annotate regexes.yaml @ 33:0faebb0b0fa4

update to kibana 3, logstash 1.2.1, es 0.90.5
author Carl Byington <carl@five-ten-sg.com>
date Mon, 23 Sep 2013 11:50:21 -0700
parents f2691b83bafa
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
30
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
1 user_agent_parsers:
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
2 #### SPECIAL CASES TOP ####
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
3
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
4 # must go before Firefox to catch SeaMonkey/Camino
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
5 - regex: '(SeaMonkey|Camino)/(\d+)\.(\d+)\.?([ab]?\d+[a-z]*)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
6
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
7 # Firefox
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
8 - regex: '(Pale[Mm]oon)/(\d+)\.(\d+)\.?(\d+)?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
9 family_replacement: 'Pale Moon (Firefox Variant)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
10 - regex: '(Fennec)/(\d+)\.(\d+)\.?([ab]?\d+[a-z]*)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
11 family_replacement: 'Firefox Mobile'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
12 - regex: '(Fennec)/(\d+)\.(\d+)(pre)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
13 family_replacement: 'Firefox Mobile'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
14 - regex: '(Fennec)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
15 family_replacement: 'Firefox Mobile'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
16 - regex: 'Mobile.*(Firefox)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
17 family_replacement: 'Firefox Mobile'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
18 - regex: '(Namoroka|Shiretoko|Minefield)/(\d+)\.(\d+)\.(\d+(?:pre)?)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
19 family_replacement: 'Firefox ($1)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
20 - regex: '(Firefox)/(\d+)\.(\d+)(a\d+[a-z]*)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
21 family_replacement: 'Firefox Alpha'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
22 - regex: '(Firefox)/(\d+)\.(\d+)(b\d+[a-z]*)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
23 family_replacement: 'Firefox Beta'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
24 - regex: '(Firefox)-(?:\d+\.\d+)?/(\d+)\.(\d+)(a\d+[a-z]*)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
25 family_replacement: 'Firefox Alpha'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
26 - regex: '(Firefox)-(?:\d+\.\d+)?/(\d+)\.(\d+)(b\d+[a-z]*)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
27 family_replacement: 'Firefox Beta'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
28 - regex: '(Namoroka|Shiretoko|Minefield)/(\d+)\.(\d+)([ab]\d+[a-z]*)?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
29 family_replacement: 'Firefox ($1)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
30 - regex: '(Firefox).*Tablet browser (\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
31 family_replacement: 'MicroB'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
32 - regex: '(MozillaDeveloperPreview)/(\d+)\.(\d+)([ab]\d+[a-z]*)?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
33
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
34 # e.g.: Flock/2.0b2
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
35 - regex: '(Flock)/(\d+)\.(\d+)(b\d+?)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
36
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
37 # RockMelt
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
38 - regex: '(RockMelt)/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
39
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
40 # e.g.: Fennec/0.9pre
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
41 - regex: '(Navigator)/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
42 family_replacement: 'Netscape'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
43
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
44 - regex: '(Navigator)/(\d+)\.(\d+)([ab]\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
45 family_replacement: 'Netscape'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
46
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
47 - regex: '(Netscape6)/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
48 family_replacement: 'Netscape'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
49
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
50 - regex: '(MyIBrow)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
51 family_replacement: 'My Internet Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
52
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
53 # Opera will stop at 9.80 and hide the real version in the Version string.
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
54 # see: http://dev.opera.com/articles/view/opera-ua-string-changes/
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
55 - regex: '(Opera Tablet).*Version/(\d+)\.(\d+)(?:\.(\d+))?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
56 - regex: '(Opera)/.+Opera Mobi.+Version/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
57 family_replacement: 'Opera Mobile'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
58 - regex: 'Opera Mobi'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
59 family_replacement: 'Opera Mobile'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
60 - regex: '(Opera Mini)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
61 - regex: '(Opera Mini)/att/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
62 - regex: '(Opera)/9.80.*Version/(\d+)\.(\d+)(?:\.(\d+))?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
63
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
64 # Opera 14 for Android uses a WebKit render engine.
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
65 - regex: '(?:Mobile Safari).*(OPR)/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
66 family_replacement: 'Opera Mobile'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
67
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
68 # Palm WebOS looks a lot like Safari.
