# $Id$
#
# Configuration for swatch on Mac OS X: Jeremy's laptop, which has
# various custom things are code installed.

perlcode my $re_timestamp = qr/ (?:[0-5]\d|60) : (?:[0-5]\d|60) : (?:[0-5]\d|60) /x;
perlcode my $re_shortmonth = qr/ (?:Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) /x;

# leading data
perlcode my $re_syslogdate = qr/ $re_shortmonth (?:\s\s\d|\s\d\d) \s $re_timestamp /x;
perlcode my $re_isodate  = qr/ \d\d\d\d-\d\d-\d\d T $re_timestamp - \d{4} /x;
perlcode my $re_facpri   = qr/ < [^.]+ \. [^>]+ > /x;
perlcode my $re_hostname = qr/ [\w.-]{4,256} /x;

# map to date being actually used to easily change logfile timestamp format
perlcode my $re_date     = $re_isodate;
perlcode my $re_prefix   = "^$re_date $re_facpri $re_hostname";

# misc. common matches
perlcode my $re_pid      = qr/ \[ \d{1,6} \] /x;
perlcode my $re_pidopt   = qr/ (?: $re_pid )? /x;

perlcode my $re_username = qr/ \w{1,32} /x;

perlcode my $re_filepath = qr{ [/\w .-]+ }x;

ignore /$re_prefix logtest$re_pid: syslog restart test/
ignore /$re_prefix logtest$re_pid: logging enabled test/

ignore /^$re_date <[^.]+\.info> $re_hostname freshclam$re_pid: /

ignore /^$re_date <cron\.(?:debug|info)> $re_hostname (?:CRON|crontab)$re_pid: /
#ignore /$re_prefix CRON$re_pid: \($re_username\) CMD \(\/usr\/libexec\/atrun\)/
#ignore /$re_prefix CRON$re_pid: \($re_username\) CMD \(periodic daily\)/

ignore /$re_prefix (?:kadmin(?:\.local)|kdb5_util)$re_pid: No dictionary file specified, continuing without one\./

# Mac OS X things...

ignore /$re_prefix mach_init$re_pid: Server \d+ in bootstrap \w+ uid 0: /

# ipfw
ignore /$re_prefix kernel: IP(?:v6)? packet filtering initialized/
ignore /$re_prefix kernel: IP firewall loaded/
ignore /$re_prefix kernel: ipfw: \d+ (?:Deny|Reset|Unreach) (?:ICMP|TCP|UDP).+in via en\d/
# outbound ping
ignore /$re_prefix kernel: ipfw: \d+ Accept ICMP:8\.0 .+out via en\d$/
# TODO what are these? 
ignore /$re_prefix kernel: ipfw: \d+ Unreach UDP .+:192 out via en\d$/
ignore /$re_prefix kernel: ipfw: \d+ Accept ICMP:3\.3.+out via en\d$/
# IGMP?? why...
ignore /$re_prefix kernel: ipfw: \d+ Deny P:2 .+out via en\d$/

# outgoing mDNS
ignore /$re_prefix kernel: ipfw: \d+ Deny UDP .+:5353 out via en\d$/

# grrr, lots of this sort of noise
ignore /$re_prefix kernel: \w{3} .+ root\(rcbuilder\):RELEASE_PPC\//
ignore /$re_prefix kernel: \d+ prelinked modules/
ignore /$re_prefix kernel: Copyright \(c\) /
ignore /$re_prefix kernel: \s+The Regents of the University of California/
ignore /$re_prefix kernel: System (?:Sleep|Wake)/
ignore /$re_prefix kernel: Wake event /
ignore /$re_prefix kernel: AppleNMI (?:un)?mask NMI/
ignore /$re_prefix kernel: AirPortFirmware: start Sta f\/w download/
ignore /$re_prefix kernel: ADB present/
ignore /$re_prefix kernel: ApplePMUUserClient::setProperties WakeOnACchange [01]/
ignore /$re_prefix kernel: UniNEnet::monitorLinkStatus - Link is (?:down|up)/
ignore /$re_prefix kernel: standard timeslicing quantum is \d+/

ignore /$re_prefix kernel: vm_page_bootstrap: \d+ free pages/
ignore /$re_prefix kernel: using \d+ buffer headers and \d+ cluster IO buffer headers/
ignore /$re_prefix kernel: mig_table_max_displ/
ignore /$re_prefix kernel: IOKit Component Version \d/
ignore /$re_prefix kernel: IOPCCard info/
ignore /$re_prefix kernel: Local FireWire GUID = /
ignore /$re_prefix kernel: Security auditing service present/
ignore /$re_prefix kernel: BSM auditing present/
ignore /$re_prefix kernel: From path: /
ignore /$re_prefix kernel: Got boot device /
ignore /$re_prefix kernel: BSD root: /
ignore /$re_prefix kernel: Jettisoning kernel linker/
ignore /$re_prefix kernel: Resetting IOCatalogue/
ignore /$re_prefix kernel: Matching service count /
ignore /$re_prefix kernel: AppleRS232Serial: /
ignore /$re_prefix kernel: obtaining ID/
ignore /$re_prefix kernel: from Registry/
ignore /$re_prefix kernel: UniNEnet: Ethernet address/
ignore /$re_prefix kernel: AirPortDriver: Ethernet address/
ignore /$re_prefix kernel: IOFireWireIP: FireWire address/
ignore /$re_prefix kernel: IOATAController device blocking bus/
ignore /$re_prefix kernel: resize: max chain len \d+, new table size \d+/

