j$IoY8~=6JLZyExG^2QI ziT7n!l>?q3v)xh2zHh4zU;Ee9t8-~{wk>E1Cwh9GULBUCV4(ZT6%}q%y&q5NIkz`Z z$8Ncd>4%^C*n+|*9X1R!p=)OEWp)P&R4Sd@3;lQ9xUHve@3YCFd*?d*e?F+asn0#X zas9eb<cYV@`Q4}Q_o zQS`V`FTe0}JZu{cP zFR_6UmU!ams}sWh7ucL*RcdHlJ%95r)T>s%d-vV%uHK-xvp-ZFQ(t&Ned8CK*&{s8 z0pII2@V)LNoB&25r1_>yaV=<#p~bP{Ma0d3oQu-MxXl9A#o}@d%C%;wwuY7KFT?hI2QqS{~i=-COqbRXX2@ADY+R;z;ENF78f9 z1`j}1FvT62wsSXL-!G(RE?K!^QJ2f*&l&;?2lrln=j_P28@6rUa89@Ex>SASNAA~C z73}9PIuw(=VZr|88Bcu4qJ|p}Gf@y-mF){In;UkyYrA@To1OAC0|w8W1-mc(M1RG= z;CbgRpW6mB?AoBw-`m<*E%=ulST?gtfw&Owxz*_JYDx*st%H}(jEIh^3XA3Uz~NyS zK&|#7*ZkiBJFtOv)&q?u&3VPZ9*s$?W07{8%SbAfRh05QO@5ICF(n$rm_7G+lIIbPqt0eRjLU558H;5nIfKZdSnyI z3j3(GK?*Q62pi&DFEENJG5DjKW=ohZq6V=~HWKTdCeJjzHS;0fxar)CWZi2ved!cG zsK&LHJS&LmOy0Puht+~t>C?FkbyI9`#2hyYCODUe^f8Z1EliJ;Pos^SI6-u5Hk5oB z4yJ6ZK=bnSzOL4tH#H9se}$Pp*{d*wPmXv5wJA#wDdv-7KZ>zmSpgR&jeXgRC;^TB z5F)Ug;LonOKg>lveYitAr4mQ6kLbWV&(1OZZS|kuKX~wcR)bg7G({!N?IxXJJ?wZd zDrtUYQeRi7h$+!=BZ3KtdW?f0LXb3hz8sN(tC{MkRYY0ZMB9J!JHH_$c`*uVm^N8o zjN%ME^6HV2pVGgFk0Y^Y3QQ_VdIf>KuMP0>Bhgqgg$?{iiS|At>}64p@m=LADa344 z%8|Zq)H&-M1ge8zz>1>hN^jy!-C1Ns%`d$ZT(61gt}d3 z->Gr^{@a}=P-wTt^_E%_NQ$g*l-2dz*!G*7Q6lPwU+sT&j8(5i{na4)-k_?lK3M7qGL}Q%1sGiel)RV8QGFzTmPr`I2!DbQKuh$Axw~m$O zY9mm2@|)k$av4Oq7#}V5I*EhmtIBu3`C~pXopLcaS~6g7WK<7~z=&Rqg8;|?iXuY< z8%}vdb_Ov*E9jN>NBMr78RKX6f~BYzoJ1o%^ePkpO(3eCiXadR@!GncUOtYey|8CR zgEJV3*Pc8=P+C&cT48OqYLE)RJh44hunBe)WerK*sSQ^f(4mBZ$2b=B#BSE=(k}G> z@fV`OVz&GLs5lOT@n)|x=vVhnzP-rweDBxP7r%jn+L^-8u-`Oq{cL8i$h7r7c{Gn+ zE_vwF)$6A=)C$mjf1QqfLw)gU$aLRKS8(|UFeLRI`E2`idnR)<;j)Ec-=+! zL{G0`@xuod?Z+aguK5t7^oP!dTX_gT9gamd4MUHkYGCt$99^p;w+B3(@aDr202p#v z6=!~w-7)$+i#tJORv7-wCHggW*UM|JX>7b^jeLFG2Txq`nPDuU#?Jq$eE4$lonOAy zu{#t-R_vO_q4n#Bn$AU@tlp8y4kXxj$IX{NEbUy{-@mj~XbHH4ia<1j1bLt6%rzt$ za!%1_EEF=)K!xzrLaJ^CXqw<75sU0clxC~9M=QL81@%bPjC*HPC3a8B&tcdd%aD_= zLl2WPlk0tOJS0zT5^RY?zLU8pH_5Sy9e93}Ry?&ylZd{c7Z@?xOuCa|zTx3k(~9oQ zA}8`r+Dt3EGK-z9k9vLGE4v#W-u_s?*Ry>6)9uC;v_G$YFRz`O|5T-S=F)t_r?-DP z=<8l4T(q6FZ5PA%mexlC{_d4+jfb}%4*0uPj`hL zYgJq0<2xRsGuj$I*J>V|Ntd#YHq+9D>UXxYuG4f6C;WeNfr34SY6trerWMUDux@Cx zE1jk6QBtZvvx3<(pN3FBfXO43kyLVQa;%O zNk#rb!)d5i)PfKTHSN{W*vqY(ZrarJjf}0%GBcSunij*3ush)Ocmr;1iOd@B&DV~P z*0fJoyI7t(+mFOOzWs?gb0SwqOexbH$#W_qdxC-+k#CD6S@7l-zU)6IR@>Q*_TZQ- z&O<`7D5={BO!lR^Yjovp$rZ8Li&vh1F>g*7 zC~b)d0+ce~6cKoeWyOd0HhfNDzd=MaCndPs5{P2@5rBkm8Qv23S41Odf1s%#G6p9K z`CY1+`{XVpUx(n3!vIaXDN~hJfji%3i`YeM(c5?4`L=pQy;nW*_64{8fz4#+v6+9k z_0~VA-%>xXe(Mj}KDO(nHxF!Q%fEdOvu?NK7wGjigMt~@D>+Re{UY^GO?7UE+da1M zfX!tPowmWNo>bqM+-HoiM_&Ik)9=52H~Z_qcNsSRh<)#jAH~lL&+wnZk52n}-{%gE zyEn4SgsMzNqtT=iG``X zA6zYbX5wmt)UaLn{8KyYl3)JTk5zadCiN)Z?+UVO=IACX`yxrp0}LJ(8H|5mAx*qw ztVzNW0yrL3fCI#oSo5tW=#Nh5m3j&Cbdm_N1iv0lGM{>d zt^egO)jzVI_4c`2|ZrJnK zgphtZdfhqdHG7uN)occxk>r*cb+BgWuAa;$uN*5!leI`((vr);eFf?(Xt6x5^<(Aw8d^E)sc@n*Tgu{j6Mz*0 zc?zAwJLLt4x?0Vkm(s$eoE(Qr1x%*wOuo~)SsOO|SGe}wVR2L(9j*<(Z=qz7F7R1S z{p$+X!Z<=<2nqX!)nWc&Tvvb?*G<4$I`xMd-&1{Oh6VwzbQ?G>2}#|^9U8>c57Q!Y z3>Bn6)k&WH2(J$tAxAYVjFLYBFTP9hMTwtZS88m*eDp-)C;`|}w8K_NVlkAI5ofwC z!>6N6!P6<1017rjA;#1(x}ho)`72TlX*EPFjJYM0`bfHceAfE(Lx7v=hkU*d4r62D z^7?i|Z)c}qF*`@$-xWGLXIWRPBkWI#(Bo_I2|bGbY4w=;n0oAK@sCX=};*h3d22Ii#Ha~xLu=U}DOoPpF2uiZBB2Rh(_ZJF~rLwN2U!UFQc2^pNUkkf9@sg8#+ z3?@}fulNb69Z4^670?h-k*0)EZWS>o0y-j`bT(DJiyHSbb8L(~Gvw-D)mJvX+{bR- zzi&oU&h%+Hp0>rFoI3yCkMH|SNy0-}GgfxymaJP`Xbg7QicK|glQVx!@0^0QwzTp^ zd5JAy`EeC%J*h3>nWtI~WVTvTs#20O6pvrsdbFV0v#|1DTm3*?sV6RBTFvaCnTuPu z56oF!y18gcX^J^KZ)rtXc0!gT(~u1%yM&^4`5l>S*0kn1BZ}6PUa+&(aF=-Y2`1ZI=<;#5AmG5DknCuj<8gAY0Xe>7dK)U7Y3Jp6i`I<{fmC z8p%N+h>LQ2XOV)BH%wqG4+-RlV6^RJVk#{F=8=R#;Q?Zs$u|d$xp2(8(B$h!Xv>&) zi$rDY8uRWlk?@U-+V>Da3+^PKclRR(CZ?C;1Rg;-|KM)16;p#ppaC*lmom^#3w#a z19HwcKaiLcpIg~jbP=VOS?-T5kd<7ppDyGOnP4RP)U)u^aG16a;Vxjk3LXTpAPW+$ z70jU&d0o&Lvu?)5*mWA}b#c1d$?&fbK~iUplp`UbHt0L3`iw*_JU@31ug zZm^H>IejfHMa8XaLt^#K5A%nc^|2xPm9O#FRkUM;YYVFHll+l)D{ z1|;OLwOp8s)|q{c*tL0AScbz&$v_CEf+MN(7A>Ss)@>P1FMxlEVsEc`B+-?dNs&=B zG5WM5_Q^(foz{T$&mI+HrL;uzh$+qmSmPM8Yg7<QpB=hm~YHD;; zDy*^?}_BsvI=D4TVt*TFP7I3Z3|Ds|; zTEm0%fPx!C)M|BZuG&Z&(*F@re7;m}>UVg)so-GWB6z+qHV4ZhSeS7KL#d0jpC(nG zJh26cNCY(sNZ51Qtwf+nL>uh5i35Q7791=xRE%^J_)o6nO96^Q73eJS1TmnK2U9P= z3>91KD~69|Ukr4h(3Czcu}HHm-b{3b*kCY^Wl+J5NXemw|E{JHsly3WCu)!==71Xk z;ngu<45EaeGeWMArjc@{c72bt+&|FTG7w?2MwGP;9v_TMia5;P9Xv5`Ek(7JeP1lV z?riPfIGbU!7ilesjHsB^*E`Gq7h6PxZR?KN{r#=mciAE$t>=YDiv9d8>LF!2D4uND zUKx?@fJst~4XcDWNkv>fz$k;MZoudRH4MTYqQ-z}k7RrdNhp--s9vEv0(w}Yf(6~H zA;{LqVqXlH?Vx{s$wUWJb*Z575D+h!Pial&Ffi{#t%WggiBKD2UrcqScAcv$Vh@-d z5Uh%H;wB-6)tAjJoA|kR{E58?jQfVqDw6g-fgr0tJM0^0vzgBSHJPpO_4j=G`MnpH zly4?Wn2BRQ|MKk5n4!GH|7mJzX)3e&zZgFI)g*l!uw9RWoe^zgG237zg+-na0Yjl_ zQY4I6N|V^|5(X1&kzjC!N&%tx{oTFQ31%3+4JYh9r|#Z8e3ZS}zIVdok8R(3d+s@wPqkG$l=8%PJWQuoX@cbbQ0?Kk2xY&un0KG@%g}4At48R7Aaf1T%*`3&Q zs{qWO1Y8C!JX0p)nveM$@!0NQ@L`L>g(5LzWN1|tY_?2Ll}qz-cR9JVD4gpGdL9|Fy z8|Ru60lox-%lQ1<{CN0rhlM2!!zgZQxc=Av)90PXt{cN2cI5T`2f5w^LA36>H| z2CX>0L>r<&S;d-%Vd{fizDUBPBptc$cP>_#PqT~(>w{Xt%YlpvI`mVbNkHKsBps15 zwg0iimkP^w`g}VZYaV(jGBv-cDL<|IrQGVBUhhtu)ls-$$7Jl(&dC<1Ja2uJ86HjW zFJyLe+tA|iCj&9^nI+3quOV{rP@7CAOZi5t9s^0R2Z(N$%AS$^O7=(DUuA!neJF#q z7@5o^Cgou_B}leON-dbH#I%XM0mw8Lt&Dhe7<*yE1qFp@Imu#-T%D^5 z3z~{Mt+@`hoo>Rzs92bqmy*pWc6`vdQWxgi3scNS_O3>6w?-%x4hS05w`k2_=HOF| z-4>E{D623_SDU76tw=9Swb^x{2Ddyp11K6Z_OD!1mF8SrHZ6PGv4r%p2v_FH23Qwq zRq5&&r9}=nb*9#sPdHp2*4Y=SviqZBOriWGU53GGTAr7^p&`qZ zTw57cr!mCFh8RNrwIeb;B`nSuuTRscdCIKulg6TSvpg+aX;vFmI<;1z4i2|u8F%%@ z=u%v#3$zhYjxfIMymC*BeO6T@fJlpTixl!A1``#=o(Xoy*BV2DbTB<(L9yn<5HtLv zC7Z$@IG&RbC%1)~EY|df@K}=^hRrch08CEi`e3^}YxP;t4Phv&ENy3VEu?+f{m8FaSA246NeM?1qa zBj#we8IcSOw`I%h2`)#5x!Bqitj(W)+tX?AU#hhhsP$H*T@$PVlak97Z2Yo0hN$qg zn1akAWrm(96oVfgRM@|L~=VX_Z+UvPE>cmycccsH6)<`uN9-a-R54M+#R#hXAG>@xdu zB?k|A=xd^L7Y4YvU>{2CNhR4P(wuMr)SU*ce|Posh2CU7UVznmu7&&74Blju-rY_rKtO_jg0A znKwn%OfSB6^Y+;AnN@YR_^jB-D4ioC+Bvi*A);Z{!oI?RTiG(EiCeeAow6WJZBQz$ z(fy6PJxYx}_$IB{ArDp=wI-ug9}%zD=#)B#76@PYS)oxm;as!mjvX6kc%pQgL|bxb zpl*<*)2-t>MjUjP43d3TJ+Qx$vIxus2urb)IQW!$AjKMlXdZ;Ap z5%YUAsKhqeR@p)sX}r(Nr5$k%9MlL+)kMHtd#8go+?M6t^on9f1U^qdGC*5Q~GY)@(SB|#6w77n!vKnU(ixg!{gmM)rZ$OITu ztb>#>LA1xIY%y|m7RNp_ld(#Ut*MyiK<%l?t(glZq;SXyv#1#O`x6rorW!z7KvGhO zqT$_=FPavTS!Fn^PfSegN{l{y^Wo!%qpR+lXX6~B zI5I@nrbkR~V-MeaB&z1Y`TBvG^R}*T3eT)D95y62qKqTQhmRaT66MLVH+62E*Vu2I z|BG5Z(ojJ3k(u>nrz;4Qs-#)kJ?N!!Lf=b@nnvH-5hytj&VSt3;q zV;we)4Vw;AYnq^y?7Iyy;Cxt5J`pL&rb|rT@=;%o`75t$^r6sCpE4m@Ka!l|g3lT2 z+fSs?rMJX1QdUw9k1{xZ>p*50xxT%U;ii%@Vui4CA;A&}$0pII48c5b*zB>Y^wx;z zq{8Mot9rIxa_x0D+;sCTm@K>|c#gV}R{jHfko(}J$UR{8=&j)qD?JU@U4P>Vk!zi0 zq-t92O}K%~=Y`fmp;_rp$HZYbgI7+97Op%P6ez7UgV2Ahd$45yivlwO<_7F2!DTJT zr9`MNs7WFTNrrww)8Z0t)ix;B~%f!naQ2D z>;$VBo)Zj7(b3@!W0Fpzh;%9%?yFmNXkKs(98cX?ki6&066f4mpH#A6@p6CG>Wr5X zSKq%Xx~bBnD9|z$Q4B**_pGz~mu8*)FYgruEYslzR z2d{n#v&zg>a+4{Z$HUSR7N2(RE>^l*B2{^u<-q6@s1Q-ge7zlRnvy><~tUS2ikpUP8|Ft-2aiJ?1updpJ*c+{y#i#L4p7 zJVj8NZ}3(mmXG5y+7vs9azDLR@x?`8MvRv&q+msdDSZ2wySgyV*x)lkW)P?tBno=h#S! z^9YtvESqN#dE^T8^~@~l_Sx8Ad!t0Ro>Uf)oaezfMkwDv0iH$Scg_JJ`FbYJLhPua zTtKj|Ndlb<0@8nb4Y}&SP5=J=|84%I)kEar8V3$JEI*#S9R7lnOQv7DcKkT}V#|kM zvNSOSy@nyuY50)?ll^FtNcgGrTDSG1+fqe*)G24V+HK zz^nl}iuUiRTK%_`|NX}M{xwMY5Hhl%-a=w?a1j2h&hWp=`+t1@_umJWLNXEop2d;+ zh==;ve{rCDn8*)*t^PJzl_NYn-GQXlD+kWn?zJ0%cA38fE(&@n5|KZ(| zM-dO@{)xi>eew^blFZ!mjY%=8TrM~^>tw`WaALNFAB2ckU{yRE5kmAz1hL%UVN>WM zfu|NCX{{Q^hK*KAHv+bc0Iz%@P(>P12G|JL?^{MpDrW+S1i)M+lDJN;(Q`pFkl13< ziVC)n-?hqQliXrY(d@`~Sl>I5vx_4AuLX=U{jafFVUj8T64CFx6Nyaz*T$a}_LvYh z3wz8WmQW|zVnWFZJpUo^SAu{@mJ98)7TIcnj0E=qG4%ej7_vi+1MS@k2*_6mk=;mw zDlkdXO};#=Hf3WYwPkr&E@q68pv#w@faM~NfQtd;7(f|n<_jPzmBr$e$XXtF|UCiBd@_U>!v z^)Jid3E`vR2|Qz2zx?B&&u+Nkv!N@VN*wL()U|Xi{cE%!DVhIjlW-w_ zh(9zj-NT0_hJZUJORmPQR-=Jyp6cWYS$vrpcwxW|GndH|{eJ(~x3G4;<2}5Sz;V?K z;k#31nXtlv_z!Z{YGIE93&kRG>P9ZizDRuqT}*} z3e%fLQ>y1=~hhfZtl7vzu z!?Xl!5OgzSLJzP?{A~k#?a`g+dj^w_c)%FF@Vb*uX7#dk=$HCx&;)AeN_e#xpy|Z? zHP9BQ%CVrK2Sb>kBjTMb5BlUZ zu+>f>MJdeX&NyyGx)rLDaVp-r;Nne{_x2Cw%;_JR?jL5!W6$_sWMMNGKk6R`cChmK z17n?hqGw=35nRu3c<7c_-h~-pUUx?y^$eLY??{AI0ecO!l=9YxNa>vO> z8=4PI48Opv7r(LJ9NoLkQ|KRK8hP4|iL0LIruwG7iJmF=$kE^(rK7f|L8JVxNofJN z#V|(z|G0oEte7z6343ftYz!*70jOhHq%wp$t`YtVNox?A=;t`gBvOI9WlaCDIRs}J z$it+glVS3eAp|WssHppF5T^J-V20u=17l*Ox^_A_D3bY#2?yR5kN8;9R?R3ws9^>w z9&nB>vo92~&;QLlE)=y*JXR=Tz$+TImbQ4gbb@#aN-ptYTFiGM3spNAIl;OO?9{1j zDd5Sj7Q-gR8clUC*xBJ#_0XKsvvrm|nC| zKb4*QyMc{2rsnk(&q_5<4E%9p7n}89+tSk)-TGKua?>=OZJ+Pn&zhV4zbvZWjyAwr zBU=wyhz**D`Ov>u438oA%ScFr>aHL^kYu(OKQ=NyJ{py78zY>XWn<(jAQ)=C!EK1l zMZE($7V<$f6)-Ifs9iV!m@B#J=oq8D4QbB6edHR{xB==<_sc`0vkOX5)84s+jp^%H zg2mQ0Z+@F3@u(ocxCp2P1LPFl+ZRuxA+p%J5}pQ%y~`{fgADewme>@-oVg1~(o9g_ zf?Xt_7O{DkxbsR;-7evyP}ILrRzOBaz9SP0lnT3|fMi%5t(BHN9?(DlD^L;vV;$Q* zuc6;056&qzs_$bb`Uh^gWx)S0&6Zh+9seY^a9+)#N_~h2nmulty~);)TDeFu&)Sey zxoA;kkc}s(qcx%GV5PFoZH#v$vtv*n=xJ`MTd;lMf{OA5{PugdEvfTA6~(^nzxl+w zx15>1Zb=<0jefziND*!}pdmqui)6=`EJfAa|WsYvGHJZrE^i z!$TDd7H(evr2(49CdX9{Y!l{V*Sl7BosiH#@&w46Rb$@nEN>gh^8>=TEVSV|(T0*# zhT2PNxzz}@LsLo;QNhQ~dbHs}$YAb=59Xq2t*Ct8>JAK@xVB}4rY-X=Bcq@YYgAH7 z+HB$1Yn6Gp%3cG8AM^n{hL~7Wx;ru7vtZ$pcF}U*7r_WQZz0wev`i(or(&c8gGquG zftD0nEktT-66FJW%}zoEf_(sU23#2G1|+fp!4?R)gshW<#orlaO$7^)swrn^CT zN8Rexb@iR_5TNDpv3`fHE~B6+t|&Po!;l?S2(6vSWTPsX?^LEnl^FB@7cr_`MMbXC z4{L!?TAQ7dUf5KK|5L{yKbYTSc`Ci6HfMY1q1Byr*E1`wnwEkDbifKbGOEbHO#Cn0 zYzT{rDmIvS;p{@zu)MZ*dF>`w0l3kHh18a&Z|1B10o)4{q{|styPJXLnjss8k!{*= z6D>?ozORyeu0u(9DRI=RnlP9`wUL$8qJFJPtIH^d4|_7~FDSGmf%O!klv7>0A~5?n zAPiE;6PZ%jy*mo!iG`VRq@Y5fP;SHy6I?DRkb*2y16dE)p1zY;Rd!^@$Q6&8;Q=jv z)@F6EHjd9^KM&^qC0Km5Z`o!ihvvj*hh}TCUiCl0e#fqfDKO|=4VS&aNzrvtsMZ7JW!iazeRtx;{?+oY{ZDlKLyU=i2S8GrY`fsoXhX zENVwkjr4!EGVwVFj8>|G{6dV}QpF4ldt4$A5`!{-UGpH9=p$ z!Peeq3JD4EUl$b*kTT`1@~@uI`>#oy8E=aV3DH^P^_T-mhT&09Z!VO~ z@{nSrlpr`YQ3d6d3VtaN&4P@%(gh-fQI1c6rOcOIJ-I}cGAkxT7?3!~K!UhH@X0D^ zO*jK*%yE+lnu$(y6x!gcCsncbwnuh5PORXgD^57NBir|a#nE@XZ+tlp%Z--fOZP2Z zx{s;k4=&=N+6j*~l*?C&xZ`Z7eJ{IZ>G|g`^|$YB_Yc9NH6hXrNk_77?OOXSv^Eb)}^0Fcjg;+Lu7uy^$856O^3H zS4|C7()68%g3$|RE@AG2*82a~WJ6#{U?c7MFB>j)vfq7zk2M<=Q!ea~j|uv(T)3vIe( zI5`vO-Q?(bI3yADZL!x18*~;NK^-yHEFhexTB1vkNYn;n)-d6EO~NFswT0v+>jEJH%UYAI2?U((W2ayF!-r7k&A@jfACoehahcJpUmR+tobGyTttBJw<=9lg6B=61dM zY=~N~S1aCE>*uZUzv{nPWvF^@-oA*?M|Xc?4Ap;ISW5|&G+ExIPp}7=Jl0-U8fi3T zKCO26cV6K)p(Oq|&!z(XbE88%d5mB9Xs&GGNOGor1lSLk$>|@5K{Q zCuK^?&n*PbB^ER*@Q{)5`&SZ?i29;5i0N|OAZG;qXt%)D!@6~xe=hWDHd*0>+E)&+Qb`8+@jH2t$K}x&oluV z-oW5h*=FUlj4VhS!olYW(rJxZPGhhw7=PfjwStla=$X-I3Nf*HK)D5fQ_J**AfUbm zvC>cjj6R^XVdO@mCEUVP%OdA3e}YAu^NTm#e*32JkAf`hnjx)rXqQ&I>o;2MZ+@lK zJ@-$8;h!Js^&gH01&x0m6!iJ~DsAxlUzoJ&FW3$XnttCGYQ5!i_A=hnpZ+;s_zU*6 zHYiBzSAA-?fBK0o$ngo+>x@R-gyIwC*Bgy`KmUg=*r@-AePA$|41U`OdXq{2A^SVi zsr6cQQ0PnebPb?fO{($V{+;gt1g~1Du}tj#Ymmhf)W1=_7g)yruSP>|-@NHI9LfD`9RE)Ov1i@#6W@>g$ zPQFlC2RTF*Z{~k{1sf|^$B{KI<=q0J^Hp|i%k%yl{mcC~KL1nK&$AWmI9u`jWd6J7 z&YwT`Zec#dp8D~NA(3O6bebaTx59ta0^!GH8zh?-V@wUVP#pkO1-tdeEbrbi?{4AR z*#V;oQudvk-u8>>4Vi2v-&#y>FkXg@GP!t0w(TaL9U-tS4`9k$3k5olZb5SDtc7ju ztF~>Td9KJjT+%a03rjeB=Pko|yV+OKjI-Txzo(}0yxkXw>9Mf|yAfvs?xef+ntgS! zmGSPjc$t%mT0s9fCxX6-7cO_%#eahmQjV>DN)_jr;umHxjsd*C0TFb*NMbOy{A8EUwdSI; z7UbuW?g_&15^2u`JOhg-1r&L_*t5r@SId#Yq)z)7>26Ewh{i_N4hMpE4Q#nh%cJKITlk=wmUDsfWWn-diO;Ypp7D%QR8!ds>Yc!KOPD@P+Enu zYz#~ca1F2ls&){_sCTIMWWiS^uC4O;pR93~!NO*&QRMbG+vel3EL&I;izv{Vi+@`o=~6I{srn2 zphV{;%S6;C3>Z_!hEs$FQc67bAt};wj5{FK4b(5ByS@~Nrpb^dojfr)(Ywh-lgyU} zxYXg8Sa24E*Cr<_mq6>>KUKNb{6b*(nkPYpf3p7$jSjIP<{6iP0n~S#ANuL~8>Kt^ zqyAAYZt3HbLmykTbA2%u{DM+wy41iQ+6>4dK9mi+ss0KDL>#(ZDS59NPA(-zL2?r6 zrO~FYjB^^;M~KV9P7$qvP!qIV&$Y%}v<5lJ8+I4K6I5Ps zyI=~DEoEF%0Wr40*Ty_AEI=?Ni8J6&h;aF_Ie%!#4?7M1;-RuwjD$&gE2yUq;8t;Xy?Dxpt1k*r)}~ zx)eU?1G5fv=72DlEfD6i)6udRC$P;8j1x#K&W#h|p+bcYEk!dB^3>1_R4VLv=OgAj z3&L`=P7Soq=G#F%mq>3jfQv#tTk`vS??eb|`NnYB?2M-kfXk7W_n6Xd35l`p z-fb$d*_Gy1s}g>yHP0RgoA8ccjV5H`%@7UO-eF0}x0r41H{rAn4>Iahz*9Ur8tIv287XsMo~vFDu|4ojvC z2O0!OnRjkNYDWYp>&p0l?vrTc96>9W0Jg3e-0K{7aS4&M>|96?twc5Xq6w&Sp4nGD zood-KTsw0<<}8U?IvJN))=2CwWbo#Rt=ZzA90OohRS^0zC?p5z=&O=kjzEkWG%Apj zS%Ls^hnxwRZ~(Lru|GKgb{UOtYr^%pdb#G*DUBR~aLus;JS3{8CEOHK)FdM|Fh3fZW79$C#QmSc)^KaXV+Ooq>+)uVNVcHHy{m8cOf>y zDvk{=yjAI#i$#Pl+_rtzU7IgE@xsaBM@!UUHKkRSm=brs=fx8hrJWsBzdVsOyEU?^ zd)2`51xnSc{=@!%JiYv`59?X->Cu0_Gbb&@PDXclv|m;DQ|XTaoVh^>W0?d%I$Zv!#xib zxY7nrlpKBdX8#Abs6thl&uqW-J*N9BlWo6jrLDnORa1~(n_Ao2TAOX7*W0Wh=_^00D5t#wTY`eHWU2+4+dhwfJ)K zXe1}WO^PoTT1LQ$@g>lRjsbeAMk{kza`NboH0XQ*GuE3WISmm8@!!Mdauh-o=2DnK zVqvu!D~HQv7r5zi2gG89NwGk|GZ6~j4*+c$+s;Hro?%IEv5L3e@}GI`9=7A2Gp%>G zo)L$8{QLNcGi}K8gJ4;s{(VyB=lo~hq7u%&N_is{2dL1t@kM6>#RYJ-)iUM3APZ;< z;4FePSAsz)D0Mq%bSR>rTmLV#D|ov^g%6vPAr%Ljw$@Fzy5o+?74HWW0&!vH`wm4 zV*KM7{^RfNK@M_v@h)4Q!4xrH`Okmj6tKwv6ULx)LEmHrJ^K;5(@Lz>(5YeGRpJwZ z#)g9gU{{b5WNeVhSBFnnJm%{}|A48v1ulTSb>>rYO@8UjmSt#SOjuUnpSp7}S1W{d zkZ?nQwUImvz<7;7)JU&|U}1xyt^sQ~3c&Lq*gulXf=mTCnzoxfs{+@46`%nJ;0)Fiu8H9LTle>D$ zk!xfCo{#DUYVL8rlm1@8|Jv<`2H#X*h`!hGjITP#5<^f}UR8-ORr#%@l zHmBK?zhldezBO~o&E_Du{H}J-Zd~29rw&m0tKPl(OV$br(&V~9*m#-PAJ)TyXQ%7{ z^qKx4MlE1WinF{sbBTSu(e3qQd3Vun(0jgn5-IQKlo3q(zht0MWngEAJw&f)9PeV2 z?^3kSm4^{~&6xL^b2xg}BR1Jd;=RPQ%q)VW0Fa4C2aLzuY4r^=)~=_R#THMD1hW@q zD<~?itgdOwpSNhq^6m|N8wUn=?mGWs0l0H1Zk)fcec9%1doR4?a=P&v%l&({AG+$= z>!=&}JP;##LTK=tL&Hp&S=n)A^|M!P+rDS-Ro5cJ4-NhA!t!xbA$;2s28simZ`fyt z(0>F$9>@hO91_)Fb%R2{e-|bQB#JC>1|p?k=73Wpl6-k`=|#*4FrhIUy0n_L8Xds;gf! zR~5bBzp;BQTmIXsBJ*okS0%+Cc2=J*U6`G|K0SM3>FH|cdq(5mVrotow`J!o$;)ml zK3x;@HzWLA7FALH^r(`x{u^KTEnB{}I6jF=EaLWr_*QFl@ro725g|V~c@fgzlk{TW zzT!k9J9^StR1~?YZ^N3%vOH%}9BAb`)8`vlwdyzWukZbhs+#NPr`}bRTJ% zQl>)W#jea`@>O9dOvhNF?KE~@(*bpj7%)ZJN%>C#{~3;JrzgY_@H-R&Aq@9+iIKK^ z%-d!1ZNl{qz+^xN$K>rB^Y&$tg}1Mm02{DpC^w%Bx5o%7%{RRY^L8neXuWY}Uo7y^ zyzLfmW3g`m0AYR2Ex2B8_RcEyc3HeD0$4$C?c$qjM>4s0_SKhSw;mpwQ@D{vQjPik zq`1uGE4Jgpw|I?2>a=2K@7s0$q;d_3kR~nQ5{2s{VkHXjD&i`l8|TAL6NC$>WQUzb zkzM70NSb_cSaAk59Uli0h;$>MN@&f6_$jY2p2`$r=v+IXX9$~3xI8Z>4OFmWC`S~F zpQ?DsWXZKnX>Tr{8IhCI+@?!3%q(`7&EH&_o|Lk2*NWBc>w=mSk{X*?mwS3nc72X% zKj-`9qX|rI0<+i>Qj^l**GsEi3s*97;>3WXE9 zol#N!^W9y+a&v8ds626*r@We5+j5iUvEL-*7sSIu)Py#oknPQMII{g)-RvMd!2B_> zpfo8obep~PExxJM778{gXs24Nc@JaFO9Q8_3|zW7vMnr%^yCO)YHgOc6MlKJMyzv} zZl;bmAJ#UOCB#FU552ZAg2wis7jDh+>R<87+}=E}HOIVpCT|q=Ii;Woq9{UOfH=S` zHF*;$33}jQ5J5r4A>p#MjCos3661&X1VaD2#Ux!c_GRz>lXs0=_-hh~7BgJZx$vs5XN3E6gVpjeP27L|fDL zO9D?5KDm^3lM|ko3T^N{oQHlU&gg_N5<&kVwT2{MrJD0xxhnKC2l#*JsR-xVaV)4V(!>^WnBKMasMl zk&4i}S}r-AmGvClV5Xcu;?N|yVp1IT=!`kV{ujcE*UjtfUd1oHXn%Pt`(5e6MS}|# zoV_b!5${+U=UhB-{h|zh*P~4Z@hLkVRrs&k>wMCcT(*2+DO;wX%@BU)be7|=A0m1j z@_Q4&Z;3`^-uNtn2!(Sq3kG)tY8I6uq{5R!8Vu}QGm8hNNIYCze`mb)v6>6nf@|&b za%;oo_N?NB`k<+UMlpS2#NW(L@+Q|!D=sO`Ua_(60Mu*oPQ~zD@{H*34YDm_77oGg z3}!Q8k3dr@$h<)^p&;n)%sfW`dtV@72no~#H8+>TR6 zf0r%UX0)C+zUQ;Y?%z|^HX}ZD_C}NwUo*>psXsKt$s=r_n=Jvl873fBlR)_f0z_dR zJOE&HM5};4LmN+ctDD?>qBWD^)#P+s`0)+^(O?&91WOeiANyA50Fbf{YA1`4%9{A- zB+IxaB#4=fr*~d*`hp8`TFcyVF*XA$w8$0B3tS0WyVv$FzaJhr>(>kQen7+rIl3| z+6zi%PG32@L^-F%m}g)>N9q6N`n3LFTdX|>0==WtY>AnvicnRDCB&-a5VmK)H*Eq0UKTHw_xB=E6t~~$Go#m zKH{EdjrqVp^u-ad7#YPtjdes}vKwhxttB(_ielev%!nhpv;qyyeBhzyVQQ>{wah7F zShy?8Ew-%?x+Y`uYVpd7y$R+KjV?xlbE7>PxxRH^rczMf#RLakb9G^Y;4KtDD=rQy z?}7nA{Xp#?UPA&r9)r&y5~X}tfss*|)C5>tPq5~vu(x_CCdPG_|D9VL@y_t!$YHx)i}Z7s4cMp{k|rI|7!pkEA?e|C9Bgex!4 z6_FutyNgBMvhTe^ilhFoj?HY8%XJDfKmXNVu`gY@Ij!#8@w-{{r0%x=*uyWA%zd^Ht(PK^mc}+}cFsMjA0B}t@Vwo^&Sz;28 zQw;^1Z6>D*s8K z7i(9ulU*laJaRlMnvA|Fm5^_{qnOh5PyW_ z(`ro#Iw9t-(;FEG)ntTJ$`DX^t-CBG{RN zT-rkiCR21MxI{!-K(UAxYamI};aj3H*%iHK9kX6_j72`bef#tNcaGibe{O@CY4+=a zP3nf1w{$&nprz%&BV8*_PTwD6HmCYM;YlziG`<-y$R@jRxrdFWn$0o0JA0`J|Fh&- z^NM}CFwFri*DdS9{V$-Hy6OYbuH+>DL!NUU91yZhsZ%{>g<9D#lr4oXa_GC!G6{(p zxK%+wqLw5AFmDB`%4Y|gWQ25wQ86-K7-Wtk=yoz(eHUVpn*{H~l*wa_?0fKuGbcGG zIQz#xyyyGMx%?!>64ylVS61IceSpa-u&$qhUBv~m7iHcxS;N)!8*(A9T`@LX*4$6T zA=sOt1l2oibh;@;J~pg%VSnxhKqB*AnC0F23hhCx?&0>W)KS_Eq#WM93Y6Veu^rhe zqlm42(xwC&(_TRA6^#uSwNmz?O2lWohg*dwj@B8tN^tuwLZ!5CMXyl-T*}*O9?`n$ z$)TIK$l^<#M%3O4>>_;AD0QLPy9M~Tp}5Z5hHJTbSe1|}$U6z62y>Iz9uQiL9SBaO z;)~_T3Nc@R5&!)h1n7+6PLmjp`B>tSpEOO;`A~-31|+K=$l*ed#B!L);*u&tLo-ij zrrwnr78aLQ6bvx5pm6>RcspV7mX_SGuyk*F+P!IEVeuIyNQ^U;WhI1$ru#Aw9~vH) zUSe|Mj>L)fB;1i`^0<@3LbFb1rrn+D2#ZN62u3OvMvYM$T$Y)jED29ntJA}yBe+Uu zzr;Uk*URByl6fvcz>yS4jD$*?>|5Pq0rg=mtGd4 zQ?aNRN=*%oj#lb)j;+P=40&dRJI)oV(kUX*XF`G5?MI(U2c8(&9|B4WyvQEs3})c=)#5DdYPO3DJ&r|)U60t$rHlXhb3GdAHF_3{;Czbsy*@>Z{NB( zB{3naA?Oz?Yjfze#|ew$a#Tr$n~)f%<0#o-t^j^Ewrg(T*07u~544&Dfupz(%lJq}dOazl zfiDTyK7z!S{LWw}0&q#Gjz~9Mni?f9HGvw%%;_MDB2kS$p6AHFVqHsi!C9{Vi(hd65d_&;B+fq>Vvr&c3Jp0qpVEJEfdQc@ zYe+C`e%Fe<7CMY1_&|4qD+6>l=+9)}dq8VqgCmJQNaz7K@YvZDV)~3C&6POJl-3A* zY6u*edt=NaW_y&AzAG7U6J+X?2NcevR9cY#_m+*kHoL)G1j9w5?!Zd~TM?0<^@tAx zeq(&xceZk}oeSqwe8P8mckWy`xBL^%KPjKPaOY0%F8)cyoP|?&b^PbvoyA*CYLQy9 z)nqhnEfKe=OgpmXAGNJMTkj+WpLW`sh zLU>|e_tU;b21*6y4Fro$DkBbb25D%;B?*vfDT(x#$;C0KM-)e01qQJ+jKs+6eS|45 zKXtRmns2TBEc5ePtJSlp_YwbD|J(kvkL1|Gg7m4DxZQKZY_{yM^|z-hPHA=Fx;C9o zX9&_QK5U7!;Qut8HbT2t3+hsjls070Y8O)mv&Beb0tc1@!M^g5-bEg(wf6JO&uZ~J z&&{VU$3uF1AK`Pdb;{(qyW{lPZksOs_Vw}zQ3i@dc`1Q1ESB5EwN(Dq;*rwJl#AC8 zG&6KVtIz(U-nlHe?4Pn2FiG+Eo9nh<|0tcmfs1G@ZI(!wO1uR61Ffx+`Cq5W7wO+% z3P#M-KlVGRB#^1|kT@#+DDH=TfcB87P{QPy9>a#DLPf!&2&f`ZGu@{c68C#3AAN@c zX9|mF%g&WUaXP5;h_uOfqC8LmKll78@A#eXJQt7r^lZ9k@+{t+;_(yjgS0^0cJV!d zyi?OvT*mM&NAYW${FeXV>=Ai}Wces7Upzx9JBXemo;4&RzrW($D4pWy9Qc_6c_yzX z^R*$pZL&_pd*VLSrAOR{@YFIVLTS)2YsLy4S zdFVaFdm?R0nViDnn(q0r-;m5sd2qjSGH>9!Oo8(N;xQqKJc_C1P#k{2be?<{)I|iY zJyY``E|$uoK0rS{B=g`W+J7>R&gaUJ!pU?!`I8Sx?;z?L@ss(fT>4GcktkzI9KFZ6 zG(1<7hjf&4?j2E927W<`Az3s1@NOCSox7fV2GYcMp)%<`#4i?STu(k%ydToUa}Y1` z2F{b^AdTL`gSTWIUcPr{B~veke@u8TjSN_aH2nDd>IZIXD-cyJtuS zCWb5y@#2Sg@ODI;_|8DS2)q-0qqrY=J@k%&v~%xF*LdbkI?M5&ew0@{lk(#ixKDrX zUW!M4dN+Ds3L}4d;OxOY=%3$wLuH73Ln5!8!r%EJo~{)*(=#;q(eo&d?xi0=%43b8 zxD9w-uXIA(>d_7(wXw(TuWzsM=`<{dUhbsx$<#cf%MR+wg+pmA=nf**iRv zFXVU1jfx`0Ddn(gx$2(uPw zmIqrCTCZ&N&sjTv>--NE^e?z|Vd}zTiw?B)v^}^ubV_G zFZAeo9`4=MXX<-(895 zbypw1X6`kouFbplz_o84E;@YZh~>!I>)h8JIa+b_*wHVpzxeuBjujo-b?ogMQg7(H z;mnOCHy*l)-?aIr*N#^ozx(F7H~;O#owwL-x%JlM+rGU0+1o$A;KDqkjsgqyaf9llGsrMgP{lKvYUVKpVV8w$E zKlsJzM;|`$$f`%PA3gq<;<2GoKH56^?BfNGA3QVjiR33!pWN|O=2M%WRy=*>(_cTc z>e17 zzklbC>tB8DwfV0-`+EQDx4!