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
69 - regex: '(hpw|web)OS/(\d+)\.(\d+)(?:\.(\d+))?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
70 family_replacement: 'webOS Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
71
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
72 # LuaKit has no version info.
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
73 # http://luakit.org/projects/luakit/
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
74 - regex: '(luakit)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
75 family_replacement: 'LuaKit'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
76
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
77 # Snowshoe
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
78 - regex: '(Snowshoe)/(\d+)\.(\d+).(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
79
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
80 # Lightning (for Thunderbird)
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
81 # http://www.mozilla.org/projects/calendar/lightning/
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
82 - regex: '(Lightning)/(\d+)\.(\d+)([ab]?\d+[a-z]*)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
83
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
84 # Swiftfox
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
85 - regex: '(Firefox)/(\d+)\.(\d+)\.(\d+(?:pre)?) \(Swiftfox\)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
86 family_replacement: 'Swiftfox'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
87 - regex: '(Firefox)/(\d+)\.(\d+)([ab]\d+[a-z]*)? \(Swiftfox\)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
88 family_replacement: 'Swiftfox'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
89
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
90 # Rekonq
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
91 - regex: '(rekonq)/(\d+)\.(\d+) Safari'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
92 family_replacement: 'Rekonq'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
93 - regex: 'rekonq'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
94 family_replacement: 'Rekonq'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
95
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
96 # Conkeror lowercase/uppercase
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
97 # http://conkeror.org/
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
98 - regex: '(conkeror|Conkeror)/(\d+)\.(\d+)\.?(\d+)?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
99 family_replacement: 'Conkeror'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
100
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
101 # catches lower case konqueror
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
102 - regex: '(konqueror)/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
103 family_replacement: 'Konqueror'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
104
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
105 - regex: '(WeTab)-Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
106
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
107 - regex: '(Comodo_Dragon)/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
108 family_replacement: 'Comodo Dragon'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
109
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
110 # Bots
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
111 - regex: '(YottaaMonitor|BrowserMob|HttpMonitor|YandexBot|Slurp|BingPreview|PagePeeker|ThumbShotsBot|WebThumb|URL2PNG|ZooShot|GomezA|Catchpoint bot|Willow Internet Crawler|Google SketchUp|Read%20Later)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
112
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
113 - regex: '(Symphony) (\d+).(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
114
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
115 - regex: '(Minimo)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
116
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
117 # Chrome Mobile
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
118 - regex: '(CrMo)/(\d+)\.(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
119 family_replacement: 'Chrome Mobile'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
120 - regex: '(CriOS)/(\d+)\.(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
121 family_replacement: 'Chrome Mobile iOS'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
122 - regex: '(Chrome)/(\d+)\.(\d+)\.(\d+)\.(\d+) Mobile'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
123 family_replacement: 'Chrome Mobile'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
124
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
125 # Chrome Frame must come before MSIE.
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
126 - regex: '(chromeframe)/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
127 family_replacement: 'Chrome Frame'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
128
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
129 # UC Browser
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
130 - regex: '(UCBrowser)[ /](\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
131 family_replacement: 'UC Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
132 - regex: '(UC Browser)[ /](\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
133 - regex: '(UC Browser|UCBrowser|UCWEB)(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
134 family_replacement: 'UC Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
135
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
136 # Tizen Browser (second case included in browser/major.minor regex)
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
137 - regex: '(SLP Browser)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
138 family_replacement: 'Tizen Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
139
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
140 # Epiphany browser (identifies as Chromium)
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
141 - regex: '(Epiphany)/(\d+)\.(\d+).(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
142
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
143 # Sogou Explorer 2.X
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
144 - regex: '(SE 2\.X) MetaSr (\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
145 family_replacement: 'Sogou Explorer'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
146
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
147 # Baidu Browsers (desktop spoofs chrome & IE, explorer is mobile)
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
148 - regex: '(baidubrowser)[/\s](\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
149 family_replacement: 'Baidu Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
150 - regex: '(FlyFlow)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