# logs for video card in my laptop?
ignore /$re_prefix kernel: ATIRage128: using AGP/
ignore /$re_prefix kernel: ATY,RageM3p12/

ignore /$re_prefix kernel: IOAudioStream.+(?:Error: attempting to clip|adjusting clipped position)/

ignore /$re_prefix loginwindow$re_pid: Sent launch request message to DirectoryService mach_init port/

# cupsd logs?
ignore /$re_prefix \S+: kCGErrorFailure : PSContext: colorspaces should be resolved before calling PSColorSpaceDefine/

ignore /^$re_date <daemon\.(?:debug|info|notice)> $re_hostname automount$re_pid:/
ignore /^$re_date <daemon\.err> $re_hostname automount$re_pid: (?:logout notification received|requesting logout processing|handle_deferred_requests: user logged out)/
# wtf is a version notification doing under the error priority??
ignore /^$re_date <daemon\.err> $re_hostname automount$re_pid: automount version /

# the "e" facility is where syslog-ng without patching calls the custom
# OS X facility of LOG_INSTALL (see sys/syslog.h)
ignore /^$re_date <e\.(?:debug|info|notice)> /

# crap from various apps
ignore /$re_prefix $re_filepath\.app\/Contents\/MacOS\//
ignore /$re_prefix .+\/BBEdit\.app\/Contents\/MacOS\/BBEdit: LaunchApplication\(.+\/Grammarian\.component\/Contents\/SharedSupport\/GrammarianServer\.app\)/
ignore /$re_prefix Capture\.app\/Contents\/MacOS\/Image Capture/

ignore /$re_prefix configd$re_pid: loading com\.apple\./
ignore /$re_prefix configd$re_pid: Starting kicker for /
ignore /$re_prefix configd$re_pid: executing $re_filepath/
ignore /$re_prefix configd$re_pid: loading com\.unsanity\.apeconfig/
ignore /$re_prefix configd$re_pid: target=set-hostname: exit status = 0/

ignore /$re_prefix ConsoleMessage$re_pidopt: (?:Starting|Initializing|Checking|Loading|Configuring|Updating|Waiting) /
ignore /$re_prefix DirectoryService$re_pid: Launched version /
ignore /$re_prefix enable-network$re_pid: process network configuration change/
ignore /$re_prefix diskarbitrationd$re_pid: disk\w+/
ignore /$re_prefix kextd$re_pid: registering service "com\.apple\./
ignore /$re_prefix lookupd$re_pid: lookupd \([^)]+\) starting/
ignore /^$re_date <[^.]+\.(?:debug|info|notice)> $re_hostname lookupd$re_pid: /
ignore /$re_prefix notifyd$re_pid: notifyd started/
ignore /$re_prefix SystemStarter: Welcome to Macintosh/
ignore /$re_prefix SystemStarter: (?:Starting|Initializing|Checking|Loading|Configuring|Updating|Waiting) /
ignore /$re_prefix SystemStarter: The "HasShadow" window property is obsolete\. Use CGSSetWindowShadowAndRimParameters/

ignore /$re_prefix init: kernel security level changed from 0 to 1/
ignore /$re_prefix com\.apple\.SecurityServer: Entering service/

# I block multicast DNS from getting out with firewall, so it tends to
# complain to syslog
ignore /$re_prefix mDNSResponder$re_pid: /

ignore /$re_prefix set-hostname$re_pid: setting hostname to $re_hostname/

# lots of crap from this, do not care!
ignore /$re_prefix \/usr\/libexec\/fix_prebinding: /
ignore /$re_prefix \/usr\/bin\/update_prebinding: /
ignore /$re_prefix update_prebinding: /


ignore /^$re_date <[^.]+\.(?:debug|info|notice)> $re_hostname named$re_pid: /

ignore /^$re_date <[^.]+\.(?:debug|info|notice)> $re_hostname (?:ntpdate|ntpd)$re_pid/

ignore /^$re_date <[^.]+\.(?:debug|info)> $re_hostname postgres$re_pid: /
ignore /$re_prefix postgres$re_pid: .+(?i)lock file "$re_filepath" already exists/
ignore /$re_prefix postgres$re_pid: .+(?i)Is another postmaster /

ignore /^$re_date <[^.]+\.info> $re_hostname (?:sendmail|sm-mta|sm-msa)$re_pid: /
ignore /$re_prefix sm-makefile$re_pid: rebuilding (?:\w+\.cf|mapped files) in /
ignore /$re_prefix (?:sendmail|sm-mta|sm-msa)$re_pid: My unqualified host name \($re_hostname\) unknown; sleeping for retry/

ignore /$re_prefix shutdown: (?:halt|reboot) by $re_username/

ignore /^$re_date <[^.]+\.(?:debug|info|notice)> $re_hostname squid$re_pid: /
ignore /$re_prefix squid$re_pid: Starting Squid Cache version /

ignore /$re_prefix (?:$re_filepath)?sudo:\s+jmates : /

ignore /$re_prefix syslog-ng$re_pid: syslog-ng version [\d.a-z]+ (?:starting|going down)/
ignore /$re_prefix syslog-ng$re_pid: STATS: dropped 0/
ignore /$re_prefix syslog-ng$re_pid: Connection broken to/
ignore /$re_prefix syslog-ng$re_pid: io\.c: .+Connection refused/
ignore /$re_prefix syslog-ng$re_pid: Error connecting to remote host/
ignore /$re_prefix syslog-ng$re_pid: new configuration initialized/
ignore /$re_prefix syslog-ng$re_pid: SIGHUP received, restarting syslog-ng/

ignore /^$re_date <[^.]+\.(?:debug|info|notice)> $re_hostname xinetd$re_pid: /
ignore /$re_prefix xinetd$re_pid:.+no services\. Exiting\.\.\./

watchfor /./
  echo