On Ubuntu I can print a list of addresses in a specific range (given a base address) like the following:
seq -s " " -f "1.1.1.%g" 1 255
How can I achieve the same task on Alpine? seq provided by BusyBox is very limited in comparison and doesn't give me a format option.
I've found a more straight forward solution using bash inside alpine:
apk add bash
echo 1.1.1.{1..255}
If you have Python 3, you can generate the addresses in a network with the ipaddress module which may actually be better for your needs because it fully understands the masking (for example here it does not include .255 because it's the broadcast address)
You can also change the separator from " " to "\n" if you want them on each line or something else
% python3 -c 'import ipaddress;print(" ".join(str(x) for x in ipaddress.ip_network("1.1.1.0/24").hosts()))'
1.1.1.1 1.1.1.2 1.1.1.3 1.1.1.4 1.1.1.5 1.1.1.6 1.1.1.7 1.1.1.8 1.1.1.9 1.1.1.10 1.1.1.11 1.1.1.12 1.1.1.13 1.1.1.14 1.1.1.15 1.1.1.16 1.1.1.17 1.1.1.18 1.1.1.19 1.1.1.20 1.1.1.21 1.1.1.22 1.1.1.23 1.1.1.24 1.1.1.25 1.1.1.26 1.1.1.27 1.1.1.28 1.1.1.29 1.1.1.30 1.1.1.31 1.1.1.32 1.1.1.33 1.1.1.34 1.1.1.35 1.1.1.36 1.1.1.37 1.1.1.38 1.1.1.39 1.1.1.40 1.1.1.41 1.1.1.42 1.1.1.43 1.1.1.44 1.1.1.45 1.1.1.46 1.1.1.47 1.1.1.48 1.1.1.49 1.1.1.50 1.1.1.51 1.1.1.52 1.1.1.53 1.1.1.54 1.1.1.55 1.1.1.56 1.1.1.57 1.1.1.58 1.1.1.59 1.1.1.60 1.1.1.61 1.1.1.62 1.1.1.63 1.1.1.64 1.1.1.65 1.1.1.66 1.1.1.67 1.1.1.68 1.1.1.69 1.1.1.70 1.1.1.71 1.1.1.72 1.1.1.73 1.1.1.74 1.1.1.75 1.1.1.76 1.1.1.77 1.1.1.78 1.1.1.79 1.1.1.80 1.1.1.81 1.1.1.82 1.1.1.83 1.1.1.84 1.1.1.85 1.1.1.86 1.1.1.87 1.1.1.88 1.1.1.89 1.1.1.90 1.1.1.91 1.1.1.92 1.1.1.93 1.1.1.94 1.1.1.95 1.1.1.96 1.1.1.97 1.1.1.98 1.1.1.99 1.1.1.100 1.1.1.101 1.1.1.102 1.1.1.103 1.1.1.104 1.1.1.105 1.1.1.106 1.1.1.107 1.1.1.108 1.1.1.109 1.1.1.110 1.1.1.111 1.1.1.112 1.1.1.113 1.1.1.114 1.1.1.115 1.1.1.116 1.1.1.117 1.1.1.118 1.1.1.119 1.1.1.120 1.1.1.121 1.1.1.122 1.1.1.123 1.1.1.124 1.1.1.125 1.1.1.126 1.1.1.127 1.1.1.128 1.1.1.129 1.1.1.130 1.1.1.131 1.1.1.132 1.1.1.133 1.1.1.134 1.1.1.135 1.1.1.136 1.1.1.137 1.1.1.138 1.1.1.139 1.1.1.140 1.1.1.141 1.1.1.142 1.1.1.143 1.1.1.144 1.1.1.145 1.1.1.146 1.1.1.147 1.1.1.148 1.1.1.149 1.1.1.150 1.1.1.151 1.1.1.152 1.1.1.153 1.1.1.154 1.1.1.155 1.1.1.156 1.1.1.157 1.1.1.158 1.1.1.159 1.1.1.160 1.1.1.161 1.1.1.162 1.1.1.163 1.1.1.164 1.1.1.165 1.1.1.166 1.1.1.167 1.1.1.168 1.1.1.169 1.1.1.170 1.1.1.171 1.1.1.172 1.1.1.173 1.1.1.174 1.1.1.175 1.1.1.176 1.1.1.177 1.1.1.178 1.1.1.179 1.1.1.180 1.1.1.181 1.1.1.182 1.1.1.183 1.1.1.184 1.1.1.185 1.1.1.186 1.1.1.187 1.1.1.188 1.1.1.189 1.1.1.190 1.1.1.191 1.1.1.192 1.1.1.193 1.1.1.194 1.1.1.195 1.1.1.196 1.1.1.197 1.1.1.198 1.1.1.199 1.1.1.200 1.1.1.201 