<-8~grL_9y?Fe|zisxA*+H{+;A^PW+|k-Q>S6`Rl9i zS>CUH|I5Fh_@LrL_eXIbo%zSzAG<$(_>;|_W`BD0vzebi`GxIY)&Dy9WxEHg%%>T20m>C%Uf6T)O+Z2DG?C=93HBL)Kj7(;f{S4C| zQ_ys_3qL8$kZV^U%#r8nKv)iapc8?x0uquJ0%0W(7`_OERk9Ek9tf*tCs=kMtdWJX z7Xx9f%*Ngig!Qsi<`0C8vNBE{sF}=`4+6K?T-SF25uS~L7 z*fnGWJthyKD&XMv%2ohPD;84nZP-~3BD?|TSn$Gopf%QuJNv}3L!_<3*U)|I@h^5t zsdPs_?j69dAJ+4oC^=I$9e4KNzADHiDXkY}cfw|-6YsJKC3J|=>Fow!6&?E{`6)$u zXZMffi2Yuf^YH{Kvs*kr7T=nQFV4hwPnMMXBPGqoTXo{S=sTn@S}n?o#aHwqW)O8q zDL+)Nbk9oUn0)GL+|fVf9=fL5pi=trj8(|LLDa!I#8LfHd^g%-6GD@v^x!VKT8Z2P zfjaF+47I}4TCGJ1RPV8}I)r*q`Zm$tgJ{1Ja1XM8Yal(p<2(0diYHOe_|I}?p@yWl z=@GS*1s-81-g&b0*g#EF>?*uXGu~z!&Qg!d0WYTn?U93{8@BM1?U9F3CjP$J4(-by z_+uX<`#1}kJmteBOsQs`ur3%y1Ut76r#gRW)M*mPD0H*O8Ak|(Z`9blKR zgX~gv8M~YvVpp&$*;N3hyoO!N4znY0m~#{WeaF}h>_&DIO#N?WC)h3QR(2b^o!!Ci zWOuQ<**)xDb|3p0WGG(dW5aBOon-g3Q^4DJ5O9|dv0t!<*(2;x_81#wkFzuE3HBuX zSw794Vb8K(LZ|Il?AO4Te4hP=y}*9UUSuz^mjSZ%3j00#1N$T32>yq?#$IP{us^Xk z*<0*w_Gk7E`wM%Q{gwTVy~o}M=)wo=L-rB-2m6?P!ail6vCr8**%$0z>`V3)`x-pN zaW=vH>>DnF6+2|pz++c(6<2fEt-usQ&kZ~X7#G3Z#Le8ot=z`#JcK)BaXgfV@o*ji ziY$u5T$aajCy(RtJb@?jB<|wLJcXz7G@i~g0CAtivw048^IV?C^LYU;;sHujC$H#jAM@ujSJ?NE=?y8+aq1!JBw9pUG$O*}R3f@;Q7ipU3C(1)u{L@ixAg zFX8QcDPP8y^A5g3_99=&SMg51ny=wqyqmA(>-c)Uf%ouU-p4ocem=kl`6j-ZZ{b_{ zHol#o$9M3Zd>22T5Aof658uo8@eBBc{33oa-w!*JOZY*4DZh+g&JXb`_?7%Bel@>_ zU&{~kBm6pklwZ$}@f-M!{3d>!-^@?&TllT~Hhw$5gWt*T;&=0V_`Uo-{xkk_?&Ur{ z%t!c1em_6OAK(x2)4+TE1%H@7!XM?2@lgP-oZ(OKC;3zSY5oj&x>fO+( zL1~@KI@S*=2D>+OD*AgnRvA|HZs}Q%07YviFI1cQC{Eekv!ZvazHfcUwq+~3`&X{- z#54OkI|kMLovZsh2f8%$Dx$#ky(`x#Rg($5=^W5)?p?oWL+3KQk3JBj z2WSJ~O?|43{VRJ{b*fjOI&hW`cC1n0H=tP2+q+IfhYcP5>y&-{-93Y=hnexU7g))x(0P3yrp~9V3!VQYkHQg?_51-kb)~adj>oE z_0mN@We<|VYc~xHcCX&1pl{K4_pCxb>ApZ%?Qf2VR~S0`$S8Z2mFu(NO3ijI}* zwsiEb3R>NPDxAF1Oa>HG>B_zibOLmY-ahr}-hRq%5ZNa$L`i`QW#`(?m4gO6XLEnA z^yNX57vdANed{+3ETfL0+tA$;2%=)|NtLMMuwMu%o}fcZ;Y=y%ZF0p^?Iy`gBr2^axQ!)Q|8w1Kry@ zm#yBke!U?O9@x;ae!Z!4>&o>V8#>OtmSRo!>OsZ&&W_a>BmJG4&TZ&u|6iHbuH3i{ zMeU_TJuTatO}Z4Rw-F^uw8~^1H``>AW<8S`4j+)nB}H-x!nU?blQQ`hZ!66sZ7(Xf zTb#GO4K{^nhI@ah>flG(2f8#|9NPFEH8^-%sye_Rw>^g{M*>6pj7fqtJq4ZTn z$6dB9n#=Y;3rP~>>ycI$qbWTeC?w({Pm2uXG$-7vluWR#3q+ErAsbMbBGVF*7B&{I zlHF*NVujG~z^DV4>E_U&qO0S5q$zF|n(TwuG>3YC2KU+x_xF3X&CIrf3`N-p6hqL^ z!Le0KX(e&o55WdFujqs#&qop6x`tyLF-&lbzG1hnGTwW-rmBJdr9-X_IsF$#zCP*E z6I`Bjsp=HOX`ta{DD1}?F`smsKxWd0qQYl`uujD~3Zxj4xh77!o4QmLWTnWuAf$@z zPy|p2D^d-Pvf2%+pwj$FtBwpF#E_@shahSO#+5b5^-ATh${dPOr!7yVGqK0a;RyyUv0{A1Mxp-!04!>i!&6vA$%?xpF2gIu!i(+<5JHBdHLP2;Z~4I5$^tep*iA688c9{Aiu;-Hab_ z700bq+k{a!(+iW?bcbKEYsO;Ef@gKJV6kN3vAAKOpKW)}_fz;faL}_NXfs2r2wJT=zB|>3kToFODVA}k`muQD{D6tvDM0QNAa@FoJ0-}Ovfx*TAcr6a%eW4f zaUCKYA{-)|*0y*0iF)U}BW_0AjJO$bGva2%&4`;3H{(ikt~4hC|6z`ThT*?Ae<0Ltp+9or1s7g$+66%if))fV z2wD)dAZS5TmqaXySQ4=$VoAi3gO?n<u*bn32YVdsae9vkj|h(lZ*}(9 z`MHlhoosB|wr$(C&5do_w#|)gYh!0$zE|(BcdJg#^tq?+%}_F^}-HFWslK7SziGf3fHK)aN&n+qWT03z_Cq4*DA!I0%< z4(7H$oW+l>;YVkx+)Q6)Zs`2u3-;fbkpBlna~n^yAC3e7L`Mh!`p!E7It)Yhl0EpA%|9lBSa6!H83~fz+xR9Uu#r)_r6h1t{9PFK406^S`007J} z0Dy8^Q;SpX;AHyaEB5;1OZOk@@2OGUO^wWc;{4ygg8zrn3uWh@_P^)@rg;nJ{%faH z{)-6!Fqh$O>9JvKU}9jf2Vw*Tj%Z-?(>L)!AkpmS0SCZm0TBcKdv9iJoZa6)*+2Ma z$Y{F1e;&LbBMPgq-zPgizp*@hAW(3h8U$y^pD-^rP!UUl@fW3{fdMF>2^o?D@Z&#| zFeMe_h&Xckpr-knccW#LC$t%bFA(y4P$;W#QrPkedVmsvfOycz_Uq3tt&pnJ114bl zg~FWaistB(zB$l>d|5;m26GOFSGZ}!gdDMJ@*yRrI9hWbukeJ16F$*#OU@){7b#J$ zBI-`I?UPbZOxRH1f?+Rx9_09X5mGuyNolovrQ}AH5+Yly{$Kzbq8O?pNrD)y3~Vopj4Nh+nJR7glz6zvGYFi@p&!f;@z^8B!s z_}bgY1ipE1FZJ8A>lK%WUeBGg74N6$EY{}-s*km)sqW$E?*0d!v8F2n?#(p=B`vt6 zu8XQ%FXg%mQQoTBi*oX(a(pv8ag2{HCLI<%!!?=)UxXOF7Xqun;~bY-nGRomGTgoc zKfp?9;(y8gN#8xd0f-df4+sRf0Eq!Ee-hINXa@`f!T@G~PJk?c9Pkei;jy8s*d?be zh`0@h01`O7M##B=+LRGL>RkW^HM|^aWWpVK3~9;klo0I*L?93-0=H3zm0wUSkp)hK zA>kv$M}*959Z|@_&E4cYo53tSnNaC|Zat@bN)kV~4L-y6B`49+1b8XFyo`-$4u;UO zF?*bJ{rH9f&ss?4wgMdU+EXH6$#Ms3HJ5!ad_sqPd=flxV>YuaJ}z-VofCncWI0L) z-(t;lP9eMpE$7I>3D9_^Nt;yw&(0Uu3R?aybEZ~DiRC2MPsH~6ZFJK)}jCC&9Z z9=3srWW;Sm82}|BB&PZnhCSCq1Ae6RF(;55aD4aMKL@h;W=(`At;H3dQ4P||Z*%K@ zDymDZV>VjI-M-SQ{14^Khu&=O7)UNY%#fh*K-S#Hw^ZOe4^1tL1w5#*7rWQL!j_AO zs%{LvM)JkJ2Ce^1Edc1>KLCQq#&i#q2hOT11&=#8cf+(nJrbxyHHZU<1P$l_S|M9h zF`IO&jbtjtdZQ_A>Xn3^$yit#M{75C+#v@}&XU|#=?tK`iB&G+(bQ78UGkD@=Fdwq z%anCav0V~>4XM*-o-+hMFe>%>i>)X3pHlBAHfC`P62>h~+?$!7a51z4|Yc#=a{Kx3q0>()l?W zGcgICObc?EuzZNYt$HvhWn{(&4`u~;5C3{quz za!#jZj^kicqzWCuxwTHpuWCu@&C9!uzR9Xmn8Q{zb0FI&}kNv+^^w|;cuDN(C4Jly$lYEqQPGPuWl%=yxP3IFt;bFhPvTf9pCLeeQC?ut4y~ob zn-Mn!Qbw;4OM`VK){G}fYJz-iBqwJuGwCOAD>KcdZOykdpg!9%6Pi%s1l7Ji+!r%k zCUNmJQ)>b(B*ejp&SnpRmHBE4maU%E*pS1^$wWyp4(z*iXtM^}ScObI9g9i0MaVih zMBB}!yV=>yr66#k}&!1DX9-(@i3-jL^IllIFzi z_%}LQ+wv|PFqp=9TH05AmV+X#c%iJx8+9|icd-Aj3b-TG4%h7BGUw>xj}p{;bC#cT6=DLUuvp=h zb~3I*`d%-3)bn`adyWSnI;NH``31ABgt!XFde`#VCC!r8r>{)o7~PqEGvyiZjq!|* zrxst8C%5KEl++isl@;jU^HS#bmFOarE;@B8bzXot*iumXlhD@Hj^{~DC{O&^=MS{z zFgAq-Do}!dL{*xX+mpusqZxO+a=4xv#RDha+YDlM-$MBoCe`t}2CLT*NWTqyz4Na? z{t#>WFS4lP>HYbYOFOt^rG2_du^jRr)3jWnrs%vRY|e2Bj^(@eMCW@5KL5G&xY-YO zgB=V~dR@Tovp_!S*xm#%FI_6@G`H_)bL#gEXE8f}jsBZx50s%ARc@JRs%Ev?)M@nX zD^d(NlJshXva!s1&{8*yqEMWI2(}c6)&!OTH#8OAkYFmW!;v(QKv*tn^^=o-Wph;A zhZEC|OlodYTL)i?VaD{5ideze2$Q-`6}6~Ru_%vIMp#nlw6?AxCh>F5pEH=#MOi9T zDPi%mB?{BpQsqh(S8r@XMXg}vYHrPqFT`wds*>xMQUKR)A{QwifgI3Wk0_yXhzM~* znB<3)Kd;BHGijv-Hy%intEy6MTX|9`_+{}pwL*jPDiV7l;`h{y}t*jFRf4uWF$oI-bAp+_IMxYkbWA&q^wVy>Tf zkXGFG})MmP{ZNxkAYwQl;=>j?s5j#alZ0QrY|m#ODe7 zBwA)Y67#TX+*pz`4O~o6u5{8^F}ZIvOb|6X&X92f$VN=y_-R#1Z&y2^$EO02tSsb{ zfKuVq8zB3D)m{}pW<&((4pd^HN*d%Ep{F;Xx6%xH-|u?_ww{ruEhzLi(iRRmXbwsz zDm`s1M00fWXpCC1%Vv5Cs6a+5>){QCBn%A{96sJAejda~OG~s(PD6hmF)<9P-dQ>{ zYT_zNXyik5N^=1i_et}p@NxvkG*&nXBMMt;F9@fh-3HeyJvjO>Ucjyf{Bj3eL%kp! zn4%RJRsWBbh+6flDL z5nrcT7BvO4yTCthYA1SqC*&h*Y0dzVaLxL(M`QzK`oGOQKHS%&_AGg22a&w1r%qii zUevJM$97Fvl&OS-HXTU7)p95i5;V2P7n692xxR%Dovi^i#{c$f%Jjc)rpnszcXkb7 zn(;0?4%U_HDEO6oYd)`1lx-X@_E0|?M&^`K@oTGo#um_g7RVu}vOfG9jsi zS+KlxjIT)U(V=k+i~^h<07ysgs(Rp<8E#TDjz%ZTnw~e1WF@eZ9Sftq zc`eZ*y`kK=9Bo1GqCBr( z!sGSeo6jN@EOEiBYI;-F!_QZ^SP(bkZ$YT8!ZdC8%&D$bV#U)3K0vRs5T0;Sh6x=& z&S$Z41pkAiBD}f5jhH0-TO?yi>Q!z<$^k5J^P~`+Vo3PL#rr8lNd z&9;mG7==dvC?`C&G;0yOs$-&~igWqUI0t>Boj$X3>xxyBfDzx)X4AzuZ=$gE+SV|K ze`t)qlDDfUD_; z7oyU{CDb6Jrb=TmLki$79uGF<=o59#H$$rD$u_wXM>rXJ%x&gr3M9D z)J(LcZjMZSMOVlv@#IU(OBq&>3!tI6t=J8rO|APK+K{uU3@33$4Cn~A8v7Y4fYSi~ z1R;%OuXe%d5I*CSQV23Mh9U+AHDO_tVU*39Mi}nwkSD58cTG?c3D%8i!QH}F zKiK^x&*ui_aI|Dl#MI_$wO(OB3}aDX_fooiy9fTRu*x|< z3k08#j|$QWz_n-OyC(kX_3;11t*;TKEs`1gz`(4Puw%?fvCsHo<}wIB+Nt$o&2NP2k*;H`SMk3{4bi^u$yQKtyVD1HDJSI&? zkbO4&tKvK`kh9@|rh3Y)Hw9D-GLH}_N8&Eu(2P(+kLY8Ze4{-@rnUYcIg+mvM(b% zwGbC?nX}-KRg(sKrJ`@qsgmA(HPHd#CJnrRN7u1uG+r+rdgBZdW4w7!WGL_wN4}UR zUM5HWgb>ldH+e&rzj-SPg3c?`k~iC9tOahNd~>;VHCWWCKkJ`1!DdA8w_5i7@%QO^ zHVa78;bhM2Ayr-Iy_Tf&(xz7uhTU-Q&+t0Di$W8iRb|;tQ^0(_)=g^Y8ON?Ra~S} zVZ@E(pq{x})QxsZE4X(eUb&)SPk;W;3S^2Go0#c>R7uL=jV~!d)QN2Wg5b>GOMS-= z<>8!KS>nr8Pe`X}tv3h1Eb8e21&*6)^UQDn3RK$DMq6E}e zcZejqGrwk~n?fdYjKst<j(uN1o`nY6RI;sXt7t5j8tLmK! z`k-V`C|F29z4DY#qYQlBL4% zC||EmhrRp!N+RdNN#pjBcOJyx8w0v@LPolAP00s)8BKcizh<(1mZ{yR2C5(6SR2yN z-V=!X<5e)ib;z{>eq2n`qglcQC!zkh_=;LUWtz8JxaJ4rm(X*W^co086rr?OO&&w( zs^Ji}(7#~kq_K-4ADU@#V#Y@xKsr}WOS#Y{PxWH5A%bje2oW_ntWiAp92EEHi`R@) znxiMPeFtl&vEZUxX*SweHuAj#h$@nWc`XEi;($%aRkvp6=~~sKG)b;!hz9h?Vgfp$ zYZRE$FMwURN`S(4baCR-L3uNtj3I8UP(t8K_EHWSRu&OdO#cLX z%U0ht7p%M79+v4@#)tmu7nY}QKtQ8`Kg%H_MIc{D=G}^O9kMQDUY^1RD zb9h||_;w{yTxbN~P(lb9UcJ^6dfz*B^=zd`D8UKYrvP)?%!{_PQKdMZX_8?^1*`#M zX0|X3LKll(0N^=NA2R23_RQo&b`u_9QRfd?Ri9VQaO5!cKNJG6`D5x z4JttY^!u>Qiib^2%6)*;oqIZgHcg&@$1i&Fwzp)t-3lE!4eEMuGrLb4?FyRAd?Co} zsIaoovkJse1V$WZZm}|DiWy_AP}Nki;G4!sv!YyMr!-JXnUzAg(-4+jy~To%A(OZA z3lU6gse~vqtp#7ipB6d>zjq1t(6BanW=6vjJwOm@aGu5602>qTZKFINJ^_kBC0OHB zI7oAk$z}H2BLH*U(Fk%0b-q~O_|y`8(pjGb{J5`|W0gQZU+ctv4$teNLYRUatDxi8U7&kimd>4;7PPCJ3k)l_j|F)!KHJpR(?Z(*y_D{ii)&n$Yoe4Hrzt=o57=k31Be0KnB~{ zKz-lyziGGeO1|!T9Ww_hncBVorvG}o^S2wydFt-=!$q+QnfsG8fceUz`!>MCIUu1h|tVrP6fQ8w>gPfp8C?PM?2N_rf} zf(XxR0pY+UKtAK3;(8E=N_RlVaZgHop{vBCp5W@B5-CLzdPDkmiy=i=DiHs5 z*`(x1lsuk9e^MZ)4sWtUszOz&B>s_U90Uw3h@jE~Imn3Z`e+Ztb=HNA7PQGQFc@Yb z%=&c(9V5y{(NG~Wgy2(r&p#p6T7AiXE!FsMy8}iCiuMe%XgTE|d(}>X3Qm8^gF;=w zYLsXIqyDKa_E;g<%J}FVCTQ-dwG1bSu~I#pC9K)b{vFt_yV_hovIDtQ9a4Z1fDX>| z&6HQ4NuUC1G?G4}B8Glb#Q>xjXc}InUEQP&+F+Sgv92bF4omRoMG zM7~lH9WVg{`n|E`A}Y5?RBna(UcjP}0P*$*F+!vwfi`Q{XCDMfZ!~*Zu{!X-4FQ_C!quDgBE3e)Rs? zvqD1-mA&_t0H>$DwYGTMtWOhBGjBHBU2;MZjQAD zJFDPr{kQf0w5EzHtbx-m)Q`U0&aBQs9VwI;@fhn$2@r|*$7r7V$k*cRB#O7oU`NL$ zjV?(SE8IMfmsRsMt5kLS$1Tn!l+SRUPH`E!O>Rz6UJonMXA4uwbOZppVR)U0Zg~pN z%>9piUAu`XcF23LN|ulo!O7TqmyGzo?cIPh7du|C@>~r?|MJz23ZHmlU&gd9HJE6G zg@t#;KjO#WzIN*!lHvizrZaLmT~qy*nzLh^+$3nDB=O2V)-)~@HUL8308#(cjt z*VxHg+mm-iR`falC8U;;C7q(*5P$Q5od0P`WWG`IqwO_c{tS%${mygL$6`j!ZELy0 zQBcnS5}E*G)mtv90Y}?OCLS%xMU!z5RvJ&|#A703L2Fp^QfvZ=0|#F>fD1R8sVg#u z^;>>=*X2PAXScC-X6kDkt@Z8x@PQr84R@zG^Q)+ngh`!V)$|L&GVP;A%RsaIt>)Ke zny^QwDk(Q>GZtm$;5)8MCo6s%GiEf{$VqN}qn;*#jsqSavx6^~`eB8d zQ`n4k9}pY?n4!g=eOlHuTvm!@{DT5)CKA5@rcP~sdwr9lc%^s`)BEo>=2d1@X-V!U zH^@qdvwY$bI;{Qo`+2dnR3-9CaV)Dk>XE_z+Yb;yf)=`FsLDt>Xr(6`Y3nQu>sUb- zmWGY{H!g>Z(N1v1xQb5RdJ0;gw3nrVCd)g4RMSR?;YUr>wOKR--VvtgUij7CzgZZ1 zuW*2)dF7XvTK!$`f6Cz}1)r!NbJ4SKF#e&odgX7dgnBW|+UeBkPBD{ZmY%wzdSl9g zwOiPlp<9R*$yp_aN8A8vG9Ya2q!MX|hzYJMH3t{C3w~o2yrhOSQKImR3`xP01)F4? zg(DFr2?bdTh-R@}r=S(H9A=VGVQgQsil*j)%O3|FO*5w!XP0mN!^?P@lto zH1~sKO@n{0*EwGW++UihXKh;`8jE!e8JH3**Td{8Ifmb-XvSl|Fv>F>*FcWov$6=A zQQg-T>y#7PuZepOL1kOv1NOg*ZTN`g)sK8CZE{PU_-3j0pv&I=u=Q8PMRlX&Kv0)d z0s2Z8vPiZe9CWFDb`}?z8Z0mALf+ZBa6v#fThQpTxc8g{1EALp={JL|DZ@A^dsbi* zXb7Y&5qXoA<8a2#a|J9R} zf%g^|K>j&{p!XGNz4GotcO6{OC)b91PqyWCdlq?pS&Q?SLocgy4jDhg9_I=N1{O>C zVKu6-SYs8xbCTh2KDo_7)<4WREVz2S03)f>-JhvuKP1e`=n?fy;rbx(WKZ+h#ni z09%?tMoBO327>lRf#T~`X?K67?SMbm`;pu3msd$haGr*5FJk8Ld05 z^^#Sr4UK8k#;}P)|NYURd@Ih2zEj0at>yWoBYf)#wKM#vIl+V8NpK9V{Hz#vXPp27 zv2zJ7`(by)F8I~S-%QkLl+O3`--DbDMdE+)#{U&`ipr@@R>XR+vRYix*vl9?9&)8C zQ1-e2YV*pIZ$dPi69CE0)&`lyA&G`)J_PlBYe!f+{&=$`D1%oCMP+tHt-#JY0*eGp zF`U^5sT)tL8^-a}xccPb^0 z%WKysFG#^xMcX}9T$@A|5k6yLJ2mXCnf+nN6pj`kBQLbFvekscM+*#F82y{_4rxWq z(VzU(+NoM74M?zSR#5-Rh)ji+Cg;@zoew~%>4*9FYC)98%XzB+~TDX;>i)RO|-Z8!bh(fwCs9QpJw$5mKhXp$$S1{#@lD!W*y* zUtq(hI$e}|zh>G0n>!D*yIqI^6EB9GiN$xum0dN3j#VVWVyo6vBR<7Jg%Z6vp&F#( zLYr_9GAp6+m0bv1F>vOHK@AFxebzv1&_O6hU+9H8e-^4g+h%^>DW4vFPX~>2CBZkO zgY(R87`94s9=>g-;aDO(0Wq~Y0@I6FyqRMuvlOA_UtHO^;iDCF2T{{V=`jmzS&Qbh za7WN+mj-vAhV~G8s)a;8kS1F#F*@FqRkOCUyt&iv=h5rr_+Z}a)(8L8`4{-t@aqa+ zO-IRu&x7EK_czR!Tx}ioNlbI7CfgRe<7nqQ$Ej2btA79~8*+se4iM*pJg;77k_A2x zI-9a!sGur^e;eQ7)EsGDoS1vJ;BPH6Mhy}1-=}AaMc@hj4GO<8h~~Ow6Fj^8DtMK= zU);WscSm1zyCwRf<{7<$*tA{b_M%$KRojREB!!at9-*Mor-!(ke)+(x}biIojd#)iItJPIu{nrh9(J@4eysmU*Vza{aUZm10 zn&zQ=b{O(^Bl!*jX)~{y;hkMfq<^`i26vU z*GJLad<6{}kRfCSrLOGd@@!N02y{4G$J|y88u~$*rZwY|neetM_%8*e?}t7Z41W+E zTuN6rx?t%hbJBJNJfq4R!u#5ynAE|MsBIvQazxGULG)dGx+6nayZ$U+55x{p7Tx-4 zSPZ357!U=d^v1kWL`af_!L5A!Cln!CL53w2FjeKHZU<&=_Xn6GkZ1HJQuL;D?W@TJ z3_Cpv0bM{{x5I<;5tJgeOLpERV)L)J{s)D!i~Ng*7UU#@TJ0Dsc@o8y8ZRmm93C`< zH+%`jBxcjkE|R_b&WjyrOyreN9WM&{E-+5mD{UdvtENB&4z1(oUvKUQeF9rzzZg_$ zrxGbtG2x*f*#R!1O6i7JOwP3)J}0kt83AFPu-WuWxDYI;qo?L47Tl&GM^ceGt4p^EX}zv z7Ef`{Rp4D02@_E81cy9v3bM)637H?9C)W@5b?dI*jngFOS}*q7|0?r(uRkR8RzGU7 zy!#|fJAj#b`Nc7aT09G4v@&(nqn&!mC4Qr!EzYeP>9btmIt{@Jfuu|DMsj)>%d_TU z(e9pc!qV@=B`DGykt(f6gbrVKi`+}vM(LCV(g~oo?N>xXdMqP(&c0XSn{Hn{>Lsq=- z5s%t1edvzE|FnltYXcXmRrfg%oX52Dc2qUrY|ZT@ClY`U>TH+mej1cRqES-T`42eV z9l&~RESByVzpg6V7;cs5O?4)rj~4>h96lR$b)?82rS4Up*7N&4Bb994Cj2L zhOO*9IkgKyyaIOxMSW2nQfR;i%FUIWY5lukq2+K*#+beadup|2kHuvqEcYc=@lv2s zu)J1ztK7iE_+snad0;x>Q7oO6rFlV2uRVi0=6RiCcFVe@OZUOW$eE!b7EJpyH0w05 zx3ZewDd!s$JdCCFrHUPK!Hz^uWhq!U82i<{0W$ZGJtS?Pt}4Iu^5`3bS_3|<(AuhB^7;Pmp1-0o zSsK8PcCJ9tn}P+9Y$vGD7=hN@mFlC>@@vmT360>v6j|LndV_cll$6 z=`bU&8KjSIy1OMQY`a0{XRZAk>>Xxa!MQ@oba zP8BmTfeI(=ZaP1-X$4h`c0AbJgt+#_$+>ciRU+*Zzx_fc1){6G%C8UUi-e)GV2KrS z9`))RHnbF|ry3FkT3KjT+1x7qb17Zrp}LevLC|2tNF-P%F}NOM&CD4zuMjPeDFu#dS3gZBB#D3OfgJl`R`3N z_k2-F$}iB-T@}2+^2buf#$D7NJx9a-@&Yt4)nfg%b&~*Uv)hiKRhq_KmP~XvHPfDv zZmyh1_pY;BvGZHEy3ejDf4}243!k*;?uEgAusSw}eeT@KjhakG@b8+PgXD<5a@Hlk z)%+1+_~{Y<$iY3g>zoa5Mq*gEwkTSq`I>9Tt~uXTyzG@(PrTGnHEB=;_|iZE!S9tZ zg|S&vqKWx=YT)=^z2Dd=iS-A! z?0l7X7?pEN6%Mt71KR+285}Tuy#TC1^Z=;8q7jEkL?&Y8>Y;doYQlnC{By=f>;M|Ei#&ArjA)}pyzVL#% ztW%IS523zea@-S(*-&~wRV|Q`M{J)m1-&P*`hs?6kbYkVW&(MhQWFG{#(Nm?Q!Uc| z#N2Ky)@MU8!vSzs6$`RE7EaYI^=Or;T}>L={ir7KI#gByC{Q6$s7l~ zTia(#?Mr_wiG+A9^KO~fiXAtbo@cqkESKYok3ky)bEM0~7Q$i25nhr=#^IMZjEl{X z2V|Y0)#%ez_K@75YIh$<(?{;0QyA?JX2NiF9@lKHSf|FRr>|=T3rfeLAe1AuJ}Ej^ z6oomq)RGpV2lS>r#SnD#qZd>Y*M5c`o`@kHEzJg}L-dTw(O=pP%E9kfi| ze51y7(ZNDkTQ^Y4N3PY5n1|<5u706*n&~4OFOO9l*Ov5PmycIftZ-Ew9C&S1;c|7S zIWL{lor0Cpj2)^B@x=)fID@hR$f6?-wCesAE)-0}&3}ujsW+g4LE&}e*Ku)eEh_*F zh9A{rMDyh)Wc2Msg7tpw$G6k8tTAbP_RRR!?M&k|4JeeFGwm>Y;lagS!h#Ed*v^dQ z?%r+oz*!Qc0!4KFG49hc*E_s32~rw7=I-DMq8%|@xVe&*bJ6`?B7F$-a*HTwu*91d zNTFIUpXFCfaHiSWf}Kk*v5UmF>KF~SI^i_yi^L+)B@U~ywi@3px4WfmG$QDw7P7&TN=yD!Nqz9f2p z1tE*TW5C2~cz@7_0X;QKkH7aC+tyj*HCv6i*@uh2jWI~v0E)k0`q!e5f@h72A~j+h z11Lbe8~p490+NYf72vuR+58xefl%3#%{JnFHskPHqIk5o7vYry0cEgP%YraaI+hB0 zv9}U?DWGyWF29PuHbSdO^w2`>VNZ zlcn%9FU6kvpH9aK^mE&-|ILIm1b#Z_v%0)aYw%|fEFwP{AP9U{#V?A~?I9`8C*bS1 zuKYB=|41Bpuk+RVM|?PScSb0m3=`1k)c7ok0%H)Af{;Y}boyFk0i*5`Tk&AK-KB!3 zcr$@SD8&aM7oUt&;ytk&U6YlnS%E-dB1>fN91MAp4H1g5y!4+C7f3A`v*>ln85n|-~H4-k!`w5|pIZNp2gxwG` z^jD&>I5Si+T6mgS<`;h*s;oSrgF0;l%nL*M;^fEN(~}vzmk}_yc_|y#(e&-_p0J*D z^@7|ff$jFY0DM@8c@*eS;H<$Az0zoyu9TrmG~lWT9v&G`D(@(kRLavbNKj)YN?&(0 zxTJ1$Fd%5EevriB8HLdEBwUj8x&3#MOUE6Y>5EyEx&2OiBIdrMSR+dcax!@}j(=hl z#Z-cZWbEt6%mw5n$t20W%JKBLp*89p3#E%hTX2uA2Ab!~I|ueWs?ZU46=(W>&VX#5 zldkl0QUp8<3{DEgj<3Fd`@DvI5gXR1)!&)*tdDL>n)SL8yaAkco1yUI$=TbUbiJHT z1ngqzY??Vii!d;0`G;8Uz3epZ%1O2)X*@>GaH@t1Z-$U?K+U~URK)7$1Hkld7~wbqVd8Cx&LK5o<4^HqPfF(;(O19Ds&X5%hW`Ooel7sTk(s2spfQk5VI2^aiJ0$} z+(5-frm1Kwt4W2f*gB~oRjMq-Q#f_UOSnuf=2bH zQ;yS~uDEBlwc%A(=$oD&u8llg{K>a)KQ|a| zUU2Cee{vA0x>@ySUnFtVIQ2CSJNQ;Na)4abkCoiaXuSTy)qbqsPsu@}&jc-U+obV( z&5G#`ekyy!E+)PiqzmMzoju{i?sSe;qT0w3|&|IE}Quij>0LV*_~D-F`UsX5)L=5_?rD ziP$J^XkxcL_iw%ayv@|s%KVt9a(0%&I6d3_v#ZvUai+R^Ig>8hh+)VZ$WQ% zPLli2iO=udIzz}Z3f7~XkgE)CGn3R3Qgb#-v;Qq6>3&uTvImG8YVM|77QyB zq}qtdmPEj((uCp1Sj;CN&$S^i3g2hpW6hJtt2D=W`(DTbzvm8-+az`Sc1#UpsX zSlEhgIz||kVHBr0iHrsJ5Et^i7B`>e^W1n2$&z=Ad)4N~1-9Pfm{z`aY`t>i5qQiK zhuUkJ{Qd7O*~8kycsHP2(^$%U_rX1{oztkzaa3ao6=iF5`z1I2`G&vB=j$w?*sYL3 z)xq-%yJ}X54T$sU3dx?I!nC+b&!exYbu1A5I*6@bmt9$okY=V5i!Z5|Q_#yRM_N)j z)r6t)*GXK9RW^L5+UORPY>_gup%=Tny!{Q{;rMJg{#u6eoSOAgQ-;?WGJDVY4s~1X z?^~(cj;#3SYx0}-t8c9tmjp3@IX$ zZD352!>Yy(Is9-I%4xPX@GaJ8IfB2wXYf_Qw;Hox!zAP*D$E{iNsE@M${zZzn67c* z;|LnmZv(>cW5QB4`~1mk!s0vP_~dnoW4kYpbK#6SVxGpYr|A{b?iWnqbEh7+G@G4d zpUwwL-%qFeto!;Dbx5mot7?89o0D~N_}x#^m;w(a+6cKkLALbVU~Myhcruv1VmuK* zOmV?^`cRo&Vhr-csh8ToN&Rh0s!L92Xj#AYQxptu~@(7T2ad+k!2ks2l^RGl%7!;DGqbXJG&w zq1S9}XkAKwNIHVUbU_(Y%aIjF=Tzw7&{5W~(?~5}lI~?}GdO3iPT3XTl67O2{GIOa z?~h|~K3SG5w<~>c!9UD*R2?@fFFsx_x2N~;;x^mLlM_e>j6T^=a+jZ_%*ul}lptAY8Qa6~jIKxH3MlHlu*H595<+p20e-&NrH?(b_MYiNt$HjXJ7y4GbDU+Ht0aCl;x zUelgr01j!C$)@FcwF*^cQH{H)(tLjvZeDuAq#IgcZr&`UXusmXmUB-(DWql{*jhdF zdhdhsMjq{%mtX=Vz6G9ZPo>qIm!3i8VtP`VtBZ+Iv&c25Io{p)*L8r))+Fmhe}$N| z&@%|=xuyMD(TuezHzP!|KK5jaXByXdXXukT*hartiB1Mj#8iPs6MxeMa#{3F%5x@_ zSYtJVrmpMAt2$WJ)#t+z`yiJ_UdPS2Gt&gcxwM%2p02ZNP}P#fGP0f|FaNnlq6GC; zYX5|tloqZpRot`E#`ZRBL#U(~{9y}qiNTiIA&;kXCw0XxV536Ha?0)VM4D~Oqu`hR z)FLRpHht(uaLS*A!&h17Np(Co2Hw*J9EM2g5|_pSDlK(IFdS!Y_EM>7HU5Rnl!7P| zqaoIN_)Q@5HuGwR*6?zDmcZMNUu2gE6y}!%W{gC$ER_9&dLO81*s1gMND)J)8`7l!XYMgUAkByVcz}ri?U^@oT6en=77m{@)xN9X9 zPH|x#r?oO;TC&FP585&BE9^wHD7O z=s3*%IW>4S{oMBy{>@ISSkW*ufK+Q-&RZBAovqDkx9X(AS5Dl`W4O#h4qHsHa=$?8 zd{5k@bvhqj`+W?aQ0o_$n7$wmp4Z$c7_|?ifuwRmop`LrTw>MkHh?!d;R4l;oQYVA zq%4a=nh^vp`mUy}7zWMAr%Hd}De zGB%j0?H<~^G_(0$k+yog)bV@o$tM#~_!ocf$;0Mp+p^ZvaWDME#xXaA({%SY;_(Ap zpk1ImpsL5NQ4(AlNV8QLZ?G+QS{@rV z4ABD%s{Gh4+*_S25o-s}GeEUjJMOa4u~;2*A)hFaM#hVj4okc^XHPayaXenPFE>yB zP~BcNxr?dsx->5(NfSF1dV=NsM}1sH-y<@*1{W=hV_$UtA~#y$t%p*+p;u+L8bo`pNne`oa+3XXS z2Q?SAPvIqH2_sNHX0Y>)sPwAh1_?;Si?=kiNRp>aV2cMt)sz}fmU=s8<|3ejpxH>Oj+}iPz>UdhKdfLEcZ37m4Rmx*%Lv>V6YOO}_QDXV%p=4T%0uJtf08~J$zay_@ z^-yJ*yk2<8$b>Te=%gjL+vOfr`=kQTsk#uUnll{L1UE#6X#}4-`mLOg_{ox-mTG#~ zAZmhaq#zE7q+pZ0b8LY(&gd}*nW0IqVdr3^iabp?nL%bR z1Kfr@kj9|cz7)0i&MuoNXG)=>aaSjTUP~ph`u2Dj1efE&p_=n`r235tIlkG}q|p;i$twk#&;N?( zwI1$i8id4nC0CR!{f(FGRC9@B>6hmDjAXI5xuSaXm+?foQ+mJ0#P?uY0IxN@M#JUK z(}vZ*B{{zw$bZ=>|K&`gy|y9qoxd^B>%F^4VfVf4%G6Yt zuG8TLK^VWJnA72Mqx1wqFMPdlGe-kg<}rwcdGgPW|Br_b^peqz{#9$5SFIi1z2i3R zT|eFI-<8Z>y}|FYc%6sWoOs+jvv|`B|IeQFH-F@X?RH~#q1hPUC|SmC+u;}WC-$ZK zZyYAg?Bq$SK{I*@*|{{|YXmba0?jq2F$0yAW*hU`-pIH_b?brnJ`vwD)!9 zD&{cr0`p7e-rnw8>g;>b@D9M&pf5^%iVu8sXh$XiAFeCM<_OXc5vH%}76Mn6f$?j&!?D zbBiV|SU&hcvpuajRjsy88Q4>rwB7u{ciWzZEKMDpQjcu(OD2(c!tFh)n~Y{d>rMKd zcI%OZ$7cGl$$5p|@V*wKiJx-ygxsvqRBviBnf0wV>vxLgBgrLAt(#n3l7|T2rBiPH z%MbB3zx#$}4aY_TS2|gCeLK63(=^}U_S<;4*3yjE*6)EU&OPh#LUW5v!~b{gn!gMu zKW>-!H`PMT#!ThxD6<*!b8SLODpkq@_-#_>_m*0Kpq@uVIc_(K_7Odh|FRUH!ug#L zN4k3O+v}ph7l+B7tMi0Pr5qksW%C)qw=~Qw=w~g z%7CmsqRAx)dgMiL6W~mYrnS%mKi{gunSnV)W4dtQD`YLXgRK3^SCl{hi_3Q2{!Apr zHHj=C9INGYL>uA#PSfp=um=ZPpC$1V@4e4`*He$&ZgTqhh?eLu)f+T*m{XBwZr^#C z^6wn;;IAHd;8)7O{^|k#^0-mYTR6Q=r_pohQSFSzJ>!43a9*=>`|j88+c>%Y%x$-P zZ`>1)Iwc)}CK{bi&slk*H^wjLYkC174LwXhbCe{R@@j-=yrM?%fIyQ@$wzUum3Jg@ z<=um71A@CXF|}=B`s%y)?4pr+dU|F&1nCuHJf^IU14<_&r89GuKHnapCRypNxq-nUomEW_zy#-K9P!58zAsmZ)| zdS5j!(2_H{L3dw@=36W6%EO3jZJph#RKu9;%$LIJ;M!Ea zp2=+Ut@n0BSDik2GOy|2@~Mw<#`!x4LJe;rtlQ_KK!ob)ir(@s!-&#lzLHCU04 zC*?fN|9VZ5hUMKrdE86|&BUmLJ`PQ&ni)91@JK86wGph%9Y@-1(AiKU~|LFFAJ#bf@N$ ze*&0_w(fNsvCUSYlvs_1D|@MVJA5A(W^L~5{szl7T3vAo);k-p3Gkt|=F*r}+=r^l zXaHJ?xB)a~k7M0*iOU94b;OE61Bzy7#Ib5AUIknyieJ6%_(Ok6hB(RC`}9G%CmgB#e4o<+v869 zqm}^6AZo?Cx<3AZcH;q;bM?kZaN>$}`>F{nM3^%V$1tvD|t=>y7*}w`0n_gFw5&o1bXwNeC+OFSe zVfp^ztt;#&e(oC=>>pm+Cq2((8T8_gr!i};C54I3kjSY!KVeQozJe|crLZ5pw=E8* zD$~EkPU<-aYX7pC1V9Nay< zy7MA?udn{hpD%ouO@8GwTW{Zx;L{sd`&=&H>WyhWvElY=TxI~)%{a)I>zJ}sjh7us z%H5Un2;EX`WWd;2?xqHV?o=&amWrJ;QWhmmrqqqL)@$X1t?U5vjRU@>E!T2@v7KIARBmmr`pfhQzbs%CE(cuc6)B>Woa2BHi3tmaho&e%>!0EN@ z8CwAPn$_r=4D|d3;-173;Vfd_aCO`$TpqhuULk;0Jsws8-K1__^MMn&wuNSZLOL-mgh^UZnR2I)7O1mIIvaL1O631*eVz=C zlXWLHSbzCTa?LOGwxO;QzkK4B`!