Patterns documentation
You will find here a generated documentation of all the patterns loaded by crowdsec.
They are sorted by pattern length, and are meant to be used in parsers, in the form %{PATTERN_NAME}
.
MONGO3_SEVERITY
Pattern :
\w
GREEDYDATA
Pattern :
.*
RAIL_ACTION
Pattern :
\w+
NOTSPACE
Pattern :
\S+
SPACE
Pattern :
\s*
DATA
Pattern :
.*?
JAVALOGMESSAGE
Pattern :
(.*)
NOTDQUOTE
Pattern :
[^"]*
DAY2
Pattern :
\d{2}
RAILS_CONSTROLLER
Pattern :
[^#]+
RUUID
Pattern :
\s{32}
SYSLOG5424PRINTASCII
Pattern :
[!-~]+
BACULA_JOB
Pattern :
%{USER}
BACULA_VERSION
Pattern :
%{USER}
CRON_ACTION
Pattern :
[A-Z ]+
BACULA_DEVICE
Pattern :
%{USER}
WORD
Pattern :
\b\w+\b
BACULA_VOLUME
Pattern :
%{USER}
TZ
Pattern :
[A-Z]{3}
MONGO3_COMPONENT
Pattern :
%{WORD}|-
NUMTZ
Pattern :
[+-]\d{4}
MINUTE
Pattern :
[0-5][0-9]
NAGIOS_TYPE_HOST_ALERT
Pattern :
HOST ALERT
NONNEGINT
Pattern :
\b[0-9]+\b
MONGO_WORDDASH
Pattern :
\b[\w-]+\b
USER
Pattern :
%{USERNAME}
BACULA_DEVICEPATH
Pattern :
%{UNIXPATH}
REDISLOG1
Pattern :
%{REDISLOG}
SYSLOGHOST
Pattern :
%{IPORHOST}
SYSLOG5424SD
Pattern :
\[%{DATA}\]+
NUMBER
Pattern :
%{BASE10NUM}
ISO8601_SECOND
Pattern :
%{SECOND}|60
MONTHNUM2
Pattern :
0[1-9]|1[0-2]
NGUSER
Pattern :
%{NGUSERNAME}
EXIM_PID
Pattern :
\[%{POSINT}\]
YEAR
Pattern :
(?:\d\d){1,2}
BACULA_HOST
Pattern :
[a-zA-Z0-9-]+
NAGIOS_TYPE_SERVICE_ALERT
Pattern :
SERVICE ALERT
MONTHNUM
Pattern :
0?[1-9]|1[0-2]
CISCO_XLATE_TYPE
Pattern :
static|dynamic
RAILS_CONTEXT
Pattern :
(?:%{DATA}\n)*
BACULA_LOG_ENDPRUNE
Pattern :
End auto prune.
USERNAME
Pattern :
[a-zA-Z0-9._-]+
POSINT
Pattern :
\b[1-9][0-9]*\b
QS
Pattern :
%{QUOTEDSTRING}
MODSECRULEVERS
Pattern :
\[ver "[^"]+"\]
INT
Pattern :
[+-]?(?:[0-9]+)
IP
Pattern :
%{IPV6}|%{IPV4}
NAGIOS_EC_ENABLE_SVC_CHECK
Pattern :
ENABLE_SVC_CHECK
NAGIOS_TYPE_EXTERNAL_COMMAND
Pattern :
EXTERNAL COMMAND
NAGIOS_EC_ENABLE_HOST_CHECK
Pattern :
ENABLE_HOST_CHECK
NAGIOS_TYPE_HOST_NOTIFICATION
Pattern :
HOST NOTIFICATION
NAGIOS_EC_DISABLE_SVC_CHECK
Pattern :
DISABLE_SVC_CHECK
IPORHOST
Pattern :
%{IP}|%{HOSTNAME}
DATESTAMP
Pattern :
%{DATE}[- ]%{TIME}
NAGIOS_EC_DISABLE_HOST_CHECK
Pattern :
DISABLE_HOST_CHECK
NAGIOS_TYPE_HOST_EVENT_HANDLER
Pattern :
HOST EVENT HANDLER
NAGIOS_TYPE_CURRENT_HOST_STATE
Pattern :
CURRENT HOST STATE
NAGIOS_TYPE_PASSIVE_HOST_CHECK
Pattern :
PASSIVE HOST CHECK
HOUR
Pattern :
2[0123]|[01]?[0-9]
NAGIOS_TYPE_HOST_FLAPPING_ALERT
Pattern :
HOST FLAPPING ALERT
NGUSERNAME
Pattern :
[a-zA-Z\.\@\-\+_%]+
NAGIOS_TYPE_HOST_DOWNTIME_ALERT
Pattern :
HOST DOWNTIME ALERT
BACULA_LOG_BEGIN_PRUNE_FILES
Pattern :
Begin pruning Files.
NAGIOS_TYPE_SERVICE_NOTIFICATION
Pattern :
SERVICE NOTIFICATION
JAVAFILE
Pattern :
(?:[A-Za-z0-9_. -]+)
HOSTPORT
Pattern :
%{IPORHOST}:%{POSINT}
NAGIOS_TYPE_CURRENT_SERVICE_STATE
Pattern :
CURRENT SERVICE STATE
NAGIOS_TYPE_PASSIVE_SERVICE_CHECK
Pattern :
PASSIVE SERVICE CHECK
NAGIOS_TYPE_SERVICE_EVENT_HANDLER
Pattern :
SERVICE EVENT HANDLER
NAGIOS_TYPE_TIMEPERIOD_TRANSITION
Pattern :
TIMEPERIOD TRANSITION
EXIM_FLAGS
Pattern :
(<=|[-=>*]>|[*]{2}|==)
NAGIOS_TYPE_SERVICE_DOWNTIME_ALERT
Pattern :
SERVICE DOWNTIME ALERT
SSHD_CORRUPT_MAC
Pattern :
Corrupted MAC on input