Vim Patior

Edit file

File name : multitail.conf

Content :

# Format of this file:
#
# include:configfile
#             Also pars 'configfile'.
#
# defaultcscheme:<name of colorscheme>
#             Selects the default color scheme to use. If this one is set, you
#             no longer need -cS/-CS.
#
# colorscheme:<name of colorscheme>
#             This name can be given for the commandline-parameter -cS. That
#             way, one can select what colorscheme to use for the next
#             logfile.
#
# cs_re:<color>:<regular expression>
#             This defines a regular expression to find a particular string.
#
#             color: [fg],[bg],[attribute[/otherattribute]][|other colorpair+attribute]
#             e.g.: red,,bold|red would give bold red for line 1 and just red for line 2, etc.
# Possible colors: red, green, yellow, blue, magenta, cyan and white.
#
#
# cs_re_s:<color>:<regular expression>
#             Like cs_re but only the substrings are used(!). E.g.:
#             ^....(...)...(...)
#             In the example above only what matches between '(' and ')' is
#             assigned a color. See the 'acctail' colorscheme for an example.
#
# cs_re_val_less:<color>:<value>:<regular expression>
# cs_re_val_bigger:<color>:<value>:<regular expression>
# cs_re_val_equal:<color>:<value>:<regular expression>
#             Like cs_re_s(!) but here the value of the sub(!)-string is
#             compared against the given value. e.g.:
#             cs_re_val_less: if "<value>" less then the value matched with
#             the regular expression, then use the selected color. Please
#             note that you have to select the value in the string with a
#             substring match; put '(' and ')' around it.
#
# mcsre:color:regexp
# mcsre_s:color:regexp
# mcsre_val_less/bigger/equal:color:regexp
#             These work like their cs_re* sisters only they merge their
#             attributes (colors, bold, bright, etd) with the previous
#             merging one.
#
# scheme:<name of colorscheme>:<regular expression>
#             This defines what colorscheme to use when the filename matches
#             the given regular expression. This way, one can automatically
#             use the correct colorscheme for certain files.
#
# check_mail:<seconds>
#             How often MultiTail should check for new e-mail. You can switch
#             mail-checking off by setting this value to 0.
#
# tab_stop:<number of spaces>
#             Specifies the width of TAB characters. Default-value is 4.
#
# bind:key:program
#             Binds a key to a external command. For example:
#             bind:^j:/bin/bash   - binds ^j (control + j) to bash. While the
#             selected program is running, MultiTail is suspended. MultiTail
#             will automatically come back when the external command ends.
#
# titlebar:
#             what to put in the titlebar of the xterm in which MultiTail is
#             running. see below for details
#
# tail:tail_program
#             path to the tail-program (in case you want to use turbotail or
#             so instead of the regular tail)
#
# bright:(1|0)
#             use bright colors (1) or not (0)
#
# abbreviate_filesize
#             wether to abbreviate filesizes to xKB/MB/GB (1) or not (0)
#
# show_subwindow_id
#             when set to 1 and merging multiple inputs (e.g. logfiles) the
#             output show is prepended with a number indicating the input
#
# markerline_color
#             with this one you can set how a markerline looks. e.g. yellow on
#             red or so
#
# markerline_timestamp
#             sets wether to put a timestamp in the markerline (1) or not (0)
#
# ts_format:<format>
#             format of timestamps. see the man-page of 'strftime' for a list
#             of the fields that can be used
#
# shell:<path>
#             shell to use when invoking programs. default is /bin/sh
#
# umask:<mask>
#             umask used when creating files
#
#defaultcscheme:syslog
#
# /var/log/messages & .../syslog
colorscheme:syslog:kernel and unsorted messages
# segfaults
cs_re_s:red,,bold:kernel: ([^:]*): segfault at [^ ]* rip [^ ]* rsp [^ ]* error
cs_re:yellow:kernel: .*: segfault at [^ ]* rip [^ ]* rsp [^ ]* error
# misc
cs_re:red,,inverse/underline:kernel
cs_re:green:Detected.*$
cs_re:green:\[
cs_re:green:\]
cs_re:cyan::
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re_s:,,bold:^... .. ..:..:.. [^ ]* ([A-z0-9]*)
cs_re:red:scanlogd.*
cs_re:yellow:Did.not
#
# Zarafa
colorscheme:zarafa:www.zarafa.com
cs_re:magenta:none
cs_re:blue,,bold:debug
cs_re:green,,bold:info
cs_re:yellow:notice
cs_re:yellow,,bold:warning
cs_re:red:error
cs_re:red,,blink:fatal
cs_re:yellow::
cs_re:green:^... ... .. ..:..:.. ....
cs_re:cyan,,bold:/
cs_re:red,,bold:$
cs_re:red,,bold:$
cs_re_s:yellow,,underline:User *([^ ]*)
cs_re:magenta,,bold: *[a-z]*[0-9]+[a-z]*
cs_re:red:\[
cs_re:red:\]
#
# Oracle WebLogic
colorscheme:weblogic
cs_re_s:red,,bold:.*(<Error>).*
cs_re_s:yellow:.*(<Warning>).*
cs_re_s:blue:.*(<Debug>).*
cs_re_s:green:.*(<.*>).*
#
# Oracle GoldenGate
colorscheme:goldengate
cs_re_s:red,,bold:.*( ERROR ).*
cs_re_s:yellow:.*( WARNING ).*
cs_re_s:green:.*( INFO ).*
#
# ssh
colorscheme:ssh:www.openssh.org
cs_re:yellow:error: Could not get shadow information for.*
cs_re:yellow:fatal: Timeout before authentication for.*
cs_re_s:red,,bold:error: PAM: Authentication failure for(.*)
cs_re:red:error: PAM: Authentication failure for
cs_re:red,,blink:error: Bind to port [0-9]* on [^ ]* failed: Address already in use.