}$^O(>IV+et~dIy6_E*H*)5+4OH1vms#z=wO1Bulo=beiVbrbIKUM}XBK-rk)ULdqW$*IIyY!xR72jAnVn2 zavdy++!C#-g9Iv8AQ#*nNKOa^hjO-NbdH!JAeGq*C)P(Dsc3_G`k#LyfrK!55s zf+91>j4>OS_hVK@)Wrl+xDoUEy8q_bqW|UuMUtV4JjCO^Sg@v){WJxm-)e*fWgO;L zithQ7(!zP?Dzu%eoHNkhNx-4h5P&K-n$MTk!Rk};tVSv_hH46T|LE$5T`jXq6yy$- zjRdaLm0omwqNX{OHIQIg$~jza;1$RS874tTf1CuM^Jq8^#QV2BT)CkmEBS|4PoA_} z=K;x1POcvIOWBSaDi3cfzWne6(2Tx^Uw)I}W{UBC)dt=lFRp*=#Aa<@duU_2Z(`S4 zbt{dvyC(Y58$<1V+RY~(TfgZu{!e~SdD#D%P1E1Q99mTxeFe<6>zL!rEzF$&*@u~z z7!*9rX?bHszB4J`mzHmIQFStyZ{H}eg+BZkLeTQPwmEXLQ&)(?oif(Q%?Aw)( z8=XC4tK8zC!{Ow0X1(6kX);+x##f^&kjr%z)?^!JGI3giDWWqO_3%mBjYfmfXg8S6 z27}qsXRz^{#@5RVyfCccd6sQdks6%BzwPVRdHOcrbLp*@?z+Jk_jtVCra-sxhFwr` z_m)17F0$HW>TD0hHJs6E)oM-sZnu=Q5RFEWUY4v)o)~+))Y4xV2RbH*$ zV%9s1<|YGt+FcrLlUYZaSW6SD^fWXUX?1f?%)F4J4y|U@ zmoz@*Y=`MCHsxV~CTKu!YozSaF5E!Ur$+0UdvITL)l<)m+abo=^YvXp z>1MKhxyB6P~2x~f6w<4fxSf~{5A ze=92SOLk8xRk}u%)4smvH*>0-HpR;mb0s%O{w;HwS&zF#?ELay-u;>vt~Sj!<0&+m zot&Bgp$$$Ogf^%{q3!c66K+qln#P}sZE#*crDEHrKEeJ4o3SG@xN6%jI@>P??)D3I zraPT)T~ECS&4Rp5_0?dj!Io-44aLhgJ@fTbL%$plryN@+Osqy@WO@5T^B=kWuk%0c_v~xlaKP1E zY<78EP|p7(|I)R0{lm@HCbP+4GHHzBCdbhK9_+k!b^imartj<}rDOl_%I8-N4sYr) z9oX*P={5<1$)$^bY~VTN&(G(&{QhGbJeRxU&vwLT+TA<4{I0f0_xFk8fvyKzT7BJK z_byk|PK-TnkE^eD!@vAnLyW>^DrfakUQ`t^(Nb;2Y~(Daac$+)ZK<%xs+(m~op3m$ z%Bc)4HJWsPs(D9?Rc{YBNdX)8|5EoJ;BB4f+3q5M zTy4_&@7E-aCBpyvJnsPrQk3JQ{jUG|Z3;N!JqPE!^O^TuXG)Kxb!rEh_{#l!qp4PF z?TPi0L4!vDa(Q;|G z*ji_@_s4py+FDa1fB#n|h(oQT_cqlDW?xVru&Pb9yWFv!xZ0|(7XqDIh@71~sGV-e z#F;!Jm3@+}DDb)rmsyy}YF&xg!HCAW>LsKy1eh@40L zHYKV(naE0SrX(5FR=%I4pHp>OTii{S^y3aEFKkFAC9hLw?d`FsZ3d@s=;0J^RH<9K zT6A_nsPWXgbo$O@$LI?EYSz-^Zn1W%o-6%DKW|kVC26!H*{PQ_5pSJf*R2~?tBic= z;X{JcU{f1gnj&VM(<`akJGy+L)A2a7YqU|>dOPwLb19fW=!3Jb0pfIFh_X|3DKu1N z_bnZ3yorbbUt1vZX71P@Hu$}f){~EqP7P1B-9q+#P4n8lADq2~N_zpu#Usr^~$hkW)sEOqBQ=S$a4N;THM{rx4V zs|0I}G)W$T{s3^$Q=|!>P5it!dL`P1J&pxPlbii!?KSJ z42%)-IvMq1UIbO%hLDrXAv;LKxD5URO8bi7U!X8y{2M_J6-$7JvCPZJ2pK;Q3?82^ z1B3v%N12=vr|+t`61NgpvU54AqzSEhRHkc*LFj;|68YX%o`yWYZcr6G0uy~LxY7Y? zC+`Y@IMTt06*ZE*C|-o0CE0TK@Bo%3X>)Z z=7wHyi-oMY7TQ$(MDgZ>r?rpJiN?_L)6cc4%s8k zlcwvgKV#%=*19w9Cf-^4v!A;CcB@AqD)NtC__H^Ryxr=3*wai5h0>2pcl@0@z^>&# zf2PhV8_!&SUFk>jUc1BZ{wW!A@=d(_u-9rezVT;YDEUio*V^p?_ur9wNL|55n#;J0 zjGMVxk@8NTIL5UNBVN zSNJI|#S*<*lt}r@O|%N-(AN%U`vyZj`OW9MSF;6F>g6SYx{IAEp|S z_eY1L(c$ml=RC={WBh^S@NjbJ*_gXj;df<}^7G`MjIwOJ@EVj={*?9o9<-Nta0zah zBVaIZd4tw-p#@{hT3~8$v)Yu4IbAGgDuRPB?`~lMkX`aiYP;n0MHS;Y+ADl$;$ntA z`j2Zi(Z$Y0s32(~AU1XbqD8YvWKKFTOwN%7QcO&McX%REy1aC%cUTPCRo1R(u+k`ABe#$eKrHoI&aya~SMoH0?uh4*ao^d5DJB4Cm6wRA@2J9o0m!f(M z%qi4k4rD#Yuz9=C;aPBZVO*X=8(A>AyEI^*$Z3H487dD1BCA3b3mT?3Nyn&BUQn5% zF)%l{yXZlEEgF)6-=vM6&xccVP2;Q%z|G0&<-E#_*?!$tkpDnnK<5ON0WDS+bTWt{ zO=4tEkWX5CvYp3VzXa+sjbHro;tQId=^o7si(mdCt+ouEkxQAx#4D2Zxlb)+KSh#9 zHd!ovJABzslJ67Mr@m~r+F-)AS?yo`RO#(f=#z;Fn4~8XFOg!2&{`~&;-znFI^x^W zXMuHyr#fayx`W%qakd~Ja-_Q1X9H5Qz^BW}J^`JBeX3RL6JR>jh*M~&i?}VG{m&=s-v&#O^quiScUtOeFh+_U5opf+&nk?pyq61V|(znuVEDp&0pWh{!r1dQqnHQ`~}cbKiKrdZgE$>4i;(5^OY$!!2tdom7FUf6=v zAoa!k9PL!#w#;`zfcM@$a9la-3rOKfkxz;~&0)i`QRHT=4OG29p(3f}PtPIBYXC!aX>qUcB8_y=BluCLlL zzVVA+-TIp15+~z{iK*DqVtrHno((m_HOBD94fSIim`hx1lf7oIusP+}Hkb+Ad+TWb zlShs{IhbZn@v*+LPdt;Uc85|2D8{f%MHg=<-)Kjy-vl-01v+ zJAy;e#;`H4j;}G*I%-@x;)6w@bgu8YFW&V~j*tPtFTQx}2|DkSaptEMuh_NyYhT>x z^99!RhwFGj;x~p(HN<9hIy4*h(C)Cb7@LwV^4ihnz+j8NDn@FG%-=}Q`h)*Y|CW$Y)!1yF9<4rYsT3jg#1C*z(`~!nYK?Z zJ+GMA%5f5OZHaNSbYA#AS2)V@VgbA5FoxPt@$LZn-45)bjXNF%%Nbo(*Fz_;;Y6XW zOc5-w5%T-?6mxql`G7tG$zX$Q=rg>aAz)CB!R$iC_fb7^5yFfh#lfW=?cNW4U~mt} z@;hkXFm9!b_7wD)1>5?GD^PbjdYGPVq>E4fz!2>@PR0hg4!N@I_v1lj=C#G>Q$ULa-u`R#!lH`vUg!XpC8g65W~HLG-8ml8hxPjGGslk zbcZ#@D7Mndk(@1$Oa9VBS0PE{vzMGs)|z{&W{^uxGfTEAK1J5rg#?Clc$V_E&=%|RS7TT!0i@DvF{0L!wS4(~e z%m^`yv4B!GIoD+NP0Hz4PF)4AQ&d?W+X#0Xknay#S&|Hi3f*z$pl z3|xA-%`!ccpYp+svXPeENhOcZS=?M5SWfdNPk?_)Rx;fLOdqV$nb0s8Me~zNjlr^j z1*%L2U_q48dYY8M>OosKg?kCGfA}5Dody4!#B$rO9-Vyk=2Y&nXQm>}di!vEirVp5H0vAs<8nH6f@PAWnYge#CA__8| z6@^JfJFOsnd6``Uv{A3I8X+-ky(C1xy@3!Xph701q=Iaj>Q+z^)vJ(1+O7M@oVDA! z&uV>*{0bB0bg$WL`{<$4*?kuQd`;4lrL$HmoPQ0W++IUGMJT-Hd%2J+bosp)@?-UT z0rI1u)rt6Ce%HI=kg8RHd>Km-d>?{{kMzhIz@4$6hx|%;5i&;~5FVSoW=Xd;l&A70 zP`VpyrTmsF@s3u!+Zt^aSbn#_$~J>{<5X(0W}88iRbW_ zYO$&1mtLbvF4Y$sFMcoA@_V^fyjSD9^hFoJS0SwXnMnmU7GG=)u+G(WUw*}l-fIFo zsPz)vw;G>^e2=f;xD|Z~Tp1~+x*Jv;y3D9m&Qznyu6EIHmEz|hbO#t9(Y2B4hGmL` zV)b+?!n1*xlQ}?;%?>Ql^j0Z$4otMpRCiJpN_6nxbH{5{!4Pn}hJbcd2%;khQh>p_ zJ4o;-abiGz0Q|bCL@?z{;g8eV5T0|8P@N}{q!+Nb(@-qc*g*o_a4G#Y{OX3VA=+~S zaDe`7H+%;nhCjwgFR5k~?8Y+iIO;@D6)Ky|!G0d3&qNEuHT3E@o}w>I98Qqa;FO9! ziHSGE<@A3w{DabT#fGP%zYD)ZWqN0K$cZIXuAqs)FEqj}yWxhY<2&*Fq4q;gFsuea z4a8(5HM@z6zBW`7EyB}_Rm4u~6}SOI-3q;=+9bHZ%ZAjQLHZab5w>WJ)}z7*)RU_L zVeM*3BrXjm{uTX0N)*#!GrNFL@+d(5^8xSS5kyMJ=x)#Li1jNigz6 z;E7hn>kT$Ffw1gGwb2Ig-UgAEM3MfgK-3YHSuKG-+bsziK`rTcy+*Ae@Sj<&(-D&_ zI#gx{ff z#T#|>7bS_lp-(5)$ng4tXc9U)RVvBCH)Jas)$-^ z5qO=bSE=FAdEzij2CZHt@w9hIf>~=4jXZr9-o}f9+E&Yp7RyD5wjWRvVo|9ydg7Hu z+H5A;lEfDhiJ@H(!WzQswJIr~QhBv>P^bixhPSu6Madxw^g-1Qi<4K?+I5;HmD;G% z@wDDW+Kn1Tn}!&zdO>AXiIS#<7wXJ@qNQC&Z51^&f|jS1K`WdJ1{R}%K7mazYXpH8 zHLVt%U$*dOfdH#0?T~_2r8g2;s1W6Cn z&XP_?FQ6~N6GaWnIyGrq_@{NRJ;g%TXLG+l16JZY9(Sa3n~{h zs@Wi#r5ZX0bfiW@tn>%8^o3ls&$)?NVRM*sbG+kF-AUI5Bj@0v+%#8^K?l`CCFg?wih?Nl0a1Ux_pUaJrS!uuNguvVYnENnfBn$sleF-` zCqlGv^NFTMP@?3|fD6T6uW!`9c<#8cZ-d<&8oBp*PPK~bEzYI5KHw)r#EJx3$t8@? z?<_*byS)eteoqlR3e7CnJ^4nyD~*hV`I>MnR!E|&C<&o37GDgr-q-MstoD(w-lsaA zzx?mLa5M6lJ4-N&7O3h=*=oFg-gBv)(q4K&Rseqr;iPx6(rxH3uyO>TX03qL0qqOk zNk%ZECS_tbz#|Pxa;wC(%5p==hNN!qaJG`ILHvFw)KXWnEqRd3jk9^kKa*e7Rk$u` zwcC^&=UbJYrNWwRFXoA!R;C@ycKOCILi|v*3_G0r4amQ7W2CH`W1Q#V>MUk31vM56 zjV(~3(THp@*b9N}Eidp?Cu;$_uuiXdto)8LNVb1PJ0w@+??W4a=Zc@F;$eo?_56Y1 zx6v;}W_!Zmg(I`W2hL}Ct^}FR^W@w-)bD)BN6YYclkD&T1dgPam9o4qdjZ{7Rr$Od z5FHeZyIP{;2+9hdkC`5VWnbwV%($y1RV+zh;nm_|4$mJB)jvWGm7adY<}nz;5XA(I zLl2Qdk3c{aU~VD_(j%p(>7lxo5P))GnbOnrGAIM_Pnqfqf!YWzgq!1K^`S7kOtP)K ztn%|vLdk3A)LF#Ya&u{J9k+?w$GwiIJ)vSD1RyMWtk4|6^m<+L0FLAowp^2Sf z7I4dX%~Tq4pYnZ!sMK4Sr8Wimte6UCEhhmd1|`UZU~xc_LWsy&x_wTI%2#$=2}(*V z1QMY?IC#5i{N}!qVQK5LNABHrlBG{N)ec|x`YQ)?!_)WPcklGDZs5xG-9CrQ6@B(_Hp@9xv9b{S#lbEI0I7wT@ZfmI9wg<{aG%bIsV1a&(t zJ0dR-P8USQ%bFNk#xHg$pwnh$4N4|bA>2wa>WEZ_ST@%#^F~k+Tj7-`A5)jJoQ06e zvg7fYn{S!<=FINhJ8!*t`?t5R+CSm_c5O>*z2MW^)IDLd+hb@D{N8VR!=bvzz5M_3 zezUeE?0wwp{kAu}x|Hzsw`Lxj+3~HJn{V5>dpEuH%H6*X(_1$P4F-?f9PUxu^gf}X zHSGPCxArmbQVrdx^*rVc(L!F|%0gu<6O0k4rK?}T4YM&IWK@3}8Jmbg%!f20T;Avg zJRH4Z$pl{-UA;vY3kOu!E6ktVL+|5B+v}eoq;LJ~+}W1*zwqWW=NADLaq;vIyS?Vu zNn7rr!LxJYL-pS|^URw>&1?xb(7Dlw*vWowl7lde8o>C>Tk7I*%#3S9k77fyAYc}p zpkY~XUi1+btX>SR!68c}j6B2?@H@*A6# zJ@SGvaP3VjHoM@v`WgfCQz`^iD*5aNFs}W=6Hf zTW>XLM`s>8z3re{YKiQ)|IyPk2i2lU)Lg?COtQt8t(OFENh0UHf>fV1T4dAG)HNDf zKz(rL^rQFf-207KM`-im{ae}BJ+ZC(4{r{2urKmsEma*&qGx`VKbKwN=4bt;Egr!n zQNjN2uo<`W>$6M$mFJ(HcqqBO!KmG|No#D_o_uJc??hj9>CvYzM|Q;6+)F3reALI1frDN2 zyBDZ&+iAB8_S2qbmUG5*F1#FcSOFK3SIDlIppx=q0htL_bPwPO%iCcudD1%@20ZQ2 zeuklZFx09{C11+|iC2)V73jq1(lDJ^ z0xVgghb1lrI$<)gAob2mrW#FzHZqd(&`IVcjZq)zgzSf0T+Z77(Ar|nnULt94C~Lt zXNE09m>s`rzkEKqs=WB4XFhQQf0=H;V$>}?yXC66$0h{L(6-F>p`}0bG}ckk^<%n0 zi$PbqYUuiHy9fBO!=E^H=J17IUnjit%s*VW^sLTc8PM^UPoAASHgVzCL)$akhWN3X zV4bhFbQL`}s3RX6*uCv~dbfl3pZdgML32ZOj-ZX};*#7LcbF^KA@6a;(>{?;P-k9u%bb{?uHdyb1uSSb20QM zUQwYS<1a)yNMISv8hRI51$x;N7O=b2KzDh2k@f}Jj|AFdvUXkRf9pEUEKrV$>;kvM z0pevDiq$94QekiDXS9=EfPlM=W$1SyYwFSwx6WQhvOW(=mv1>hXeFl}w_5M3jT<{9sdDmYEQjdgwX{tEKHOKfM#jB`{?Tx(O2=@-?2hpt9; z=Ma?|HgG4DTtIIzr-sE%z^>6o>L9U8ZFjP$ypz>m z7iKF|>AZ2ROl3n>K#+K<6h zt|E*yDnwsV%xQ7bzcrd0j_0l`0uOyARv5h%=Bv>`2vWTRhF{)L9|Ky%g-#bFn|7h+ zbRZ743>QN^%s`AyVJw4aha=j^f+{mcOGe`0;fTj_R!go2S`0yxVEXew3SN%|0d1rC zJLzQD325s2h7iJpjLG@nW;*3%tgnb#v%}xg$LPEE0(4?SPZ|^aLlBnb1w}lPNMk%K zm(E`?M`eCdWp(JGt<74Q0Rh?)0LTSGMQ9M?V!_oJPsSbopiOas(ldN2*{BLQ0#r#? zG0^bF>=?j(pi<5?n>81j(Id) zO*YFq%N&`!Jl=ox*17n7b03xwBMnS9c=va(sIt(&lp4_V&foGaF(v z9VvJJGfhjM*xg>|&1iabBP~|KC!gGXgJE-gdcW%CyGkbx9cp=DZ{?A2|wbI3^ zHY>fYI>yFKXYMPx(_CQ;I@JDR;SkF72&dHyQwssO2@AyME%dfnnC9HVB4)M~^GASv zpqDmCES+nSbA##Jxb-E!y<=<(ghfzo>~l2@UEXPIXd@k@g}yC7`J8VCj6aLFp$kgc zD_4?6~;oTH8U}DP zM514fiP%@)0J+5s1FbKX+gmK`MZSc+lT;x(#lm(Mqvt~qpDX72I!w8t#r$s7Z*n^q zb3>Me{-HiwWMKe52jMff)3UH@=Wbi1KtHQe%Lc(blFs#~a|3DamBFFiefStx$S-RJ@tg|&-Bv;pO{qbfq~t7j_&G-bjnRsb2O_&$<`P- zY~r^UCvLW?#P-l8m08f3R1UKzxOx2e)sH=Y>Zbkyr$u((+N@dbPSV3fR0|^EO&P7$ zZMxAIQvI~_v)iZo{86vf-{kG--SqJ-2Or_MN9xj5EYVdrJs0e-$L? zh6(|%ZHQ|4bV#|B?;#$)Y*gnjpQ^P=Dr>j(YgX&qZ^QS@!TS1x^xuK6^!I;-{=1;; zfB!gXKJHU?KF|$U(Tlp_D(lxIBOX3@@L9a(D_^;w?3ca*mo2@d>{4ANqu5*$+yK>7 zCb?I+!aC^J8{+^*5&&v|yg!K9As~)U#6czLVR+v?i1%#=*=Z`8Q@;UFiE4yORD-L5 zD#>m7GDE-!?Yfq3pd=_3LL*Qn1VFbTrd)3*<~Fdk6P#k>2-QkY=eN+SMuzC**U}2% zr5os0QvjyC=sG&(4GnMD43bZGs|+r(&aM<7eI$Z|0&qO_mBkl2HcVnLz=G8Ald6p! zq74Y^fzY-Lc_b>|nV^RdQEM}P%{Ej!AM}WvC#bQR{DzQ#HeLFW5kdyP$);H(*-sd? zf3D3U5Qvb#uSHLgWHjB*Xl*0Cg=dlBD4Sg-tw0C_vco?@1g*(MzC}2Cxv}I#AQASr z!q2gp`v6AIP%S%yYg#Rfp&2j3mHI6ZJcDL>rX{l2O(m`dSdd2AA>O)m!$uaG_llsi z)OPk5#!%n37DQV&nuTpZYHZjDlBk@~tJIvu6PN(a^--$!n*s^1CjX3Q+zggN}{ z&|st_>rSHW9dk1@@hI>~g(Jp|n~?fI{+zc-ckGR9nKU{?ourau-+KNd&!3s=hx&9Ty9RdD9ITOFS)oziy1VgDLOmq(Puriq zWm9_gwhs(n^>Lr1GquSs+u-iA-+lJ|FZ_I0f8(iL4PEQ5o7vb^I(YbFFS2|&MFtz- zc5sL28aa=3>cni_5wy0OuICe*pxVupC#ZfD16z|4~db)C81*I~va&Eatae6^j)PUIBCT z!NYV4KWNDriUq?#c{6`^Y|5XWw-_snkJ~?WN6zD zCVjvBlBDY%UB3+)dl%wA)yf4|O%rHU$3t|1aMBKPMK>L%oTe#+2?~Zbdf1=N?U(cB zhBRA0Qr*pryoup307ijd9e^f=5ecYdYJl#9xH5Y^uXGs|=wBwmhMkCs&k$0sR*@v= z-Ejx#*}grS?;*0U!O`LT@HaLNP5$jk^6UfmY@X;ETi=!0w>Q(dvGgy`oc?LL`3vi> zyJKDN@qHs{-p!>w;bb zDE^B!DoSKMKy=EWS8SO60h|I{mIrPRBWL6AE`+U4>}FPm!;dguA(Fwnv8O?pedV@6 zd@}HDX8BC@y*Pc&L5{1!w=#21u8!+fa%t)OU_@eOFVl$XtGWv? z!?@7eR?9k0!=*JHU~s~G=@ohgBt9=?1&*IJ+Ll&lMT^<i)8ff$X7eVnt6G zWdHO<^ZiO~J6)oyp6}x^#J9OSrBr*l73@?%RGY*IkC-fwv)z^^b7#^UZj2KWzi~tQ zkI2S!ga!S~OiGLEEHGWJutlGk$CBRMjfqdvRa$!qUy{qYFZy>{VGRgjuV`o_N)kZJqJcP zZ?VvfKI~>cT_Fr$C)ctXr%RXtL+>!|MZyp~3*&Tf#DLbp&p0q44Bc!f2R=nC2)7C# zDBiSUW;a=l&T@7dgxz7KDJ%BPAq$M5s!^4Ce+0Jh}Y$Kar<_RI2 zczf%HBSWA5cIlO^JBM~S^x~H`Uvb6eO$QI2?-Bm-f}cE0-srm7E3%Zjj4a!Mj=TSs^OOS4)@Q7S@zWIvu~EWK47U7C@;m8M`3oH>Z{J zqDn!^g9s|%<5URF1C33gAYi!1!5t0Do3fNu1xww1oY)@!IPoH#`A!YW2Zp{N)UU&IX zTK?PgvJJxzC^1lk3%}z~{j2mn?mCXMB?d(VM3!6%*GY#8klQ82)n^hB8b}I3V9IJ9 zaEMVM0GV2^g1ATtkA<~br@mgO59%zkPFC4@lZos%g-yIew1^tPE7a;eR*w-~t``@* zlW-C6J|1swJ`SYZrH=$7?{Ignb$#immp^Bu+xl91Q~+#1lfOgHI(S-+{+NlktLP0a zx*)x|-l^3>+3>|h?|g@g&|iSxInmrqPBe8VBZU6g#n;nkt?)&#*fBry4vkPr?lO)} z6cC59KE^mQk?5)7yxqhmS|DuNWRtBKgCsgV^?|lTPk&|xpypPGMa{zN$|`mFo2cr62p|};b$1W|4JYL@+^UkmS4K{diMJm5kS*}` zy#d>YvdAEG3O`Aoefnb$*ez|bD^<0z4)vA&2U^*QQ`M!iFT)KUdaLxgmrLjWp|0-l zNguKhkyH4!)HV4)czUw``bKi6r`=TRDcvni3K~3D`Xwv!%Q9^d!!lLy;`<@0R|hK? zfIw7>IxIvh#k6h^b%GqqoVgU>#n^R@8dm^ovNukJ9+f)K%5`3>SOb9@2$$6iZgin* zfH)F5D#1kC)NKjU3si5BkCUIR7sn?t^s@a^o$Z)}du?%O(aBB;_l_;X_Y`GXJsyy7Q;I_c#Ob5C*1 zKhjq$Y*A43yU@erSFK;6=v9 zk&U=8wR;bmDf$i}#{T%!71bE~UDgGIFA#x4J@P9mbt~5~GPd!(Anvp3tyFFTEBAj2 zhCe$udqtqp+m@Uf|0vNt{dDP9rEivg^)&g}{}?*|P1~OA>Dg|#HRw!73x8cWdbF@q z|K9NW2}j=Hgxl#l;^(;9WzH+18QlcxGOU+PLL)!g6HrhPWr^yF3qRnj8Fa5+= zC+cKb{Ay`V)L4yHJ|v_~R=2FtmAVe{W_!)~+uXe5wFu!WiQZgZyU@S3gS(H*%|!F9 zgJ=~0Tw|7?kXE3_|gC#(<_Fzpfuq)pG0Qh32-&DfB`qISUY?&4G9U zVR9@g2MmU)a!efLh>=yhC^j*gKLiE`0iQ1Vpt}SKf{)Y@x}>yo?~ol|{2(!&`;?#9 zjCw=Y?%vUxBWj1Jm#uoyp^n^i-%Yq{m2vmx(cax%2EEZnASZw7@RWbh|Kzuy#J$!w z{zZv@g~<0!KmOwfc*$tfb#!d**EOkRS=FTL-(0=j(V?>~{RGs<*wj>vAJyxZUOoEc zlalHn96QLf7$6ppR!gPR1efC8$3cL8TahseK?ItwlIPij<}feffx9XUOfd!`q>1H{ z79=E#fInfiMn@ z_(@M#q+QBkW>I71Ff)ku;n7>Z1i0%EWJY^zDa&&tQu^+!#CqzV8qHLanGG*tZ=UZF ze^y~Of7{1rA^xX?0cO}wMTTcF&h6(O;c^Yg=ddqI2YO-O79{@INxR`jCb3*rm88C# zR>MrOuzLnN?e0lhXof8*RE#-5>n6c5-}`R)6-o4lqaFPla7CE`3O#qm%*5cF9u|}a zT6^XWx`^zPU)FMlSYl*GSvb(#0AeGrt|m?hAaWb>1C;*(z(mT9!Jw{qHyXmh2-Ile zn<^$k#Fq{ciMCirjjJvJ$GW|-8z#E0d+N$9`ZoPXAAR(r^lQtN8*ksz-oEAbh{xueNI>Is z#1vVFajbi2uic5-g|=9*Vt$U*sf`r0R-{w}+P_#7LWyG-N*rsa=Nb@(x}gaiLdhso zJhVU@$EEWPu?mVUQhdgjaiwXWEXV6D<4&*Q2M%gU2KacTS?oyjHlx8%`jXaWlx9~F z_P#w&$2Vt!;x^+V26oUt9o^;IVS6P3uWgwZ6=S)Rfa#0T+u(;n6e>UD#B{Jw(QbsX z>r&K6FUE#8L!e$U*9u20479&XqVKFhh<+fn%~`B@y%l7a4nKe-SU3lA>p}N>_b_k* zv5m15VO$%PEN41Fe(**J5dSz4`ZioXceds3=am3)p3{<9`g-JYoz-*>U;iASli&TL zRK4+a()P!X44$2v7;N~?y%07|_L#J#c`Yq%Fqo_a>$Ws+TU{qvrA`{ahR-&eDnahh z4VLSMs^F5hg6rok&sPNtvO`!LR4<1bY6n^ay$0$=&Kt3A8k#@|gxJrROzX&s*i%O9 zd#EF4-*Sq3IWV-5cAZPtQB~Ez`_ta=N!=yu=%XfUX&!?W>G(52_0r-7W&T1ey=iVY zH_QEmE0`h5vpGo@)Tv@_H>{itS)73NoGZf=K-R`ix_Daht%OCGt;QKYV9CYd0HZpH zV?P7Drp?9tL0Ws;z(S!h(W=@hFQ~Lg9+E$>SGK-vmc4C)*6o)UT%J)CGtmMJ zhpLXCV}!xJ1B|FIMF%p#FshWpA!VJe+7E^jkYdepKj?@q^Uqq9q#k{9@6l0b@A{MT zCpV<#dhNDLt1~X^p_SCh)lGIwa2dEvE_eO7O)U9hswA#%3Za91A=q(RC z@Nt#^soeF=GLAL0HTcM1dYKzMQE`KJ>dOEu<9fghM=!VmAaJxcy2d*rvbA7u&wyhi0br6HLuuer zMp0nWPFuYzk?!BP%mop1VHhAzv2>vLx*13cx)j-P0w`YxJJUfFcsG?=wu`=|fhx+q zphu;X`vU-6;%|7BXkKmb!*-xw)~P(fA3X<$(i^b-O1~*RRQk7@8X!$$OxxFkUG6Tli7coK!7ylGiH}KNM;mffth&!tU$lc zbEi*B9Lr-oPnG5D+gXV_z5l}E{?lc@QRW_6HH;c}*ig{6zqUlg7;n!moNnidi&wh(}M5xt3l6i7LoOaW89t$Q_9A9xi*Zup5d$2|du;s_+Q+=~0OIAZnb1&CQhvwKWa1A}sUXx77P64u&{IiokT_6cAeF&tD)ZjJ z=i1wRmfWl}l>Wj{H?Lyp4qvCL&iO2)JBS?SHdKYXn%3OBrp`dp1|4Uw^f5D6NBh|T zU0E*UuIBFGKEyrEeU^KTD{_C&{eoK}Mp8%G$pB_NuV&J%WL?XCTapp{z&k^?k^h_f zQ^nUJB+)Lb7x$km6<$hTn6_ufJ$?@T+ zSU-N(ks|%J@=X00AaTdae5yJUNGe(z`5*4>fU7_!96E=Q%o@G=9XcD8=oIx1m;Jqa zU3T^6+GT%Rzg>i32Lw>`iO#VHE%#M1i-&y|=6_3P_&;l&{}61=&Ms$?vF!_)wMv)X zLx+Ddv8ib8U>wx6R)A~2juH{Ln0Ofd4FdNM2H>~{Ok1?5qFsdU^^dWL#BPkA?Pk%lD}<00!LtxKi>%!h_a5|mM`aK&t73#CD}#Xc ze{MOt)?@pcE#ra6TAaKV%Tcvi&&Npi6DG}{t9j=1BQH@+9fPdT!SY$zB<%DbCW2I^ z$R}Qe{0T^2S=LTKLg|0l_xB4!)dEvWdN1wDpzv!d#=_c+jh`r6LGPJd+ zWZE19qir0L@)ktBV;yK4LrmM)yh_`sE9SamplbBjfvN$DKj!k)F=BuYOfeg9HEAMD z0l}=}C}<)XdU`z)wY{4r@*XPOwn|&^QSp|{&NFRg{=)3qRf~u$Le_T)CFT;f$op36 zHVQt1nB{tb8v?cEC|0093N;yH@FNSP*3aSsjmQsaS`IN;*qh`& zB*w*=%5y2dj|K z;Ti`gFZsG_9p)dusBPg5;K9~7jB_^aU;GW&j`bW+FJTO+30#n1vdo)^4CeSsIO%)p zW|!(u@O!l1@H4A_PePiH%I^vAd)@E7`#gTh4nep{Vie;7^oKf}8RR(n73mK<5%0!G zf6tsQzutT66=dd84Gq87PJizP_Ip-@t%yn?ax9$QwpoaHdFs}@Bl%!7=eL7EXSMc(R&`}y19ZD*3AwS zzIZg-HYhC6IE@?1-tz!DWOcVSUQMrH72n2vA0S1?Z+N_yY#)cFT$Dr8a?=!QlP?voyAzJ5$>SE43vpO z3RMqcTy-MGUzkoGqgdayAgvW_$P;eUQ@yg*l5b?l{mEh>iLQfWyEX!l75Q2lZ3107 zKLFt&ZAw!N@>S*pRUJcuS(e>?TLFmiMd2hfceW>d4$SGL?DRI) zLVpC#_9vD4@qj8}P3QX?Wnd*)Isch>Ft-434AZty#)JBK_W~!U34M)=DnrO#>O_WM zbu498SH~reL-mxot``wk1|oi2xGunqBrc5Uw-pzfZQxgFDK50*MprSXhM4$;0YOc7 z*CCL8-7@5i-;ztiW|EGL;b=|^V`D)wYH3+g%n?|`7M!>%7r`Uo#F0~r{*Q%FL#-yF z#43f*9TGvH(S=krQi;1u6&Lz&cc_S2!A32_+k!8!jR3r)7dMZ?0kaMCIrh0A)XV*T}0MuM3O)EC+` z2AsCQ9aYR5akZ;gcrD>TLs1tmoY%R931oGlSN$N%NC z$-4xzL2a;@Wl0JQ9=z_OPaQl5$u695RRT%@(r)SMd;j7OOFvdOdbG0LtPQ9}Q&-NP z+R@!$02E#uP7h^HZjK95O?!gd%{{7E8|sUYBE2)78v|ripfOD03~Gtx`dC*dxji^* zFp|b$3`fpwv_L*D1a53+E_r7$zn6B>jX-2Is7M zShJ?8?fYuuC!Rb0__H5AeeAj8@!IE_3j)d$+x??cT=@ zW*)e)>Qn@sKF_w2s;1&3bmcwv5e`{?NQl^@mXm!0;gom|0+%yu}r zXwk9-owmJ#hRMRFaK1*R+k~AeuWe=tnO+&0&$WKW^VcHhnyaE26^P-rWQbrTobmL2 zlG%Tnp9eeEdAgPD35yskyHp9NJtr)}Ss!x=pWYA0c`SoPxH7(&`V@VyIx2^bakp@V zT6nW=%*Jm7(pr$+v}jydhHzu>Y;BcS3@|;)#1i!F2-%iztH;F#!VtshTma~BxO}FY z_A`4uowl@L1kufP%5=qE_3{{yjF2qEM6ebxd^@?S4s3QLiihwqta-LR0mT+y4j0&8>gNpSNNs5{9em4nPljj%1`#hx|SeL78zN^F6G}v4E zNOJ7-Uy#1!*nFkpE(n3P26Egf2O#i7Md{&pjTdKYiGv8LF-Fexkik} z8S_v(EvM$}#xPeIg<;x9gZ75y$<_{FC`hKoa5Q{!<*HSRMnoN;S9V>O!QzbgF|`AfENtQHbK z2iIM-e4po7hDwp%fZk^M(4lEhjV0>7<-;E)zh+kKwd(n!%k|ua%kuwFJ@>?wdJcv< zyQ=HC73;YR7IQV%mV{FwId7*kWxfFx_1~es>9hyTAVA#7qQvRMdCTij7gxym(~DBrbKeTUFz^uTg`2T@O@I#YKX#LrlzzI&?b8xYvN zF;ti;%(0CS^j)rXjP-5-(TLVMtT0KCdZ4PYq8oxx(MCIpJ(1{ps$gpw$d}FwW%;J* zJ=SZ`!vai}=%?bPd2iLZ^a`q&I;d0%N8g>ZaDm2908sDV zgD<5F4O1pvAZ@P;+1E*1>GjtaAN$c`i?5%snij35tjWqyfy$f0BEF_lL2cv(xTLhZ z^m;Z+7FQR>O(qS#q*RW%;zu!aHmZ#SZ|n%Sh1Pc+OSK_kEi7xYp>xp6l-aRFex#K?^g-?|BN`R^8Es$t&;p2po+TKeyrXn;w1! z4%=Aw{M^cP?7Xjy-l!HkFau}+uVfFVfQ(!6)A~qmS24HClHacf4$0ghOa3U`y0)0R z){=i8-MX!qyUmi%(ycSa+!;&$gLLb0IyY9SYv6SYOqaYV$6kn;08=~^wX$}OS&Ba3JW@x`oAQ+^J`Y=H7!D6xBUvN)tYba0AYJLC0h%bjT7Jl z^lzctliPMO-`H~CYIP`G3Ny0H=yonf3BjNbA+=d#7?&k~2hvc2+o6O487KjhvEhxmUE*d399;9$yj(jZx^_P~-9 zvP$Cn0w#aGcXzK=V|(~IbF;hF$%ThE9{`Hu%o&a zCW;Fq6DbYqHz%<>4F|tS6DDSIklwI;G&?v(jCyuXZm`=8vbv#Rw}7dC-IZX!Y&6~l2nC~R94W^ zrjwj>kCy#Co3Oa>(l`F@#m~G>vbL*UI&QPKcHR8hfBlHvCiNI&whm8Qpv~#>ki`%G z{Kfm*{l9n9&YBi2SH5|z`m357OW*HJYE`ew`~UQP?dMcl!KSxrI(_U;n?lw*~6 zMmiU?zw@|yM*IanS9)#Fq?R8f4InX7g(V6hGs#zag`Y{2Aw<(#SZ6j73z^&=(7O0^>?=qT@;(%jsFP zZ@5?pcfj#*qc#ExUcN(52ZGgESC0~MSkAXb(S(n75+I``D!Yp~6i%QfcGN+i$|>7T zg3`mSkPKNaW8=BHmQd*ihUqGa$l8-D(C zL$ja!CpozEi-s4-q2cJ;30*%KW;hr;=45c3llHk_Hzt+2;JMiJ4Uqb3oz*UJMoX>L ztkx}M<*=l4)-EkN`P#Oyj?b!XrWV_IF2G9xC!eYCC})vhJxR5v4|9bGj4~gl64%5E zk#1<|NRak`PE1r5!3Ize5%ylx(!+9$0M|gr8{o-|Qwcv-=!nDF4hZCrGkHH11LJ`! zR_0x*LuMvWxbiJ=I*1e9>2$79&Y9`7+6g9sIN(5wa?YjT0rxG33;I)Z48bsy<7I2T zgH5TJIETUGTH?3)<#N=HF!L+g;kDXdS4Hw%n8#=y+Tb%wpKa%7g!xK%&#$#wTKrcR zKD#31N0_xPJw*#=`5DCyr{r=n#EDlp2E`pKV)R_06L!W?9~y}w83_ZRpyP<@JN>Bd z2ztzYHOC3xk-@1Tg6J4X{X!(?u$y6U`Q{zjt6TvtF?Q7}Wjilmw^l)QTh+s_9F~ssq3p zY$A0;N$D(W1pF!x$wXUQ;^h3vL|gaa)Vhh*kgV+T=SI(DXK-g0ZNu!3--utC#2&Yh zaPLWg#h-4M%$^3>-Q3#0rTXBTcLgKi!7&dzbTi&U+=yR)%IwC>F95z^J=IFPxnZhP z9pi4|?&1EJDF%bvO8r*6Il)iGUys$*@v zeIuje+o8nW0xjMcnA!q6p4(_~gVWV;u%RnVBfld4@C^5(b#DLBU~3`vmq~ml`eIDOtYp-pJ{pO zLhL=oBF^N$)e+K%B+WeOoPPH1Z4IFfZK0M_jpZ$~u8f!f|^Yo^Y<*P^-O!jW?M8fMq#VLhnl zI=GEo!K>hl+hX8GGhtLkfR33cX1_MXz&jp_6>JjvWoxvNf@G_t!|Gx{lcKOtu&~a7 zik~sQESK3XBB98jtB?TM1jd6wtaq@AlMpBVw=|{a1 zixA@qb?`0#WbdowHWe4#YQWd9AjgY24&la{7)1F2n_&>23ebDtsY0tC^B`%4INWC9 zB_VjK5aFwzQNl-G;@AtEgD?1?&qceJRFaN!job!0Lm^vct|kutMrRCi#BAufk%7@p z(kQC{=$7pOOo_A@t#1IA%1ErxnugkL4ba*ii{;W5gsg}%nv5|*ryfCPFgoh$VcO5g zxj;Iv0ef57mQ$zQ)I`dQfza^&jP9^$U;vFXE zF;DZ%v1{(@8s9yU5`K2)Qb`b>Cjnx4;U{8HYtR~6fAT`Q=nr;<^tJn&>(2$Od}_E;wW{>)jXV_7ZHL5;!uw#9ck^ z6}h&S#>R2)1^7;qGSB6YaQ!~YeT*w?gkQTn4$6F2aiOgXl=*)8k%h< zSk49MM4j45j}1=k+4ui4_a0zwRoB|^*{7)M=oGb)G#YhHl{~7`N8>5>*kgO#yFKm= zu(1uM*&d7uH9#m1fe;)5Ap{a6jU7TsG6^LOrN_Csmn7sS;ii*zFU@oO@3oIKo*5gG z`+VQ?{2zFZPT5D=eXq6lTJH<@I>f^83f!)ZSU_D0t=cRCzXYi20CrIUDduScnw!bm zU?UhvDUyjYF)abj4F-Vq+ZNFBG}$FSk7rE4HdN_7jsnpDT@z+bY#a{9ykYN^%ZD!s z)&-Y!=6;JcSq?dajZOB}=HZ4VYgaF-8*J(eU*N4!?oP$r9Ul!}fJw4}q0 zSB?;n1Ls11+^F$N&?&gK72-h6YS7~*Gdb{CV>1Z0jR~xDYE2e_300H?GBr~^suNYt zwYG{-L#X`H5eocRd_)BD5#ziTNPmH%@25Xir|t=|rXcF43cdjm-Y+O`zd(Um71a_9|4PL=w5k&j9`R-a3xYt`JR;8gTS z)hFqWZ9DctC11I|j88xjyp90Yz<}wI!<9(Hkbn&GS&(!+)lJf;+SMVl+5ti;RjrS!gjf^OIdxy%GKro5@iV}*q`DYXm&n>b1>~!