From 0ffce989bea70120f89b02c983c843a0d877f047 Mon Sep 17 00:00:00 2001 From: Christoph Wempe Date: Tue, 7 Nov 2023 22:34:18 +0100 Subject: [PATCH 1/4] Add color scheme cisco_ios --- multitail.conf | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/multitail.conf b/multitail.conf index 3c91f55..0e2105b 100644 --- a/multitail.conf +++ b/multitail.conf @@ -1102,6 +1102,42 @@ cs_re_s:magenta:\:("\w*") cs_re_s:magenta:\:(\w*) cs_re_s:magenta:\:(".*") +# Cisco IOS and IOS-XE +colorscheme:cisco_ios +# IP address and port +cs_re:yellow,,bold:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} +cs_re_s:yellow:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\(([0-9]*?)\) +cs_re_s:yellow:localport\: ([0-9]*?) +# interfaces +cs_re:magenta:\s(\w?+Ethernet|GigE|Fa|Gi|Te|Twe|Fo|Fi|Hu|TH) +cs_re_s:magenta,,bold:(Ethernet|GigE|Fa|Gi|Te|Twe|Fo|Fi|Hu|TH)([0-9]+/[0-9]+(/[0-9]+|)) +cs_re:green,,bold:\b(up|on)\b +# User +cs_re_s:magenta,,bold:User (\w+?) +cs_re_s:magenta,,bold:user: (\w+?) +# log levels +cs_re:black,red:%\S*-0-\S* +cs_re:black,red:%\S*-1-\S* +cs_re:red:%\S*-2-\S* +cs_re:red:%\S*-3-\S* +cs_re:yellow:%\S*-4-\S* +cs_re:yellow:%\S*-5-\S* +cs_re:green:%\S*-6-\S* +cs_re:black,white:%\S*-7-\S* +# access lists +cs_re_s:,,bold: list ([0-9]+) +cs_re_s:blue,,bold: list [0-9]+ denied ([a-z0-9]*+). +cs_re_s:blue,,bold: list [0-9]+ permitted ([a-z0-9]*+). +cs_re:green,,bold:\bpermitted\b +cs_re:red,,bold:\bdenied\b +# misc +cs_re:red,,bold:\b(down|off)\b +cs_re_s:,,bold:[Pp]ower\ [Ss]upply\ ([0-9]) +cs_re:red,,bold:\bfaulty\b +cs_re:red,,bold:error +cs_re:red,,bold:high alarm +cs_re:yellow,,bold:low alarm + # # colorscript: colorscripts are external scripts that decide what colors to use # for input they receive the line that needs colors From 79347003afdcebab91e1c0b67b453a4e3f6bbc59 Mon Sep 17 00:00:00 2001 From: Christoph Wempe Date: Thu, 21 Dec 2023 15:44:11 +0100 Subject: [PATCH 2/4] Add color scheme cisco_asa --- multitail.conf | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/multitail.conf b/multitail.conf index 0e2105b..9a0a94f 100644 --- a/multitail.conf +++ b/multitail.conf @@ -1138,6 +1138,23 @@ cs_re:red,,bold:error cs_re:red,,bold:high alarm cs_re:yellow,,bold:low alarm +# Cisco ASA +# This colorscheme should be used upon cisco_ios +# and is mainly for VPN logs +colorscheme:cisco_asa +# User +cs_re_s:magenta,,bold:User <(\w+?)> +cs_re_s:magenta,,bold:Username: (\w+?) +cs_re_s:magenta,,bold:User=(\w+?) +cs_re_s:magenta,,bold:Username = (\w+?) +cs_re_s:magenta,,bold:LOCAL\\(\w+?) +# GroupPolicy +cs_re_s:cyan,,bold: Group <(\w+?)> +cs_re_s:cyan,,bold: Group = (\w+?) +cs_re_s:cyan,,bold:GroupPolicy <(\w+?)> +# TunnelGroup +cs_re_s:blue,,bold:TunnelGroup <(\w+?)> + # # colorscript: colorscripts are external scripts that decide what colors to use # for input they receive the line that needs colors From 3df859676d19f28aa0e63aaf289f2680d00731ca Mon Sep 17 00:00:00 2001 From: Christoph Wempe Date: Thu, 21 Dec 2023 16:15:24 +0100 Subject: [PATCH 3/4] Improve colorscheme cisco_asa to distinguish betwen external and internal IPs --- multitail.conf | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/multitail.conf b/multitail.conf index 9a0a94f..ea735c1 100644 --- a/multitail.conf +++ b/multitail.conf @@ -1139,8 +1139,8 @@ cs_re:red,,bold:high alarm cs_re:yellow,,bold:low alarm # Cisco ASA -# This colorscheme should be used upon cisco_ios -# and is mainly for VPN logs +# This and is mainly for VPN logs. +# The colorscheme cisco_ios should be used after this one. colorscheme:cisco_asa # User cs_re_s:magenta,,bold:User <(\w+?)> @@ -1149,11 +1149,16 @@ cs_re_s:magenta,,bold:User=(\w+?) cs_re_s:magenta,,bold:Username = (\w+?) cs_re_s:magenta,,bold:LOCAL\\(\w+?) # GroupPolicy -cs_re_s:cyan,,bold: Group <(\w+?)> -cs_re_s:cyan,,bold: Group = (\w+?) -cs_re_s:cyan,,bold:GroupPolicy <(\w+?)> +cs_re_s:blue,,bold: Group <(\S+?)> +cs_re_s:blue,,bold: Group = (\S+?) +cs_re_s:blue,,bold:GroupPolicy <(\S+?)> # TunnelGroup -cs_re_s:blue,,bold:TunnelGroup <(\w+?)> +cs_re_s:cyan,,bold:TunnelGroup <(\S+?)> +# Assigned IP +cs_re_s:green,,bold:IPv4 Address <([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})> +cs_re_s:green,,bold: Assigned IP=([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) +scheme:syslog,cisco_asa,cisco_ios:/data/log-adm/_vpn/ +scheme:syslog,cisco_asa,cisco_ios:/data/log-adm/local1/ # # colorscript: colorscripts are external scripts that decide what colors to use From 6a6dc5509e849be6a7d859ab2b2f1d8c67786202 Mon Sep 17 00:00:00 2001 From: Christoph Wempe Date: Thu, 21 Dec 2023 16:42:01 +0100 Subject: [PATCH 4/4] Remove custom file association --- multitail.conf | 2 -- 1 file changed, 2 deletions(-) diff --git a/multitail.conf b/multitail.conf index ea735c1..3e159ef 100644 --- a/multitail.conf +++ b/multitail.conf @@ -1157,8 +1157,6 @@ cs_re_s:cyan,,bold:TunnelGroup <(\S+?)> # Assigned IP cs_re_s:green,,bold:IPv4 Address <([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})> cs_re_s:green,,bold: Assigned IP=([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) -scheme:syslog,cisco_asa,cisco_ios:/data/log-adm/_vpn/ -scheme:syslog,cisco_asa,cisco_ios:/data/log-adm/local1/ # # colorscript: colorscripts are external scripts that decide what colors to use