1.1.1.202 1.1.1.203 1.1.1.204 1.1.1.205 1.1.1.206 1.1.1.207 1.1.1.208 1.1.1.209 1.1.1.210 1.1.1.211 1.1.1.212 1.1.1.213 1.1.1.214 1.1.1.215 1.1.1.216 1.1.1.217 1.1.1.218 1.1.1.219 1.1.1.220 1.1.1.221 1.1.1.222 1.1.1.223 1.1.1.224 1.1.1.225 1.1.1.226 1.1.1.227 1.1.1.228 1.1.1.229 1.1.1.230 1.1.1.231 1.1.1.232 1.1.1.233 1.1.1.234 1.1.1.235 1.1.1.236 1.1.1.237 1.1.1.238 1.1.1.239 1.1.1.240 1.1.1.241 1.1.1.242 1.1.1.243 1.1.1.244 1.1.1.245 1.1.1.246 1.1.1.247 1.1.1.248 1.1.1.249 1.1.1.250 1.1.1.251 1.1.1.252 1.1.1.253 1.1.1.254
Related
I have an app that parses multiple Cisco show tech files. These files contain the output of multiple router commands in a structured way, let me show you an snippet of a show tech output:
`show clock`
20:20:50.771 UTC Wed Sep 07 2022
Time source is NTP
`show callhome`
callhome disabled
Callhome Information:
<SNIPET>
`show module`
Mod Ports Module-Type Model Status
--- ----- ------------------------------------- --------------------- ---------
1 52 16x10G + 32x10/25G + 4x100G Module N9K-X96136YC-R ok
2 52 16x10G + 32x10/25G + 4x100G Module N9K-X96136YC-R ok
3 52 16x10G + 32x10/25G + 4x100G Module N9K-X96136YC-R ok
4 52 16x10G + 32x10/25G + 4x100G Module N9K-X96136YC-R ok
21 0 Fabric Module N9K-C9504-FM-R ok
22 0 Fabric Module N9K-C9504-FM-R ok
23 0 Fabric Module N9K-C9504-FM-R ok
<SNIPET>
My app currently uses both SED and Python scripts to parse these files. I use SED to parse the show tech file looking for a specific command output, once I find it, I stop SED. This way I don't need to read all the file (these can get to be very big files). This is a snipet of my SED script:
sed -E -n '/`show running-config`|`show running`|`show running config`/{
p
:loop
n
p
/`show/q
b loop
}' $1/$file
As you can see I am using a multi address range in SED. My question specifically is, how can I achieve something similar in python? I have tried multiple combinations of flags: DOTALL and MULTILINE but I can't get the result I'm expecting, for example, I can get a match for the command I'm looking for, but python regex wont stop until the end of the file after the first match.
I am looking for something like this
sed -n '/`show clock`/,/`show/p'
I would like the regex match to stop parsing the file and print the results, immediately after seeing `show again , hope that makes sense and thank you all for reading me and for your help
You can use nested loops.
import re
def process_file(filename):
with open(filename) as f:
for line in f:
if re.search(r'`show running-config`|`show running`|`show running config`', line):
print(line)
for line1 in f:
print(line1)
if re.search(r'`show', line1):
return
The inner for loop will start from the next line after the one processed by the outer loop.
