48 lines
1.4 KiB
Plaintext
48 lines
1.4 KiB
Plaintext
{
|
|
"$schema": "https://lnav.org/schemas/format-v1.schema.json",
|
|
"sudo_log": {
|
|
"title": "sudo",
|
|
"description": "The sudo privilege management tool.",
|
|
"url": "",
|
|
"regex": {
|
|
"std": {
|
|
"module-format": true,
|
|
"pattern": "^(?<login>\\S+)\\s*: (?:(?<error_msg>[^;]+);)?\\s*TTY=(?<tty>[^;]+)\\s+;\\s*PWD=(?<pwd>[^;]+)\\s+;\\s*USER=(?<user>[^;]+)\\s+;\\s*COMMAND=(?<command>.*)$"
|
|
}
|
|
},
|
|
"level-field": "error_msg",
|
|
"level": {
|
|
"error": ".+"
|
|
},
|
|
"value": {
|
|
"login": {
|
|
"kind": "string",
|
|
"identifier": true
|
|
},
|
|
"error_msg": {
|
|
"kind": "string"
|
|
},
|
|
"tty": {
|
|
"kind": "string"
|
|
},
|
|
"pwd": {
|
|
"kind": "string"
|
|
},
|
|
"user": {
|
|
"kind": "string",
|
|
"identifier": true
|
|
},
|
|
"command": {
|
|
"kind": "string"
|
|
}
|
|
},
|
|
"sample": [
|
|
{
|
|
"line": "stack : 3 incorrect password attempts ; TTY=ttys005 ; PWD=/Users/stack/ClionProjects/lbuild ; USER=root ; COMMAND=/bin/ls"
|
|
},
|
|
{
|
|
"line": "stack : TTY=ttys005 ; PWD=/Users/stack/ClionProjects/lbuild ; USER=root ; COMMAND=/bin/ls"
|
|
}
|
|
]
|
|
}
|
|
} |