cs_re_s:red,,bold:error: PAM: Authentication failure for ([^ ]*) from (.*)
cs_re:red:error: PAM: Authentication failure for ([^ ]*) from (.*)
cs_re_s:green,,bold:Accepted [^ ]* for ([^ ]*) from ([^ ]*) port ([0-9]*) ssh2
cs_re:green:Accepted [^ ]* for [^ ]* from [^ ]* port.*
cs_re:red:PAM session setup failed\[[0-9]*\]:.*
cs_re_s:yellow,,bold:Failed ([^ ]*) for ([^ ]*) from ([^ ]*) port ([0-9]*).*
cs_re:yellow:Failed [^ ]* for [^ ]* from [^ ]* port [0-9]* .*
cs_re:red:Disconnecting: Too many authentication failures for.*
#
# PowerDNS
colorscheme:powerdns:www.powerdns.com
cs_re_s:green:Remote\ (.*)\ wants
cs_re:blue:'.*'
cs_re:red:MISS
cs_re:green,,bold:HIT
#
# UUCP
colorscheme:uucp:UUCP Log files
cs_re:yellow:uucico
cs_re:cyan:uuxqt
cs_re:magenta:Receiving
cs_re:magenta:Executing
cs_re:magenta:Sending
cs_re:cyan:Queuing
cs_re:cyan:Calling system
cs_re:green:Login successful
cs_re:green:Handshake successful
cs_re:green:Call complete
cs_re:red:ERROR:.*
#
# ADB logcat
colorscheme:logcat
cs_re_s:blue,,bold:^./(dalvikvm)$
cs_re_s:blue,,bold:^./(Process)\(
cs_re_s:cyan:^./(ActivityManager)\(
cs_re_s:cyan:^./(ActivityThread)\(
cs_re_s:white,,bold:^./([^\(]*)\(
cs_re_s:green:^[^\(]*(\()[^$]*(\))
cs_re:red,,inverse:[Pp]ermission [Dd]eni[ae][dl]
cs_re:red,,inverse:Caused by:
cs_re:cyan::
#cs_re:red,,inverse:^F
#cs_re:red,,bold:^E
#cs_re:yellow,,bold:^W
#cs_re:cyan,,bold:^I
#cs_re:green,,bold:^V
#cs_re:white:^D
cs_re_s:red,,inverse:^(F)/[^:]*: (.*)$
cs_re_s:red:^(E)/[^:]*: (.*)$
cs_re_s:yellow:^(W).[^:]*: (.*)$
#cs_re_s:green:^(I).[^:]*: (.*)$
cs_re_s:green:^(V)/[^:]*: (.*)$
cs_re_s:black,,bold:^(D)/[^:]*: (.*)$
#
# linux iptables firewall
colorscheme:liniptfw:Linux IPtables (2.6.x kernel)
cs_re:cyan::
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re_s:red:kernel: .*(DPT=[0-9]*)
cs_re_s:yellow:kernel: (IN=[^ ]*)
cs_re_s:cyan:kernel: .*(SRC=[^ ]*) *(DST=[^ ]*)
cs_re_s:green:kernel: .*(PROTO=[^ ]*)
#
# postfix log
colorscheme:postfix:www.postfix.org
cs_re:cyan::
cs_re:yellow:status=sent
cs_re:magenta:queue.active
cs_re:green:from=.*>
cs_re:red:to=.*>
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re:green:\[
cs_re:green:\]
#
# apache
colorscheme:apache:default Apache logging (webserver)
cs_re:red: 404 
cs_re:cyan::
cs_re:green:\[
cs_re:green:\]
# ip-adresses in the format x.x.x.x
cs_re:yellow:^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}
# hostnames
cs_re:yellow:^[^ ]*
### Apache errorlog
colorscheme:apache_error:default Apache error logging
cs_re:yellow:\[client .*\]
cs_re:red: [^ ]*$
cs_re:blue:^\[... ... .. ..:..:.. ....\]
#
# rsstail (http://www.vanheusden.com/rsstail/)
colorscheme:rsstail:RSSTail output (RSS feed reader)
cs_re:cyan::
cs_re:cyan:/
cs_re:blue:^.......... ..:..:..  
cs_re:green:Title:.*
cs_re:red:^Link:.*
cs_re:yellow:^Description:
#
# acctail (http://www.vanheusden.com/acctail/)
colorscheme:acctail:(BSD-) process accounting reader
cs_re:green:^................
cs_re_s:red:^.................(....)
cs_re_s:cyan:^......................(........)
cs_re_s:yellow:^...............................(........)
cs_re:blue:\.
#
# wtmptail (http://www.vanheusden.com/wtmptail/)
colorscheme:wtmptail:www.vanheusden.com/wtmptail/
cs_re:blue:\.
cs_re:blue::
cs_re:yellow:^USER.*
cs_re:green:^........
cs_re:cyan:[0-9]*:[0-9]*[ap]m
cs_re:red:^..................................
cs_re:black,red,blink:BOOT
cs_re:black,yellow:DEAD
#
# squid/squid3
colorscheme:squid:http proxy server
cs_re:blue:^[^ ]*
cs_re_s:yellow:^[^ ]* *[0-9]* *([^ ]*)
cs_re_s:green:^[^ ]* *[0-9]* *[^ ]* ([^ ]*)
cs_re_s:cyan:^[^ ]* *[0-9]* *[^ ]* [^ ]* *[0-9]* *[^ ]* *([^ ]*)
#
# asterisk
colorscheme:asterisk:software PBX
cs_re:blue::
cs_re:cyan:^...............
cs_re:red:ERROR
cs_re:yellow:WARNING
cs_re:green:NOTICE
cs_re:magenta:DEBUG
cs_re:magenta:VERBOSE
cs_re:red,black,underline:Unable to.*
#
# sendmail
colorscheme:sendmail
cs_re:blue|blue,,bold:^...............
cs_re:cyan:to=<[^>]*>
cs_re:yellow:stat=Deferred.*
cs_re:red:stat=User unknown
cs_re:green:stat=Sent.*
cs_re:magenta:relay=[^ ]*
cs_re:cyan::
cs_re:red:verify=FAIL
#
# MailScanner
colorscheme:mailscanner:wrapper around sendmail/clamav/spamassassin
cs_re:red:Detected HTML-specific exploits in.*
cs_re:magenta:Delivered [0-9]* warnings to virus senders
cs_re:yellow:Spam Checks: Found [0-9]* spam messages
cs_re:yellow:Content Checks: Detected and will disarm HTML message in.*
cs_re:green:Uninfected: Delivered [0-9]* messages
cs_re:red:Infected message [^ ]* came from.*
cs_re:yellow:Saved infected "[^"]*" to.*
cs_re:blue|blue,,bold:^...............
cs_re:cyan::
#
# SpamAssassin
colorscheme:spamassassin
cs_re:magenta::
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re:yellow:autolearn=failed
cs_re:red,,blink:server killed by [^,]*, shutting down
cs_re_s:yellow,,bold:identified spam ([^ ]*) for ([^ ]*) in ([^ ]*) seconds, ([^ ]*) bytes.
cs_re:yellow:identified spam [^ ]* for [^ ]* in [^ ]* seconds, [^ ]* bytes.
cs_re_s:green,,bold:server successfully spawned child process, pid (.*)
cs_re:green:server successfully spawned child process, pid
#
# ClamAV
colorscheme:clamav:clamd logging
cs_re:magenta::
cs_re:blue:^... ... [0-9]* ..:..:.. ....
cs_re_s:red,,bold:ERROR:(.*)
cs_re:red:ERROR:
cs_re_s:green,,bold:Protecting against ([0-9]*) viruses.
cs_re:green:Protecting against [0-9]* viruses.
cs_re:red,black,inverse:Exiting.*
cs_re_s:yellow,,bold:^(.*): Unable to open file or directory ERROR
cs_re:yellow:^.*: Unable to open file or directory ERROR
cs_re:red,black,inverse:LOGGING DISABLED.*
#
# samba
colorscheme:samba
cs_re_s:blue:^.([0-9]*/[0-9]*/[0-9]* [0-9]*:[0-9]*:[0-9]*, [0-9]*)
cs_re:blue:\.
cs_re_s:green:^ *([^ ]*).*(connect to service folkert initially as user [^ ]*)
cs_re:yellow:closed connection to service.*
cs_re:red:Error =.*
cs_re:red:ERRNO =.*
cs_re:red:^.*does not exist or is not a directory, when connecting to.*
cs_re:red:Ignoring unknown parameter.*
cs_re:green,,bold:smbd version.*started.
cs_re:green,,bold:Netbios nameserver version.*started.
cs_re:green:Samba name server.*is now a local master browser for workgroup.*on subnet.*
cs_re:yellow:Attempting to become domain master browser on workgroup.*, subnet.*
cs_re:green:Samba is now a logon server for workgroup.*on subnet.*
cs_re:yellow,,bold:Server.*at IP.*is announcing itself as a local master browser for workgroup.*and we think we are master. Forcing election.
