USERNAME [a-zA-Z0-._-]+

USER %{USERNAME}

INT (?:[+-]?(?:[-]+))

BASE10NUM (?<![-.+-])(?>[+-]?(?:(?:[-]+(?:\.[-]+)?)|(?:\.[-]+)))

NUMBER (?:%{BASE10NUM})

BASE16NUM (?<![-9A-Fa-f])(?:[+-]?(?:0x)?(?:[-9A-Fa-f]+))

BASE16FLOAT \b(?<![-9A-Fa-f.])(?:[+-]?(?:0x)?(?:(?:[-9A-Fa-f]+(?:\.[-9A-Fa-f]*)?)|(?:\.[-9A-Fa-f]+)))\b

POSINT \b(?:[-][-]*)\b

NONNEGINT \b(?:[-]+)\b

WORD \b\w+\b

NOTSPACE \S+

SPACE \s*

DATA .*?

GREEDYDATA .*

QUOTEDSTRING (?>(?<!\\)(?>”(?>\\.|[^\\"]+)+”|”"|(?>’(?>\\.|[^\\']+)+’)|”|(?>(?>\\.|[^\]+)+)|`))

UUID [A-Fa-f0-]{}-(?:[A-Fa-f0-]{}-){}[A-Fa-f0-]{}

# Networking

MAC (?:%{CISCOMAC}|%{WINDOWSMAC}|%{COMMONMAC})

CISCOMAC (?:(?:[A-Fa-f0-]{}\.){}[A-Fa-f0-]{})

WINDOWSMAC (?:(?:[A-Fa-f0-]{}-){}[A-Fa-f0-]{})

COMMONMAC (?:(?:[A-Fa-f0-]{}:){}[A-Fa-f0-]{})

IPV6 ((([-9A-Fa-f]{,}:){}([-9A-Fa-f]{,}|:))|(([-9A-Fa-f]{,}:){}(:[-9A-Fa-f]{,}|(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){})|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){})|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,})?:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,}){,}:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,}){,}:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:))|(([-9A-Fa-f]{,}:){}(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,}){,}:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:))|(:(((:[-9A-Fa-f]{,}){,})|((:[-9A-Fa-f]{,}){,}:(([-]|[-]\d|\d\d|[-]?\d)(\.([-]|[-]\d|\d\d|[-]?\d)){}))|:)))(%.+)?

IPV4 (?<![-])(?:(?:[-]|[-][-]|[-]?[-]{,})[.](?:[-]|[-][-]|[-]?[-]{,})[.](?:[-]|[-][-]|[-]?[-]{,})[.](?:[-]|[-][-]|[-]?[-]{,}))(?![-])

IP (?:%{IPV6}|%{IPV4})

HOSTNAME \b(?:[-9A-Za-z][-9A-Za-z-]{,})(?:\.(?:[-9A-Za-z][-9A-Za-z-]{,}))*(\.?|\b)

HOST %{HOSTNAME}

IPORHOST (?:%{HOSTNAME}|%{IP})

HOSTPORT (?:%{IPORHOST=~/\./}:%{POSINT})

# paths

PATH (?:%{UNIXPATH}|%{WINPATH})

UNIXPATH (?>/(?>[\w_%!$@:.,-]+|\\.)*)+

TTY (?:/dev/(pts|tty([pq])?)(\w+)?/?(?:[-]+))

WINPATH (?>[A-Za-z]+:|\\)(?:\

^\\?*]*)+

URIPROTO [A-Za-z]+(\+[A-Za-z+]+)?

URIHOST %{IPORHOST}(?::%{POSINT:port})?

# uripath comes loosely from RFC1738, but mostly from what Firefox

# doesn’t turn into %XX

URIPATH (?:/[A-Za-z0-$.+!*'(){},~:;=@#%_\-]*)+

#URIPARAM \?(?:[A-Za-z0-]+(?:=(?:[^&]*))?(?:&(?:[A-Za-z0-]+(?:=(?:[^&]*))?)?)*)?