You can also do it with a single loop using a flag variable.
import re
def process_file(filename):
in_show = False
with open(filename) as f:
for line in f:
if re.search(r'`show running-config`|`show running`|`show running config`', line):
in_show = True
if in_show
print(line)
if re.search(r'`show', line1):
return
I generated a text file with pseudo-random numbers like this:
-853340442 1130519212 -2070936922
-707168664 -2076185735 -2135012102
166464098 1928545126 5768715
1060168276 -684694617 395859713
-680897578 -2095893176 1457930442
299309402 192205833 1878010157
-678911642 2062673581 -1801057195
795693402 -631504846 2117889796
448959250 547707556 -1115929024
168558507 7468411 1600190097
-746131117 1557335455 73377787
-1144524558 2143073647 -2044347857
1862106004 -193937480 1596949168
-1193502513 -920620244 -365340967
-677065994 500654963 1031304603
Now I try to put it in order using linux sort command:
sort prng >prngsorted
The result is not what I expected:
1060168276 -684694617 395859713
-1144524558 2143073647 -2044347857
-1193502513 -920620244 -365340967
166464098 1928545126 5768715
168558507 7468411 1600190097
1862106004 -193937480 1596949168
299309402 192205833 1878010157
448959250 547707556 -1115929024
-677065994 500654963 1031304603
-678911642 2062673581 -1801057195
-680897578 -2095893176 1457930442
-707168664 -2076185735 -2135012102
-746131117 1557335455 73377787
795693402 -631504846 2117889796
-853340442 1130519212 -2070936922
Obviously, sort tries to parse strings and extract numbers for sorting. And it seems to ignore minus signs.
Is it possible to force sort to be a bit dumber and just compare lines lexicographically? The result should be like this:
-1144524558 2143073647 -2044347857
-1193502513 -920620244 -365340967
-677065994 500654963 1031304603
-678911642 2062673581 -1801057195
-680897578 -2095893176 1457930442
-707168664 -2076185735 -2135012102
-746131117 1557335455 73377787
-853340442 1130519212 -2070936922
1060168276 -684694617 395859713
166464098 1928545126 5768715
168558507 7468411 1600190097
1862106004 -193937480 1596949168
299309402 192205833 1878010157
448959250 547707556 -1115929024
795693402 -631504846 2117889796
Note: I tried -d option but it did not help
Note 2: Probably I should use another utility instead of sort?
The sort command takes account of your locale settings. Many of the locales ignore dashes for collation.
You can get appropriate sorting with
LC_COLLATE=C sort filename
custom sort with the help of awk
$ awk '{print ($1<0?"-":"+") "\t" $0}' file | sort -k1,1 -k2 | cut -f2-
-1144524558 2143073647 -2044347857
-1193502513 -920620244 -365340967
-677065994 500654963 1031304603
-678911642 2062673581 -1801057195
-680897578 -2095893176 1457930442
-707168664 -2076185735 -2135012102
-746131117 1557335455 73377787
-853340442 1130519212 -2070936922
1060168276 -684694617 395859713
166464098 1928545126 5768715
168558507 7468411 1600190097
1862106004 -193937480 1596949168
299309402 192205833 1878010157
448959250 547707556 -1115929024
795693402 -631504846 2117889796
sort by sign only first, then regular sort and remove sign afterwards...
When I type "lshosts" I am given:
HOST_NAME type model cpuf ncpus maxmem maxswp server RESOURCES
server1 X86_64 Intel_EM 60.0 12 191.9G 159.7G Yes ()
server2 X86_64 Intel_EM 60.0 12 191.9G 191.2G Yes ()
server3 X86_64 Intel_EM 60.0 12 191.9G 191.2G Yes ()
I am trying to return maxmem and maxswp as megabytes, not gigabytes when lshosts is called. I am trying to send Xilinx ISE jobs to my LSF, however the software expects integer, megabyte values for maxmem and maxswp. By doing debugging, it appears that the software grabs these parameters using the lshosts command.