#
# audit.log
colorscheme:audit
cs_re:cyan::
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re:red:Illegal user.*
cs_re:green:session opened for user.*
cs_re:green:Accepted publickey for
cs_re:yellow:Did not receive identification string from.*
#
# exim
colorscheme:exim
cs_re:cyan::
cs_re:blue|blue,,bold:^....-..-.. ..:..:..
cs_re:magenta,,bold:<=
cs_re:magenta,,bold:=>
cs_re:green,,bold:=> *[^ ]*
cs_re:green:<= *[^ ]*
cs_re:green,,bold:=> *[^ ]* <[^>]*>
cs_re:green:<= *[^ ]* <[^>]*>
cs_re:yellow:H=[^ ]*
cs_re:red:verify failed for SMTP recipient.*
cs_re:red: *[^ ]* \[[0-9\.:]*\]: Connection refused
cs_re:red:SMTP.*timeout.*
cs_re:yellow:Spool file is locked (another process is handling this message)
#
# httping
colorscheme:httping:ping for HTTP
cs_re:green:^PING .*:
cs_re:magenta:time=[0-9\.]* ms
cs_re:yellow:seq=[0-9]*
cs_re:green:^---.*
cs_re_s:green:^([0-9]*) connects, ([0-9]*) ok, ([^%]*)
cs_re_s:green:^round-trip.*= ([0-9\.]*)/([0-9\.]*)/([0-9\.]*)
cs_re:red:404 Not Found
cs_re:blue:[0-9]*KB/s
cs_re:red:could not connect
#
# netstat (use for example with multitail -R 1 -l "netstat")
colorscheme:netstat:see www.vanheusden.com/multitail/examples.html
cs_re:green:ESTABLISHED
cs_re:yellow:SYN_SENT
cs_re:magenta:CLOSE_WAIT
cs_re:blue:FIN_WAIT1
cs_re:blue,,underline:FIN_WAIT2
cs_re_s:red::([^ ]*)
cs_re:cyan:^[^ ]*
#
# tcpdump
colorscheme:tcpdump
cs_re:blue:^[^ ]*
cs_re:magenta::
cs_re_s:red:^[^ ]* [^ ]* *[^ ]* > [^:]*: *([^ ]*)
cs_re_s:green:^[^ ]* [^ ]* *[^ ]*\.([^ ]*) > [^ ]*\.([^:]*):
cs_re:magenta:\.
cs_re_s:yellow|yellow,,bold: IP (.*) > .*:
cs_re_s:yellow,,bold|yellow: IP [^ ]* > ([^:]*):
#17:44:07.363010 IP muur.intranet.vanheusden.com.49584 > keetweej.intranet.vanheusden.com.ssh:
#
# dhcpd
colorscheme:dhcpd
cs_re:magenta::
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re:green,,bold:DHCPACK
cs_re_s:green:DHCPACK on ([^ ]*) to ([^ ]*) to (.*)
cs_re_s:red,,bold:DHCPINFORM from ([^ ]*) via
cs_re:red:DHCPINFORM from.*via.*not authoritative for subnet.*
cs_re_s:yellow,,bold:DHCPDECLINE of ([^ ]*) from ([^ ]*) via
cs_re:yellow:DHCPDECLINE of.*from.*via.*
cs_re:cyan:DHCPNAK
#
# bind
colorscheme:bind
cs_re:magenta::
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re_s:yellow,,bold:lame server resolving ([^ ]*).*in ([^?]*).*: (.*$)
cs_re:yellow:lame server resolving [^ ]* .in [^:]*..:
cs_re_s:red,,bold:client ([^#]*)#[0-9]*: update forwarding denied
cs_re:red:client [^:]*: update forwarding denied
cs_re_s:cyan,,bold:received notify for zone (.*)
cs_re:cyan:received notify for zone
cs_re:cyan:zone [^:]*: transferred serial.*
cs_re:cyan:zone [^:]*: sending notifies .serial [0-9]*.
cs_re_s:green,,bold:transfer of [^ ]* from ([^#]*)#[0-9]*: end of transfer
cs_re:green:transfer of [^ ]* from [^:]*: end of transfer
cs_re:yellow:loading configuration from.*
cs_re:yellow:no IPv6 interfaces found
cs_re:red:logging channel [^ ]* file [^:]*: permission denied
cs_re:red:isc_log_open [^ ]* failed: permission denied
cs_re:red:zone [^:]*: loading master file [^:]*: file not found
cs_re:green,,bold:named reload succeeded
#
# smartd
colorscheme:smartd
cs_re_s:red,,bold:Device: [^,]*, SMART Usage Attribute: [0-9]* ([^ ]*) changed from [0-9]* to (.*)
cs_re:red:Device: [^,]*, SMART Usage Attribute: [0-9]* [^ ]* changed from [0-9]* to.*
#
# kerberos
colorscheme:kerberos
cs_re:magenta::
cs_re:blue:^... [0-9]* ..:..:..
cs_re_s:yellow,,bold:klogind.*: Authentication failed from ([^:]*): Software caused connection abort
cs_re:yellow:klogind.*: Authentication failed from [^:]*: Software caused connection abort
cs_re:red:klogind.*: Kerberos authentication failed
cs_re:red,,bold:klogind.*: User ([^ ]*) is not authorized to login to account(.*)
cs_re:red:klogind.*: User [^ ]* is not authorized to login to account.*
cs_re_s:red,,bold:ksu.*:.*authentication failed for ([^ ]*) on
cs_re:red:ksu.*:.*authentication failed for [^ ]* on.*
cs_re:green:commencing operation
cs_re_s:,,bold:AS_REQ [^}]*}, ([^ ]*) for (.*)
cs_re:magenta:Ticket expired
cs_re:red:Client not found in Kerberos database
#
# Oracle
colorscheme:oracle
cs_re:red,,bold:^ORA-0*600.*
cs_re:red,,bold:^ORA-0*7445.*
# ORA-07745:?
cs_re_s:yellow:^ORA-([^:]*):
#
# ntpd
colorscheme:ntpd
cs_re:magenta::
cs_re:blue:^... .. ..:..:..
cs_re_s:red,,bold:configure: keyword "([^"]*)" unknown, line ignored
cs_re:red:configure: keyword "([^"]*)" unknown, line ignored
cs_re:yellow,,blink:ntpd\[.*\]: ntpd exiting on signal.*
cs_re:green,,bold:ntpd\[.*\]: ntpd [^e].*
cs_re_s:green,,bold:synchronized to ([^,]*)
cs_re:green:synchronized to.*
cs_re:red:check receiver configuration / cableling
#
# nagtail
colorscheme:nagtail:www.nagios.org status viewer
cs_re:magenta::
cs_re:magenta:/
cs_re:blue:^..../../.. ..:..