URIPARAM \?[A-Za-z0-$.+!*’|(){},~@#%&/=:;_?\-\[

]*

URIPATHPARAM %{URIPATH}(?:%{URIPARAM})?

URI %{URIPROTO}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST})?(?:%{URIPATHPARAM})?

# Months: January, Feb, , , , December

MONTH \b(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|Jun(?:e)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?)\b

MONTHNUM (?:?[-]|[-])

MONTHDAY (?:(?:[-])|(?:[][-])|(?:[])|[-])

# Days: Monday, Tue, Thu, etc…

DAY (?:Mon(?:day)?|Tue(?:sday)?|Wed(?:nesday)?|Thu(?:rsday)?|Fri(?:day)?|Sat(?:urday)?|Sun(?:day)?)

# Years?

YEAR (?>\d\d){,}

HOUR (?:[]|[]?[-])

MINUTE (?:[-][-])

# ’′ is a leap second in most time standards and thus is valid.

SECOND (?:(?:[-][-]|)(?:[:.,][-]+)?)

TIME (?!<[-])%{HOUR}:%{MINUTE}(?::%{SECOND})(?![-])

# datestamp is YYYY/MM/DD-HH:MM:SS.UUUU (or something like it)

DATE_US %{MONTHNUM}[/-]%{MONTHDAY}[/-]%{YEAR}

DATE_EU %{MONTHDAY}[./-]%{MONTHNUM}[./-]%{YEAR}

ISO8601_TIMEZONE (?:Z|[+-]%{HOUR}(?::?%{MINUTE}))

ISO8601_SECOND (?:%{SECOND}|)

TIMESTAMP_ISO8601 %{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND})?%{ISO8601_TIMEZONE}?

DATE %{DATE_US}|%{DATE_EU}

DATESTAMP %{DATE}[- ]%{TIME}

TZ (?:[PMCE][SD]T|UTC)

DATESTAMP_RFC822 %{DAY} %{MONTH} %{MONTHDAY} %{YEAR} %{TIME} %{TZ}

DATESTAMP_OTHER %{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{TZ} %{YEAR}

# Syslog Dates: Month Day HH:MM:SS

SYSLOGTIMESTAMP %{MONTH} +%{MONTHDAY} %{TIME}

PROG (?:[\w._/%-]+)

SYSLOGPROG %{PROG:program}(?:

)?

SYSLOGHOST %{IPORHOST}

SYSLOGFACILITY <%{NONNEGINT:facility}.%{NONNEGINT:priority}>

HTTPDATE %{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME} %{INT}

# Shortcuts

QS %{QUOTEDSTRING}

# Log formats

SYSLOGBASE %{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:

COMMONAPACHELOG %{IPORHOST:clientip} %{USER:ident} %{USER:auth}

“(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})” %{NUMBER:response} (?:%{NUMBER:bytes}|-)

COMBINEDAPACHELOG %{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}

# Log Levels

LOGLEVEL ([A-a]lert|ALERT|[T|t]race|TRACE|[D|d]ebug|DEBUG|[N|n]otice|NOTICE|[I|i]nfo|INFO|[W|w]arn?(?:ing)?|WARN?(?:ING)?|[E|e]rr?(?:or)?|ERR?(?:OR)?|[C|c]rit?(?:ical)?|CRIT?(?:ICAL)?|[F|f]atal|FATAL|[S|s]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)

Logstash自带正则表达式的更多相关文章

  1. iOS系统自带正则表达式简单运用

    //组装一个字符串,把里面的网址解析出来 NSString *urlString = @"sfdshttp://www.baidu.com"; NSError *error; // ...

  2. JavaScript实现带正则表达式的表单校验(校验成功后跳转)

    运行结果: 源代码: 1 <!DOCTYPE html> 2 <html lang="zh"> 3 <head> 4 <meta char ...

  3. Logstash使用grok过滤nginx日志(二)

    在生产环境中,nginx日志格式往往使用的是自定义的格式,我们需要把logstash中的message结构化后再存储,方便kibana的搜索和统计,因此需要对message进行解析. 本文采用grok ...