I have already checked in my lsf.conf file that:
LSF_UNIT_FOR_LIMTS=MB
I have tried searching the IBM Knowledge Base, but to no avail.
Do you use a specific command to specify maxmem and maxswp units within the lsf.conf, lsf.shared, or other config files?
Or does LSF force return the most practical unit?
Any way to override this?
LSF_UNIT_FOR_LIMITS should work, if you completely drained the cluster of all running, pending, and finished jobs. According to the docs, MB is the default, so I'm surprised.
That said, you can use something like this to transform the results:
$ cat to_mb.awk
function to_mb(s) {
e = index("KMG", substr(s, length(s)))
m = substr(s, 0, length(s) - 1)
return m * 10^((e-2) * 3)
}
{ print $1 " " to_mb($6) " " to_mb($7) }
$ lshosts | tail -n +2 | awk -f to_mb.awk
server1 191900 159700
server2 191900 191200
server3 191900 191200
The to_mb function should also handle 'K' or 'M' units, should those pop up.
If LSF_UNIT_FOR_LIMITS is defined in lsf.conf, lshosts will always print the output as a floating point number, and in some versions of LSF the parameter is defined as 'KB' in lsf.conf upon installation.
Try searching for any definitions of the parameter in lsf.conf and commenting them all out so that the parameter is left undefined, I think in that case it defaults to printing it out as an integer in megabytes.
(Don't ask me why it works this way)
Greeting!
I have some file in pair taken from two nodes in network, and file has records about TCP segment send/receive time, IP id number, segment type,seq number and so on.
For same TCP flow, it looks like this on sender side:
1420862364.778332 50369 seq 17400:18848
1420862364.780798 50370 seq 18848:20296
1420862364.780810 50371 seq 20296:21744
....
or on receiver side(1 second delay, segment with IP id 50371 lost)
1420862364.778332 50369 seq 17400:18848
1420862364.780798 50370 seq 18848:20296
....
I want to compare IP identification number in two file and output to new one like this:
1420862364.778332 1420862365.778332 50369 seq 17400:18848 o
1420862364.780798 1420862365.780798 50370 seq 18848:20296 o
1420862364.780810 1420862365.780810 50371 seq 20296:21744 x
which has time of arrive on receiver side, and by comparing id field, when same value is not found in receiver sid(packet loss), an x will be added, otherwise o will be there.
I already have code like this,
awk 'ARGIND==1 {w[$2]=$1}
ARGIND==2 {
flag=0;
for(a in w)
if($2==a) {
flag=1;
print $1,w[a],$2,$3,$4;
break;
}
if(!flag)
print $1,"x",$2,$3,$4;
}' file2 file1 >file3
but it doesn't work in Linux, it stops right after I pressed Enter, and leave only empty file.
Shell script contains these code has been through chomd +x.
Please help. My code is not well organized, any new one liner will be appreciated.
Thank you for your time.
ARGIND is gawk-specific btw so check your awk version. – Ed Morton
The syntax for a grok pattern is %{SYNTAX:SEMANTIC}. How do i generate a list of all available SYNTAX keywords ? I know that I can use the grok debugger to discover patterns from text. But is there a list which i can scan through?
They are in GIT and included somewhere in the distribution. But it's probably just easiest to view it online:
https://github.com/elasticsearch/logstash/blob/v1.4.0/patterns/grok-patterns
The grok patterns files are now in the logstash-patterns-core repository.