&G*6x-r|&3)XGAK@BuE=d zjc%Boo4o<4AEV%W_%1$T8S&jw2qLZ+#+WJRxM@;DBj9#9q8^7*?-92}mQpDzd_)X? z{rowZR~Ta7c%AB_hNwFza5QKo{Bd&<#afYAoMz!MQ7h#Apv>Vy55)=V=z@4Ybtd0b z8Z$JdbP!E6HjkWGN-8r|oeEk%0D%8GQ!Ai?6y^fVUY%4hi>cI9O zLX=J3DHSY+vee$io`(?dV`*K5jVlu_M*&6KZ#y5kO}G!!fRarfSG-kCqKT7RdUmx` zZ8*MxM={=r#u?V6GvR+MqvVYIIco1mREhWS7GL|mIh|HktQE{?y$URGPr_;N&F|@# z>KmbE{WV639zj~Ypo|N8EgGRE<90{>z*!=1GQQnUc=yKJ=lOL(E&8GA@k&#nb3S78 z2~$l}Ed}zBUd3T(0LT^stYB&&oa|IV-&AJVaw8~mHWMPKd0-V_G+It&RLaVzd{!xE z=yijDt{oYE0WCuuZ~bU-@qR1KE2CPy$(S>9%a#99{>W%}eNJS*K`a62duWuWt@{^0 ze}`;-N4aloctp8TFucy{fuPBXs+J>tPNtul^b?~f&G(5d?9-~WcgkRtWIJr|+2RG! znoQ zFK427bm31w^XkXgv)c;o9rd(XUh#b$c?r}~H_D`#p<^4g8I5><)S}M7Db*?z>DVBpqjI$=GS&UzqSv`Zy9z=?FM>M z$rt4Jf=YvoU(gwzQai(pj#J5Rj$jJ0c+`G|AbMl5r;GGM~TrwS&{ZW6G z8y%ha^2FCZ6sNb^Uw+B_v>okc(T>E#br$*&0k4glA9;kmYU205PN#2Ie!mrMp?#;H z20h1gE~ohiu}SO%G@raC35YiO1Yo5bk`Op+#$^}c#1{Z2r}4k^ z=YFaD&)L`JqpkOR@{?#Os{0D6d-vPQf0H&72(IG-YB}{VRh$P>YH;gSMPXNvva1C?5I(-A| z!4}MJJZtv1<`;?i>efPRDZcU&k*yD}NS1lfku$Riz~OSN!xi1W;Z{{WBeI;sZb4q; zsF<6u6g0)0ZJXRQ5W7&8?1QV)pK5c{;NcKeccdnfnt3#0*Xb-R7X3{UPOYC8b<`XuY0ibyg-v7H;xb7PhWEY^84^_Nq?> zt{8y8?SU%-pCUIVuC^XtyH${_STs6m*U|d*cRv33o$K|qj+<2uRzYff4Us2DsG`4Y zopUDeq6ff*HWCG3vw#2`A|^U#spuq9v9lVCbIwWQ92OWQ+{KI~kQ)mUxR~p8AOqQ0 zQAMFE2V{7N;V!f3_drn1t^_5j9SI!l|)k42sVQLJOw44W#@a%8_r_2(z6t1l^{S$vO0aptCqXoM!BSd`kzvfHk zI`0zoR2gh-6RxupKlmGc_-?;5CnY95KO^p^?}kiPXy z^^SIy3IaHk;StxaDx%;H-40>y)=-LoeD^?{zr8L-rm>lhUzLd{Y6bBT{{saL&ri{a z22iyec2-hv0&^A}L!oFyJ2MhXl6ll@MP}uTzvZox`Bk*;`&x3(V5GV2 zh2JT^e1O**rn4@Qx4&YRknyz#%ve+YEt+daRx_gTE$#P}M_)Bd20i}(s`*`EJBJJg z^9=dKU6xNEe$hk5uL=!W9--ABpP2Bp&gc#7h4M+5nAFPhA1>NV(J$c>1kpnKAOy3< z@0&T8{uY*XdX$sqNhl{va+r*l%(=AY+uXNE#ATdvQKWx`fir^y@maz%V}CWc6|#jt!kHkz3foKzXlp{Fxp=C<&j@ZpwyCtHq$!)LF+7f0aY@Ov`aEoCHnHANt((*ORU{Znv}XNK{shy!OwFAUr-Z@)~&4RGhjaN9J-q|jupE{vTdwXMc| z*0x?4iF;wt^RmSedkj>aR`#A36IRE2Fr}gMR|a&$&^YAHdaa zqClIaOGO7wOr|{K##2$DUGlFeBih!C+L2G_EqD(s71l&mZ4*VB%4)}alivk~Ia zgzH(4vgLA3A4bSW`;^xwULQ%_pK6KmA_|ITUQ~W2qHV~x&f~e?GwhjK!j-fS;mK^I z1*aeRycyE-W=IcTvkoV|-{YCd2VHl*O@iuZtDn*)UUjrJT(nK7vVvXS+fav^R#Stf zH4Ji*2BGbDNp6!l8gVH;Ai23~;`h@Qi)PX$IF-za_2_k1BwAOE(@e{2n(8HawU&xj zGxTO_wTe2;s>sTd4HQ)yC<_LHm=$;LKvZ=Ms=p|yp;~|_4K#MP>8nOH3h>A5ah*0ivsQ}XDpll!5s+|x7VX+fv zXjwd^7g$^MWPtWFAhJ4L9`6SRY0DxKxhC`hvD$aglroB_bJPb0ZJ+%W?M2kYe>M}| zL}uFB(?oU5Sbbs_&hzogJl_-niN_;DW7b_v-U-i~@l~a+JdI6n!b&***_>IvNvx$u zYemVSjLWlSW!y2f`3{{A{Z}S}!C;M&bGy-a&Hq_h{I!#12{rsnWjVhz;Oh@4i{!w< z%4`|s9FkZ&FTglY~ga2n`@kRfaWdZNyOxc??I-^~ty3`^nI3<(Q z3Ia*W316Syc9KX{aJ87f2g5Dp&Afyi8T)O6x=@uHyGOu(>$Ik zHTb4B7@(r~i)8a`n(2iiZ0<#yUf;gXsMjzJjNQz#7HgHehClL+1p1MHHBTq!R-6oj zzHKq+87D0nmBX{XeN+n7cx(d8naw69$e4^AYnGjEe;_LVUU{T@qgkfu%gu7@EQ#OG zOFuxA1E(=RY&Nq9F)YK-qx(!Ie!nZ+XEIs#87)`b!mu32BAU}``G-w5e8y-ve1}Hd z&*bxUdKTAdH*lqNmUXRoqR4g`^NK4fKOJ2FoRmn5qpA#xG07a#W=Al#362) zi%(h=;_4<6Y z8+hp#PyYO{uF7!Kh-f|M32hkqiNxPvmX#Y%llMMCq(MZb&QZ({G!(TN*Av8Y7)#*w z1(?-a2xhe!#<2$M4T=0x0ui=UDDe1tQK_&MA_ySlm21tf5rG+NsZ=y}&Vk)oUd+#J z%`cJ)%`H$T#+A5EmaJ_Bw(3)?HkSX5GSQ}m@!55;D)FUG?$+;lPnl(j&uaqydO;&u@3tVuz(~Pr$BI5zW7Hj# zu`C#mboH!CeC%hgr+G;>Kdoh{B~ZtTsGebsqks%Qu1-v zDQi)AK#(L8+WV?rB|*hvJ;ByrTlNb`#`Cqwd|N5+OF$R%CV_n0o*)*4<}oF7`1 zh?L1XOZzK>lGW)9(${3ePvo$nPWu&|?JJ@|uT#GM6EaeMjsohZY<>!l9|CfUeCp>J zZdecmNm&_L>0BkEM`eK*C%z<`ck2%s$j#Az5Q8K z3v~%qtRq-R@qCa>`EKHgSVbnM<^)8R!sOH%&o`baaFzsK1WE;0b0Sd;Hxg=0AD*BZ z!*JTD`Xqw2FiimR!T+2pw7`r6lhdT9`Q(f=iL^eowkC%ZP&WC&G86Pm{Ogm@knV3x zOngIm3cW-2xV5tRaTUY!zff-Xv17ZHaYT*s(v=c_AD-K<;H7^kNB(i;)R;*0&UN3o z4q~1l7Lp=-8_THm)Fx^hbs4>ZDh`&hau&v)xvZ~$!SeOnJ7L?CEj_a}wPfjrjaxVf zZPdn}*_K?qY-H1B4Ls#bV-}~s9zQAaTBr>kxJf*r1ny*eFe_%d!}sUpLMbHW}aH^8@40eXXzZWCTCy#ZNZFlU?|ox879L zui7Kz1LK7*(>wXPaSng+7$*$L4PzQ|w7@a%5XPL275HS2Fy`MAz$ab8SbbL=PLL$W z6ghUnF+U=V^^Nr6lL29@e_#_n!QZ){@;!^;d&ZWKZ(ApfEnT-vy}!J2XFa)t-`zmo z#oxA(eA{MWY|G|dY96*i9>%tjoZ$Q0;r?@9OTM`Qm&iD_11`sQlAGmX8sV)=$Xl1f zksG@VK8iT0?^fTfK@IL?t@)j;MVw~JjZ0gpoFF&?bzQv!Lo3$pxOC^PJ(t90{D*Rl zoW>$Joc=&veKOVA)!WxUFtlLtlBLU*uUNN!!$#c3Tefc7zT?u%F82Bd{Rey0RAJ#D z9s#R&pC19y$q~R*CK10p?bEJhCZ|yCza=psbE$RI=Ttw0LTy8m_?@N_MT*2vQE_0YO@Nc>e1eO+4%ncJvdx*m)0Ei+ zY0M%{0~7vw0->x+hJY!Uz>?Yr z7G1NmQzPAX#X+++x$xl8B@YbOKOoJOkwMoM>1*zZHG5@mMxegF%@I^Ize^Z1i~he3l-g>M9=QNW_Dpr)%pre%ygh>mcy)H1%7TH2=) zB(Rj7NB8qQ;X42pxc6W~i~R=rH=b8^@^;n6RQX;%L1~B9hkZ~R@xllbOH-Q2iuzJf zPlRec3)Z?pqJBxGLIB!TB9^j3T`N8}mJ0Lmd6fik2HfmkXhI`MiByFcVp`5;*lg4P z31H{GZ1MRF>P5JSQoFU)&>cY}a0N2-Hf@xnz&7qdywow@x2gs)X0P$__ zP5^^*ODW$XfU}z`p7#R=^_Zt77=`6563@>q73UI!rny=?SgP@0SsKqXm8}Gb+^Hwg z7|}#AOTyN&U{cAbJb5AfL#5(CFWeshy6k1@ir4XzKN1&$e02<9kvwL+dQ}UBCFXZH zd_5M4E`h!E{E`?N^HfKclqb!CiNWK_25h%^p|#MP5v6Cmf!exQ*W5v9x&g7!MmBb` zeYins6LC@nB`DSgvuswCEmUnr<@c&Y=%kY}{@>ucEWcof?ag*W2E{dg6=UF3dI2ETd&Fv2r8OgzugNo;l^KdOgYs^y9nf z6BE04@4oA<-DlU(qNLX|h&k|^)f0c#Nk*Ec5B-kY`R{RowW5HDx>%c2?@+}swE0{> zM=IESc#d?H#@t@8wgPAapj_k<5bKbMgCo9{xZbyvrZ;kn+Q?Z@0E#VHXv~&6i27C` z8iII|EfweV!TmYD3mciwM}+(mETp)hnLSt0dbqU4lWV_;8P3{NJc=GM91R zA@$ut&8JpS;{-v_22e6ETP-RTXj6iCKUJ52ARz|R5Xb5pTIa(Y(<2olabi*G5Km>= zsuwMXyGx`(G6C~aCayxNEfNa?zL8%p6L zeiy615XB@}Rhv{K7S@RVu9iBVc$Df_pzkffQBcUqi&gMS94 z+>N0jarVboF1R-6isa6tj71)BhsjqyKwn=Krs@5;m42xsTpw-hu*$ZYL~V!H85wE} zXq;Al|H2jBjlQAImd@7jzWyP)#_eiAC_IVnkR!O(P=B*1@U=C8jj<>brBj|?t~bln zdec?vO`Ngc<0$tm!c`9S29?&%;0~rGe_E(3vROhqNPIH~k!>{mi>OTJ?^9_JSMb^e zD?dJ4917ithhx+tiZRBLMVBvB{=n*ZMv|;ZZ}G3XCm*nqj-s!9gA>xFo zR^4d1)|4vxdRG|h>@If=J=DK1+=^>w$k*7pYTePg57et)ij@m?xO}2J4M(e{J zl7D4xKTSimQKl(-X!TTr>ZX=b+o(&aqtq?bL(~h@*U*bp(NQJ?9*&=yHFVi^&w`0< zPN{J0NvzS&87A^)0Z#{?iRZsm%HI^vk0Wc{oB&`N9e5UcvC^+wNfQBL-mFq_7O@1+is9*}nSgOLHvmS58V`hJ zX#)DXtd#E+AapE0m;hL$?L!N64f#E#{E$#shwt868asOHI(+N0QvR}d{%EPNZxmKT23~?3Dw&p)A=062yj$!;@;Sv13 zpAid#qd37$U&7y3E!+Y#?Ex`=d28Vzz(sEFy6dACb?1;(GIL*<${hM@#P8GMi9iFU zk)Rk9Wx{rDOQz+ZHY$rrQFSm7fqsX049jKz1FUyPNno$dkxl_JS^%fEk#He=LA;A? zX`B+L!>P(|+3?p8ATB^Kk<%%Ha#D?gHYH1*Umw{kzrB({KwN zxuv1UV3iHC8*WzqsQl^XMtrs8x5M)!olhGy&Ra7-neLm75O1~j_C~{gy=I@yooueQ z*{Yk9Zd-3I*Wc?4)tR(fQ(e$6h}G4ikkAg2wc4WW#O;r2hi|;*! z0?OZl+9C!FX{pRBF7rSDGJ>gz&th31D6 z0{U@SayQkY{mO4@1loy&v&*k-B~R&8BE4?pF3?WzkLMpQ&f(|R5Y6K6mgj|ur&H5LuffotJL zp&J3+aXv*<-3UAllMvcSX>4|Dw~oLvw+g^3pI=uRTe&WSZw;05>x9Bp2tWqM4qkgz zW$+f(@4*wtK>|E@BYt{)0*~3T+mGLf6KpL3Gu!QW2n&VJ8XNMTAn1elCjfHr1WtQ0 z0RcmW@)khm%_XX?91!x24wE)y<)%a>)d`7S$Tu8Lz z;kOPzeCEIazxFCT5Oj0eB-w zzN-`A@j7iraJ%?b?a$C}e6ek{*@e&BzBu6`=X-Z;-J^VCboZRT?N@K*eXJi#Gut5^+bC6!yZq#zc=Dpvtq@D)lIW9qFyg%5)G?Y+a1xUBeoVXlH0p>Z8{M% z>z=NT_RkGT480ahGqEvuw6`znS-l3azdzVMthHLT!|nV24Cfk~O@q(Te@%RyZr#8< z264{H<;q`?W!|kj-aXpv40mSGpOp{Q+ZZ3ZgkJLWa5$L^4?n#ae?+w47imOJt$`iDfLs_0+sdZTgTFKF0kFxcO$ccQ%k8I2>{O)Qos2g{kLU^sLjeL zi1{O4bv8y5wj;ahv5nFwqdu8BpZ`iHJX<4w{fMpRi;_;OJN%L!J&F)#^?gy&>h#K4 z^f8@ID?aa)r_H=u%po*_eiksA#D7D|r}^Eq;t!h47W5jTe<+wt!O8tqEts*vQ#V8v ztDt0|DO5ScAJPXn301l>kQ*LdlLO346ZyC@#9}yG)BUq)i$&Ny=jY6^pU>GN@D{p! zefCKC`iNh!Sh4c$^(s_Nz)$YTX z@K$QZxm$5dX^E#@4dtPT*R%0V(eCtsG-ZKM>I#;NUL&U+DDBAF5dLS2YSW@#lS4~z zr~a&BN54la6p6bBtw0E^ya(Sv=+9`0;!vJIE79+i&(kqvQNFAEidl!cm0u~}o7i>9 z2=dSf(aNt!E>Zpir$_W{s9E`|@>S*ts#dZp?*NTLIf-2ZV@bPiu`8y~Q7&6$yNQ!>^r?vT`*>o5;0;g5~ z5c!j{vi54`3r`y0h#&8%)% zy4+H}3fDyytdH(Mlz_CS#6qO;VpGJVlY0;}cdV&XcsUA&h@uL5YPbT|T#m{=xR||i z@xg8S* zaH8rDiZ-BTz{XAU8kDZfUw2&|eUW@jbNGH5?v(#g)BI13ltkHZ4q>Q3p6qdG8LGhA zNHlSolVYlOtenjH9ZAHvXFA31*szl}?A)NFzlmkjnQ^#@lPBphr3odJ@09(_hq>#y zPvNoLK@DT=dI$Jgrio;?J)Yl$bFwp@-*Tp~3o=ui#seab<)Zv{@tKf4QrEO}**549 zo1}u5SmeYm7E25vjs%En2%|_CE6r>)#>m|Wt0i8fu@S&9e3!vO1_053!2&DSA&#f9 zZh|LhJQw2>b}V{$krsvL3p)F{O(W+0k&d#jxSG6Pi!mmJSH^~{U5>{Ur#Iyhk3`)2Ox1Pnls@r| zYo9v%u%N&9UQM7y@7mToXq^>jM4dH|4vw%#Jwd&;+N0A2tKC7pF5av)1STF{JF3&& zzi!X|M$gr)OGL@k9_b$PiD3Mm?4L0#$uFlys9nJ8xh$SvL^x39V&QvtJip>hesd|m zS%764dgUHaM>mVo>CUd9_1m^X8|cMCsGYEyEW=}X=wg25V9;Q&?#DunOAuxijc^(* zu6BTTBJGgMM51^-)XHE)!b_wBnlKupWtBn!F#X{p6HP^?#|E%Edq{(H8p*tC3^Avj zH8t!kpI&U(_ixHyk8g-HB(HW^;t#zu7Vug)BWL-fvhxvB%p41NU-^MQl;Ews(Z&a# zXpHopptDT_cN%o7j_<|_e{`8RWVMm+I&KQ5{&14rWyi&RDugaA-hr*7Up})-% zWp`B~naS*--P81=S{JNZ zkqlQGj7U=c{HU?Ix_MULwE6Ta$|VaM>O*0xl{be@w>U(PcMFQ1M!_|$t@X7I5_goN zC-5+Hkk~k9*%D417Ra8EOhTS!SfML6Xhv@>^CjB^v+{_+%o~)4%zu(u;w1N;FCr+T z1_K%u$}v~xD0+e$KmS{{Gr*7ozs1{#2Q5VqSjuRa<)|vvWieKvsye9x7f*Hi!{y3Bp5^Jq zpbz7p-puQ!78z%V_^%>HGhX>ETZMm5{ViCZ2(F5{^@R@vsgt1%#{ z_g!9ZAkY)a^(Hr5e%&kX!-rq;`TPN#hNFLV-z9tM7=d9;Z0G#>-5JSv9%BiQQP2fI z&aR~ZK>ei4abQ7(VdpPg7ie|A1|+u19a+uU^1 z#1-@}==6q(OD7!keP{p7Y^NVOeD)23M-OuSD0hT1Q30xx>c@4y7FYoSgjc#pU4Pb* zJm~N|r&1!B6R<%WNQ|{cf`lG!tbv@&B6La(rF=wX<62QFtjBE<35wD)Qgw~cHG5zl z*glf2Wlz;Y1K3fWRWOY>d+=%|*sE&#hKQ(BRo(znv0zgff^kp-K_>t&56B2MB&sgI z1kkq=OpJuS47~oN8S)ttC%+9p?P#d)XkXFs*U?MnXiaAA+>JllI9F>nY3J-2J-dTB zk!zaYv7+NvNQLIbazC*991b74)8Vt*eP~ukeM1L%v>1K9zN4dFS%Rd2ypo8cuq@HWFo6UPzk(&uUMo} zL%8ujjn+%sGFU{w?_wE(p#Q_LA@154^21%o?np(um`Dn?QBc&brXb%$zB*IhSOFOW zznRUX()hNpwL6O&_ zs>$HGghD1V*%VZJkcU}a)(`;+ipm-d0fg`pVc=JYUZ*YXO9u32i8gU83NTE-dVSEj zwa3xWz(`iZ)wBAVj4Yl*B(GK%wnwa&@g|l|4M%&@yF;!09F}0VWLI0Th-Eam-I;*o zmh?Prk4S=5Hngm%ZSNdR&oV}Rem}z_-r^G6jMYwSosO_8qKjFcT(6!5sKX`~mm1`TV}iU?Vqq7~sE(nXP(Gw^nU+aAx-^===hH*$>LWF6Eu zx~eh;goLVkF%s~*?Pi+RXpCAj<5`rk+v@EM@>ZKA$08k#G&-A)r8O)UXGIp#G~h_G z9K&d}f1()!!x-^DjlM?aIHR8BRyuWzhPCXZX`a>51{1?OadI86Ljq58X2zn|b9iky z#MeuDBTef?4X5Wc^a008qcAHR(wkU=6bKCZtsG;v)N7n3yV26ei+W9!PUGVlO=GGj zDt$9XQ-Ghx0cFtE8~6%4nQ7$5fN_x{VgvROPVSMXOn2<#}#FE9tB4xFT^E^7yI{ z>M-MqHHq}4J=;t^)^U^G602n_?aeV~pH9%xoL-v}EOR3|O{}WdQH|t-KHILpl#r0U1qg*KXR~^W}B{wMLTLF6Y5&x4cToy0Ud+0nMfgKc9m?=vN_IM zYtu8jBNjcwYFlR`)LLU{tf3jB9#zYBFRBl*7T)AQyo=L0EJj3&$fOtbyoNEF8BGl< zvsjg5S&IW9lOS94te)mLR>No!-{CSDyK3}|wyJwpU$y2ltTC5*jK^3EAq!$mM1_Ajht43B$qC+fI zLt!D3YN@G$-{SQ8!gZ-kORjI-CL*kOqIj9qQcg?5(#;z{q4SDku7SaY1l3h~MuP&W zOk3ab3+w=RkUP4VZiFYINR;(!vOcVF^GF6kC&C250b0%^14*2U&EiR1CeuFd!-;!ty*3hNCD!IszNwr*JYF1TU3J~925gCf6bf@3-|2XLqDyOX+0BKFwobLZtxlm%-u+D?VW$PdS%_-d+k5CAV4>9 z-7ikZmbs$(OI)Vgs00@Tr;<#Cg zTH62CMk5Y)|hanJ(^2AASD237c10XJ)@SW8sFS|B4H!A(2pspvtc z7}=rCLA#lxJP)wx4%PdtPaLBJkBJx=K^>Syke(7iFv{8`m0lEtQT!K*(CJi`ct|Gz zXg9{hQH)Kek_j)PM$e&O01$f#`H`cH(aYd9`j-zM+qq!yPQ-m_uP|J`P~L+Jbk#qe z82r%Q+0nLD3z~O&J@u01u7rxzR|tCk$EdR?p|Z}4fiA$H`gbs6G@hO z_?N@N-Y+Td-8r~m=P~sHad4rC>uv}STrrqfnrU@Ny7V8 zuz!>xL^L&M5)f8ZE>W7EpFWXBdS(9$^{wr7SJl^}6W*}K(-Ecj(CPHV>C{K@;T`^J zb0dG2?y}TduHyNLh-hVL$)xO}@yqxd(#l)Pz=-E1Y4}+ggoKEBC zN9*~kES9r$x5aW5{)UN&1<@vS|BTq>IM^Ib(DTaS%MHnkB8d2KpHr3YNiZPW1zY#ILIt!&lqkB1;lphQ!v}#E2}B9tZ$1f@{A>xZf(q^cR?AZ9mR1!MM@*@h+eB4_ zHe-S|U?85R5CcqCR!#>Qkk~8akpiLycc9T7gNPDZYLnH!YI;i_agEQ8os7*McSZDX zHT|kOS=)k6-tgQFH#~=4uXdu*J$sZ&j>nV3)NCZp0-%r38L zM~*@zG!T0-_#~+|X8wG{dX*O|K($Sv3PoWr*@MqSJAk(~UVtJ)YUQGzmD<@iOpgxl zYZ-3I&0aT~{NZ!tQ|sa+I!QR)M*#i_jhx*_>fn3IEcj&ZQh*4SX;5onD&~<3+;+4Vu${2`U_+@cfDASFD!=c+|-0Po2_ptbjsh3y(sl^a1@T6yhyr z6cX6VL*+I6P%(pvRd?g(O(F0Pr@B7ayTc1dd`Dby6lo)EJ=a03-mSF=;g{S#Gkp zDw2s%78V~^d$4r-GLk;lC`$enYwv#d-YYMwtKqe}4a$wLe_Z+Xcdi-T{^XyI-G!L7 znU*go-#WGPo9F1!k0Hmahc$FvUCqMp9=P}2yOUB4Un_n4@7H_>c|LyZPfu>Y_A*?f znJ;bM0~MjlSZP)PB8APWEY%o?f>DL~YFv^a*tKTPj2G_CB+C)4 zfn3C;Aqdy+0^i2eIg-vzp}Aml=NT^|?>)c}f4s9meZizEc*DMPCp9D7I5is>MW|vN z+MzL7^ucFOJnv3|k;ayQc>s$CCPFS|GTcMdZ(^j3B+=lVvF*y~0^@vp3HgO>P@(=Pl1zJx*C> z#Ba5|?n2K!j||V#fK?w+UsS(F`FDKl$wS|lQ?e|-%n5Zq7c+Wx)E$kQ`S02UDQ*4L z{*(0Rjn6-SBSoQe=P0B-%+8@cM66>s#q*vsfR}gxR~Ydm^x*0&+zd#GAdX!F(-Tej zhp<8gf)X6POd{LG60!nf0)R2$@G@4yVgq|52sS^mUAW*~v?H7Ws0`H<2qYLav>hxX zD9C9dSSDkz0PV190Jb2gfl7-pbQCeHr5;HpJI4t+Ysw;2XBuifW?CcZ4IIsDHB}vE zNwlS(TavcAc`c3g7LCa3q(FUFxFgP*IIOu^4agTwXf%$`IqMdh#2PUNd-ESoU=3DR zA2~-kb5^T&xV6X07@V>NX<1eZ9+-3D^7YOtL-3NFAMRj&Y3DRDR#sWYXiMzzRClau z_HalSYTG$jJKJmu=xMubbkWGfi8cPV)ar<_D-f^I)2ypuZP(7L4Hkw$_#e$#^oHCU zzVz0bx>{Q&&cqFCI7`G^#d21Y$+n_Du0xzN*xz8O(r_}v*7fu{orc;wP9n{R%f17j z)x5>c$Lnd5>ZayV%c(uoQECgZGS(AzYb*yHjsx-R?s$GR9wwvl{MIx1jiti%xFt7& zx79YFrmhFpDw~JuYMH%o8E8#;LHvTwIBV;+E3btCvG*`ed0lIMw^-ozsWx9Jn+d_} z?}d;ga7DzEAF-5yB?zxqF_iTp7AL~pA%v$wDgtIKLJ=N~c)=h=j89qI^yPD^LME;S zbtp?rSGZ@uT`#RtUE`ZtP2{%GC(!D7Jx#2Jw`erCoryIy(Hw6uwXW-%ch^^y3FQst zA3r{JT7MFuyMKYgy#Aze?(SbG|AA^2$K&7My?0|%(|_)rFZC_Pl2I_Q(Dt(E<-J;+ z-pp5{Z<}g7*Zytg%4AfZ$hdT#P*>MeD?J?Na&}y~tV-53IB-d=tGb=_=%xdR9ev_M z^Ku{IO}L}c?Va5R%)AkIm$qHGzB_N&+0}dKnefQH1H9u;cdH-D7oXj@ex1Ae^w#Yo zp%?mn?m%F`!n^!~H9Rmfx;f6s%x;NmT=O@LOdN2#q=b9PslNWSr1^}qjx&chT-$~rs@^puP>=mZ|SUb1cxM+L%OT2(64;MV5ABi7KGw~7TbOkY(Hc|c@F zDU=nhv^D~oE^b0RHzCo^N;W|op&v(~v58ktqdRVWF%W$5)+b+n2@Q^+(Br3HouH3A zkNVGe757euDjk|xq&sK-+0d`&p)sH_9t7=!zyMc05(HDS1MczkSKUv%rC{Aa;+XhU6-%lK@@WOg$!|oe(2rl>C7ro(-jStoYjELE z;|(VfLo;G^%e(^v9#O7q@9u842-gg1to`%$UH;*|s=?tktCkLAEEaC9OY7)Px7E;& zg-4fkdL=wvF!$W7b+pGKbaQ(6V5g7ay;TOoua$RH$Y08aW$Qn1;GHf|RxHs(39gui zM4FokGnW{L9Y|Z8P^8wx!7B*1=+Y`+1wjA7<{=pWZD=yw%Eq2Ku((w@JMre?1MHdi z>f!IeVrJpu13#TTd-);d@5p@U=hV4#Xf8SQE<1E+S?_fJ3kR024pdOi;@~-3jC&@r zfjk5o$OEJlUh@0>ly-1WS_)hoov-ALec^u=H>SF-{l4pAlG4@9pe69E9XY*mv;d zSim2V8^*$LWT=8Y6N{l!{y;dAsi2b->{{I33=5P-VnG6Aqe2qobuDG7=fSBCPYfcE z9RYnTgGYmu_mu@02gs#VGSP*i4x+2k2!s?hhAArhZGHfFld}$vm{Nei?E9Y;uelp( zpFQ&9EA-pjl!K zG^+2qA@hqHpH<#D_Om0ej{W>Wq-ReGu4MOy+5MZe$}dJogG%d`{iE6-`kCK3-M3^u zUfT&R6tUzL1%ewQVBH3ScP`>aM?z6Rn4(n|5h7$|GsHCs4A+^m+)XwKi61;{?@b*5 zqk?R*^)`z}yc&t2kgdM6VOijYLpyKbg>dR7aaM0vt1#TF<>C#V#s){V-pDwNrntLx zAoJKXEJAuh7or&lT`kpR&9M*Po!sIw*=!3=-iDHc%i}#(My}5;Z`Q_!Qfn95d@<+Z zo*mZfgW;SGD=hbVCUL%4*uU=slmKAdMEU-BzVpl&%L!c&fYDGItMUg3cu@m^(`bki z1c+j116*|?;?j_BPzkEjrNV&P1EtS=?dxhR10&>vAeP+ylJde=@Q0d`9vOA$=B%HM zGzJ0A-UTb>>4TgVuC88RIZ>+2$oge?_7&xYFG)PT1>Ts6``k*)ZJHxf1*0?>x?oZmNP&WDJYZ~|aJni9np5}(_W#BX)Cz-hM+ztu9iGW3(7 z@vq@UPkJd`6!h$aFr+~&0Q4Xd(F%(nzEDp76GZ6?Qj_l~`y%Ur!yDMZ=2FAdT8a=a zsnaRp0x>7@HDLWTl*SmHUq^!a2jclYTvdzX`Jpp;TM1%}se%Eo5rugRT3ZVYo&t-= zY6HLH0kKFAEh3&fLMlTjs{lSC;qXs&-S^|dr&UvN#F0#7{Tgimcs_a5fEXD#-jJ6~ za{fpVIWnoJ)^1(Urj^aP(NA2)uCBjcSba@X(>1Gw>+9cp{IXAs;w4nu_CM7R9c146 z>6@+l+#cn1*XpK`_3KAst6a#(^6|uA2z}$M{@_F0p2dBAi_>(|7d+8Il- zG1Qo}Fm`P&7xz1>=pW`H^|PE#h!bV<=z9<`%9{OEw&9#|$~)`cS>DjT^85*07)z)X z6op$DjF~DaV+{(QKP_`>;^N8WQwu6@{9qk|JAbMrZZPmYgtRLXmcvZ8@u9SCSx0=x zl0lh_Zh3orfhGNj&EB!Rqw%3#k2>vLOV>ZuqFn~}v&y%!YTE3_s%@Q%vyC6$^>LTI zV+no9E|l5Dc<__-!%j!X@=VjoT_>H6_7&O2Pi8fX+M5O~8RexG-Qvzo{`SXhuJ#p~ zrpIK41~A_C=f*jftGxC{dk50;;b`G+pK)&?LIJY*-~N#v^UIc-2zNT>EDs<@LxS`c`q z_3=VvFbO1#72NXuWX)Cg7xv)F*;~r*Ri!jsM+dNMwnr4DoS8G3S)0cfj5LmH-AN?0 zo#0>|9N7v!#DzLDu&g7UP!*WHVELv?D-v4z!Kr^ca@z%s;JDPmFg1HkqsPu{}q;zo8* zBe0vZ=-lj(^7~l5%*%3V{!x>tVJxQMt3IRrwtP?PLl3|4C&V7PejobVAKEn=zlXjx z<45rs{WSTho2UJ}{Zl8-${W!^`lgf5?;cs4H92Ls#cK+2dv?ju4$m6%If`jxIND#0 z3`mbmlFTEW@Ih}5j>AicPGx}ORn&Z=4$F@g+@dUZ9tbj(31w{>)@EfLVp!xNp$JN| zj;tKcM!t#G|MaKI?@;>pNKpRrYvuMc>}AOI>h0l)zu$8Ref{>g9(6qxdHv4&-|%w7 zH@-`aS|6RDqfhy-TcljGf9XIuE?*1tmY%Xxv#6`f(d5;oqCZ>*kZ|PET^g$iLfA+G zP)`}$Rhx;?wx(3{5JygrgFwc?_5}n01xxv$02G(yNEO&`ZzvTTYKgowi&)bO30&S# zka(WLMrp+g;1|<+WD8CKYXPc&a>!2k57O0nH2>qNdwY}_XU0eCJntGHSfm|Mqm_T{ zo;o!YpTk$9%Bad6LFMo?PEAl#|01qjrS0@Eht*o!Ktc+?+k!CIf!N7 zNBCiVV5n{ZrO+ozr$ou_kCO4&1n75Gf6xv(u^H#6G2*Q65#!JjMJjrb8nLDJOL?opKVP?*ty)78>l2D2sR_ z{*On6NdI8uyVvfVco=n@)@n~HFZEy9-+v{Ri7!1j%H4zeh@bMRyNF&wBm-NBPA^{V zwK{jJ3iAs7DqbWxx|l4S0^uYhgIlf~q3BE75)FObAO326_#G?K z&n#+)+C<$;0TFzb`1db`X_W-4;U?Qmz$6xw#+nycu;@aS@)U4518$0Ll9y=}38EV7 zaIexqZ!K)Wh0-m+g)%j+SEGJUbB1jHoTbo|tE7BQYu+su9nKK(n>S@~yHh%Uln{We zUy28Obfq?QRm}>;9Wm1^n&v|- z>zT)6J9aEd`Q0r$+HX9(BmHE-VkN$1C4;)N$&==o$*(Ci?NJ7SC@j z6}Rq%t@y2*@N}>VZ~vJqFE$S(p1pL`X;SRN(F4;I|EcaW(x zQv&@RP$*RRYjDz9Rm!gt3j6Wdp;G>kDrFog<&O|xF9>Qs1_G@_h`Mf3;c@O%HMCCp zkDn!~m^Q}eb>m#2N_dCQJI9~<>)fwC0}t4|BUY$#>hL|jU=rTR8^@_rI-|+qRQ0LT zT72QGnnJmmYsT|iOKX0qIL2@tZE7DH>sz#8Go0=hiw*q?p_d(!iaU1ifw1&rNB+O! z-UPml>f9TiGo#VIjYgZbTD!bSwj^7YS9wXi#7<%-P8=srLUt0ela(YmBtXMbb`l_k zKv>FlE6E`c3e-R;xAcnA($d?$ltN3nr7dlNUTz`w;K^lPZ{k_-PJch69bpI78KMg@XShg;g<8brvp{Kcyo8{wInUL;i=*ps_yDT zaKUg{7O%vtY!?1jTPk~S1mDFOQfGaX0(=v)ute`b_{>m%kyr{WDREp94ap%gaU&>c zwA6sRnbb^DI~Du!Bu?N7i#Z0Flr5yO15fP)SY=2IaSSYwK*P}4>d8Pm-fR(}ZVoP< z)AA2Ac#XuaLkrErwY}@t_x7wu!Yh}fjt|rG7awd&u!r{V6~6bKjPSiZ`wy{|b-nSb z1O77jIbsQN%OHNUBf{^{a_$$O>f5v`8tk2S5od&6bD-NLQfBXtKCH?47b z9J~I{-2VCV`{({@w=>{gS>INEU`^5dU%mEh*Nnct8C}o5c1k=MP4)MuYG=PSb^`~q({$t$-|UDQ%)4Rtw^5RSQs4p%VyWRsm+8N{C+T!uy}e>E;P`JU6QMh8p2CVi*mV)HeXFyle}m zoMn|&HKkAy=kO}|Dj*chTbhh!Nj&BU_EO~Uy|Q44w}9^hiAR;nz_`aqWpFMjXdulZ zW=TCgH6>|p$X}@B&jAm5?jSP)xzfk+@t%-Jb~|LH9ca$1HjGTmDqM6ZI#$6Nzq}TxOD0U4hWV8t{bd{F6 zoTV=^`>uZOxvR&o!bkd0pix)kT=vK%mprn}Zr3)4;$4;N3mD62I@G``Ra(uLPx^5b!I$;ilbAm zPwCf+W610M|CC3S#F zftZ)LlL|doRP6B;$I)!06uyA475cKrKl%F;->7Tc4v{buN5Aur)Bl3hjdj8&rSXJz^K~WM4ksJVJ0FJ;y0wtAJw5d>FI#R0eW=$)=2~U$MjB%U` z#5o@V1ebWV4^=~irH6y-^Ugc}O*nPM73i)!{(~j*PT?8aBs_yl?nWKLDcVTRb@VCZ z8ZUVeZJziOeX9T8PA87{)2GJ!(Oqcs_-AL&&(Brnpn_QbNmI`dpVu;iB3YLoHP!(N zPz|xT6c>zS06kKfCq~|ub2O*0zi?#Y*ASWlHkfcM)0odRidu1TLSRYC63w=P%}I}^ zzdehM-#sE80ti&5mPin*NG0atQOopHmD53d>Z@dD^4Eo5{w#+3eo#wrAgTlveljRF_@)X1sN8 zCbQSbTaxqlOqQOfGg?^kI{yMvzu*@Jk%=1`SvdavLJ2doZi)15T)1##h*DA|XB4tL zW(lsM4pBE!uTnpveo6fY^(X2h>aP?9A#;IX0!vebWt-&GbhNaPeFc2{La;LutUwDE zxZJ45#S~(`Bdkvc?ou*0GULmjh%b~#Hqpce;}h`%K?VuH^DQz<(jsG;*rbbYMkdVq zHOZUBU@Uw$2rjaSEEJ(j@tu6!A~V5F_{-q2d=p)dM12uzMzUnJDOtj4(FbysiMO*7 zi&STm9anHgobDt-51FGkN0U)ydl}o`RGus~nv_;`j0sox5Snpl`RbN3&%%ajmAj7m z%Ny*W$nq|wRHBfU%iOGiks^d-a*pvGEDm{ShOSRydhS2mShRAJLuwLSZoQR$Q(2+r z^-B|#>${@*aC@_}L#{3^HmlA5wZ~CjQsmY8RAq7*T{3I@gtoSvW6EqSC(}xmGKEB@ zvl*h=eH-1%lF+Fdh23c>qIX@8fl8T zfSJ>onXumW^sy?xmoZxP2EM$@R;*{V8oxX3C<=#ZmCnROr|-C=vvzH=(Uol02aZ1Z z+#Q$D5>~+mWKOlKC}8&3noD|g$fVS}yUm(Zqlvav5AVCnD6wrae}vRZ<3e?|lIC0< zTf{y`p{Q^m)Pt5RG5JH53NFR>=oHoS9{NEUqfjdN8kve`O>&)7$+9#fLF3fg#Z^MLn7Wf%7o$C}J$?nI(yXw?o_uw~0Iom;pK?`-?HY+Ow6 zkic_|Ozvbsi)%6#)RU}~FnCQO*Z~O7q9hDaeBiE!C}=>CGHVKxnS}q6KtLIumf-&- zf+L8_J5=94qd&@PyM2u=f4O{rs{DyElYgLXPBOIT4dGA18^Q-aA3?ozkF#xh>dx)E zi)}MoI*h((vBRmfRJc4NSNZK-vj#UMw?2rLAh~zlvRKLdGMSoXdDoWi{b^RN(%q-v zER0U7Rp_<6%I;Iim8{aD;Ek5*sMT3zqvZ=8*|T{@+NqQWjA5%|LEk+==S;iCI<0g2 zzQ-3mDE!CwF5CJla;({uFmf%uX@nZPnh@iSlXIz*|9HMqogA{nY55z$t zZj0pt#8Wlk#ca)V%p2~CX12YRnG=H%?uq4=ZG+lnDRs{lqH38S*`wt&G>}q*( zK){{I6C~qeZfL9^96fwU8@H5M)?bIFA5$YIq9ObEL+8W zo(YXTYyIREJxMYXt_tyG&+@;0xs0Tjsnd@()HU*D0A)a$zd3w7n?NRqTb;e4@J)3M zB1qrl8BvMY0EL1zV>)n{OY>3{Z+8Wgy>nJ<*m?b(cYW)=`;QZsP(xO8FHEiLuEMQv zxRC&7rd7PnzC7J^*FE<>Kw7OcjJ8Z`zmM?8CQgLl;MiC>oTMXi>484vsevE36cg>b6i5mj!