cs_re_s:red,,bold:^................ (CRIT)
cs_re_s:yellow,,bold:^................ (WARN)
cs_re_s:green:^................ ( OK )
cs_re_s:white,,bold:^................ ( \?\? )
cs_re_s:green:^..../../.. ..:.. ..... *([^ ]*)
cs_re_s:yellow:^..../../.. ..:.. ..... *[^ ]* *(.*)
#
# WebSphere errorlog
colorscheme:websphere:WebSphere error-log
cs_re:magenta::
cs_re:magenta:/
cs_re:blue,,bold:\.
cs_re:blue:^.[0-9]*/[0-9]*/[0-9]* *[0-9]*:..:..:[0-9]* [^ ]*
cs_re_s:yellow:^.*$([^:$]*)
cs_re:red:Reason:.*
cs_re:red,,bold:Unable to
cs_re_s:red:Unable to(.*)
cs_re:red,,bold:Failed to
cs_re_s:red:Failed to(.*)
cs_re_s:green:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *([^ ]*)
cs_re_s:red,,bold:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( F )
cs_re_s:red:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( E )
cs_re_s:yellow,,bold:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( W )
cs_re_s:yellow:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( A )
cs_re_s:green,,bold:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *(I)
cs_re_s:green:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( C )
cs_re_s:magenta,,bold:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( R )
cs_re_s:magenta:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( O )
cs_re_s:red,,bold:^[^ ]* *[^ ]* *[^ ]* *[^ ]* *[^ ]* *( Z )
cs_re:yellow:Next Linked Exception:
cs_re:magenta,,bold:Queue manager security exit rejected connection with error code [0-9]*
cs_re:red,,bold:com.ibm.mq.MQException: [^:]*: An MQException occurred: Completion Code [0-9]*, Reason [0-9]*
cs_re:yellow:Begin backtrace for nested exception
cs_re:yellow:Socket connection attempt refused
cs_re:yellow:Other data:
cs_re:yellow:Exception data follows:
cs_re:green:Target name: .*
#
# NNTPcache
colorscheme:nntpcache
cs_re:magenta::
cs_re:magenta:/
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re:yellow:nntpcache-expire.*: clean shutdown
cs_re:green:nntpcache-expire.*: expire task awakening
cs_re_s:red,,bold:Connection timed out: could.*t connect to ([^ ]*) as (.*)
cs_re:red:Connection timed out: could.*t connect to [^ ]* as
cs_re:yellow:^.*dropped connection during rebuild of.*$
cs_re:red,,bold:'501.*
cs_re:red,,bold:'480.*
#
# Veritas Netbackup restore log
colorscheme:vnetbr:Veritas Netbackup backup/restore logs
cs_re:magenta::
cs_re:magenta:$
cs_re:magenta:$
cs_re:blue:^..:..:.. .[0-9]*.[^\)]*.
cs_re_s:green:Restore job id ([0-9]*) will require ([0-9]*) image
cs_re:green:Restore job id [0-9]* will require [0-9]* image.*
cs_re_s:yellow,,bold:Media id ([^ ]*) is needed for the restore.
cs_re:yellow:Media id ([^ ]*) is needed for the restore.
cs_re:green:INF - Beginning restore from server [^ ]* to client [^ ]*.
cs_re_s:yellow,,bold:Changed ([^ ]*) to ([^ ]*)
cs_re:yellow:Changed [^ ]* to [^ ]*
cs_re_s:red,,bold:Directory ([^ ]*) already exists.
cs_re:red:Directory [^ ]* already exists.
cs_re_s:green,,bold:Added ([^ ]*) permission to directory (.*)
cs_re:green:Added [^ ]* permission to directory.*
cs_re_s:yellow,,blink:INF - Media id ([^ ]*) is not in a robotic library; administrative interaction may be required to satisfy a mount request.
cs_re:yellow:INF - Media id [^ ]* is not in a robotic library; administrative interaction may be required to satisfy a mount request.
cs_re:red,black,inverse:INF - Status = termination requested by administrator.
cs_re:red,,blink:media read error
cs_re:red,,bold:Status of restore from image created.*media read error
cs_re:red:INF - Status = the restore failed to recover the requested files.
cs_re:green,,bold:INF - Status = the requested operation was successfully completed.
#
# procmail
colorscheme:procmail
cs_re:magenta::
cs_re:magenta:/
cs_re_s:blue,,bold:^procmail: \[[0-9]*\] ([^ ]* [^ ]* *[^ ]* ..:..:.. [^ ]*)
cs_re:blue:^procmail: \[[0-9]*\] [^ ]* [^ ]* *[^ ]* ..:..:.. [^ ]*
cs_re_s:green,,bold:^procmail: Match on "(.*)"
cs_re:green:^procmail: Match on.*
cs_re:red:^procmail: Executing.*
cs_re:magenta,,bold:^procmail: Assigning
cs_re:yellow:warning:.*
cs_re:yellow:Couldn't determine implicit lockfile from.*
#
# checkpoint
colorscheme:checkpoint:Checkpoint Firewall-1
cs_re:magenta::
cs_re:blue|blue,,bold:^[0-9]*:[0-9]*:[0-9]*
cs_re:red,,bold:^..:..:.. *drop
cs_re_s:red,,bold:^..:..:.. *drop.*(service: *[^;]*)
cs_re:green:^..:..:.. *accept
cs_re:yellow,,bold:^..:..:.. *reject
cs_re_s:yellow,,bold:^..:..:.. *reject.*(service: *[^;]*)
cs_re:green,,bold:rule: *[^;]*
cs_re:yellow:service: *[^;]*
cs_re:magenta:src: *[^;]*
cs_re:magenta,,bold:dst: *[^;]*
cs_re:blue,,bold:>[^ ]*
#
# pppd
colorscheme:pppd:PPP daemon
cs_re:magenta::
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re_s:red,,bold:Hangup(.*)
cs_re:red:Hangup
cs_re_s:yellow,,bold:Terminating on signal(.*)
cs_re:yellow:Terminating on signal.*
cs_re_s:green,,bold:Connect time ([^ ]*) minutes.
cs_re:green:Connect time [^ ]* minutes.
cs_re_s:magenta,,bold:Sent ([0-9]*) bytes, received ([0-9]*) bytes.
cs_re:magenta:Sent [0-9]* bytes, received [0-9]* bytes.
cs_re:green:pppd [^ ]* started by [^,]*, uid [0-9]*
cs_re_s:blue,,bold:Using interface (.*)
cs_re:blue:Using interface.*
cs_re_s:green,,bold:local *IP address (.*)
cs_re:green:local *IP address.*
cs_re:red,black,inverse:Couldn't detach (fork failed:.*)
cs_re_s:yellow,,bold:Unsupported protocol (.*) received
cs_re:yellow,black,inverse:Unsupported protocol .* received
cs_re:yellow,,blink:Peer not responding
cs_re:,,inverse:DNS address.*
#
# INN
colorscheme:inn
cs_re:magenta::
cs_re:blue|blue,,bold:^... .. ..:..:..