Assuming you have a clone of it in the logstash-patterns-core directory on your filesystem, you can issue a command like this one to list all SYNTAX keywords:
$ find ./logstash-patterns-core/patterns -type f -exec awk '{print $1}' {} \; | grep "^[^#\ ]" | sort
As of commit 6655856, the output of the command (aka the list of SYNTAX keywords) looks like this (remember though that this list is not static):
BACULA_CAPACITY
BACULA_DEVICE
BACULA_DEVICEPATH
BACULA_HOST
BACULA_JOB
BACULA_LOG_ALL_RECORDS_PRUNED
BACULA_LOG_BEGIN_PRUNE_FILES
BACULA_LOG_BEGIN_PRUNE_JOBS
BACULA_LOG_CANCELLING
BACULA_LOG_CLIENT_RBJ
BACULA_LOG_DIFF_FS
BACULA_LOG_DUPLICATE
BACULA_LOG_ENDPRUNE
BACULA_LOG_END_VOLUME
BACULA_LOG_FATAL_CONN
BACULA_LOG_JOB
BACULA_LOG_JOBEND
BACULA_LOGLINE
BACULA_LOG_MARKCANCEL
BACULA_LOG_MAX_CAPACITY
BACULA_LOG_MAXSTART
BACULA_LOG_NEW_LABEL
BACULA_LOG_NEW_MOUNT
BACULA_LOG_NEW_VOLUME
BACULA_LOG_NO_AUTH
BACULA_LOG_NO_CONNECT
BACULA_LOG_NOJOBS
BACULA_LOG_NOJOBSTAT
BACULA_LOG_NOOPEN
BACULA_LOG_NOOPENDIR
BACULA_LOG_NOPRIOR
BACULA_LOG_NOPRUNE_FILES
BACULA_LOG_NOPRUNE_JOBS
BACULA_LOG_NOSTAT
BACULA_LOG_NOSUIT
BACULA_LOG_PRUNED_FILES
BACULA_LOG_PRUNED_JOBS
BACULA_LOG_READYAPPEND
BACULA_LOG_STARTJOB
BACULA_LOG_STARTRESTORE
BACULA_LOG_USEDEVICE
BACULA_LOG_VOLUME_PREVWRITTEN
BACULA_LOG_VSS
BACULA_LOG_WROTE_LABEL
BACULA_TIMESTAMP
BACULA_VERSION
BACULA_VOLUME
BASE10NUM
BASE16FLOAT
BASE16NUM
BIND9
BIND9_TIMESTAMP
BRO_CONN
BRO_DNS
BRO_FILES
BRO_HTTP
CATALINA_DATESTAMP
CATALINALOG
CISCO_ACTION
CISCO_DIRECTION
CISCOFW104001
CISCOFW104002
CISCOFW104003
CISCOFW104004
CISCOFW105003
CISCOFW105004
CISCOFW105005
CISCOFW105008
CISCOFW105009
CISCOFW106001
CISCOFW106006_106007_106010
CISCOFW106014
CISCOFW106015
CISCOFW106021
CISCOFW106023
CISCOFW106100
CISCOFW106100_2_3
CISCOFW110002
CISCOFW302010
CISCOFW302013_302014_302015_302016
CISCOFW302020_302021
CISCOFW304001
CISCOFW305011
CISCOFW313001_313004_313008
CISCOFW313005
CISCOFW321001
CISCOFW402117
CISCOFW402119
CISCOFW419001
CISCOFW419002
CISCOFW500004
CISCOFW602303_602304
CISCOFW710001_710002_710003_710005_710006
CISCOFW713172
CISCOFW733100
CISCO_INTERVAL
CISCOMAC
CISCO_REASON
CISCOTAG
CISCO_TAGGED_SYSLOG