^jUdtTPFVqo;rPne=XD-pv68b7k zvm{zI&FM52of?yd)BjLl!fBubRZhQ*GfBHN$6DtUsb@ymTc1IDPJim&&~mMtzQrxv zb?SEoJlsjUS_n&KX=*mLl-fj%P&eaMk)g(@*G1&a?26mtgtn<;xdh3$m5?aPPBgYB zB$~49#OqF zmOd;*;1*Sc%guHU;>%0&+0FamQ=eUf%XWSPpWl+t-k*g}ef9`0`}Q;V+>;+I@f?wZ zwI%x!EuU)o2dJ!?@-^PeoXxabNy$K4oh@V@KH2<*$DnW>imlirs@3TJly~GdH+A(f8lk| z#*%=b)A$H;WGcV{%3dnzuofeVN6O4nV*x;&)xrR>Z7kZJ3TU$Py)sN z$$Q5C>4%T~kKYIMO6fCt$r!toXl&L|pkVM|Y8#AZ>~Cev`JCNMqEkWTX4i}UNWOf= zEPAbK^EoX~atNw0KNA8)i<>iyvIR8)miG;#da1`xv@V_inClq1iY7dR;hZQc8M+`U z6HRK1)3vi5@1srcJ7(89gtrSpnZnzsorGjE|G>rXzwf|}gty24mBeF?2qPpOvljU~ z#8^yGzXHB#8p=n-sWz&QT1AkN_6CQqUZ_k10t=4fryGt(ZQb{5ow=@|>nJ`73%b9xamVcLqZ_x2zMAPX z6b*Jp6aEWmi<8d3c>=o#&{=?x06$&Eo5}W>J0hDsKUdn~0Wb5^-IfZvptEW)fHu-2Oy+zPKTaf$b5* zvlWO(92*JJW9D)*Jr<1k-4kg?t79VV_FqFkOFug?Jxz~Hj3E3?;Z`iw%H?M$ZEJXf z@-=Y6h+dCIxCSO52*MY~(J;N|!$}-hIqV~)RD_CAHB=qdM75H5oVIADmMCAFNlLf0 zm|C-bUV6TxGW8;LxxVFQ$hzhFF&VzDLNKR z>z_q8jnU9DjEV)ji1MpMU=O3DrYL z`Jk|Os+20&+5|bp(v*Q9ttY8^s)c%(%2k8d6wT+N)g(G3hSy%TK10EZU_o}Lf(Qc1$4mWB&ka|gw<2!C73X^LAW(! zU{>G-S`NxzwVC8y$(DFisjRJtRAmAjpig)V85z-IdSVdcCKG)Id;w3aI^pwFgQgsR zq68(bQkjQXQIc`m5zmlHVuyuX&cJ9|Jgi~)#{3|*mpg1~WI61V*EcvseZQsJD`imdlHRFo8b+)%2 zIq^bQ@68jrHxU1gcMfr`jl0rGA&=xt*`A5pUcQtn%*{zXvI|r5a@^a~s2S9wlh%St z;u2V#&(uJNr2tbNu*YT;yKyIX<$>sj2>wbN$zKRwgFWYHmcgVFB%0+?qFDyzdqqA| zq0csmUUI#FALj$#DJ$;Qh6+6CTid74Ak;qvIPgXvE-wae)rtmu)-^+fa}04=Yx7s4 z;ga4CiH;Z^z8Z^`Mjs=7u+Z;?Y&O-NLKYVYazaF%dY+3r+PCf4P3uD4bCbf2Pd>kA zwJ-Xn5fQ!UU9Y10BK-U&MqpM13Wly39wro9qe5>$Z@*T5q>G;R-4%@#wWvdQ#fkp0<^BggIR4V?b&EPsz3Ywi0*OuA=#O>CkvmYnVB!=$>>H9G zEu)p{RR)7q6YEeY4D`ag*RQ{O{j*K;2Y1h(f4MmlTDar%n&5C^H z(r9J~?D+*_TojMtx=5E%Bu2YPZIw-&*peTb&uhd^1Ak_-79ZiwX)+L#N(@;#h3-O@G6_bS*u2R z`u8-aE^<0kYCWBtokU$r+uN76ZwuAbgo4Q=jHUj}Jn3KAGn5|F$O^o7_fm`SXU+!t zydL6j83))#F$FJ4fRt_N!HdbNa5T4){^eOdq-Au7fx!Nnq#@WuC(SGaeHpSN2!3WQ zQYL^{68CONGJ#}-!8N!;n-QZ$5b18=14+yl$+WC2s7Kiow>4i<>1HG^aI{SBo3&l0 zQ+Vl_=sP-EScErU#e2rtVQZDI(po8x{z`Zm{T$ulu2HK(UEh3L7(VRnpVq+L{if`( z-==DxQ&;hZj@#uvl;VG8P?|{~_W&*8nJ0!HxTwYWoZx(L&E;@=ByH3}*e~xgyao&Qvhubt?yo1(0sW+R= z!d*@uBayKWGM~S!67C4h^clTov(mtH7Hk-48Q@Zs;5Ac^dF~%jnNT!qcE!OXca+t} z;(kkPv_cZX6t5``yNZn@aaV|uAOS-CVzJS(;s9=e@)-p7(9tNlY$SvcOr6&JXp7Y; zC)9A7s8DS({cW?TP>ty`^QBO>;cQAj^P6a?Z~EMo5q*o!&0r`*y4kW7av4Y=9vYwRWXrPSZQWCDLaNn zh7X|Qi?6(Lu`qmKSQyb7MgWm!L_8YMCTO+z7+NXkdHKY*$W;LsmG}h4@kjtd>F=mq z73k@T!-dhXHZ;O$Bqde2Cp+V?t@~rZ325`MW$}11%p}yTI*(a3;+i6QIL#n%8`)Xs z_k4zpK!>y02I${u=k|Ofu4%$GR;aN+&s&;#Oe>-F&Vy?;b|8U@nCkKvT zNWFV@_|hc`bI;j_|(zo5rtTf=uPYK7W3%V z-`j%t_zE0H_yin+wpY-t`1pHr6kN4VLTpRjfAg&a&`6A(#2LV-|P9S0r=o-j6Ilv1)N2ekA?Pj+4 z;KtuR&TDyx>qX(}yGt+h$zsCpQhA`gQC;GWTDoRLWdY&CBA?u|N8>9Bn{F)C2p<@o za{FqP-BiqP^(xNyRdM5SnMtrnakQaR0Gvb4N|M9ZPa$^AayI2@gAd|r+$JP6X-68(P~DCI63uss{y|!X0phP zz6;BNsdE+)=Cxb5(BN5DNQD&Oiy>~X@gwF^D4Q4o~hT!6>4NK z&_ek*Pwc< znpP@Qa+#LaY7I66k}h!!EPWZdxa!olhacWH{uhk_-7%t2jO>@&2-fQSCzXEK%H@91avJ%#eW;}`x6eWB23 z6oT{l^V;(v`VSfDkmf#BSEFrss#G4N}X2q7xZVfUauC6e^%-Bs*lj0kW!{n z$TZeB@lThttXwZ0|H+@|J&aBvW95d4{r{mc7&KcpGY2e6ukiVp`Qh!`9-m=bF6(#< z!KH-zZ?6(0Iu4?7;d%#VI)875Bh*3uxj1W%z=DnKS}LuiDq_#v+pE% zJ5<2Y&lvUDwV1rs<{?HI@&)5&yT!~nntb*;O!C$mAxv<7xOCRw(C~^~+knp1a=E$< zm&3+lGh|~+@aJwW+tiCcO@^n^ZQWPwznYN8?mjGyc>MTIxa$Cy?HI;w_8T(2pj*r~ z!JQVvXt<8VC*p^UR&Ut0lYplfG9#(8u$Y!}OqfYe0TzY_qrAmz0%JSiFxAtd$sG@m z6tcTo$byC3^Cr0NVfZ}8jZ?rLKd|_0T9&c;ez8VAx}=7rv0Gkwj^=6oP1e z``5=s$)}09k`&XQXFQnu-uuaPu{fm9l#XQ^w4Y~c$DVCk|MB}`aa^B?jb+RE&odRc zb=9XQiKj_OKN=2|@@1nXaD4V9)n7j&sFUaIZM{p1@VL#}sFzI^+Wf6vjtnb|0SA46Z@qB>wuz zd+GEC?;DXZw1hz{GjiX9(}kZ6EoW)CmeMzGxtV5>L_*W-@*&}8jAe3Ge%*AOFiosO zzc2c(#_9cnass+%OeI|U(h}|wDeT~UU6p?G5@m;jXQ3WcRv6@w~cwtItR>rLBLB95} zm)nF7yH`up3?>{BscLPH@J{>lFSXNiF4pH?jI6z1#>*vAiA*86f9+btA=|oj_sMt( zgP)_m50Aj#gx@oF7P^}~udk~xZ`MX#HQC#qXeLGig~UY9xbqwH=L24x?R;EQ3!3>5 z@zpL2!nCPDa20zhqM$ZOWleaa%`|~gmGnFoQL^zE@xabH8u4e_KQjW=m<*Gk9xQ8k zAO|YX0d0rS$bX{Gi&4k$p`OyVS>4T*{ld+Q7X5K&!d=_sj#6j-iT-^=XBp}5+iB<5 zP5c~Lk=o$tU*Oi!`zB}b`F-l6%BUE1J(Y8w-HFSHvBE;cze0b;&*@J{edvs3O7gi9 z;(=5Gxo=9uel90w-9rB+aQ~JBI6w=^mO~~c51!qSqKV3uIf395dsAZ8CJ*jh0IiE% zl%P~6EegaFGt2k&LV%_gZ@kA3td+-E$KzOl%Xap}Vjxr7@ zzf2U5hKeLI?wJ~mxp*`nNnS2iQxDxfjmuRf>mb6w)WZRbLuKoexY`%>Ky_GD0A*dx z5TXg2galGI^79sHULp!E~NPfbfM+_P-y&kr9DHl-#s@ zWR}@0T_?Zgom)m`tet`XjZFT*<9m@o9T_>DF0wbH-jNZTNjPpVnzMfWdIFqF!vh2g zj#C6)dfxhoQSF##T}(YUNp&g-!dxXmn5!(uBa7F`;M6)PZ~$ybCu3KlnoC7hilyfi{nDrW{G790g^Sq>vO1vb1Xnsy)DA zL5W_>fM_x6W&A~#pFw-zVLfj&$|Y*m!w0km^f}ENt#;%5`G%Sx%_kDyV@(FLo8P}* zUt=_}+=>#V`EywBRaX~DJF{DsvC35J0t>T9l z?b(sDxAwd`gp>*zck&o?GPC1r)(7~i&ZQQDm+BM`G%(d`i!RuPam~O~Uk!_#b+hk3 z4~o2U72%cZB%fzeW7KF>ELA7^Sx=sce%7!pyC9NqfXlW{Ck#`redfF=F7<>r($Ed+ zF5DoKAfnmAi*|bu^eW(d3a~{0m>djQ3MDekqef8#`3aCaAoT)K6H70;0QPCMzm?lm zaTOy!c~Z{c6Px_#b+lR2tkKbhPgH+S;VP3HLBdr^XXep)-fsU*hqsq1I4<-0mlqbnO)IAXtb*I2RFH z!Y*bD2*!wSut$X_wv@m}Xd#z%DuXu>vtLZW=r6&eB@Yp3!KaXlqf9~3(C0DRFpG+1 zSh~6pwTx*B1a1}F4NOKc)uc~K6O28H5`~c6Hn?l|tVg$h^MN-`hw<^XsTa%Ny`r(h|cbJv|PGk>(cqG^jE@R;jcef`shcUD12({Ki?d??@A<5hl*GC z%^zC6@Y!Eze_;8B@X7tQib}3}%T4bg8QM_Drz84e^OTvgQ7+0$1*uZ1g6g9t^C*Zj z+A1~5HcKJF>0PR|xY#A~M9FzWG_l!^9%A~b0ffCWz6 zt6-M#hzlS#z%j(pD!_7VK!GeA-aJj^CMNFnj_2{oc;0*Wi!V0O3xynD$fB7qBR#<7 z^x~3Fg&dlRG!qY@e}55eq`f5;+N;q_ykjYuc&EfN@s37Ado8E-?-w=*8_??CpbaN} zgH}%rpFDYT{1J5PiQmvWe{%xeIx)N-(Np=%+6i`YajF2e* ziTeaSr3CdxSUlM_EK)zXZAtG86dHXPS&yTQhyMJCM8}-&Ks5W+g zx%-7bAD3FCkym#=_#smM2cmX=bGflg+tOB3-Co+>-``$((~e!=yhQIWSEpO!scB-_ zjTc~T0q$vtic(4HG2(ILB_2g~;&fC-3=jF<+Y01I#TL22ywsNcwPt z1u(3+EDtVQPQ%jxz*X!ES3rL!xol-MguNTGRS6iCpcn9AeUNnB7^osDqnrWnBq`YN<5j&yjAD}qAK zq$ndeLYy3gNEdVkr7(84F91Ybi-e(`JJ*Q*}?2uVJA ze3kI)U;hFvdF||vqDS6A`#*OJ;}ycO4hgY` zcYBRd&w{=Vv#FuWDk(0lD$#1RGG(}8R#kghrGrPzJHm!Dr-T!Kx|+W8muNSpW%Br{ z9Y^kXxFZ(QyE%RQz?Ky*XHk{MCY5gGrrYe58;jjfKNZ>R^#nRNZmYJ_>8!oyRJy`# z^lJv;VnT0N(c<1~!Z+ZvnQy=u)>9m0gL;)C1&f%--Ha0(kQg5|?bY7@1Wx{kVw z`YTlc$4f;sd*h(K-WZ z9>%42L^V zwXLUmV8NoLm#*KmdF$nS_g(o70=RP{zH#2*@RIGj4qS8nO;B=&;i;>3-+bGhcM)DT zUCSBLW?1~3wMZX{R(cycXRp|``>F%C-T6*N)1&e79}c&Qm5M7f6!`?wzdV@ zmpkj$3irP86SQ<~$`^zu*3u@wub+3NmMu%!&0mZ3_kDP=v#&VOjqX0-sjYRa*tCAN zqaoo5dNGIm?eckQ)GGZk^TiWCmbTKWd8Lomme#&E-19)Y;crUi-wf>!^bF4~omV=0 zQSSq7hL4rXj}2`P^e%#;@mG*~Uir6Eu_`aVS*pd4dBTJ5ezbI+YP@sx`b{ewwY8oT z!m1OVM8k#tu(g<~bWwAtCDZ}bN<8=G<}({&c(#w$&sEFIV1{>s<7;;1c06g@^qJN9 z-0C(UJgc{2!m}_s8Y;WuD!&E7)IclGigDMXJv$Q1=?Rh2Cvn><0yvRmh7|puKa4mbx3^# zszd@_1zN=rNmX9pk}W1!MJA~wL40?;e1fnxJ};VbCFJ8+#z`c7@JwQOj+=ZYg2YBr zo;QN?PQ2O&Eu6@AKE`Ocy{GKmr8DhSRlP&XfO=*s)-Z2-eR;5C^S))PhSzC&{lV^D zv?eyaso&}?Iuw$p7$K4#bs0+OZXjle(pd{@RI|GskPC}%6w*P zbd;aFcsoqIdHI~yun2T$^YoyhnFdx!l-U{0sNTv@G2m{?^O=M`6L|G+kUdG zxpT=2H!SU6w$opxzjaSIRM9bSUPpy+$F$uWTK?^c!w=nS+Owmfeh)o;R(&0Q&AQn( ziR2xLWbsnz@1&3GQrdy}jg=j%n}%XeIW4nFO|pj?Bqamu9TMxKeb=9gMqg7a%Sx^s zwa9}ZcZtR1s+f}!-Y80~8(4Yi3i`%t4>k6qpVtpAxP1Qn(~njxpf6eM^(>sYXF&!1 z=nFkHzLGsJNQB!Cc)lMBH!K~jM@uC11$aSTEDyoX4zNIYe;3my`l0|4N@ev1g8uU5 zC9ObQoI^e>BlAThq4U<;Ce(Hfnt!KhAl`0cOwp9TQ*-X3kxZW$6?)MLx+iqsvg_+B zmu>F2&PLuTb%v6>O6GePwS!P$a~|*pYl(~iB(8 z??<(40DrSYQ@9;}T(V`2F>KWGSBziv>Gz(xs$pn`uXOfi{2X7~Ea67MYWC1}Bj%e8 z1-|)GisJR;eUrhOB&2P^tHULAlMIoNt!`5IgoNcj86+LIh#3Zn!9F6QMBs@}&@z+Y ztV0rffy)~C(Luww+^j*I_SD|%PhEX=RewXw>o%%U(!fZ1=ZE|X6K7KC5tc^lyNq*^ za$3Ts|5ClRFRhbn)AEuh`+e=(=e8K#s(PbDNz;`(HLOH#=qf=H31dNW#D9&uD!s&D=2=>T zP(_&0*=hpekdrnenx+}m^G%Ggq)nngHIwm3O>&BTiLz5c%n`Ivv#5ojGp~t)U42dr zoCz1iL00ugGc6=zrJumI`3(R`CF%(wrL71j)}9|twTCh9K=yJ7@Mst5>Fj)Fwx~Ui z5(Q$`>nH@pWK!IyL~qilP?=do2b+4~g}ox(e4Pit98ELKw1icTCyjz{lDj>ive zOTKz%J8rrV*Hu+PoxZ{zj>p6H3UpJ2J(Ng<>=n$=qsVdm;Df4X{|Lpa`eX6&$B^rj8*lvdo7;Xq|EcwX8zseJ`NXds73EGxd4;|3NfqQ^=@~q% zE{fuUNl^(cLsFuI4lrWwy=qQ@0zuj<9no<{y+?Y6V(nT^r4i~sF}O7f-oh+B{id)j zfX2f-Gp0~k!(UKNy_`KI{L&(kd5maS;u~N7fOaw;${8$o+o9eBQKfr~8RMgy9v7|cP1AuExJNNI^=4VIzF zq$0u-pq3J)bKG1&4k{q$g6j~8ofna$&%!A{VL0TvY8~QlJBl2y@812o@cz*!gxA)~ zko=HRrP`xnKT+J()|bA`e|;n}k}8Q>A;Zep@bu`!7xjr6`V=gV%(7Oeg!@($^{T+>G6)~b4ex~6FsugW@ZlAhv)f6;k)0G2?A#;@CH*4AUTr>C+fUMP zG~@EhSgxOB;^?1&ul%v>wYXD;cY+__T0Cp|xlu)^b2ag5Gh|Dr0k^koH86fqJIG~r zq_PLC_&TvG1<1KMslSx4ccPCeCPHG!GcA*vcyJx{z;?tZLXmPHot4++;vPc3vRp=Tbezwk5E|ZnpTy|QjG+i%@nN$p;GNJVK_{0({R5}o=v|Kmdx5K2A z(M}hXmK3>N5~b3#16^xUN+e2?aN{@4N-1)>p|;fOa&tJ|&5I`Gh&@;MVh-84ane*{=Y zDFhE{$!Gz7PYEhyQXx=ZrnC8{r_KQDCukiU+_e$K&~J+T0c%WRlQRCI%ZmIr`D~Zj ze77yz*P3STeR${gl7PRc%b7;fB31S2ks`mpNb=I@Cip~uQ%CD|ZKH?|Ym&DuA`$(K zSazCET|%v+j#A*3YF-=%Wq&SFN5E$|n9qp?Aew{6gP0XJGY|#WgJsdos(jYf8p9&a zDk9?8p!KpQ*zqrmX7nW5oX0yni8yY=UD6Z-XvOI`+%-o{5O$~(IXS-YnKQ6{tQP9~oL-*k~Q@)xwRh*|q^H-3Gav(MqCk_FX;~sEbMDiIM+{8v0#Q4u|nS(8nf#fJ!2Wq_Yv0P83ho?j%KYF+)Dbm(pjePXB>9 zHV!wk5mI@K?BC)z2BiwpQ6*aa^4BES}eq8R`ZE@aQfY=)%ff@S*w~_JDGh& zG<@LcmY78AtiZpghA@$$@)V37r6dPS669#`T=4>ggdMm=2N*B7QO@M_!0!qhvfcoJ zn;6vxOJiRd3_%fl5&>;41l)#d5}~BX>v@SDGk5{OCbf5PPSeNqzRcdegL4}{rsSd(1Zl_+W-&sd)lj(P+L|g=-S9VfSs)uq5 zxh;MiOck@ZjL4$e_&j27I(dJZujbo7jr_fx=hF)|J};aWek+`QzRFmnQI#6J`{x!J zjg>{0JzOq1sZiRKLrSGmtx+yKY;YLxziCQ^U9nJsxl0wU8Nv+|iiOaCGiV7nvQ&$z zkPETTZ(NY(`S!m@K5fU}m%jhxP54VTZhW4eQ>kRbbN72yl`*5T{Nc+OJ9!3vEPh@| z;TZlD}A2W6HgelRY!Vq#<3Io*-oJJ)fYt7eL|pVG=Q(NtRbriPy(_43FJkRyl4HZ zhhBd5>~HpX&2X%X<2~RO`X6fJ)rXQjbZ@-;!}nNiroet}I=f@LM*fGp^Es^BavGF z_J}5r#ARo5_5}~-erlrOA=hNc+e(eq<^3aY^39vtINKL#UE7$SMWh|c+ZDB6ioAio z5}UT{C186Lcci_byl4F?NZ&B(NL?+wsje+z#roZ7?qZ6e?3rNlcZO5TiOX}9>l1T~ zIBN|oP=hZF#I^>8f4!rXc`>Q4?asuk4718M zv*JBw%z$~azs4Cq!~MAaUTpgRKXh2mlfN!3}Sr3B*PTJw1SzB z#e!uU>n64YwjQ=~?2|a8IHqtKafxvK;V$C7!jr&rkGF!4iLZz64!;-w4uKFsGrNSsGYwvvRUpWF2Mw&eq5FhrN)+N5H4U*Ti>~-wOY20h<~5;0~m4`OTL#Nv$N+TxWGq7sdg5|Yc3FQv>& z^-KMdb}Ri!MpnjzjBOcrGMO?1GMh42WS+~?%UY8ym%S?|CFfo4g*>jjJ^6J70tL4U zLkjN|6%?nHXp~GSb2wqNa1rM$O+^l3Lloa93MVyGZ+@j(45wx>j_3>5l1s)ML;S z)$^@)U*Dttr2Z2VL?-N;m^N|Vq>{;OlebObnzCSO$kc7qOr~{BdobN%`h*!mGqPqH z&73jIZq}Sx-)48rzBb2VPTibGbG7Cc%sn*EYTktTO!Ld;-&x?aVAaBqg)bJZSS+%5 z$r6pFKbD}T2EaDeGR(18;N%?|b)@;j_? zMC(Y+QN5#O$5@U{I`->$$_a@Rb52&B5<0cxw8iNIXZD;GIXml|+PS>*b{EcF{Bmi* zWv$Bxo>m---8zq&pm2-?D0h7$)cxu z&orLLJiql)=#|r}AFmg^v3qOuPU+pD_p3e_ec1D{?32N#S)cvB9Qh{l-RXPJ53?U< zes1~s=9kW|YrpmWc>LM$cgo)%|Em7`kp}_G@62ETc-muNWME+Yz$D2a!TwxW@n;T%(B=y3i=W!w!6+GD7-mh=?y4mCzsIj#lFoG3xYom~Zx~_(FDL z@^1O*3D!hT5p6`WQfR-2&?I+AzYe~ZP{DmnKf6FQzsf#ZOGilISpIU+?aWW zGHavvhIeMZUE!;-k1odJscM)j*xd9GCY ze`JvpO4Y>DaS;{nwTbT1Nmt|zXq=H{Ah*8kd#vHp2K*EI+pElwPi_&HN7xB=hFxG+*bR1vJz!7R3-*S6U|-k|_J;%DKsX2vhC|>`I1Cgx98}Oi zhZYEELkA2nVIg$Ef*#o5fD4Nf1Bq`EW$?g<074jpahQNfSPVzNk#H0o4adN-a2y;D zC%}nt5}XXDz^QN=oDOHenQ#`I4d=kQa2}iw7r=#Z5nK$Hz@=~*Tn<;jm2eeY4cEZ6 za2;F^H^7Z>6Wk29z^!l_+zxlZop2Z24fnvka39BUM05`;qaAVvAH^m{WU=?dPjCE{a z6Gw0qH^a?w3)~X7!mV)|oQvDyJe-f);R4(qcfcKSC)^o#!Ci4T+#UD8J#jDG8~4F| zaX;K255NQQAUqfk!9(#dRPbr1a@eaHb@4~zB9=sRt!~5|8 zd=MYPhw%}76d%LK@d!{_k@d=X#5m+=*R6<@>G@eO=?9eg)& zA-;$2;|KU5euN+6C-^CThM(gX_$7XYUuQ$x92%NC#C>&WsNYxOz8d$nxF3%DdfYeS zz8Uu;aX%XObECexAnNN;UtcgU-LX{PPxnIK)HA+NJ>AF&drVl4E7AsygOnerUV$4$ z^xR-F75c(UwN0y+3k=0ly^g@Z$g*tu0Xp4`Cwk79$S!uAo?_ZL**js7blUBVZ+2|e zO6pE09eAp5qztDga2I%M{Si_&bV!nz|*<@AQQUWrA=FNCW@}5PAa6V~9U7-e9PqaPZ8##7GE@(M=H`TV(PJs^7at+58eqqe9!k$pbpJFWX2KiVH-OM6S zcUmH=sj^Q7Y9~ei{gmc7-5fVP)$68R&$NS#uJ(kdrrM4j(08kqF$2{y^uz! z#|R2i9yeQoQJ`-fTd_ntC`F_B+MXyCDWIg%HKeqgpIQ+$@9X}3r(vWsP@JJ42j z!BJDj%$9JnuBiv1Co-csyT{>ivOSDITQ7LZJsG+GosjqLY{V z19^nJYlXhTz$o-gI~I!(h@_l#y0R}X3I&CP?0A$n?Y0w{`MM{B?Hf)|j?E%eEcX^zbL}I8`yC~Tu;*>0}OB7MIOuI|qj6#`pL*Jldl_`6KN3@~vXGtNZouSQL zW3t#WX$LLBLBtNcP1+(HP;fclixT3|Mg#rijfMrO5N#G8IM+XGCR#ZY+RPzEf*2(Y z2e_5=d_QTlC@BaH6g)en3Ck+#9M(1kHV_4at}#Zp6d7$kKj^~7K zies53jD)R>CRAdGq#g!zl`cg^btQgGH|48iqQLP{Gy-au5a)P=Ck!ogEMg4L?25pk z1v^GQBwq4pSwTK%mPiwLO`T{y)Vq1QM)HT!cVJ4AVV~V`oDQ94iUW$%Cen0=VzNLn z7lAx!E)pq8BS9u{B+6J(-VlY`e#&<|f*LhZo=Az3r(fA*QR!nXMSeR3m=58;MI}jd z=#GmqoLRHfhqkOJ#PI>)H4wzDIl{I_cdrs766X~xc0wUoXgT5qy627h6ya~i zn9o&MVqctQnCn{Ny&pOJ-v!#<#>E{F-2voN|{x0cCkx5i6Wd5dfVzE4% zaJlR<*$^sIO0_v!oK{(ien=Tf>1(rjg%QX8q2+;H(?j-4rVK?Rf-bhaB8k!v{FiKsFs&cKVCmWljQHf zl9z)l*AeB*$($u9=^2KRAQ2mVm(K`E>oO&jTBTZuO1`WJl=hU?T-hRkEI|rEm$jQo z5qimv<|aeGl{9THxzL?VdZCu=dgDng(D|7x@>4lGTk?>`z;F#!ql{E))zLXqvjNem z76!s!_J61NSmpk-Bgsultv1X}y);SHG}PjQ#DmlXU2}e-|MZyB;b3N41QvQ! z6Q$EjuTNg|#-ee@Q+t^DRp5pW>l|IqT$WS?|Y;rLqFAdHni*xI(HalgXq1gc*=UrFM%id|G^Gp=NehjoDmOK5hNIQCt?;11 zO_Q4uZrG?Y#0`I~uu+ALD#P5=xnYY6TU6Mh68ko9DDK&=%63(@tFm2{?W$~7WxFcd zRe7fx?^I)p8e7!Zq87V1KVEQtCGMpLo7Unj=hx%D5%;|KFt0JpyAJcN!@TRT{J^He zvFUcaah*4=^Rjg|sthis.$items.length-1||0>b?void 0:this.sliding?this.$element.one("slid.bs.carousel",function(){c.to(b)}):d==b?this.pause().cycle():this.slide(b>d?"next":"prev",a(this.$items[b]))},b.prototype.pause=function(b){return b||(this.paused=!0),this.$element.find(".next, .prev").length&&a.support.transition&&(this.$element.trigger(a.support.transition.end),this.cycle(!0)),this.interval=clearInterval(this.interval),this},b.prototype.next=function(){return this.sliding?void 0:this.slide("next")},b.prototype.prev=function(){return this.sliding?void 0:this.slide("prev")},b.prototype.slide=function(b,c){var d=this.$element.find(".item.active"),e=c||d[b](),f=this.interval,g="next"==b?"left":"right",h="next"==b?"first":"last",i=this;if(!e.length){if(!this.options.wrap)return;e=this.$element.find(".item")[h]()}if(e.hasClass("active"))return this.sliding=!1;var j=a.Event("slide.bs.carousel",{relatedTarget:e[0],direction:g});return this.$element.trigger(j),j.isDefaultPrevented()?void 0:(this.sliding=!0,f&&this.pause(),this.$indicators.length&&(this.$indicators.find(".active").removeClass("active"),this.$element.one("slid.bs.carousel",function(){var b=a(i.$indicators.children()[i.getActiveIndex()]);b&&b.addClass("active")})),a.support.transition&&this.$element.hasClass("slide")?(e.addClass(b),e[0].offsetWidth,d.addClass(g),e.addClass(g),d.one(a.support.transition.end,function(){e.removeClass([b,g].join(" ")).addClass("active"),d.removeClass(["active",g].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger("slid.bs.carousel")},0)}).emulateTransitionEnd(1e3*d.css("transition-duration").slice(0,-1))):(d.removeClass("active"),e.addClass("active"),this.sliding=!1,this.$element.trigger("slid.bs.carousel")),f&&this.cycle(),this)};var c=a.fn.carousel;a.fn.carousel=function(c){return this.each(function(){var d=a(this),e=d.data("bs.carousel"),f=a.extend({},b.DEFAULTS,d.data(),"object"==typeof c&&c),g="string"==typeof c?c:f.slide;e||d.data("bs.carousel",e=new b(this,f)),"number"==typeof c?e.to(c):g?e[g]():f.interval&&e.pause().cycle()})},a.fn.carousel.Constructor=b,a.fn.carousel.noConflict=function(){return a.fn.carousel=c,this},a(document).on("click.bs.carousel.data-api","[data-slide], [data-slide-to]",function(b){var c,d=a(this),e=a(d.attr("data-target")||(c=d.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,"")),f=a.extend({},e.data(),d.data()),g=d.attr("data-slide-to");g&&(f.interval=!1),e.carousel(f),(g=d.attr("data-slide-to"))&&e.data("bs.carousel").to(g),b.preventDefault()}),a(window).on("load",function(){a('[data-ride="carousel"]').each(function(){var b=a(this);b.carousel(b.data())})})}(jQuery),+function(a){"use strict";var b=function(c,d){this.$element=a(c),this.options=a.extend({},b.DEFAULTS,d),this.transitioning=null,this.options.parent&&(this.$parent=a(this.options.parent)),this.options.toggle&&this.toggle()};b.DEFAULTS={toggle:!0},b.prototype.dimension=function(){var a=this.$element.hasClass("width");return a?"width":"height"},b.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var b=a.Event("show.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.$parent&&this.$parent.find("> .panel > .in");if(c&&c.length){var d=c.data("bs.collapse");if(d&&d.transitioning)return;c.collapse("hide"),d||c.data("bs.collapse",null)}var e=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[e](0),this.transitioning=1;var f=function(){this.$element.removeClass("collapsing").addClass("collapse in")[e]("auto"),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!a.support.transition)return f.call(this);var g=a.camelCase(["scroll",e].join("-"));this.$element.one(a.support.transition.end,a.proxy(f,this)).emulateTransitionEnd(350)[e](this.$element[0][g])}}},b.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var b=a.Event("hide.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.dimension();this.$element[c](this.$element[c]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse").removeClass("in"),this.transitioning=1;var d=function(){this.transitioning=0,this.$element.trigger("hidden.bs.collapse").removeClass("collapsing").addClass("collapse")};return a.support.transition?void this.$element[c](0).one(a.support.transition.end,a.proxy(d,this)).emulateTransitionEnd(350):d.call(this)}}},b.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()};var c=a.fn.collapse;a.fn.collapse=function(c){return this.each(function(){var d=a(this),e=d.data("bs.collapse"),f=a.extend({},b.DEFAULTS,d.data(),"object"==typeof c&&c);!e&&f.toggle&&"show"==c&&(c=!c),e||d.data("bs.collapse",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.collapse.Constructor=b,a.fn.collapse.noConflict=function(){return a.fn.collapse=c,this},a(document).on("click.bs.collapse.data-api","[data-toggle=collapse]",function(b){var c,d=a(this),e=d.attr("data-target")||b.preventDefault()||(c=d.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,""),f=a(e),g=f.data("bs.collapse"),h=g?"toggle":d.data(),i=d.attr("data-parent"),j=i&&a(i);g&&g.transitioning||(j&&j.find('[data-toggle=collapse][data-parent="'+i+'"]').not(d).addClass("collapsed"),d[f.hasClass("in")?"addClass":"removeClass"]("collapsed")),f.collapse(h)})}(jQuery),+function(a){"use strict";function b(b){a(d).remove(),a(e).each(function(){var d=c(a(this)),e={relatedTarget:this};d.hasClass("open")&&(d.trigger(b=a.Event("hide.bs.dropdown",e)),b.isDefaultPrevented()||d.removeClass("open").trigger("hidden.bs.dropdown",e))})}function c(b){var c=b.attr("data-target");c||(c=b.attr("href"),c=c&&/#[A-Za-z]/.test(c)&&c.replace(/.*(?=#[^\s]*$)/,""));var d=c&&a(c);return d&&d.length?d:b.parent()}var d=".dropdown-backdrop",e="[data-toggle=dropdown]",f=function(b){a(b).on("click.bs.dropdown",this.toggle)};f.prototype.toggle=function(d){var e=a(this);if(!e.is(".disabled, :disabled")){var f=c(e),g=f.hasClass("open");if(b(),!g){"ontouchstart"in document.documentElement&&!f.closest(".navbar-nav").length&&a('