cs_re:yellow:nnrpd.*: .* timeout
#
# Netscape Directory server (LDAP)
colorscheme:netscapeldap:Netscape Directory server (LDAP)
cs_re:magenta::
cs_re:magenta:/
cs_re:blue|blue,,bold:^.../.../....:..:..:.. ......
cs_re:green:Netscape-Directory.*starting up
cs_re:yellow:All database threads now stopped
cs_re:green:Backing up file.*
cs_re:red:Detected Disorderly Shutdown last time Directory Server was running, recovering database.
cs_re_s:yellow,,bold:Entry ([^ ]*) unknown object class ([^ ]*)
cs_re:yellow:Entry [^ ]* unknown object class [^ ]*
cs_re:red,,blink:Shutting down due to possible conflicts with other slapd processes
cs_re:red,,bold:Unable to start slapd because it is already running as process ([0-9]*)
cs_re:red,,blink:Unable to start slapd because it is already running as process [0-9]*
cs_re:yellow:slapd got [^ ]* signal
#
# vmstat
colorscheme:vmstat:vmstat is part of sysstat
cs_re_s:magenta:^(procs)
cs_re_s:red:^procs *(-*memory-*)
cs_re_s:green:^procs *-*memory-* *(-*swap-*)
cs_re_s:yellow:^procs *-*memory-* *-*swap-* *(-*io-*)
cs_re_s:blue:^procs *-*memory-* *-*swap-* *-*io-* *(-*system-*)
cs_re_s:magenta,,bold:^ *(r *b)
cs_re_s:red,,bold:^ *r *b *(swpd *free *buff *cache)
cs_re_s:green,,bold:^ *r *b *swpd *free *buff *cache *(si *so)
cs_re_s:yellow,,bold:^ *r *b *swpd *free *buff *cache *si *so *(bi *bo)
cs_re_s:blue,,bold:^ *r *b *swpd *free *buff *cache *si *so *bi *bo *(in *cs)
cs_re_s:,,bold:^ *r *b *swpd *free *buff *cache *si *so *bi *bo *in *cs *(us *sy *id *wa)
cs_re_val_bigger:yellow:0:([0-9]{1,})
#
# mpstat
colorscheme:mpstat:mpstat is part of systat
cs_re:magenta::
cs_re:blue:^..:..:.. ..
cs_re:blue,,bold:CPU.*
cs_re_val_bigger:yellow:0:([0-9]{1,}\.[0-9]{1,})
#
# log4j
colorscheme:log4j
cs_re:magenta::
cs_re:magenta:/
cs_re:blue:^[0-9]*-[0-9]*-[0-9]* [0-9]*:[0-9]*:[0-9]*,[0-9]*
cs_re_s:blue,,bold:^[^ ]* *[^,]*,[^ ]* *[0-9]* *(DEBUG) *[^ ]* [^ ]* *(.*)$
cs_re_s:green:^[^ ]* *[^,]*,[0-9]* *[0-9]* *(INFO) *[^ ]* [^ ]* *(.*)$
cs_re_s:yellow:^[^ ]* *[^,]*,[0-9]* *[0-9]* *(WARN) *[^ ]* [^ ]* *(.*)$
cs_re_s:red:^[^ ]* *[^,]*,[0-9]* *[0-9]* *(ERROR) *[^ ]* [^ ]* *(.*)$
cs_re_s:red,,bold:^[^ ]* *[^,]*,[0-9]* *[0-9]* *(FATAL) *[^ ]* [^ ]* *(.*)$
cs_re_s:white,,bold:^[^ ]* *[^,]*,[0-9]* *[0-9]* *[A-Z]* *(.*)
#
# LambdaMOO
colorscheme:lambdamoo:MUD/MOO server http://www.moo.mud.org/
cs_re:magenta::
cs_re:blue:^... [0-9]* ..:..:..:
cs_re:green:STARTING: Version [^ ]* of the LambdaMOO server
cs_re:yellow:DUMPING:.*
cs_re:red:Can't create initial connection point
cs_re_s:red,,bold/blink:Trying to dump database:(.*)
cs_re:red,,bold:Trying to dump database:
#
# BOINCTail
colorscheme:boinctail:BOINCTail http://www.vanheusden.com/boinctail/
cs_re:magenta::
cs_re_s:blue:^---> (... ... .. ..:..:.. ....)
cs_re_s:blue,,bold:^---> ........................ .([0-9]* seconds.*)
cs_re:yellow:report deadline
cs_re_s:red:^................ ([^,]*)
cs_re_s:green:, (estimated.*)
cs_re:green,,bold:workunit is ready
cs_re:red,,bold:not
cs_re_s:white,,bold:^name of workunit: (.*)
#
# p0f
colorscheme:p0f:p0f http://lcamtuf.coredump.cx/p0f.shtml
cs_re:magenta::
cs_re:blue,,bold:^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
cs_re_s:blue:^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:([0-9]*)
cs_re_s:yellow:^[^ ]* - ([^(]*)
cs_re:green:$older, [0-9]*$
cs_re:green,,bold:$newer, [0-9]*$
cs_re_val_bigger:cyan,,bold:501:$up: ([0-9]*).*$
cs_re:red:$up: .*$
cs_re:red,,bold:distance [0-9]*
cs_re_s:cyan:^  -> [^:]*:([0-9]*)
cs_re_s:white:^>> Masquerade at ([^:]*):
cs_re:white,,bold:^>> Masquerade at [^:]*:
cs_re_val_bigger:green,,bold:50:indicators at ([0-9]*)%
#
# portsentry
colorscheme:portsentry:http://sourceforge.net/projects/sentrytools/
cs_re:magenta::
cs_re_s:red,,bold:attackalert: ([^/]*)/Normal scan from host: ([^/]*)/([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) to TCP port: ([0-9]*)
cs_re:red:attackalert: [^/]*/Normal scan from host: [^/]*/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} to TCP port: [0-9]*
cs_re:cyan:attackalert: ERROR: cannot open ignore file. Blocking host anyway.
cs_re_s:yellow,,bold:attackalert: Host: ([^/]*)/([^ ]*) is already blocked Ignoring
cs_re:yellow:attackalert: Host: [^ ]* is already blocked Ignoring
#
# strace
colorscheme:strace:strace is the truss of Linux
# comments
cs_re:blue:/\*.*\*/
# call
cs_re:yellow:^[a-z_]*[0-9]*
# parenthesis around parameters
cs_re_s:yellow:^[a-z_]*[0-9]*($)[^)]*($)
# errno details
cs_re_s:blue:^[a-z]*$[^)]*$.*($.*$)
# return value
cs_re_s:green:^.*(= *-*[a-fx0-9]*)[^=]*$
# errno
cs_re_s:cyan:^.*= *-*[a-fx0-9]* *([A-Z]*)[^=]*$
# escapes
cs_re:magenta:\\[a-z]
cs_re:magenta:\\[0-9]*
# parameters (1)
cs_re:red:"[^"]*"
# names
cs_re:white:[a-z]*=
cs_re:white:[a-z0-9_]*:
# parameters (2)
cs_re:red:[0-9a-fx]*
cs_re:cyan:[A-Z_]*
# {}[]
cs_re:yellow:[\[\]]*
#
# Argus
colorscheme:argus:Argus http://qosient.com/argus/
mcsre_s:,,bold:[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\.([0-9]+).*[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\.([0-9]+)
mcsre_val_bigger:red,,bold:20000:([0-9]+)[ ]+([0-9]+)[ ]+[A-Z][A-Z][A-Z]
mcsre_s:magenta,,bold: (<->)
mcsre_s:cyan,,bold: (<[-?])