151 family_replacement: 'Baidu Explorer'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
152
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
153 # Pingdom
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
154 - regex: '(Pingdom.com_bot_version_)(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
155 family_replacement: 'PingdomBot'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
156
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
157 # Facebook
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
158 - regex: '(facebookexternalhit)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
159 family_replacement: 'FacebookBot'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
160
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
161 # Twitterbot
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
162 - regex: '(Twitterbot)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
163 family_replacement: 'TwitterBot'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
164
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
165 # Rackspace Monitoring
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
166 - regex: '(Rackspace Monitoring)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
167 family_replacement: 'RackspaceBot'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
168
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
169 # PyAMF
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
170 - regex: '(PyAMF)/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
171
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
172 # Yandex Browser
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
173 - regex: '(YaBrowser)/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
174 family_replacement: 'Yandex Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
175
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
176 # Mail.ru Amigo/Internet Browser (Chromium-based)
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
177 - regex: '(Chrome)/(\d+)\.(\d+)\.(\d+).* MRCHROME'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
178 family_replacement: 'Mail.ru Chromium Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
179
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
180 #### END SPECIAL CASES TOP ####
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
181
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
182 #### MAIN CASES - this catches > 50% of all browsers ####
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
183
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
184 # Browser/major_version.minor_version.beta_version
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
185 - regex: '(AdobeAIR|Chromium|FireWeb|Jasmine|ANTGalio|Midori|Fresco|Lobo|PaleMoon|Maxthon|Lynx|OmniWeb|Dillo|Camino|Demeter|Fluid|Fennec|Shiira|Sunrise|Chrome|Flock|Netscape|Lunascape|WebPilot|Vodafone|NetFront|Netfront|Konqueror|SeaMonkey|Kazehakase|Vienna|Iceape|Iceweasel|IceWeasel|Iron|K-Meleon|Sleipnir|Galeon|GranParadiso|Opera Mini|iCab|NetNewsWire|ThunderBrowse|Iris|UP\.Browser|Bunjalloo|Google Earth|Raven for Mac|Openwave)/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
186
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
187 # Browser/major_version.minor_version
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
188 - regex: '(Bolt|Jasmine|IceCat|Skyfire|Midori|Maxthon|Lynx|Arora|IBrowse|Dillo|Camino|Shiira|Fennec|Phoenix|Chrome|Flock|Netscape|Lunascape|Epiphany|WebPilot|Opera Mini|Opera|Vodafone|NetFront|Netfront|Konqueror|Googlebot|SeaMonkey|Kazehakase|Vienna|Iceape|Iceweasel|IceWeasel|Iron|K-Meleon|Sleipnir|Galeon|GranParadiso|iCab|NetNewsWire|Space Bison|Stainless|Orca|Dolfin|BOLT|Minimo|Tizen Browser|Polaris|Abrowser|Planetweb|ICE Browser)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
189
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
190 # Browser major_version.minor_version.beta_version (space instead of slash)
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
191 - regex: '(iRider|Crazy Browser|SkipStone|iCab|Lunascape|Sleipnir|Maemo Browser) (\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
192 # Browser major_version.minor_version (space instead of slash)
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
193 - regex: '(iCab|Lunascape|Opera|Android|Jasmine|Polaris) (\d+)\.(\d+)\.?(\d+)?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
194
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
195 # Kindle WebKit
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
196 - regex: '(Kindle)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
197
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
198 # weird android UAs
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
199 - regex: '(Android) Donut'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
200 v1_replacement: '1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
201 v2_replacement: '2'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
202
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
203 - regex: '(Android) Eclair'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
204 v1_replacement: '2'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
205 v2_replacement: '1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
206
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
207 - regex: '(Android) Froyo'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
208 v1_replacement: '2'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
209 v2_replacement: '2'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
210
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
211 - regex: '(Android) Gingerbread'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
212 v1_replacement: '2'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
213 v2_replacement: '3'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
214
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
215 - regex: '(Android) Honeycomb'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
216 v1_replacement: '3'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
217
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
218 # IE Mobile
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
219 - regex: '(IEMobile)[ /](\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
220 family_replacement: 'IE Mobile'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
221 # desktop mode
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
222 # http://www.anandtech.com/show/3982/windows-phone-7-review
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
223 - regex: '(MSIE) (\d+)\.(\d+).*XBLWP7'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
224 family_replacement: 'IE Large Screen'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
225
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
226 # AFTER THE EDGE CASES ABOVE!