').insertAfter(a(this)).on("click",b);var h={relatedTarget:this};if(f.trigger(d=a.Event("show.bs.dropdown",h)),d.isDefaultPrevented())return;f.toggleClass("open").trigger("shown.bs.dropdown",h),e.focus()}return!1}},f.prototype.keydown=function(b){if(/(38|40|27)/.test(b.keyCode)){var d=a(this);if(b.preventDefault(),b.stopPropagation(),!d.is(".disabled, :disabled")){var f=c(d),g=f.hasClass("open");if(!g||g&&27==b.keyCode)return 27==b.which&&f.find(e).focus(),d.click();var h=" li:not(.divider):visible a",i=f.find("[role=menu]"+h+", [role=listbox]"+h);if(i.length){var j=i.index(i.filter(":focus"));38==b.keyCode&&j>0&&j--,40==b.keyCode&&j').appendTo(document.body),this.$element.on("click.dismiss.bs.modal",a.proxy(function(a){a.target===a.currentTarget&&("static"==this.options.backdrop?this.$element[0].focus.call(this.$element[0]):this.hide.call(this))},this)),d&&this.$backdrop[0].offsetWidth,this.$backdrop.addClass("in"),!b)return;d?this.$backdrop.one(a.support.transition.end,b).emulateTransitionEnd(150):b()}else!this.isShown&&this.$backdrop?(this.$backdrop.removeClass("in"),a.support.transition&&this.$element.hasClass("fade")?this.$backdrop.one(a.support.transition.end,b).emulateTransitionEnd(150):b()):b&&b()};var c=a.fn.modal;a.fn.modal=function(c,d){return this.each(function(){var e=a(this),f=e.data("bs.modal"),g=a.extend({},b.DEFAULTS,e.data(),"object"==typeof c&&c);f||e.data("bs.modal",f=new b(this,g)),"string"==typeof c?f[c](d):g.show&&f.show(d)})},a.fn.modal.Constructor=b,a.fn.modal.noConflict=function(){return a.fn.modal=c,this},a(document).on("click.bs.modal.data-api",'[data-toggle="modal"]',function(b){var c=a(this),d=c.attr("href"),e=a(c.attr("data-target")||d&&d.replace(/.*(?=#[^\s]+$)/,"")),f=e.data("bs.modal")?"toggle":a.extend({remote:!/#/.test(d)&&d},e.data(),c.data());c.is("a")&&b.preventDefault(),e.modal(f,this).one("hide",function(){c.is(":visible")&&c.focus()})}),a(document).on("show.bs.modal",".modal",function(){a(document.body).addClass("modal-open")}).on("hidden.bs.modal",".modal",function(){a(document.body).removeClass("modal-open")})}(jQuery),+function(a){"use strict";var b=function(a,b){this.type=this.options=this.enabled=this.timeout=this.hoverState=this.$element=null,this.init("tooltip",a,b)};b.DEFAULTS={animation:!0,placement:"top",selector:!1,template:'
',trigger:"hover focus",title:"",delay:0,html:!1,container:!1},b.prototype.init=function(b,c,d){this.enabled=!0,this.type=b,this.$element=a(c),this.options=this.getOptions(d);for(var e=this.options.trigger.split(" "),f=e.length;f--;){var g=e[f];if("click"==g)this.$element.on("click."+this.type,this.options.selector,a.proxy(this.toggle,this));else if("manual"!=g){var h="hover"==g?"mouseenter":"focusin",i="hover"==g?"mouseleave":"focusout";this.$element.on(h+"."+this.type,this.options.selector,a.proxy(this.enter,this)),this.$element.on(i+"."+this.type,this.options.selector,a.proxy(this.leave,this))}}this.options.selector?this._options=a.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},b.prototype.getDefaults=function(){return b.DEFAULTS},b.prototype.getOptions=function(b){return b=a.extend({},this.getDefaults(),this.$element.data(),b),b.delay&&"number"==typeof b.delay&&(b.delay={show:b.delay,hide:b.delay}),b},b.prototype.getDelegateOptions=function(){var b={},c=this.getDefaults();return this._options&&a.each(this._options,function(a,d){c[a]!=d&&(b[a]=d)}),b},b.prototype.enter=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget)[this.type](this.getDelegateOptions()).data("bs."+this.type);return clearTimeout(c.timeout),c.hoverState="in",c.options.delay&&c.options.delay.show?void(c.timeout=setTimeout(function(){"in"==c.hoverState&&c.show()},c.options.delay.show)):c.show()},b.prototype.leave=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget)[this.type](this.getDelegateOptions()).data("bs."+this.type);return clearTimeout(c.timeout),c.hoverState="out",c.options.delay&&c.options.delay.hide?void(c.timeout=setTimeout(function(){"out"==c.hoverState&&c.hide()},c.options.delay.hide)):c.hide()},b.prototype.show=function(){var b=a.Event("show.bs."+this.type);if(this.hasContent()&&this.enabled){if(this.$element.trigger(b),b.isDefaultPrevented())return;var c=this,d=this.tip();this.setContent(),this.options.animation&&d.addClass("fade");var e="function"==typeof this.options.placement?this.options.placement.call(this,d[0],this.$element[0]):this.options.placement,f=/\s?auto?\s?/i,g=f.test(e);g&&(e=e.replace(f,"")||"top"),d.detach().css({top:0,left:0,display:"block"}).addClass(e),this.options.container?d.appendTo(this.options.container):d.insertAfter(this.$element);var h=this.getPosition(),i=d[0].offsetWidth,j=d[0].offsetHeight;if(g){var k=this.$element.parent(),l=e,m=document.documentElement.scrollTop||document.body.scrollTop,n="body"==this.options.container?window.innerWidth:k.outerWidth(),o="body"==this.options.container?window.innerHeight:k.outerHeight(),p="body"==this.options.container?0:k.offset().left;e="bottom"==e&&h.top+h.height+j-m>o?"top":"top"==e&&h.top-m-j<0?"bottom":"right"==e&&h.right+i>n?"left":"left"==e&&h.left-i

'}),b.prototype=a.extend({},a.fn.tooltip.Constructor.prototype),b.prototype.constructor=b,b.prototype.getDefaults=function(){return b.DEFAULTS},b.prototype.setContent=function(){var a=this.tip(),b=this.getTitle(),c=this.getContent();a.find(".popover-title")[this.options.html?"html":"text"](b),a.find(".popover-content")[this.options.html?"string"==typeof c?"html":"append":"text"](c),a.removeClass("fade top bottom left right in"),a.find(".popover-title").html()||a.find(".popover-title").hide()},b.prototype.hasContent=function(){return this.getTitle()||this.getContent()},b.prototype.getContent=function(){var a=this.$element,b=this.options;return a.attr("data-content")||("function"==typeof b.content?b.content.call(a[0]):b.content)},b.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".arrow")},b.prototype.tip=function(){return this.$tip||(this.$tip=a(this.options.template)),this.$tip};var c=a.fn.popover;a.fn.popover=function(c){return this.each(function(){var d=a(this),e=d.data("bs.popover"),f="object"==typeof c&&c;(e||"destroy"!=c)&&(e||d.data("bs.popover",e=new b(this,f)),"string"==typeof c&&e[c]())})},a.fn.popover.Constructor=b,a.fn.popover.noConflict=function(){return a.fn.popover=c,this}}(jQuery),+function(a){"use strict";function b(c,d){var e,f=a.proxy(this.process,this);this.$element=a(a(c).is("body")?window:c),this.$body=a("body"),this.$scrollElement=this.$element.on("scroll.bs.scroll-spy.data-api",f),this.options=a.extend({},b.DEFAULTS,d),this.selector=(this.options.target||(e=a(c).attr("href"))&&e.replace(/.*(?=#[^\s]+$)/,"")||"")+" .nav li > a",this.offsets=a([]),this.targets=a([]),this.activeTarget=null,this.refresh(),this.process()}b.DEFAULTS={offset:10},b.prototype.refresh=function(){var b=this.$element[0]==window?"offset":"position";this.offsets=a([]),this.targets=a([]);{var c=this;this.$body.find(this.selector).map(function(){var d=a(this),e=d.data("target")||d.attr("href"),f=/^#./.test(e)&&a(e);return f&&f.length&&f.is(":visible")&&[[f[b]().top+(!a.isWindow(c.$scrollElement.get(0))&&c.$scrollElement.scrollTop()),e]]||null}).sort(function(a,b){return a[0]-b[0]}).each(function(){c.offsets.push(this[0]),c.targets.push(this[1])})}},b.prototype.process=function(){var a,b=this.$scrollElement.scrollTop()+this.options.offset,c=this.$scrollElement[0].scrollHeight||this.$body[0].scrollHeight,d=c-this.$scrollElement.height(),e=this.offsets,f=this.targets,g=this.activeTarget;if(b>=d)return g!=(a=f.last()[0])&&this.activate(a);if(g&&b<=e[0])return g!=(a=f[0])&&this.activate(a);for(a=e.length;a--;)g!=f[a]&&b>=e[a]&&(!e[a+1]||b<=e[a+1])&&this.activate(f[a])},b.prototype.activate=function(b){this.activeTarget=b,a(this.selector).parentsUntil(this.options.target,".active").removeClass("active");var c=this.selector+'[data-target="'+b+'"],'+this.selector+'[href="'+b+'"]',d=a(c).parents("li").addClass("active");d.parent(".dropdown-menu").length&&(d=d.closest("li.dropdown").addClass("active")),d.trigger("activate.bs.scrollspy")};var c=a.fn.scrollspy;a.fn.scrollspy=function(c){return this.each(function(){var d=a(this),e=d.data("bs.scrollspy"),f="object"==typeof c&&c;e||d.data("bs.scrollspy",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.scrollspy.Constructor=b,a.fn.scrollspy.noConflict=function(){return a.fn.scrollspy=c,this},a(window).on("load",function(){a('[data-spy="scroll"]').each(function(){var b=a(this);b.scrollspy(b.data())})})}(jQuery),+function(a){"use strict";var b=function(b){this.element=a(b)};b.prototype.show=function(){var b=this.element,c=b.closest("ul:not(.dropdown-menu)"),d=b.data("target");if(d||(d=b.attr("href"),d=d&&d.replace(/.*(?=#[^\s]*$)/,"")),!b.parent("li").hasClass("active")){var e=c.find(".active:last a")[0],f=a.Event("show.bs.tab",{relatedTarget:e});if(b.trigger(f),!f.isDefaultPrevented()){var g=a(d);this.activate(b.parent("li"),c),this.activate(g,g.parent(),function(){b.trigger({type:"shown.bs.tab",relatedTarget:e})})}}},b.prototype.activate=function(b,c,d){function e(){f.removeClass("active").find("> .dropdown-menu > .active").removeClass("active"),b.addClass("active"),g?(b[0].offsetWidth,b.addClass("in")):b.removeClass("fade"),b.parent(".dropdown-menu")&&b.closest("li.dropdown").addClass("active"),d&&d()}var f=c.find("> .active"),g=d&&a.support.transition&&f.hasClass("fade");g?f.one(a.support.transition.end,e).emulateTransitionEnd(150):e(),f.removeClass("in")};var c=a.fn.tab;a.fn.tab=function(c){return this.each(function(){var d=a(this),e=d.data("bs.tab");e||d.data("bs.tab",e=new b(this)),"string"==typeof c&&e[c]()})},a.fn.tab.Constructor=b,a.fn.tab.noConflict=function(){return a.fn.tab=c,this},a(document).on("click.bs.tab.data-api",'[data-toggle="tab"], [data-toggle="pill"]',function(b){b.preventDefault(),a(this).tab("show")})}(jQuery),+function(a){"use strict";var b=function(c,d){this.options=a.extend({},b.DEFAULTS,d),this.$window=a(window).on("scroll.bs.affix.data-api",a.proxy(this.checkPosition,this)).on("click.bs.affix.data-api",a.proxy(this.checkPositionWithEventLoop,this)),this.$element=a(c),this.affixed=this.unpin=this.pinnedOffset=null,this.checkPosition()};b.RESET="affix affix-top affix-bottom",b.DEFAULTS={offset:0},b.prototype.getPinnedOffset=function(){if(this.pinnedOffset)return this.pinnedOffset;this.$element.removeClass(b.RESET).addClass("affix");var a=this.$window.scrollTop(),c=this.$element.offset();return this.pinnedOffset=c.top-a},b.prototype.checkPositionWithEventLoop=function(){setTimeout(a.proxy(this.checkPosition,this),1)},b.prototype.checkPosition=function(){if(this.$element.is(":visible")){var c=a(document).height(),d=this.$window.scrollTop(),e=this.$element.offset(),f=this.options.offset,g=f.top,h=f.bottom;"top"==this.affixed&&(e.top+=d),"object"!=typeof f&&(h=g=f),"function"==typeof g&&(g=f.top(this.$element)),"function"==typeof h&&(h=f.bottom(this.$element));var i=null!=this.unpin&&d+this.unpin<=e.top?!1:null!=h&&e.top+this.$element.height()>=c-h?"bottom":null!=g&&g>=d?"top":!1;if(this.affixed!==i){this.unpin&&this.$element.css("top","");var j="affix"+(i?"-"+i:""),k=a.Event(j+".bs.affix");this.$element.trigger(k),k.isDefaultPrevented()||(this.affixed=i,this.unpin="bottom"==i?this.getPinnedOffset():null,this.$element.removeClass(b.RESET).addClass(j).trigger(a.Event(j.replace("affix","affixed"))),"bottom"==i&&this.$element.offset({top:c-h-this.$element.height()}))}}};var c=a.fn.affix;a.fn.affix=function(c){return this.each(function(){var d=a(this),e=d.data("bs.affix"),f="object"==typeof c&&c;e||d.data("bs.affix",e=new b(this,f)),"string"==typeof c&&e[c]()})},a.fn.affix.Constructor=b,a.fn.affix.noConflict=function(){return a.fn.affix=c,this},a(window).on("load",function(){a('[data-spy="affix"]').each(function(){var b=a(this),c=b.data();c.offset=c.offset||{},c.offsetBottom&&(c.offset.bottom=c.offsetBottom),c.offsetTop&&(c.offset.top=c.offsetTop),b.affix(c)})})}(jQuery); \ No newline at end of file diff --git a/public/js/jquery.min.js b/public/js/jquery.min.js new file mode 100644 index 0000000..e5ace11 --- /dev/null +++ b/public/js/jquery.min.js @@ -0,0 +1,4 @@ +/*! jQuery v2.1.1 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */ +!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.1",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(d.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]:[])},end:function(){return this.prevObject||this.constructor(null)},push:f,sort:c.sort,splice:c.splice},n.extend=n.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||n.isFunction(g)||(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(a=arguments[h]))for(b in a)c=g[b],d=a[b],g!==d&&(j&&d&&(n.isPlainObject(d)||(e=n.isArray(d)))?(e?(e=!1,f=c&&n.isArray(c)?c:[]):f=c&&n.isPlainObject(c)?c:{},g[b]=n.extend(j,f,d)):void 0!==d&&(g[b]=d));return g},n.extend({expando:"jQuery"+(m+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===n.type(a)},isArray:Array.isArray,isWindow:function(a){return null!=a&&a===a.window},isNumeric:function(a){return!n.isArray(a)&&a-parseFloat(a)>=0},isPlainObject:function(a){return"object"!==n.type(a)||a.nodeType||n.isWindow(a)?!1:a.constructor&&!j.call(a.constructor.prototype,"isPrototypeOf")?!1:!0},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?h[i.call(a)]||"object":typeof a},globalEval:function(a){var b,c=eval;a=n.trim(a),a&&(1===a.indexOf("use strict")?(b=l.createElement("script"),b.text=a,l.head.appendChild(b).parentNode.removeChild(b)):c(a))},camelCase:function(a){return a.replace(p,"ms-").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b,c){var d,e=0,f=a.length,g=s(a);if(c){if(g){for(;f>e;e++)if(d=b.apply(a[e],c),d===!1)break}else for(e in a)if(d=b.apply(a[e],c),d===!1)break}else if(g){for(;f>e;e++)if(d=b.call(a[e],e,a[e]),d===!1)break}else for(e in a)if(d=b.call(a[e],e,a[e]),d===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(o,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(s(Object(a))?n.merge(c,"string"==typeof a?[a]:a):f.call(c,a)),c},inArray:function(a,b,c){return null==b?-1:g.call(b,a,c)},merge:function(a,b){for(var c=+b.length,d=0,e=a.length;c>d;d++)a[e++]=b[d];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;g>f;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,f=0,g=a.length,h=s(a),i=[];if(h)for(;g>f;f++)d=b(a[f],f,c),null!=d&&i.push(d);else for(f in a)d=b(a[f],f,c),null!=d&&i.push(d);return e.apply([],i)},guid:1,proxy:function(a,b){var c,e,f;return"string"==typeof b&&(c=a[b],b=a,a=c),n.isFunction(a)?(e=d.call(arguments,2),f=function(){return a.apply(b||this,e.concat(d.call(arguments)))},f.guid=a.guid=a.guid||n.guid++,f):void 0},now:Date.now,support:k}),n.each("Boolean Number String Function Array Date RegExp Object Error".split(" "),function(a,b){h["[object "+b+"]"]=b.toLowerCase()});function s(a){var b=a.length,c=n.type(a);return"function"===c||n.isWindow(a)?!1:1===a.nodeType&&b?!0:"array"===c||0===b||"number"==typeof b&&b>0&&b-1 in a}var t=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+-new Date,v=a.document,w=0,x=0,y=gb(),z=gb(),A=gb(),B=function(a,b){return a===b&&(l=!0),0},C="undefined",D=1<<31,E={}.hasOwnProperty,F=[],G=F.pop,H=F.push,I=F.push,J=F.slice,K=F.indexOf||function(a){for(var b=0,c=this.length;c>b;b++)if(this[b]===a)return b;return-1},L="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",M="[\\x20\\t\\r\\n\\f]",N="(?:\\\\.|[\\w-]|[^\\x00-\\xa0])+",O=N.replace("w","w#"),P="\\["+M+"*("+N+")(?:"+M+"*([*^$|!~]?=)"+M+"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|("+O+"))|)"+M+"*\\]",Q=":("+N+")(?:\\((('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|((?:\\\\.|[^\\\\()[\\]]|"+P+")*)|.*)\\)|)",R=new RegExp("^"+M+"+|((?:^|[^\\\\])(?:\\\\.)*)"+M+"+$","g"),S=new RegExp("^"+M+"*,"+M+"*"),T=new RegExp("^"+M+"*([>+~]|"+M+")"+M+"*"),U=new RegExp("="+M+"*([^\\]'\"]*?)"+M+"*\\]","g"),V=new RegExp(Q),W=new RegExp("^"+O+"$"),X={ID:new RegExp("^#("+N+")"),CLASS:new RegExp("^\\.("+N+")"),TAG:new RegExp("^("+N.replace("w","w*")+")"),ATTR:new RegExp("^"+P),PSEUDO:new RegExp("^"+Q),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+M+"*(even|odd|(([+-]|)(\\d*)n|)"+M+"*(?:([+-]|)"+M+"*(\\d+)|))"+M+"*\\)|)","i"),bool:new RegExp("^(?:"+L+")$","i"),needsContext:new RegExp("^"+M+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+M+"*((?:-\\d)?\\d*)"+M+"*\\)|)(?=[^-]|$)","i")},Y=/^(?:input|select|textarea|button)$/i,Z=/^h\d$/i,$=/^[^{]+\{\s*\[native \w/,_=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,ab=/[+~]/,bb=/'|\\/g,cb=new RegExp("\\\\([\\da-f]{1,6}"+M+"?|("+M+")|.)","ig"),db=function(a,b,c){var d="0x"+b-65536;return d!==d||c?b:0>d?String.fromCharCode(d+65536):String.fromCharCode(d>>10|55296,1023&d|56320)};try{I.apply(F=J.call(v.childNodes),v.childNodes),F[v.childNodes.length].nodeType}catch(eb){I={apply:F.length?function(a,b){H.apply(a,J.call(b))}:function(a,b){var c=a.length,d=0;while(a[c++]=b[d++]);a.length=c-1}}}function fb(a,b,d,e){var f,h,j,k,l,o,r,s,w,x;if((b?b.ownerDocument||b:v)!==n&&m(b),b=b||n,d=d||[],!a||"string"!=typeof a)return d;if(1!==(k=b.nodeType)&&9!==k)return[];if(p&&!e){if(f=_.exec(a))if(j=f[1]){if(9===k){if(h=b.getElementById(j),!h||!h.parentNode)return d;if(h.id===j)return d.push(h),d}else if(b.ownerDocument&&(h=b.ownerDocument.getElementById(j))&&t(b,h)&&h.id===j)return d.push(h),d}else{if(f[2])return I.apply(d,b.getElementsByTagName(a)),d;if((j=f[3])&&c.getElementsByClassName&&b.getElementsByClassName)return I.apply(d,b.getElementsByClassName(j)),d}if(c.qsa&&(!q||!q.test(a))){if(s=r=u,w=b,x=9===k&&a,1===k&&"object"!==b.nodeName.toLowerCase()){o=g(a),(r=b.getAttribute("id"))?s=r.replace(bb,"\\$&"):b.setAttribute("id",s),s="[id='"+s+"'] ",l=o.length;while(l--)o[l]=s+qb(o[l]);w=ab.test(a)&&ob(b.parentNode)||b,x=o.join(",")}if(x)try{return I.apply(d,w.querySelectorAll(x)),d}catch(y){}finally{r||b.removeAttribute("id")}}}return i(a.replace(R,"$1"),b,d,e)}function gb(){var a=[];function b(c,e){return a.push(c+" ")>d.cacheLength&&delete b[a.shift()],b[c+" "]=e}return b}function hb(a){return a[u]=!0,a}function ib(a){var b=n.createElement("div");try{return!!a(b)}catch(c){return!1}finally{b.parentNode&&b.parentNode.removeChild(b),b=null}}function jb(a,b){var c=a.split("|"),e=a.length;while(e--)d.attrHandle[c[e]]=b}function kb(a,b){var c=b&&a,d=c&&1===a.nodeType&&1===b.nodeType&&(~b.sourceIndex||D)-(~a.sourceIndex||D);if(d)return d;if(c)while(c=c.nextSibling)if(c===b)return-1;return a?1:-1}function lb(a){return function(b){var c=b.nodeName.toLowerCase();return"input"===c&&b.type===a}}function mb(a){return function(b){var c=b.nodeName.toLowerCase();return("input"===c||"button"===c)&&b.type===a}}function nb(a){return hb(function(b){return b=+b,hb(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e]=c[e]))})})}function ob(a){return a&&typeof a.getElementsByTagName!==C&&a}c=fb.support={},f=fb.isXML=function(a){var b=a&&(a.ownerDocument||a).documentElement;return b?"HTML"!==b.nodeName:!1},m=fb.setDocument=function(a){var b,e=a?a.ownerDocument||a:v,g=e.defaultView;return e!==n&&9===e.nodeType&&e.documentElement?(n=e,o=e.documentElement,p=!f(e),g&&g!==g.top&&(g.addEventListener?g.addEventListener("unload",function(){m()},!1):g.attachEvent&&g.attachEvent("onunload",function(){m()})),c.attributes=ib(function(a){return a.className="i",!a.getAttribute("className")}),c.getElementsByTagName=ib(function(a){return a.appendChild(e.createComment("")),!a.getElementsByTagName("*").length}),c.getElementsByClassName=$.test(e.getElementsByClassName)&&ib(function(a){return a.innerHTML="