  4. logstash 配置文件语法

    需要一个配置文件 管理输入.过滤器和输出相关的配置.配置文件内容格式如下: # 输入 input { ... } # 过滤器 filter { ... } # 输出 output { ... } 先来 ...

  5. 论logstash的玩法(ELK)

    本篇文章采用的采用的是logstash-7.7.0版本,主要从如下几个方面介绍 1.logstash是什么,可以用来干啥 2.logstash的基本原理是什么 3.怎么去玩这个elk的组件logsta ...

  6. 浅尝 Elastic Stack (二) Logstash

    一.安装与启动 Logstash 依赖 Java 8 或者 Java 11,需要先安装 JDK 1.1 下载 curl -L -O https://artifacts.elastic.co/downl ...

  7. ELK技术栈之-Logstash详解

    ELK技术栈之-Logstash详解   前言 在第九章节中,我们已经安装好Logstash组件了,并且启动实例测试它的数据输入和输出,但是用的是最简单的控制台标准输入和标准输出,那这节我们就来深入的 ...

  8. 快速掌握grep命令及正则表达式

    Linux系统自带了支持拓展正则表达式的 GNU 版本 grep 工具,所有的Linux发行版中均默认安装grep ,grep 命令被用来检索一台服务器或工作站上任何位置的文本信息,如何在 Linux ...

  9. iOS之正则表达式的使用

    一.什么是正则表达式 正则表达式,又称正规表示法,是对字符串操作的一种逻辑公式.正则表达式可以检测给定的字符串是否符合我们定义的逻辑,也可以从字符串中获取我们想要的特定部分.它可以迅速地用极简单的方式 ...

随机推荐

  1. linux echo命令

    该篇文章转载于:http://www.cnblogs.com/ZhangShuo/articles/1829589.html linux的echo命令, 在shell编程中极为常用, 在终端下打印变量 ...

  2. make screenshot at Eclipse

    In Eclipse, from the Window menu, select Open Perspective > Other... > DDMS. Select the Kindle ...

  3. WebGL 浏览器函数

    1.requestAnimationFrame(func) 请求浏览器在将来某时刻回调函数func以完成重绘.requestAnimationFrame()成功的一个关键是确定你在执行其他用户diam ...

  4. 防止dedecms注入文件挂马的解决方法

    1.目录权限我们不建议用户把栏目目录设置在根目录,原因是这样进行安全设置会十分的麻烦,在默认的情况下,安装完成后,目录设置如下:(1) data.templets.uploads.a或5.3的html ...

  5. event.keyCode与event.which

        //Netscape/Firefox/Opera中不支持 window.event.keyCode,需要用event.which代替//IE用event.keCode方法获取当前被按下的键盘按 ...

  6. git链接github仓库

    配置Git 我们先在电脑硬盘里找一块地方存放本地仓库,比如我们把本地仓库建立在C:\MyRepository\1ke_test文件夹下 进入1ke_test文件夹 鼠标右键操作如下步骤: 1)在本地仓 ...

  7. pycharm使用docker镜像的python解释器,pycahrm可视化操作和管理dcoker

    网上关于pycahrm怎么使用docker容器的python解释器的科普,这方面太少,一半都只介绍pycahrm怎么使用linux的解释器.首先pycahrm确保是pro版本. 下面详细的介绍步骤 首 ...

  8. POJ 1459 &amp;&amp; ZOJ 1734--Power Network【最大流dinic】

    Power Network Time Limit: 2000MS   Memory Limit: 32768K Total Submissions: 25108   Accepted: 13077 D ...

  9. IOS指纹识别调用

    最近正在开发的一个app需要加入指纹识别的功能,先搜索一下找到官方文档,简单易懂: https://developer.apple.com/library/ios/documentation/Loca ...

  10. WAF Bypass数据库特性(Access探索篇)

    0x01 背景 无聊,测试了一下access特性 0x02 测试 常见有5个位置即:select * from admin where id=1[位置一]union[位置二]select[位置三]1, ...