Skip to content

Unix

Description

Constructor : N/A

Product : Operating system

Log type(s) : sys

Log sample

1
<86>Jun  7 16:17:01 front-blurck CRON[8216]: pam_unix(cron:session): session opened for user root by (uid=0)
1
<30>Jun  7 16:32:15 front-blurck dhclient: bound to 10.0.16.4 -- renewal in 37060 seconds.
1
<6>Jun  7 16:51:31 back-blurck kernel: [683434.666399] br-d9af8c40fdc1: port 4(veth8ff0fa7) entered forwarding state
1
stats: received=0, sent=0, dropped=0, active_time=82491 secs peers refreshed
1
pam_unix(sshd:session): session opened for user ansible by (uid=0)
1
authentication failure; logname= uid=1000 euid=0 tty=/dev/pts/2 ruser=a0003449 rhost=  user=a0003449

Fields normalization

Mandatory :

Normalized fields Parsed fields
[init][usr][name] [user]
[init][usr][name] [kv][user]
[init][usr][name] [init_user]
[init][usr][id] [init_user_id]
[init][usr][domain] [domain]
[init][host][name] [hostname]
[init][host][name] [kv][ruser]
[init][host][if] [eth_interface_in]
[init][host][ip] [src_ip]
[init][host][ip] [kv][rhost]
[init][host][port] [src_port]
[init][host][mac] [mac]
[target][usr][domain] [target_domain]
[target][host][ip] [target_ip]
[target][host][if] [eth_interface_out]
[target][host][port] [target_port]
[target][host][name] [target_hostname]
[target][usr][name] [kv][logname]
[target][usr][name] [target_user]
[target][usr][id] [target_user_id]
[target][uri][full] [target_url]
[target][proc][name] [target_prog]
[session][cipher] [cipher]
[app][proto][name] [proto]
[init][process][id] [pid]
[init][process][name] [program]
[init][process][status] [facility]
[alarm][name] [alarm]
[alarm][name] [kv][type]
[action] [action]
[unix][dns][cat] [cat]
[unix][dns][memory_adress] [memory_adress]
[unix][repeat_count] [repeat]
[unix][iptable][res] [res]
[unix][iptable][len] [len]
[unix][iptable][len2] [len2]
[unix][iptable][tos] [tos]
[unix][iptable][id] [id]
[unix][iptable][window] [window]
[unix][ssh][auth_method] [auth][method]