",a.firstChild.className="i",2===a.getElementsByClassName("i").length}),c.getById=ib(function(a){return o.appendChild(a).id=u,!e.getElementsByName||!e.getElementsByName(u).length}),c.getById?(d.find.ID=function(a,b){if(typeof b.getElementById!==C&&p){var c=b.getElementById(a);return c&&c.parentNode?[c]:[]}},d.filter.ID=function(a){var b=a.replace(cb,db);return function(a){return a.getAttribute("id")===b}}):(delete d.find.ID,d.filter.ID=function(a){var b=a.replace(cb,db);return function(a){var c=typeof a.getAttributeNode!==C&&a.getAttributeNode("id");return c&&c.value===b}}),d.find.TAG=c.getElementsByTagName?function(a,b){return typeof b.getElementsByTagName!==C?b.getElementsByTagName(a):void 0}:function(a,b){var c,d=[],e=0,f=b.getElementsByTagName(a);if("*"===a){while(c=f[e++])1===c.nodeType&&d.push(c);return d}return f},d.find.CLASS=c.getElementsByClassName&&function(a,b){return typeof b.getElementsByClassName!==C&&p?b.getElementsByClassName(a):void 0},r=[],q=[],(c.qsa=$.test(e.querySelectorAll))&&(ib(function(a){a.innerHTML="",a.querySelectorAll("[msallowclip^='']").length&&q.push("[*^$]="+M+"*(?:''|\"\")"),a.querySelectorAll("[selected]").length||q.push("\\["+M+"*(?:value|"+L+")"),a.querySelectorAll(":checked").length||q.push(":checked")}),ib(function(a){var b=e.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+M+"*[*^$|!~]?="),a.querySelectorAll(":enabled").length||q.push(":enabled",":disabled"),a.querySelectorAll("*,:x"),q.push(",.*:")})),(c.matchesSelector=$.test(s=o.matches||o.webkitMatchesSelector||o.mozMatchesSelector||o.oMatchesSelector||o.msMatchesSelector))&&ib(function(a){c.disconnectedMatch=s.call(a,"div"),s.call(a,"[s!='']:x"),r.push("!=",Q)}),q=q.length&&new RegExp(q.join("|")),r=r.length&&new RegExp(r.join("|")),b=$.test(o.compareDocumentPosition),t=b||$.test(o.contains)?function(a,b){var c=9===a.nodeType?a.documentElement:a,d=b&&b.parentNode;return a===d||!(!d||1!==d.nodeType||!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!0,0;var d=!a.compareDocumentPosition-!b.compareDocumentPosition;return d?d:(d=(a.ownerDocument||a)===(b.ownerDocument||b)?a.compareDocumentPosition(b):1,1&d||!c.sortDetached&&b.compareDocumentPosition(a)===d?a===e||a.ownerDocument===v&&t(v,a)?-1:b===e||b.ownerDocument===v&&t(v,b)?1:k?K.call(k,a)-K.call(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,f=a.parentNode,g=b.parentNode,h=[a],i=[b];if(!f||!g)return a===e?-1:b===e?1:f?-1:g?1:k?K.call(k,a)-K.call(k,b):0;if(f===g)return kb(a,b);c=a;while(c=c.parentNode)h.unshift(c);c=b;while(c=c.parentNode)i.unshift(c);while(h[d]===i[d])d++;return d?kb(h[d],i[d]):h[d]===v?-1:i[d]===v?1:0},e):n},fb.matches=function(a,b){return fb(a,null,null,b)},fb.matchesSelector=function(a,b){if((a.ownerDocument||a)!==n&&m(a),b=b.replace(U,"='$1']"),!(!c.matchesSelector||!p||r&&r.test(b)||q&&q.test(b)))try{var d=s.call(a,b);if(d||c.disconnectedMatch||a.document&&11!==a.document.nodeType)return d}catch(e){}return fb(b,n,null,[a]).length>0},fb.contains=function(a,b){return(a.ownerDocument||a)!==n&&m(a),t(a,b)},fb.attr=function(a,b){(a.ownerDocument||a)!==n&&m(a);var e=d.attrHandle[b.toLowerCase()],f=e&&E.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes||!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},fb.error=function(a){throw new Error("Syntax error, unrecognized expression: "+a)},fb.uniqueSort=function(a){var b,d=[],e=0,f=0;if(l=!c.detectDuplicates,k=!c.sortStable&&a.slice(0),a.sort(B),l){while(b=a[f++])b===a[f]&&(e=d.push(f));while(e--)a.splice(d[e],1)}return k=null,a},e=fb.getText=function(a){var b,c="",d=0,f=a.nodeType;if(f){if(1===f||9===f||11===f){if("string"==typeof a.textContent)return a.textContent;for(a=a.firstChild;a;a=a.nextSibling)c+=e(a)}else if(3===f||4===f)return a.nodeValue}else while(b=a[d++])c+=e(b);return c},d=fb.selectors={cacheLength:50,createPseudo:hb,match:X,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(a){return a[1]=a[1].replace(cb,db),a[3]=(a[3]||a[4]||a[5]||"").replace(cb,db),"~="===a[2]&&(a[3]=" "+a[3]+" "),a.slice(0,4)},CHILD:function(a){return a[1]=a[1].toLowerCase(),"nth"===a[1].slice(0,3)?(a[3]||fb.error(a[0]),a[4]=+(a[4]?a[5]+(a[6]||1):2*("even"===a[3]||"odd"===a[3])),a[5]=+(a[7]+a[8]||"odd"===a[3])):a[3]&&fb.error(a[0]),a},PSEUDO:function(a){var b,c=!a[6]&&a[2];return X.CHILD.test(a[0])?null:(a[3]?a[2]=a[4]||a[5]||"":c&&V.test(c)&&(b=g(c,!0))&&(b=c.indexOf(")",c.length-b)-c.length)&&(a[0]=a[0].slice(0,b),a[2]=c.slice(0,b)),a.slice(0,3))}},filter:{TAG:function(a){var b=a.replace(cb,db).toLowerCase();return"*"===a?function(){return!0}:function(a){return a.nodeName&&a.nodeName.toLowerCase()===b}},CLASS:function(a){var b=y[a+" "];return b||(b=new RegExp("(^|"+M+")"+a+"("+M+"|$)"))&&y(a,function(a){return b.test("string"==typeof a.className&&a.className||typeof a.getAttribute!==C&&a.getAttribute("class")||"")})},ATTR:function(a,b,c){return function(d){var e=fb.attr(d,a);return null==e?"!="===b:b?(e+="","="===b?e===c:"!="===b?e!==c:"^="===b?c&&0===e.indexOf(c):"*="===b?c&&e.indexOf(c)>-1:"$="===b?c&&e.slice(-c.length)===c:"~="===b?(" "+e+" ").indexOf(c)>-1:"|="===b?e===c||e.slice(0,c.length+1)===c+"-":!1):!0}},CHILD:function(a,b,c,d,e){var f="nth"!==a.slice(0,3),g="last"!==a.slice(-4),h="of-type"===b;return 1===d&&0===e?function(a){return!!a.parentNode}:function(b,c,i){var j,k,l,m,n,o,p=f!==g?"nextSibling":"previousSibling",q=b.parentNode,r=h&&b.nodeName.toLowerCase(),s=!i&&!h;if(q){if(f){while(p){l=b;while(l=l[p])if(h?l.nodeName.toLowerCase()===r:1===l.nodeType)return!1;o=p="only"===a&&!o&&"nextSibling"}return!0}if(o=[g?q.firstChild:q.lastChild],g&&s){k=q[u]||(q[u]={}),j=k[a]||[],n=j[0]===w&&j[1],m=j[0]===w&&j[2],l=n&&q.childNodes[n];while(l=++n&&l&&l[p]||(m=n=0)||o.pop())if(1===l.nodeType&&++m&&l===b){k[a]=[w,n,m];break}}else if(s&&(j=(b[u]||(b[u]={}))[a])&&j[0]===w)m=j[1];else while(l=++n&&l&&l[p]||(m=n=0)||o.pop())if((h?l.nodeName.toLowerCase()===r:1===l.nodeType)&&++m&&(s&&((l[u]||(l[u]={}))[a]=[w,m]),l===b))break;return m-=e,m===d||m%d===0&&m/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]||d.setFilters[a.toLowerCase()]||fb.error("unsupported pseudo: "+a);return e[u]?e(b):e.length>1?(c=[a,a,"",b],d.setFilters.hasOwnProperty(a.toLowerCase())?hb(function(a,c){var d,f=e(a,b),g=f.length;while(g--)d=K.call(a,f[g]),a[d]=!(c[d]=f[g])}):function(a){return e(a,0,c)}):e}},pseudos:{not:hb(function(a){var b=[],c=[],d=h(a.replace(R,"$1"));return d[u]?hb(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),!c.pop()}}),has:hb(function(a){return function(b){return fb(a,b).length>0}}),contains:hb(function(a){return function(b){return(b.textContent||b.innerText||e(b)).indexOf(a)>-1}}),lang:hb(function(a){return W.test(a||"")||fb.error("unsupported lang: "+a),a=a.replace(cb,db).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")||b.getAttribute("lang"))return c=c.toLowerCase(),c===a||0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType);return!1}}),target:function(b){var c=a.location&&a.location.hash;return c&&c.slice(1)===b.id},root:function(a){return a===o},focus:function(a){return a===n.activeElement&&(!n.hasFocus||n.hasFocus())&&!!(a.type||a.href||~a.tabIndex)},enabled:function(a){return a.disabled===!1},disabled:function(a){return a.disabled===!0},checked:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&!!a.checked||"option"===b&&!!a.selected},selected:function(a){return a.parentNode&&a.parentNode.selectedIndex,a.selected===!0},empty:function(a){for(a=a.firstChild;a;a=a.nextSibling)if(a.nodeType<6)return!1;return!0},parent:function(a){return!d.pseudos.empty(a)},header:function(a){return Z.test(a.nodeName)},input:function(a){return Y.test(a.nodeName)},button:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&"button"===a.type||"button"===b},text:function(a){var b;return"input"===a.nodeName.toLowerCase()&&"text"===a.type&&(null==(b=a.getAttribute("type"))||"text"===b.toLowerCase())},first:nb(function(){return[0]}),last:nb(function(a,b){return[b-1]}),eq:nb(function(a,b,c){return[0>c?c+b:c]}),even:nb(function(a,b){for(var c=0;b>c;c+=2)a.push(c);return a}),odd:nb(function(a,b){for(var c=1;b>c;c+=2)a.push(c);return a}),lt:nb(function(a,b,c){for(var d=0>c?c+b:c;--d>=0;)a.push(d);return a}),gt:nb(function(a,b,c){for(var d=0>c?c+b:c;++db;b++)d+=a[b].value;return d}function rb(a,b,c){var d=b.dir,e=c&&"parentNode"===d,f=x++;return b.first?function(b,c,f){while(b=b[d])if(1===b.nodeType||e)return a(b,c,f)}:function(b,c,g){var h,i,j=[w,f];if(g){while(b=b[d])if((1===b.nodeType||e)&&a(b,c,g))return!0}else while(b=b[d])if(1===b.nodeType||e){if(i=b[u]||(b[u]={}),(h=i[d])&&h[0]===w&&h[1]===f)return j[2]=h[2];if(i[d]=j,j[2]=a(b,c,g))return!0}}}function sb(a){return a.length>1?function(b,c,d){var e=a.length;while(e--)if(!a[e](b,c,d))return!1;return!0}:a[0]}function tb(a,b,c){for(var d=0,e=b.length;e>d;d++)fb(a,b[d],c);return c}function ub(a,b,c,d,e){for(var f,g=[],h=0,i=a.length,j=null!=b;i>h;h++)(f=a[h])&&(!c||c(f,d,e))&&(g.push(f),j&&b.push(h));return g}function vb(a,b,c,d,e,f){return d&&!d[u]&&(d=vb(d)),e&&!e[u]&&(e=vb(e,f)),hb(function(f,g,h,i){var j,k,l,m=[],n=[],o=g.length,p=f||tb(b||"*",h.nodeType?[h]:h,[]),q=!a||!f&&b?p:ub(p,m,a,h,i),r=c?e||(f?a:o||d)?[]:g:q;if(c&&c(q,r,h,i),d){j=ub(r,n),d(j,[],h,i),k=j.length;while(k--)(l=j[k])&&(r[n[k]]=!(q[n[k]]=l))}if(f){if(e||a){if(e){j=[],k=r.length;while(k--)(l=r[k])&&j.push(q[k]=l);e(null,r=[],j,i)}k=r.length;while(k--)(l=r[k])&&(j=e?K.call(f,l):m[k])>-1&&(f[j]=!(g[j]=l))}}else r=ub(r===g?r.splice(o,r.length):r),e?e(null,g,r,i):I.apply(g,r)})}function wb(a){for(var b,c,e,f=a.length,g=d.relative[a[0].type],h=g||d.relative[" "],i=g?1:0,k=rb(function(a){return a===b},h,!0),l=rb(function(a){return K.call(b,a)>-1},h,!0),m=[function(a,c,d){return!g&&(d||c!==j)||((b=c).nodeType?k(a,c,d):l(a,c,d))}];f>i;i++)if(c=d.relative[a[i].type])m=[rb(sb(m),c)];else{if(c=d.filter[a[i].type].apply(null,a[i].matches),c[u]){for(e=++i;f>e;e++)if(d.relative[a[e].type])break;return vb(i>1&&sb(m),i>1&&qb(a.slice(0,i-1).concat({value:" "===a[i-2].type?"*":""})).replace(R,"$1"),c,e>i&&wb(a.slice(i,e)),f>e&&wb(a=a.slice(e)),f>e&&qb(a))}m.push(c)}return sb(m)}function xb(a,b){var c=b.length>0,e=a.length>0,f=function(f,g,h,i,k){var l,m,o,p=0,q="0",r=f&&[],s=[],t=j,u=f||e&&d.find.TAG("*",k),v=w+=null==t?1:Math.random()||.1,x=u.length;for(k&&(j=g!==n&&g);q!==x&&null!=(l=u[q]);q++){if(e&&l){m=0;while(o=a[m++])if(o(l,g,h)){i.push(l);break}k&&(w=v)}c&&((l=!o&&l)&&p--,f&&r.push(l))}if(p+=q,c&&q!==p){m=0;while(o=b[m++])o(r,s,g,h);if(f){if(p>0)while(q--)r[q]||s[q]||(s[q]=G.call(i));s=ub(s)}I.apply(i,s),k&&!f&&s.length>0&&p+b.length>1&&fb.uniqueSort(i)}return k&&(w=v,j=t),r};return c?hb(f):f}return h=fb.compile=function(a,b){var c,d=[],e=[],f=A[a+" "];if(!f){b||(b=g(a)),c=b.length;while(c--)f=wb(b[c]),f[u]?d.push(f):e.push(f);f=A(a,xb(e,d)),f.selector=a}return f},i=fb.select=function(a,b,e,f){var i,j,k,l,m,n="function"==typeof a&&a,o=!f&&g(a=n.selector||a);if(e=e||[],1===o.length){if(j=o[0]=o[0].slice(0),j.length>2&&"ID"===(k=j[0]).type&&c.getById&&9===b.nodeType&&p&&d.relative[j[1].type]){if(b=(d.find.ID(k.matches[0].replace(cb,db),b)||[])[0],!b)return e;n&&(b=b.parentNode),a=a.slice(j.shift().value.length)}i=X.needsContext.test(a)?0:j.length;while(i--){if(k=j[i],d.relative[l=k.type])break;if((m=d.find[l])&&(f=m(k.matches[0].replace(cb,db),ab.test(j[0].type)&&ob(b.parentNode)||b))){if(j.splice(i,1),a=f.length&&qb(j),!a)return I.apply(e,f),e;break}}}return(n||h(a,o))(f,b,!p,e,ab.test(a)&&ob(b.parentNode)||b),e},c.sortStable=u.split("").sort(B).join("")===u,c.detectDuplicates=!!l,m(),c.sortDetached=ib(function(a){return 1&a.compareDocumentPosition(n.createElement("div"))}),ib(function(a){return a.innerHTML="","#"===a.firstChild.getAttribute("href")})||jb("type|href|height|width",function(a,b,c){return c?void 0:a.getAttribute(b,"type"===b.toLowerCase()?1:2)}),c.attributes&&ib(function(a){return a.innerHTML="",a.firstChild.setAttribute("value",""),""===a.firstChild.getAttribute("value")})||jb("value",function(a,b,c){return c||"input"!==a.nodeName.toLowerCase()?void 0:a.defaultValue}),ib(function(a){return null==a.getAttribute("disabled")})||jb(L,function(a,b,c){var d;return c?void 0:a[b]===!0?b.toLowerCase():(d=a.getAttributeNode(b))&&d.specified?d.value:null}),fb}(a);n.find=t,n.expr=t.selectors,n.expr[":"]=n.expr.pseudos,n.unique=t.uniqueSort,n.text=t.getText,n.isXMLDoc=t.isXML,n.contains=t.contains;var u=n.expr.match.needsContext,v=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,w=/^.[^:#\[\.,]*$/;function x(a,b,c){if(n.isFunction(b))return n.grep(a,function(a,d){return!!b.call(a,d,a)!==c});if(b.nodeType)return n.grep(a,function(a){return a===b!==c});if("string"==typeof b){if(w.test(b))return n.filter(b,a,c);b=n.filter(b,a)}return n.grep(a,function(a){return g.call(b,a)>=0!==c})}n.filter=function(a,b,c){var d=b[0];return c&&(a=":not("+a+")"),1===b.length&&1===d.nodeType?n.find.matchesSelector(d,a)?[d]:[]:n.find.matches(a,n.grep(b,function(a){return 1===a.nodeType}))},n.fn.extend({find:function(a){var b,c=this.length,d=[],e=this;if("string"!=typeof a)return this.pushStack(n(a).filter(function(){for(b=0;c>b;b++)if(n.contains(e[b],this))return!0}));for(b=0;c>b;b++)n.find(a,e[b],d);return d=this.pushStack(c>1?n.unique(d):d),d.selector=this.selector?this.selector+" "+a:a,d},filter:function(a){return this.pushStack(x(this,a||[],!1))},not:function(a){return this.pushStack(x(this,a||[],!0))},is:function(a){return!!x(this,"string"==typeof a&&u.test(a)?n(a):a||[],!1).length}});var y,z=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/,A=n.fn.init=function(a,b){var c,d;if(!a)return this;if("string"==typeof a){if(c="<"===a[0]&&">"===a[a.length-1]&&a.length>=3?[null,a,null]:z.exec(a),!c||!c[1]&&b)return!b||b.jquery?(b||y).find(a):this.constructor(b).find(a);if(c[1]){if(b=b instanceof n?b[0]:b,n.merge(this,n.parseHTML(c[1],b&&b.nodeType?b.ownerDocument||b:l,!0)),v.test(c[1])&&n.isPlainObject(b))for(c in b)n.isFunction(this[c])?this[c](b[c]):this.attr(c,b[c]);return this}return d=l.getElementById(c[2]),d&&d.parentNode&&(this.length=1,this[0]=d),this.context=l,this.selector=a,this}return a.nodeType?(this.context=this[0]=a,this.length=1,this):n.isFunction(a)?"undefined"!=typeof y.ready?y.ready(a):a(n):(void 0!==a.selector&&(this.selector=a.selector,this.context=a.context),n.makeArray(a,this))};A.prototype=n.fn,y=n(l);var B=/^(?:parents|prev(?:Until|All))/,C={children:!0,contents:!0,next:!0,prev:!0};n.extend({dir:function(a,b,c){var d=[],e=void 0!==c;while((a=a[b])&&9!==a.nodeType)if(1===a.nodeType){if(e&&n(a).is(c))break;d.push(a)}return d},sibling:function(a,b){for(var c=[];a;a=a.nextSibling)1===a.nodeType&&a!==b&&c.push(a);return c}}),n.fn.extend({has:function(a){var b=n(a,this),c=b.length;return this.filter(function(){for(var a=0;c>a;a++)if(n.contains(this,b[a]))return!0})},closest:function(a,b){for(var c,d=0,e=this.length,f=[],g=u.test(a)||"string"!=typeof a?n(a,b||this.context):0;e>d;d++)for(c=this[d];c&&c!==b;c=c.parentNode)if(c.nodeType<11&&(g?g.index(c)>-1:1===c.nodeType&&n.find.matchesSelector(c,a))){f.push(c);break}return this.pushStack(f.length>1?n.unique(f):f)},index:function(a){return a?"string"==typeof a?g.call(n(a),this[0]):g.call(this,a.jquery?a[0]:a):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(a,b){return this.pushStack(n.unique(n.merge(this.get(),n(a,b))))},addBack:function(a){return this.add(null==a?this.prevObject:this.prevObject.filter(a))}});function D(a,b){while((a=a[b])&&1!==a.nodeType);return a}n.each({parent:function(a){var b=a.parentNode;return b&&11!==b.nodeType?b:null},parents:function(a){return n.dir(a,"parentNode")},parentsUntil:function(a,b,c){return n.dir(a,"parentNode",c)},next:function(a){return D(a,"nextSibling")},prev:function(a){return D(a,"previousSibling")},nextAll:function(a){return n.dir(a,"nextSibling")},prevAll:function(a){return n.dir(a,"previousSibling")},nextUntil:function(a,b,c){return n.