mcsre_s:yellow,,bold: ([-?]>)
mcsre:,blue:.*tcp.*
mcsre:,green:.*udp.*
mcsre:,cyan:.*icmp.*
mcsre:,,inverse:.*man.*
#
# ii - irc client
colorscheme:ii:ii IRC client http://www.suckless.org/wiki/tools/irc
cs_re_s:cyan:(^....-..-.. ..:..)
cs_re_s:magenta:^....-..-.. ..:.. <([[:alnum:]_\^\|`-]+)>
cs_re_s:green:^....-..-.. ..:.. <([[:alnum:]_\^\|`-]+)> (nion[ ,:].*)$
cs_re_s:yellow:(((http|https|ftp|gopher)|mailto):(//)?[^ <>\"[:blank:]]*|(www|ftp)[0-9]?\.[-a-z0-9.]+)
cs_re:blue:....-..-.. ..:...*has joined \#.*
cs_re:blue:....-..-.. ..:.. .*changed mode.*
#
# Snort
colorscheme:snort:Intrusion detector
cs_re:green:.*Priority: 3.*
cs_re:yellow:.*Priority: 2.*
cs_re:red:.*Priority: 1.*
#
# Motion
colorscheme:motion:Security camera software
cs_re:red:Unable to start external command
cs_re:red:[^ ]* query failed
cs_re:yellow:Failed to put image into video pipe
cs_re:red:Could not create symbolic link
cs_re:red:ffopen_open error creating [^ ]* file
cs_re:red:Memory error while allocating output media context
cs_re:red:av_new_stream - could not alloc stream
cs_re:red:avcodec_alloc_frame - could not alloc frame
cs_re:red:url_fopen - error opening file %s
cs_re:red:Error opening file %s
cs_re:red:Error while writing video frame
cs_re:red:Could not alloc frame
cs_re:green:Motion detected - starting event [0-9]*
cs_re:red:Could not fetch initial image from network camera
cs_re:red:Error capturing first image
cs_re:red:Failed to open video loopback
cs_re:red:MySQL error was
cs_re:red,,bold:Video device fatal error - terminating camera thread
cs_re:red:Video signal lost - Adding grey image
cs_re:red,,bold:Somebody stole the video device, lets hope we got his picture
cs_re:red,,blink:Could not allocate [0-9]* bytes of memory!
cs_re:red:Problem creating directory
cs_re:red:Error opening file [^ ]* with mode
cs_re:yellow:No response from camera
cs_re:red:Can't write picture to file
cs_re:red,,bold:Thread is going to finish due to this fatal error
cs_re:magenta:[^ ]* error in proc %d
cs_re:magenta:mmap failed
cs_re:yellow,,bold:Motion Exits.
cs_re:yellow,,bold:httpd quitting
#
# errpt - IBM AIX error report
# example usage: multitail -R 10 -cS errpt -l errpt
colorscheme:errpt:AIX error reporting tool
cs_re_s:blue|blue,,bold:^[^ ]* *(....)....(..)
cs_re_s:blue,,bold|blue:^[^ ]* *....(....)..
cs_re:magenta: I [A-Z] .*
cs_re:yellow: T [A-Z] .*
cs_re:red: [A-Z] H .*
#
# MySQL error log
colorscheme:mysql:MySQL error log
cs_re:magenta::
cs_re_s:blue|blue,,bold:^..(..).. ..:..:..
cs_re_s:blue,,bold|blue:^(..)..(..) ..:..:..
cs_re:blue:^...... ..:..:..
cs_re:red,,bold:^...... ..:..:.. \[ERROR\]
cs_re:red:^...... ..:..:.. \[ERROR\].*
cs_re:yellow,,bold:^...... ..:..:.. \[Warning\]
cs_re:yellow:^...... ..:..:.. \[Warning\].*
cs_re:green,,bold:^...... ..:..:.. \[Note\]
cs_re:green:^...... ..:..:.. \[Note\].*
cs_re:magenta:mysqld ended
cs_re:red:Can't start server.*
#
# BOINC
# execute boinc_client with -redirectio, it'll then create
# stdoutdae.txt and stderrdae.txt files
colorscheme:boinc:BOINC http://boinc.berkeley.edu/
cs_re:magenta::
cs_re:magenta:-
cs_re:blue|blue,,bold:....-..-.. ..:..:..
cs_re_s:green:^....-..-.. ..:..:.. ([^]]*])
cs_re:yellow:Received signal
cs_re:yellow,,blink:This computer is not attached to any projects
cs_re:red:gethostbyname failed
cs_re:green,,bold:Exit requested by user
cs_re:cyan:Rescheduling CPU: application exited
cs_re:cyan,,bold:Scheduler list download succeeded
cs_re:yellow,,bold:Throughput [0-9]* bytes/sec
cs_re:yellow,,underline:Finished upload of file.*
cs_re:yellow,,bold/underline:Computation for task.*finished
cs_re:red:Project communication failed:
cs_re:yellow:Access to reference site succeeded - project servers may be temporarily down.
cs_re_s:green,,bold:Requesting ([0-9]*) seconds of new work
cs_re:green:Requesting [0-9]* seconds of new work
cs_re:white,,bold:Deferring scheduler requests for.*
cs_re:white,,bold:Deferring communication for.*
cs_re:blue,,bold: [^ ]* download of file.*
cs_re:red:Project is down
#
# acpitail
# http://www.vanheusden.com/acpitail/
colorscheme:acpitail:Show temperature/battery/etc info
cs_re:magenta::
cs_re:magenta:-
cs_re:blue|blue,,bold:... ... [0-9]* ..:..:.. 2...
cs_re_val_less:red,,bold:5:^.* remaining capacity: .* .([0-9]*) minutes
cs_re_val_less:yellow:10:^.*remaining capacity: .* .([0-9]*) minutes
cs_re:red:error.*
cs_re_val_bigger:yellow:55:temperature.*: ([0-9]*)
cs_re_val_bigger:red,,bold:65:temperature.*: ([0-9]*)
#
# QMT: clamd
colorscheme:qmt-clamd
cs_re:blue,,bold:^....-..-.. ..:..:..
cs_re:red:ERROR:
cs_re_s:green,,bold:Protecting against ([0-9]*) viruses.
cs_re:green:Protecting against [0-9]* viruses.
cs_re:red,black,inverse:Exiting.*
cs_re_s:red,,bold:^(.*): Unable to open file or directory ERROR
cs_re:red:^.*: Unable to open file or directory ERROR
cs_re:red,black,inverse:LOGGING DISABLED.*
#cs_re:cyan:/var/qmail/simscan/.*(: OK)
cs_re:cyan:(: OK)
cs_re:magenta:/var/qmail/simscan/.*(: [^ ]* FOUND)
cs_re:yellow: LibClamAV Warning.*
#
# QMT: qmail-smtp
colorscheme:qmt-smtp
cs_re:blue,,bold:^....-..-.. ..:..:..
