diff --git a/package/etc/conf.d/filters/cisco/ios.conf b/package/etc/conf.d/filters/cisco/ios.conf index 14fa1a5..273f5bc 100644 --- a/package/etc/conf.d/filters/cisco/ios.conf +++ b/package/etc/conf.d/filters/cisco/ios.conf @@ -4,60 +4,6 @@ filter f_cisco_ios{ match("cisco_ios", value("fields.sc4s_vendor_product") type(glob)); }; -#6339985: foo: 6340004: *Mar 4 11:45:20: %SEC-6-IPACCESSLOGP: list INET-BLOCK permitted tcp 192.168.20.252(55244) -> 10.54.3.178(44818), 1 packet -#30: foo: *Apr 29 13:58:46.000001: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.1.239 stopped - CLI initiated -#30: foo: *Apr 29 13:58:46.411: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.1.239 stopped - CLI initiated -#29: foo: *Apr 29 13:58:40.411: %SYS-5-CONFIG_I: Configured from console by console -#30: foo: *Apr 29 13:58:46.411: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.1.239 stopped - CLI initiated -#31: foo: *Apr 29 13:58:46.411: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.1.239 started - CLI initiated -#32: 0.0.0.0: *Apr 29 13:59:12.491: %SYS-5-CONFIG_I: Configured from console by console -#33: 0.0.0.0: *Apr 29 13:59:26.415: %SYS-5-CONFIG_I: Configured from console by console -#34: 0.0.0.0: *Apr 29 13:59:56.603: %SYS-5-CONFIG_I: Configured from console by console -#35: *Apr 29 14:00:16.059: %SYS-5-CONFIG_I: Configured from console by console -#32: foo: *Apr 29 13:58:46.411: %SYSMGR-STANDBY-3-SHUTDOWN_START: The System Manager has started the shutdown procedure. -#foo: *Apr 29 13:58:46.411: %SYSMGR-STANDBY-3-SHUTDOWN_START: The System Manager has -#started the shutdown procedure. -#foo: 00:01:01: %SYSMGR-STANDBY-3-SHUTDOWN_START: The System Manager has started the -#foo: 1 2: %SYSMGR-STANDBY-3-SHUTDOWN_START: The System Manager has started the shutdown procedure.shutdown procedure. -#foo: 101 21: %SYSMGR-STANDBY-3-SHUTDOWN_START: The System Manager has started the shutdown procedure.shutdown procedure. -#*Mar 1 18:48:50.483 UTC: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) - -# block parser cisco-timestamp-parser-ex(template()) { -# channel { -# filter { -# match('^\*?([A-Za-z]{3} [0-9 ]\d (\d{4} )?\d{2}:\d{2}:\d{2}(\.\d{3})?( (AM|PM))?)' template(`template`) flags(store-matches)); -# }; -# parser { -# date-parser(format('%b %d %I:%M:%S %p.%f', -# '%b %d %I:%M:%S %p', -# '%b %d %H:%M:%S.%f', -# '%b %d %H:%M:%S', -# '%b %d %Y %H:%M:%S.%f', -# '%b %d %Y %H:%M:%S') -# template("$1")); -# }; -# }; -# }; - -# block parser cisco-triplet-parser-ex(template() prefix()) { -# channel { -# if { -# parser { -# csv-parser(delimiters(chars('-')) template(`template`) -# columns('`prefix`facility', '`prefix`severity', '`prefix`mnemonic') -# flags(drop-invalid)); -# }; -# } else { -# parser { -# csv-parser(delimiters(chars('-')) template(`template`) -# columns('`prefix`facility', '1', '`prefix`severity', '`prefix`mnemonic') -# flags(drop-invalid)); -# }; -# rewrite { set("${`prefix`facility}-$1" value('`prefix`facility')); }; -# }; -# }; -# }; - parser cisco-parser-ex{ channel { @@ -100,33 +46,5 @@ parser cisco-parser-ex{ ); }; - # parser { - # # split msg and header right before the '%', Cisco messages may - # # have a variable number of ': ' terminated values - # csv-parser(delimiters(chars('') strings(': %')) - # columns('1', '2', '3') flags(greedy, drop-invalid)); - - # csv-parser(delimiters(chars(':')) template("$2") columns('3')); - # cisco-triplet-parser_ex(template("$3") prefix(`prefix`)); - # }; - # rewrite { - # set('%$2', value("MSG")); - - # # drop "seqno: " if present - # subst("^(<[0-9]+>)?([0-9]+)?(: )?", "", value('1')); - - # }; - - # if { - # parser { cisco-timestamp-parser_ex(template("$1")); }; - # } elif { - # filter { match("^(?'HOST'[^:]+): (.*)" template('$1') flags(store-matches) type(pcre)); }; - # parser { cisco-timestamp-parser_ex(template("$2")); }; - # } elif { - # filter { match("^(?'HOST'[^:]+)$" template('$1') flags(store-matches) type(pcre)); }; - # } else { - # filter { match("^$" template('$1') flags(store-matches) type(pcre)); }; - # }; - # rewrite { set-severity("${`prefix`severity}"); }; }; }; \ No newline at end of file