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
227 - regex: '(Firefox)/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
228 - regex: '(Firefox)/(\d+)\.(\d+)(pre|[ab]\d+[a-z]*)?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
229
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
230 #### END MAIN CASES ####
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
231
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
232 #### SPECIAL CASES ####
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
233 - regex: '(Obigo)InternetBrowser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
234 - regex: '(Obigo)\-Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
235 - regex: '(Obigo|OBIGO)[^\d]*(\d+)(?:.(\d+))?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
236 family_replacement: 'Obigo'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
237
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
238 - regex: '(MAXTHON|Maxthon) (\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
239 family_replacement: 'Maxthon'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
240 - regex: '(Maxthon|MyIE2|Uzbl|Shiira)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
241 v1_replacement: '0'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
242
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
243 - regex: 'PLAYSTATION 3.+WebKit'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
244 family_replacement: 'NetFront NX'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
245 - regex: 'PLAYSTATION 3'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
246 family_replacement: 'NetFront'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
247 - regex: '(PlayStation Portable)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
248 family_replacement: 'NetFront'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
249 - regex: '(PlayStation Vita)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
250 family_replacement: 'NetFront NX'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
251
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
252 - regex: 'AppleWebKit.+ (NX)/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
253 family_replacement: 'NetFront NX'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
254 - regex: '(Nintendo 3DS)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
255 family_replacement: 'NetFront NX'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
256
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
257 - regex: '(BrowseX) \((\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
258
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
259 - regex: '(NCSA_Mosaic)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
260 family_replacement: 'NCSA Mosaic'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
261
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
262 # Polaris/d.d is above
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
263 - regex: '(POLARIS)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
264 family_replacement: 'Polaris'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
265 - regex: '(Embider)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
266 family_replacement: 'Polaris'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
267
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
268 - regex: '(BonEcho)/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
269 family_replacement: 'Bon Echo'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
270
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
271 - regex: 'M?QQBrowser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
272 family_replacement: 'QQ Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
273
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
274 - regex: '(iPod).+Version/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
275 family_replacement: 'Mobile Safari'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
276 - regex: '(iPod).*Version/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
277 family_replacement: 'Mobile Safari'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
278 - regex: '(iPhone).*Version/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
279 family_replacement: 'Mobile Safari'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
280 - regex: '(iPhone).*Version/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
281 family_replacement: 'Mobile Safari'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
282 - regex: '(iPad).*Version/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
283 family_replacement: 'Mobile Safari'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
284 - regex: '(iPad).*Version/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
285 family_replacement: 'Mobile Safari'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
286 - regex: '(iPod|iPhone|iPad);.*CPU.*OS (\d+)(?:_\d+)?_(\d+).*Mobile'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
287 family_replacement: 'Mobile Safari'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
288 - regex: '(iPod|iPhone|iPad)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
289 family_replacement: 'Mobile Safari'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
290
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
291 - regex: '(AvantGo) (\d+).(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
292
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
293 - regex: '(OneBrowser)/(\d+).(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
294 family_replacement: 'ONE Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
295
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
296 - regex: '(Avant)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
297 v1_replacement: '1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
298
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
299 # This is the Tesla Model S (see similar entry in device parsers)
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
300 - regex: '(QtCarBrowser)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
301 v1_replacement: '1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
302
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
303 - regex: '(iBrowser/Mini)(\d+).(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
304 family_replacement: 'iBrowser Mini'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
305 # nokia browsers
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
306 # based on: http://www.developer.nokia.com/Community/Wiki/User-Agent_headers_for_Nokia_devices
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
307 - regex: '^(Nokia)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
308 family_replacement: 'Nokia Services (WAP) Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
309 - regex: '(NokiaBrowser)/(\d+)\.(\d+).(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
310 family_replacement: 'Nokia Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
311 - regex: '(NokiaBrowser)/(\d+)\.(\d+).(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
312 family_replacement: 'Nokia Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
313 - regex: '(NokiaBrowser)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
314 family_replacement: 'Nokia Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
315 - regex: '(BrowserNG)/(\d+)\.(\d+).(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
316 family_replacement: 'Nokia Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
317 - regex: '(Series60)/5\.0'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
318 family_replacement: 'Nokia Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
319 v1_replacement: '7'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
320 v2_replacement: '0'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
321 - regex: '(Series60)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
322 family_replacement: 'Nokia OSS Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
323 - regex: '(S40OviBrowser)/(\d+)\.(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
324 family_replacement: 'Ovi Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
325 - regex: '(Nokia)[EN]?(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