cs_re:red:verify failed for SMTP recipient.*
cs_re:red: *[^ ]* \[[0-9\.:]*\]: Connection refused
cs_re:red,,bold: *[^ ]*policy_check: policy_load failed
cs_re:white,,bold: *[^ ]*CLEAN ([^ ]*).*
cs_re:white,,bold: *[^ ]*policy_check: policy allows([^ ]*).*
cs_re:white,,bold: *[^ ]*RELAYCLIENT:([^ ]*).*
cs_re:magenta: *[^ ]*policy_check: policy forbid([^ ]*).*
cs_re:magenta:rblsmtpd: ([0-9\.]*).*
cs_re:magenta:qmail-smtpd.*
cs_re:magenta:spf-reject.*
cs_re:magenta: *[^ ]*CHKUSER rejected intrusion: ([^ ]*).*
cs_re:magenta: *[^ ]*CHKUSER rejected relaying: ([^ ]*).*
cs_re:magenta: *[^ ]*CHKUSER rejected rcpt: ([^ ]*).*
cs_re:magenta,,bold: *[^ ]*SPAM REJECT ([^ ]*).*
cs_re:magenta,,bold: *[^ ]*:VIRUS:.*
cs_re:magenta,,bold: *[^ ]*:ATTACH:.*
#
# QMT: qmail-send
colorscheme:qmt-send
cs_re:blue:^....-..-.. ..:..:..
cs_re:white,,bold:starting delivery ([0-9]*)
cs_re:white,,bold:delivery *[^ ]*: success:.*
cs_re:red,,bold:delivery *[^ ]*: failure:.*
cs_re:yellow,,bold:delivery *[^ ]*: deferral:.*
#
# QMT: SpamAssassin
colorscheme:qmt-spamassassin
cs_re:blue,,bold:^....-..-.. ..:..:..
#cs_re:cyan,,bold:info: spamd: clean message .*
cs_re_s:cyan,,bold:clean message ([^ ]*) for ([^ ]*) in ([^ ]*) seconds, ([^ ]*) bytes.
cs_re:magenta,,bold:info: spamd: identified spam.*
#cs_re:magenta,,bold:identified spam ([^ ]*) for ([^ ]*) in ([^ ]*) seconds, ([^ ]*) bytes.
cs_re_s:magenta,,bold:info: spamd: result: Y ([^ ]*) -.*
cs_re:yellow:autolearn=failed
cs_re:red,,blink:server killed by [^,]*, shutting down
cs_re_s:green,,bold:server successfully spawned child process, pid (.*)
cs_re:green:server successfully spawned child process, pid
cs_re:yellow: warn.*
cs_re:white,,bold:info: spamd: processing message.*
#
# QMT: sophie
colorscheme:qmt-sophie
cs_re:blue,,bold:^....-..-.. ..:..:..
cs_re:white,,bold:NOTICE *[^ ]*:.*
cs_re:yellow,,bold:Virus present.*
cs_re:magenta,,bold:WARNING *[^ ]*: Scan result =.*
cs_re:red,,bold:WARNING *[^ ]*: error:.*
#
# colorscript: colorscripts are external scripts that decide what colors to use
#              for input they receive the line that needs colors
#              as a result they emit: start,end,foreground color,background color,attributes\n
#                                     ...\n
#                                     \n         <- an empty line (only a linefeed) indicates
#              end of parameters for this line
#              start offset: what position these colors/attributes start
#              end offset: the position AFTER the last character for which the attributes are
#              valid
#              do NOT use spaces in each line!
colorscript:cscriptexample:/etc/multitail/colors-example.pl:this is a barely functional example script
#
#
# default colorschemes:
scheme:uucp:/var/log/uucp/
scheme:zarafa:/var/log/zarafa/
scheme:postfix:/var/log/mail/
scheme:sendmail:/var/log/mail/
scheme:exim:/var/log/mail/
scheme:apache:/var/log/apache/.*access
scheme:apache:/var/log/lighttpd/.*access
scheme:apache_error:/var/log/apache/.*error
scheme:asterisk:/var/log/asterisk/messages
scheme:samba:/var/log/samba/
scheme:squid:/var/log/squid/
scheme:squid:/var/log/squid3/
scheme:syslog,ssh:/var/log/
scheme:vnetbr:bplog.rest
scheme:procmail:procmail.log
scheme:inn:/var/log/news/
scheme:snort:/var/log/snort/alert
scheme:boinc:/var/lib/boinc-client/std...dae.txt
scheme:qmt-send:/var/log/qmail/send/current
scheme:qmt-smtp:/var/log/qmail/smtp/current
scheme:qmt-smtp:/var/log/qmail/submission/current
scheme:qmt-clamd:/var/log/qmail/clamd/current
scheme:qmt-spamassassin:/var/log/qmail/spam/current
scheme:qmt-sophie:/var/log/qmail/sophie/current
# the following line is to show you that colorscripts can be used the same way as colorschemes
scheme:cscriptexample:/dev/null
#
# default number of lines to buffer FOR THESE PATTERNS:
#default_nlines:500:/var/log/apache/*.access
#default_bytes:100kb:/var/log/
#
# default number of lines to buffer globally
# one can set only 1 of these two
#global_default_nlines:500
global_default_nkb:1MB
#
# how often to check for mail
# set to 0 to disable
# default is every 5 seconds
check_mail:0
#
# where to find the 'xclip' binary - used to send a buffer
# to the X clipboard
#xclip:/usr/bin/xclip
#
# width of a TAB-character. in the VI editor this is, for
# example, 8. default in multitail is 4
tab_stop:8
#
# what program to start when the user presses a key
# ...:x:...  just that key
# ...:^x:... that key with control
bind:g:/usr/bin/pine
bind:^k:/bin/bash
bind:^l:/usr/bin/telnet
bind:^s:/bin/su
#
# enable things with the xterm title bar
# %f  changed file
# %h  hostname
# %l  system load
# %m  "New mail" or nothing
# %u  username
# %t  date + time
titlebar:%m %u@%h %f (%t) [%l]
