# CONFIGURED BY ANSIBLE # # parse auth.log for user-names and public keys # #[PARSER] # name syslog_msg # format regex # # there might be more than one space after month name # regex ^[^ ]+ +[^ ]+ [^ ]+ [^ ]+ (?.*)$ # regex against proc_name[proc_pid]: situation #[PARSER] # name name_pid_msg # format regex # regex ^(?[^\[]+)\[(?[0-9]+)\]: (?.*)$ # regex against proc_name: situation #[PARSER] # name name_msg # format regex # regex ^(?[^\[:]+): (?.*)$ [PARSER] name ssh_pubkey format regex regex ^Accepted publickey for (?[^ ]+) from (?[0-9.]+) port [0-9]+ (?[^:]+): (?[^ ]+) (?.*)$