CISCOTIMESTAMP
CISCO_XLATE_TYPE
CLOUDFRONT_ACCESS_LOG
COMBINEDAPACHELOG
COMMONAPACHELOG
COMMONMAC
CRON_ACTION
CRONLOG
DATA
DATE
DATE_EU
DATESTAMP
DATESTAMP_EVENTLOG
DATESTAMP_OTHER
DATESTAMP_RFC2822
DATESTAMP_RFC822
DATE_US
DAY
ELB_ACCESS_LOG
ELB_REQUEST_LINE
ELB_URI
ELB_URIPATHPARAM
EMAILADDRESS
EMAILLOCALPART
EXIM_DATE
EXIM_EXCLUDE_TERMS
EXIM_FLAGS
EXIM_HEADER_ID
EXIM_INTERFACE
EXIM_MSGID
EXIM_MSG_SIZE
EXIM_PID
EXIM_PROTOCOL
EXIM_QT
EXIM_REMOTE_HOST
EXIM_SUBJECT
GREEDYDATA
HAPROXYCAPTUREDREQUESTHEADERS
HAPROXYCAPTUREDRESPONSEHEADERS
HAPROXYDATE
HAPROXYHTTP
HAPROXYHTTPBASE
HAPROXYTCP
HAPROXYTIME
HOSTNAME
HOSTPORT
HOUR
HTTPD20_ERRORLOG
HTTPD24_ERRORLOG
HTTPDATE
HTTPD_COMBINEDLOG
HTTPD_COMMONLOG
HTTPDERROR_DATE
HTTPD_ERRORLOG
HTTPDUSER
INT
IP
IPORHOST
IPV4
IPV6
ISO8601_SECOND
ISO8601_TIMEZONE
JAVACLASS
JAVACLASS
JAVAFILE
JAVAFILE
JAVALOGMESSAGE
JAVAMETHOD
JAVASTACKTRACEPART
JAVATHREAD
LOGLEVEL
MAC
MAVEN_VERSION
MCOLLECTIVE
MCOLLECTIVEAUDIT
MCOLLECTIVEAUDIT
MINUTE
MONGO3_COMPONENT
MONGO3_LOG
MONGO3_SEVERITY
MONGO_LOG
MONGO_QUERY
MONGO_SLOWQUERY
MONGO_WORDDASH
MONTH
MONTHDAY
MONTHNUM
MONTHNUM2
NAGIOS_CURRENT_HOST_STATE
NAGIOS_CURRENT_SERVICE_STATE
NAGIOS_EC_DISABLE_HOST_CHECK
NAGIOS_EC_DISABLE_HOST_NOTIFICATIONS
NAGIOS_EC_DISABLE_HOST_SVC_NOTIFICATIONS
NAGIOS_EC_DISABLE_SVC_CHECK
NAGIOS_EC_DISABLE_SVC_NOTIFICATIONS
NAGIOS_EC_ENABLE_HOST_CHECK
NAGIOS_EC_ENABLE_HOST_NOTIFICATIONS
NAGIOS_EC_ENABLE_HOST_SVC_NOTIFICATIONS
NAGIOS_EC_ENABLE_SVC_CHECK
NAGIOS_EC_ENABLE_SVC_NOTIFICATIONS
NAGIOS_EC_LINE_DISABLE_HOST_CHECK
NAGIOS_EC_LINE_DISABLE_HOST_NOTIFICATIONS
NAGIOS_EC_LINE_DISABLE_HOST_SVC_NOTIFICATIONS
NAGIOS_EC_LINE_DISABLE_SVC_CHECK
NAGIOS_EC_LINE_DISABLE_SVC_NOTIFICATIONS
NAGIOS_EC_LINE_ENABLE_HOST_CHECK
NAGIOS_EC_LINE_ENABLE_HOST_NOTIFICATIONS
NAGIOS_EC_LINE_ENABLE_HOST_SVC_NOTIFICATIONS
NAGIOS_EC_LINE_ENABLE_SVC_CHECK
NAGIOS_EC_LINE_ENABLE_SVC_NOTIFICATIONS
NAGIOS_EC_LINE_PROCESS_HOST_CHECK_RESULT
NAGIOS_EC_LINE_PROCESS_SERVICE_CHECK_RESULT
NAGIOS_EC_LINE_SCHEDULE_HOST_DOWNTIME
NAGIOS_EC_PROCESS_HOST_CHECK_RESULT
NAGIOS_EC_PROCESS_SERVICE_CHECK_RESULT
NAGIOS_EC_SCHEDULE_HOST_DOWNTIME
NAGIOS_EC_SCHEDULE_SERVICE_DOWNTIME
NAGIOS_HOST_ALERT