#
# how timestrings will look when using '-ts'
line_ts_format:%Y/%m/%d %H:%M:%S
#
# where to find tail. this is used when you don't use the default tail (using
# turbotail for example)
# or your tail is located somewhere else
#tail:/usr/bin/tail
# wether this tail only understands posix commands (=yes)
posix_tail:no
#
# use bright colors
#bright:1
#
# wether to abbreviate filesizes to xKB/MB/GB
abbreviate_filesize:on
#
# show number of subwindow?
show_subwindow_id:off
#
# attributes for the marker-line
markerline_color:red,black,reverse
#
# show timestamp in markerline?
markerline_timestamp:on
# whot character to print in the markerline
markerline_char:-
#
# attributes for the line that is printed when multitail switches subwindow
changeline_color:blue,white,bold/reverse
changeline_char:-
#
# line printed when nothing happens in a window for a while
idleline_color:yellow,black,bold/reverse
idleline_char:-
#
# line printed for multitail messages (regexp errors, file truncated, etc)
msgline_color:magenta,black,bold/reverse
msgline_char:-
#
# when converting to a timestring, use this format:
# (also for markerline)
ts_format:%b %d %H:%M:%S
#
# timestring format for conversions
cnv_ts_format:%b %d %H:%M:%S %Y
#
# timestring format for statusline
statusline_ts_format:%Y/%m/%d %H:%M:%S
#
# put statusline above the data instead below it?
statusline_above_data:no
#
# statusline attributes
statusline_attrs:white,black,reverse
#
# conversions
# note: the part you want to have replaced must be between '(' and ')'
# possible conversions:
#	ip4tohost:   an ip-address in 4 byte dotted format to a hostname
#	epochtodate: a value representing the number of seconds since 1970 to
#	             a time-string. format of the string can be set with
#	             "ts_format".
#	errnotostr:  an errno-value to the error message it represents
#	hextodec:    a hex-value into its decimal version
#	dectohex:    a decimal value into hexadecimal
#       tai64todate: converts a TAI64 string to a datestring (see http://cr.yp.to/libtai/tai64.html#tai64n for details)
#       script       this is a special case: it requires an extra parameter (before the regular expression): this parameter
#                    selects a script (perl, bash, as long as it is executable) which loops forever and then reads a line
#                    ending with \n, processes it and then emits the converted output also ending with \n (in 1 write!)
#                    Please note: when using perl, disable i/o buffering!
#       abbrtok:     abbreviates a value to KB/MB/GB
#       signrtostring: signal number to descriptive name
convert:apache:ip4tohost:^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})
convert:squid:epochtodate:^([0-9]*)
convert:squid:ip4tohost:^[^ ]* *[0-9]* *([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})
convert:asterisk:epochtodate:^([0-9]*).([0-9]*)
convert:nagios.log:epochtodate:^.([0-9]*). 
convert:qmailtimestr:tai64todate:^(@[^ ]*)
convert:geoip:script:/etc/multitail/convert-geoip.pl:([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})
#
# shell to invoke
shell:/bin/sh
#
# default scrollback linewrap mode
# default is yes (do wrap)
dsblwm:yes
#
# should a popup box be displayed when a window closes by itself?
warn_closed:yes
#
# allow 8 bit ascii? (e.g. umlauts etc.)
allow_8bit:yes
#
# beep, flash, popup or none when error?
beep_method:flash
# in case of beep_method:popup; how long to display the popup before it
# automatically disappears (in seconds)
beep_popup_length:0.1
#
# ^x instead of an inverse .
caret_notation:yes
#
# what umask to use when creating files
umask:0022
#
# how often to refresh popups (in case applicable)
popup_refresh_interval:5
#
# print a markerline when one merges multiple logfiles and tail changes
# from one logfile to an other
global_mark_change:no
# default settings for files selected with a regular expression(!)
default_mark_change:yes:/var/log/apache/.*
#
replace_by_markerline:-- MARK --
#
# what to buffer by default 'a'll or what went through the 'f'ilter
default_bufferwhat:f
#
# should searches be case insentive? press 'I' in the main menu to toggle at run-time
searches_case_insensitive:no
#
# default linewrap mode
# a: all
# l: left
# r: right
# s: syslog
# S: syslog w/o procname
# o: offset
# w: wordwrap
default_linewrap:a
#
# follow filename instead of descriptor?
follow_filename:yes
#
# filters (complete lines)
filterscheme:syslog:removes '----mark----' and such
rule:ev:---- MARK ----
# on what file(s) to use the filter by default
usefilterscheme:syslog:/var/log/messages
#
# edits (part of lines)
# the type (e.g. 'ke') is like the commandswitch -ke/-kS/-kr etc.
editscheme:syslog:removes '----'
editrule:ke:----
editrule:ke:make
# on what file(s) to use the filter by default
useeditscheme:syslog:/var/log/messages
#
# close windows when the end-of-file was reached?
close_closed_windows:yes
#
# should we skip empty lines? (the scrollback window always displays them)
suppress_empty_lines:yes
#
# how the splitline should look like
splitline_attrs:white,black,reverse
# can be attr (use attributes defined with splitline_attrs), regular (use statusline attributes), none (display none)
splitline:attributes
#
# what attributes to use when displaying things in reverse (-eC/-ec, highlight in main menu)
inverse:bold/reverse
#
# what key must the user press to abort an action? e.g. a menu or so
# this parameter expects an ascii-value
# e.g. control + a = 1
# escape = 27 - please note that you would have to press it twice
# ^g = 7
abort_key:7
# what key to press to exit multitail
# ^c = 3
exit_key:3
#
default_convert:apache:/var/log/apache/.*access
default_convert:apache:/var/log/lighttpd/.*access
default_convert:asterisk:/var/log/asterisk/messages
default_convert:squid:/var/log/squid/
default_convert:squid:/var/log/squid3/
default_convert:qmailtimestr:/var/log/qmail/qmail.smtpd.log
#
# when a buffer (for scrollback) gets too full, some lines must be freed (unless one sets the buffersize to unlimited)
# with this parameter one can set the minimum lines to free. this parameter is implemented for efficiency as with a
# 1MB buffer buffer management starts to use quit a bit of processortime
min_shrink:10
#
# when scrolling or searching through the logging, show (sub-)window-nrs? (toggle with ^t)
# press 't' to see a list of window-nrs and what's displayed in them
scrollback_show_winnrs:no
#
# for word-wrap: what is the max length of a word which should still be wrapped
wordwrapmaxlength:31
#
# for searches, multitail can remeber a history which can be retrieved with ^r or cursorkey down in places where
# you can enter searchstrings
# set 'history_size' to 0 to disable this feature
searchhistory_file:~/.multitail.searchhistory
# how many strings to remember
searchhistory_size:15
#
# like searchhistory only for filenames, pathnames and commands
cmdfile_history_file:~/.multitail.cmdfilehistory
cmdfile_history_size:30
#
# default background color
# comment this line to use the default terminal color
#default_background_color:black
#
# in search-fields: give an empty edit-field or the previously used search string
reuse_searchstring:no
#
# how many initial lines to tail at least initially (if available)
min_n_bufferlines:50
#
# what characters to use for the borders around popups and such
# comment-out to use defaults
#box_bottom_left_hand_corner:+
#box_bottom_right_hand_corner:+
#box_bottom_side:-
#box_left_side:|
#box_right_side:|
#box_top_left_hand_corner:+
#box_top_right_hand_corner:+
#box_top_side:-
#
# text to put in front of line with window-number
window_number:[%02d]
subwindow_number:[%02d]
#
# parameters for --limit / --Limit
# format of timestamp in logging
syslog_ts_format:%Y/%m/%d %H:%M:%S
# show ip addresses or hostnames?
resolv_ip_addresses:yes
# show severity/facility? not shown in regular syslogd
show_severity_facility:yes
#
# suppress colors in the scollback window? this speeds up scrolling a little
scrollback_no_colors:no
#
# when you search in the scrollback: open new window with found strings (= on)
# or jump to the next found (= off)
scrollback_search_new_window:yes
#
# set to (yes) to map delete key as backspace key.
# this is useful if you are using mac
map_delete_as_backspace:no