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return n.dir(a,"previousSibling",c)},siblings:function(a){return n.sibling((a.parentNode||{}).firstChild,a)},children:function(a){return n.sibling(a.firstChild)},contents:function(a){return a.contentDocument||n.merge([],a.childNodes)}},function(a,b){n.fn[a]=function(c,d){var e=n.map(this,b,c);return"Until"!==a.slice(-5)&&(d=c),d&&"string"==typeof d&&(e=n.filter(d,e)),this.length>1&&(C[a]||n.unique(e),B.test(a)&&e.reverse()),this.pushStack(e)}});var E=/\S+/g,F={};function G(a){var b=F[a]={};return n.each(a.match(E)||[],function(a,c){b[c]=!0}),b}n.Callbacks=function(a){a="string"==typeof a?F[a]||G(a):n.extend({},a);var b,c,d,e,f,g,h=[],i=!a.once&&[],j=function(l){for(b=a.memory&&l,c=!0,g=e||0,e=0,f=h.length,d=!0;h&&f>g;g++)if(h[g].apply(l[0],l[1])===!1&&a.stopOnFalse){b=!1;break}d=!1,h&&(i?i.length&&j(i.shift()):b?h=[]:k.disable())},k={add:function(){if(h){var c=h.length;!function g(b){n.each(b,function(b,c){var d=n.type(c);"function"===d?a.unique&&k.has(c)||h.push(c):c&&c.length&&"string"!==d&&g(c)})}(arguments),d?f=h.length:b&&(e=c,j(b))}return this},remove:function(){return h&&n.each(arguments,function(a,b){var c;while((c=n.inArray(b,h,c))>-1)h.splice(c,1),d&&(f>=c&&f--,g>=c&&g--)}),this},has:function(a){return a?n.inArray(a,h)>-1:!(!h||!h.length)},empty:function(){return h=[],f=0,this},disable:function(){return h=i=b=void 0,this},disabled:function(){return!h},lock:function(){return i=void 0,b||k.disable(),this},locked:function(){return!i},fireWith:function(a,b){return!h||c&&!i||(b=b||[],b=[a,b.slice?b.slice():b],d?i.push(b):j(b)),this},fire:function(){return k.fireWith(this,arguments),this},fired:function(){return!!c}};return k},n.extend({Deferred:function(a){var b=[["resolve","done",n.Callbacks("once memory"),"resolved"],["reject","fail",n.Callbacks("once memory"),"rejected"],["notify","progress",n.Callbacks("memory")]],c="pending",d={state:function(){return c},always:function(){return e.done(arguments).fail(arguments),this},then:function(){var a=arguments;return n.Deferred(function(c){n.each(b,function(b,f){var g=n.isFunction(a[b])&&a[b];e[f[1]](function(){var a=g&&g.apply(this,arguments);a&&n.isFunction(a.promise)?a.promise().done(c.resolve).fail(c.reject).progress(c.notify):c[f[0]+"With"](this===d?c.promise():this,g?[a]:arguments)})}),a=null}).promise()},promise:function(a){return null!=a?n.extend(a,d):d}},e={};return d.pipe=d.then,n.each(b,function(a,f){var g=f[2],h=f[3];d[f[1]]=g.add,h&&g.add(function(){c=h},b[1^a][2].disable,b[2][2].lock),e[f[0]]=function(){return e[f[0]+"With"](this===e?d:this,arguments),this},e[f[0]+"With"]=g.fireWith}),d.promise(e),a&&a.call(e,e),e},when:function(a){var b=0,c=d.call(arguments),e=c.length,f=1!==e||a&&n.isFunction(a.promise)?e:0,g=1===f?a:n.Deferred(),h=function(a,b,c){return function(e){b[a]=this,c[a]=arguments.length>1?d.call(arguments):e,c===i?g.notifyWith(b,c):--f||g.resolveWith(b,c)}},i,j,k;if(e>1)for(i=new Array(e),j=new Array(e),k=new Array(e);e>b;b++)c[b]&&n.isFunction(c[b].promise)?c[b].promise().done(h(b,k,c)).fail(g.reject).progress(h(b,j,i)):--f;return f||g.resolveWith(k,c),g.promise()}});var H;n.fn.ready=function(a){return n.ready.promise().done(a),this},n.extend({isReady:!1,readyWait:1,holdReady:function(a){a?n.readyWait++:n.ready(!0)},ready:function(a){(a===!0?--n.readyWait:n.isReady)||(n.isReady=!0,a!==!0&&--n.readyWait>0||(H.resolveWith(l,[n]),n.fn.triggerHandler&&(n(l).triggerHandler("ready"),n(l).off("ready"))))}});function I(){l.removeEventListener("DOMContentLoaded",I,!1),a.removeEventListener("load",I,!1),n.ready()}n.ready.promise=function(b){return H||(H=n.Deferred(),"complete"===l.readyState?setTimeout(n.ready):(l.addEventListener("DOMContentLoaded",I,!1),a.addEventListener("load",I,!1))),H.promise(b)},n.ready.promise();var J=n.access=function(a,b,c,d,e,f,g){var h=0,i=a.length,j=null==c;if("object"===n.type(c)){e=!0;for(h in c)n.access(a,b,h,c[h],!0,f,g)}else if(void 0!==d&&(e=!0,n.isFunction(d)||(g=!0),j&&(g?(b.call(a,d),b=null):(j=b,b=function(a,b,c){return j.call(n(a),c)})),b))for(;i>h;h++)b(a[h],c,g?d:d.call(a[h],h,b(a[h],c)));return e?a:j?b.call(a):i?b(a[0],c):f};n.acceptData=function(a){return 1===a.nodeType||9===a.nodeType||!+a.nodeType};function K(){Object.defineProperty(this.cache={},0,{get:function(){return{}}}),this.expando=n.expando+Math.random()}K.uid=1,K.accepts=n.acceptData,K.prototype={key:function(a){if(!K.accepts(a))return 0;var b={},c=a[this.expando];if(!c){c=K.uid++;try{b[this.expando]={value:c},Object.defineProperties(a,b)}catch(d){b[this.expando]=c,n.extend(a,b)}}return this.cache[c]||(this.cache[c]={}),c},set:function(a,b,c){var d,e=this.key(a),f=this.cache[e];if("string"==typeof b)f[b]=c;else if(n.isEmptyObject(f))n.extend(this.cache[e],b);else for(d in b)f[d]=b[d];return f},get:function(a,b){var c=this.cache[this.key(a)];return void 0===b?c:c[b]},access:function(a,b,c){var d;return void 0===b||b&&"string"==typeof b&&void 0===c?(d=this.get(a,b),void 0!==d?d:this.get(a,n.camelCase(b))):(this.set(a,b,c),void 0!==c?c:b)},remove:function(a,b){var c,d,e,f=this.key(a),g=this.cache[f];if(void 0===b)this.cache[f]={};else{n.isArray(b)?d=b.concat(b.map(n.camelCase)):(e=n.camelCase(b),b in g?d=[b,e]:(d=e,d=d in g?[d]:d.match(E)||[])),c=d.length;while(c--)delete g[d[c]]}},hasData:function(a){return!n.isEmptyObject(this.cache[a[this.expando]]||{})},discard:function(a){a[this.expando]&&delete this.cache[a[this.expando]]}};var L=new K,M=new K,N=/^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,O=/([A-Z])/g;function P(a,b,c){var d;if(void 0===c&&1===a.nodeType)if(d="data-"+b.replace(O,"-$1").toLowerCase(),c=a.getAttribute(d),"string"==typeof c){try{c="true"===c?!0:"false"===c?!1:"null"===c?null:+c+""===c?+c:N.test(c)?n.parseJSON(c):c}catch(e){}M.set(a,b,c)}else c=void 0;return c}n.extend({hasData:function(a){return M.hasData(a)||L.hasData(a)},data:function(a,b,c){return M.access(a,b,c)},removeData:function(a,b){M.remove(a,b) +},_data:function(a,b,c){return L.access(a,b,c)},_removeData:function(a,b){L.remove(a,b)}}),n.fn.extend({data:function(a,b){var c,d,e,f=this[0],g=f&&f.attributes;if(void 0===a){if(this.length&&(e=M.get(f),1===f.nodeType&&!L.get(f,"hasDataAttrs"))){c=g.length;while(c--)g[c]&&(d=g[c].name,0===d.indexOf("data-")&&(d=n.camelCase(d.slice(5)),P(f,d,e[d])));L.set(f,"hasDataAttrs",!0)}return e}return"object"==typeof a?this.each(function(){M.set(this,a)}):J(this,function(b){var c,d=n.camelCase(a);if(f&&void 0===b){if(c=M.get(f,a),void 0!==c)return c;if(c=M.get(f,d),void 0!==c)return c;if(c=P(f,d,void 0),void 0!==c)return c}else this.each(function(){var c=M.get(this,d);M.set(this,d,b),-1!==a.indexOf("-")&&void 0!==c&&M.set(this,a,b)})},null,b,arguments.length>1,null,!0)},removeData:function(a){return this.each(function(){M.remove(this,a)})}}),n.extend({queue:function(a,b,c){var d;return a?(b=(b||"fx")+"queue",d=L.get(a,b),c&&(!d||n.isArray(c)?d=L.access(a,b,n.makeArray(c)):d.push(c)),d||[]):void 0},dequeue:function(a,b){b=b||"fx";var c=n.queue(a,b),d=c.length,e=c.shift(),f=n._queueHooks(a,b),g=function(){n.dequeue(a,b)};"inprogress"===e&&(e=c.shift(),d--),e&&("fx"===b&&c.unshift("inprogress"),delete f.stop,e.call(a,g,f)),!d&&f&&f.empty.fire()},_queueHooks:function(a,b){var c=b+"queueHooks";return L.get(a,c)||L.access(a,c,{empty:n.Callbacks("once memory").add(function(){L.remove(a,[b+"queue",c])})})}}),n.fn.extend({queue:function(a,b){var c=2;return"string"!=typeof a&&(b=a,a="fx",c--),arguments.lengthx",k.noCloneChecked=!!b.cloneNode(!0).lastChild.defaultValue}();var U="undefined";k.focusinBubbles="onfocusin"in a;var V=/^key/,W=/^(?:mouse|pointer|contextmenu)|click/,X=/^(?:focusinfocus|focusoutblur)$/,Y=/^([^.]*)(?:\.(.+)|)$/;function Z(){return!0}function $(){return!1}function _(){try{return l.activeElement}catch(a){}}n.event={global:{},add:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,o,p,q,r=L.get(a);if(r){c.handler&&(f=c,c=f.handler,e=f.selector),c.guid||(c.guid=n.guid++),(i=r.events)||(i=r.events={}),(g=r.handle)||(g=r.handle=function(b){return typeof n!==U&&n.event.triggered!==b.type?n.event.dispatch.apply(a,arguments):void 0}),b=(b||"").match(E)||[""],j=b.length;while(j--)h=Y.exec(b[j])||[],o=q=h[1],p=(h[2]||"").split(".").sort(),o&&(l=n.event.special[o]||{},o=(e?l.delegateType:l.bindType)||o,l=n.event.special[o]||{},k=n.extend({type:o,origType:q,data:d,handler:c,guid:c.guid,selector:e,needsContext:e&&n.expr.match.needsContext.test(e),namespace:p.join(".")},f),(m=i[o])||(m=i[o]=[],m.delegateCount=0,l.setup&&l.setup.call(a,d,p,g)!==!1||a.addEventListener&&a.addEventListener(o,g,!1)),l.add&&(l.add.call(a,k),k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k):m.push(k),n.event.global[o]=!0)}},remove:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,o,p,q,r=L.hasData(a)&&L.get(a);if(r&&(i=r.events)){b=(b||"").match(E)||[""],j=b.length;while(j--)if(h=Y.exec(b[j])||[],o=q=h[1],p=(h[2]||"").split(".").sort(),o){l=n.event.special[o]||{},o=(d?l.delegateType:l.bindType)||o,m=i[o]||[],h=h[2]&&new RegExp("(^|\\.)"+p.join("\\.(?:.*\\.|)")+"(\\.|$)"),g=f=m.length;while(f--)k=m[f],!e&&q!==k.origType||c&&c.guid!==k.guid||h&&!h.test(k.namespace)||d&&d!==k.selector&&("**"!==d||!k.selector)||(m.splice(f,1),k.selector&&m.delegateCount--,l.remove&&l.remove.call(a,k));g&&!m.length&&(l.teardown&&l.teardown.call(a,p,r.handle)!==!1||n.removeEvent(a,o,r.handle),delete i[o])}else for(o in i)n.event.remove(a,o+b[j],c,d,!0);n.isEmptyObject(i)&&(delete r.handle,L.remove(a,"events"))}},trigger:function(b,c,d,e){var f,g,h,i,k,m,o,p=[d||l],q=j.call(b,"type")?b.type:b,r=j.call(b,"namespace")?b.namespace.split("."):[];if(g=h=d=d||l,3!==d.nodeType&&8!==d.nodeType&&!X.test(q+n.event.triggered)&&(q.indexOf(".")>=0&&(r=q.split("."),q=r.shift(),r.sort()),k=q.indexOf(":")<0&&"on"+q,b=b[n.expando]?b:new n.Event(q,"object"==typeof b&&b),b.isTrigger=e?2:3,b.namespace=r.join("."),b.namespace_re=b.namespace?new RegExp("(^|\\.)"+r.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,b.result=void 0,b.target||(b.target=d),c=null==c?[b]:n.makeArray(c,[b]),o=n.event.special[q]||{},e||!o.trigger||o.trigger.apply(d,c)!==!1)){if(!e&&!o.noBubble&&!n.isWindow(d)){for(i=o.delegateType||q,X.test(i+q)||(g=g.parentNode);g;g=g.parentNode)p.push(g),h=g;h===(d.ownerDocument||l)&&p.push(h.defaultView||h.parentWindow||a)}f=0;while((g=p[f++])&&!b.isPropagationStopped())b.type=f>1?i:o.bindType||q,m=(L.get(g,"events")||{})[b.type]&&L.get(g,"handle"),m&&m.apply(g,c),m=k&&g[k],m&&m.apply&&n.acceptData(g)&&(b.result=m.apply(g,c),b.result===!1&&b.preventDefault());return b.type=q,e||b.isDefaultPrevented()||o._default&&o._default.apply(p.pop(),c)!==!1||!n.acceptData(d)||k&&n.isFunction(d[q])&&!n.isWindow(d)&&(h=d[k],h&&(d[k]=null),n.event.triggered=q,d[q](),n.event.triggered=void 0,h&&(d[k]=h)),b.result}},dispatch:function(a){a=n.event.fix(a);var b,c,e,f,g,h=[],i=d.call(arguments),j=(L.get(this,"events")||{})[a.type]||[],k=n.event.special[a.type]||{};if(i[0]=a,a.delegateTarget=this,!k.preDispatch||k.preDispatch.call(this,a)!==!1){h=n.event.handlers.call(this,a,j),b=0;while((f=h[b++])&&!a.isPropagationStopped()){a.currentTarget=f.elem,c=0;while((g=f.handlers[c++])&&!a.isImmediatePropagationStopped())(!a.namespace_re||a.namespace_re.test(g.namespace))&&(a.handleObj=g,a.data=g.data,e=((n.event.special[g.origType]||{}).handle||g.handler).apply(f.elem,i),void 0!==e&&(a.result=e)===!1&&(a.preventDefault(),a.stopPropagation()))}return k.postDispatch&&k.postDispatch.call(this,a),a.result}},handlers:function(a,b){var c,d,e,f,g=[],h=b.delegateCount,i=a.target;if(h&&i.nodeType&&(!a.button||"click"!==a.type))for(;i!==this;i=i.parentNode||this)if(i.disabled!==!0||"click"!==a.type){for(d=[],c=0;h>c;c++)f=b[c],e=f.selector+" ",void 0===d[e]&&(d[e]=f.needsContext?n(e,this).index(i)>=0:n.find(e,this,null,[i]).length),d[e]&&d.push(f);d.length&&g.push({elem:i,handlers:d})}return h]*)\/>/gi,bb=/<([\w:]+)/,cb=/<|&#?\w+;/,db=/<(?:script|style|link)/i,eb=/checked\s*(?:[^=]|=\s*.checked.)/i,fb=/^$|\/(?:java|ecma)script/i,gb=/^true\/(.*)/,hb=/^\s*\s*$/g,ib={option:[1,""],thead:[1,"","
"],col:[2,"","
"],tr:[2,"","
"],td:[3,"","
"],_default:[0,"",""]};ib.optgroup=ib.option,ib.tbody=ib.tfoot=ib.colgroup=ib.caption=ib.thead,ib.th=ib.td;function jb(a,b){return n.nodeName(a,"table")&&n.nodeName(11!==b.nodeType?b:b.firstChild,"tr")?a.getElementsByTagName("tbody")[0]||a.appendChild(a.ownerDocument.createElement("tbody")):a}function kb(a){return a.type=(null!==a.getAttribute("type"))+"/"+a.type,a}function lb(a){var b=gb.exec(a.type);return b?a.type=b[1]:a.removeAttribute("type"),a}function mb(a,b){for(var c=0,d=a.length;d>c;c++)L.set(a[c],"globalEval",!b||L.get(b[c],"globalEval"))}function nb(a,b){var c,d,e,f,g,h,i,j;if(1===b.nodeType){if(L.hasData(a)&&(f=L.access(a),g=L.set(b,f),j=f.events)){delete g.handle,g.events={};for(e in j)for(c=0,d=j[e].length;d>c;c++)n.event.add(b,e,j[e][c])}M.hasData(a)&&(h=M.access(a),i=n.extend({},h),M.set(b,i))}}function ob(a,b){var c=a.getElementsByTagName?a.getElementsByTagName(b||"*"):a.querySelectorAll?a.querySelectorAll(b||"*"):[];return void 0===b||b&&n.nodeName(a,b)?n.merge([a],c):c}function pb(a,b){var c=b.nodeName.toLowerCase();"input"===c&&T.test(a.type)?b.checked=a.checked:("input"===c||"textarea"===c)&&(b.defaultValue=a.defaultValue)}n.extend({clone:function(a,b,c){var d,e,f,g,h=a.cloneNode(!0),i=n.contains(a.ownerDocument,a);if(!(k.noCloneChecked||1!==a.nodeType&&11!==a.nodeType||n.isXMLDoc(a)))for(g=ob(h),f=ob(a),d=0,e=f.length;e>d;d++)pb(f[d],g[d]);if(b)if(c)for(f=f||ob(a),g=g||ob(h),d=0,e=f.length;e>d;d++)nb(f[d],g[d]);else nb(a,h);return g=ob(h,"script"),g.length>0&&mb(g,!i&&ob(a,"script")),h},buildFragment:function(a,b,c,d){for(var e,f,g,h,i,j,k=b.createDocumentFragment(),l=[],m=0,o=a.length;o>m;m++)if(e=a[m],e||0===e)if("object"===n.type(e))n.merge(l,e.nodeType?[e]:e);else if(cb.test(e)){f=f||k.appendChild(b.createElement("div")),g=(bb.exec(e)||["",""])[1].toLowerCase(),h=ib[g]||ib._default,f.innerHTML=h[1]+e.replace(ab,"<$1>")+h[2],j=h[0];while(j--)f=f.lastChild;n.merge(l,f.childNodes),f=k.firstChild,f.textContent=""}else l.push(b.createTextNode(e));k.textContent="",m=0;while(e=l[m++])if((!d||-1===n.inArray(e,d))&&(i=n.contains(e.ownerDocument,e),f=ob(k.appendChild(e),"script"),i&&mb(f),c)){j=0;while(e=f[j++])fb.test(e.type||"")&&c.push(e)}return k},cleanData:function(a){for(var b,c,d,e,f=n.event.special,g=0;void 0!==(c=a[g]);g++){if(n.acceptData(c)&&(e=c[L.expando],e&&(b=L.cache[e]))){if(b.events)for(d in b.events)f[d]?n.event.remove(c,d):n.removeEvent(c,d,b.handle);L.cache[e]&&delete L.cache[e]}delete M.cache[c[M.expando]]}}}),n.fn.extend({text:function(a){return J(this,function(a){return void 0===a?n.text(this):this.empty().each(function(){(1===this.nodeType||11===this.nodeType||9===this.nodeType)&&(this.textContent=a)})},null,a,arguments.length)},append:function(){return this.domManip(arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=jb(this,a);b.appendChild(a)}})},prepend:function(){return this.domManip(arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=jb(this,a);b.insertBefore(a,b.firstChild)}})},before:function(){return this.domManip(arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this)})},after:function(){return this.domManip(arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this.nextSibling)})},remove:function(a,b){for(var c,d=a?n.filter(a,this):this,e=0;null!=(c=d[e]);e++)b||1!==c.nodeType||n.cleanData(ob(c)),c.parentNode&&(b&&n.contains(c.ownerDocument,c)&&mb(ob(c,"script")),c.parentNode.removeChild(c));return this},empty:function(){for(var a,b=0;null!=(a=this[b]);b++)1===a.nodeType&&(n.cleanData(ob(a,!1)),a.textContent="");return this},clone:function(a,b){return a=null==a?!1:a,b=null==b?a:b,this.map(function(){return n.clone(this,a,b)})},html:function(a){return J(this,function(a){var b=this[0]||{},c=0,d=this.length;if(void 0===a&&1===b.nodeType)return b.innerHTML;if("string"==typeof a&&!db.test(a)&&!ib[(bb.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(ab,"<$1>");try{for(;d>c;c++)b=this[c]||{},1===b.nodeType&&(n.cleanData(ob(b,!1)),b.innerHTML=a);b=0}catch(e){}}b&&this.empty().append(a)},null,a,arguments.length)},replaceWith:function(){var a=arguments[0];return this.domManip(arguments,function(b){a=this.parentNode,n.cleanData(ob(this)),a&&a.replaceChild(b,this)}),a&&(a.length||a.nodeType)?this:this.remove()},detach:function(a){return this.remove(a,!0)},domManip:function(a,b){a=e.apply([],a);var c,d,f,g,h,i,j=0,l=this.length,m=this,o=l-1,p=a[0],q=n.isFunction(p);if(q||l>1&&"string"==typeof p&&!k.checkClone&&eb.test(p))return this.each(function(c){var d=m.eq(c);q&&(a[0]=p.call(this,c,d.html())),d.domManip(a,b)});if(l&&(c=n.buildFragment(a,this[0].ownerDocument,!1,this),d=c.firstChild,1===c.childNodes.length&&(c=d),d)){for(f=n.map(ob(c,"script"),kb),g=f.length;l>j;j++)h=c,j!==o&&(h=n.clone(h,!0,!0),g&&n.merge(f,ob(h,"script"))),b.call(this[j],h,j);if(g)for(i=f[f.length-1].ownerDocument,n.map(f,lb),j=0;g>j;j++)h=f[j],fb.test(h.type||"")&&!L.access(h,"globalEval")&&n.contains(i,h)&&(h.src?n._evalUrl&&n._evalUrl(h.src):n.globalEval(h.textContent.replace(hb,"")))}return this}}),n.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){n.fn[a]=function(a){for(var c,d=[],e=n(a),g=e.length-1,h=0;g>=h;h++)c=h===g?this:this.clone(!0),n(e[h])[b](c),f.apply(d,c.get());return this.pushStack(d)}});var qb,rb={};function sb(b,c){var d,e=n(c.createElement(b)).appendTo(c.body),f=a.getDefaultComputedStyle&&(d=a.getDefaultComputedStyle(e[0]))?d.display:n.css(e[0],"display");return e.detach(),f}function tb(a){var b=l,c=rb[a];return c||(c=sb(a,b),"none"!==c&&c||(qb=(qb||n("