NAGIOS_HOST_DOWNTIME_ALERT
NAGIOS_HOST_EVENT_HANDLER
NAGIOS_HOST_FLAPPING_ALERT
NAGIOS_HOST_NOTIFICATION
NAGIOSLOGLINE
NAGIOS_PASSIVE_HOST_CHECK
NAGIOS_PASSIVE_SERVICE_CHECK
NAGIOS_SERVICE_ALERT
NAGIOS_SERVICE_DOWNTIME_ALERT
NAGIOS_SERVICE_EVENT_HANDLER
NAGIOS_SERVICE_FLAPPING_ALERT
NAGIOS_SERVICE_NOTIFICATION
NAGIOSTIME
NAGIOS_TIMEPERIOD_TRANSITION
NAGIOS_TYPE_CURRENT_HOST_STATE
NAGIOS_TYPE_CURRENT_SERVICE_STATE
NAGIOS_TYPE_EXTERNAL_COMMAND
NAGIOS_TYPE_HOST_ALERT
NAGIOS_TYPE_HOST_DOWNTIME_ALERT
NAGIOS_TYPE_HOST_EVENT_HANDLER
NAGIOS_TYPE_HOST_FLAPPING_ALERT
NAGIOS_TYPE_HOST_NOTIFICATION
NAGIOS_TYPE_PASSIVE_HOST_CHECK
NAGIOS_TYPE_PASSIVE_SERVICE_CHECK
NAGIOS_TYPE_SERVICE_ALERT
NAGIOS_TYPE_SERVICE_DOWNTIME_ALERT
NAGIOS_TYPE_SERVICE_EVENT_HANDLER
NAGIOS_TYPE_SERVICE_FLAPPING_ALERT
NAGIOS_TYPE_SERVICE_NOTIFICATION
NAGIOS_TYPE_TIMEPERIOD_TRANSITION
NAGIOS_WARNING
NETSCREENSESSIONLOG
NONNEGINT
NOTSPACE
NUMBER
PATH
POSINT
POSTGRESQL
PROG
QS
QUOTEDSTRING
RAILS3
RAILS3FOOT
RAILS3HEAD
RAILS3PROFILE
RCONTROLLER
REDISLOG
REDISMONLOG
REDISTIMESTAMP
RPROCESSING
RT_FLOW1
RT_FLOW2
RT_FLOW3
RT_FLOW_EVENT
RUBY_LOGGER
RUBY_LOGLEVEL
RUUID
S3_ACCESS_LOG
S3_REQUEST_LINE
SECOND
SFW2
SHOREWALL
SPACE
SQUID3
SYSLOG5424BASE
SYSLOG5424LINE
SYSLOG5424PRI
SYSLOG5424PRINTASCII
SYSLOG5424SD
SYSLOGBASE
SYSLOGBASE2
SYSLOGFACILITY
SYSLOGHOST
SYSLOGLINE
SYSLOGPAMSESSION
SYSLOGPROG
SYSLOGTIMESTAMP
TIME
TIMESTAMP_ISO8601
TOMCAT_DATESTAMP
TOMCATLOG
TTY
TZ
UNIXPATH
URI
URIHOST
URIPARAM
URIPATH
URIPATHPARAM
URIPROTO
URN
USER
USERNAME
UUID
WINDOWSMAC
WINPATH
WORD
YEAR
If you have installed Logstash as a package, they can be found at /opt/logstash/patterns/grok-patterns.
You can view using these commands:
# find / -name patterns
/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.5/patterns
/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.5/lib/logstash/patterns
Just browse to the directory
# cd /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-2.0.5/patterns
And here you have a whole list of patterns
aws exim haproxy
linux-syslog mongodb rails
bacula firewalls java mcollective nagios redis
bro grok-patterns junos mcollective-patterns postgresql ruby