326
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
327 # BlackBerry devices
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
328 - regex: '(BB10);'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
329 family_replacement: 'BlackBerry WebKit'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
330 - regex: '(PlayBook).+RIM Tablet OS (\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
331 family_replacement: 'BlackBerry WebKit'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
332 - regex: '(Black[bB]erry).+Version/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
333 family_replacement: 'BlackBerry WebKit'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
334 - regex: '(Black[bB]erry)\s?(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
335 family_replacement: 'BlackBerry'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
336
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
337 - regex: '(OmniWeb)/v(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
338
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
339 - regex: '(Blazer)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
340 family_replacement: 'Palm Blazer'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
341
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
342 - regex: '(Pre)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
343 family_replacement: 'Palm Pre'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
344
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
345 - regex: '(Links) \((\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
346
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
347 - regex: '(QtWeb) Internet Browser/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
348
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
349 #- regex: '\(iPad;.+(Version)/(\d+)\.(\d+)(?:\.(\d+))?.*Safari/'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
350 # family_replacement: 'iPad'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
351
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
352 # Amazon Silk, should go before Safari
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
353 - regex: '(Silk)/(\d+)\.(\d+)(?:\.([0-9\-]+))?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
354 family_replacement: 'Amazon Silk'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
355
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
356 # Phantomjs, should go before Safari
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
357 - regex: '(PhantomJS)/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
358
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
359 # WebKit Nightly
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
360 - regex: '(AppleWebKit)/(\d+)\.?(\d+)?\+ .* Safari'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
361 family_replacement: 'WebKit Nightly'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
362
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
363 # Safari
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
364 - regex: '(Version)/(\d+)\.(\d+)(?:\.(\d+))?.*Safari/'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
365 family_replacement: 'Safari'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
366 # Safari didn't provide "Version/d.d.d" prior to 3.0
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
367 - regex: '(Safari)/\d+'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
368
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
369 - regex: '(OLPC)/Update(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
370
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
371 - regex: '(OLPC)/Update()\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
372 v1_replacement: '0'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
373
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
374 - regex: '(SEMC\-Browser)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
375
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
376 - regex: '(Teleca)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
377 family_replacement: 'Teleca Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
378
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
379 - regex: '(Phantom)/V(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
380 family_replacement: 'Phantom Browser'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
381
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
382 - regex: '([MS]?IE) (\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
383 family_replacement: 'IE'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
384
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
385 - regex: '(python-requests)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
386 family_replacement: 'Python Requests'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
387
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
388 os_parsers:
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
389
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
390 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
391 # Android
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
392 # can actually detect rooted android os. do we care?
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
393 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
394 - regex: '(Android) (\d+)\.(\d+)(?:[.\-]([a-z0-9]+))?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
395 - regex: '(Android)\-(\d+)\.(\d+)(?:[.\-]([a-z0-9]+))?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
396
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
397 - regex: '(Android) Donut'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
398 os_v1_replacement: '1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
399 os_v2_replacement: '2'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
400
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
401 - regex: '(Android) Eclair'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
402 os_v1_replacement: '2'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
403 os_v2_replacement: '1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
404
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
405 - regex: '(Android) Froyo'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
406 os_v1_replacement: '2'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
407 os_v2_replacement: '2'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
408
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
409 - regex: '(Android) Gingerbread'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
410 os_v1_replacement: '2'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
411 os_v2_replacement: '3'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
412
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
413 - regex: '(Android) Honeycomb'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
414 os_v1_replacement: '3'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
415
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
416 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
417 # Kindle Android
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
418 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
419 - regex: '(Silk-Accelerated=[a-z]{4,5})'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
420 os_replacement: 'Android'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
421
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
422 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
423 # Windows
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
424 # http://en.wikipedia.org/wiki/Windows_NT#Releases
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
425 # possibility of false positive when different marketing names share same NT kernel
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
426 # e.g. windows server 2003 and windows xp
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
427 # lots of ua strings have Windows NT 4.1 !?!?!?!? !?!? !? !????!?! !!! ??? !?!?! ?
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
428 # (very) roughly ordered in terms of frequency of occurence of regex (win xp currently most frequent, etc)
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
429 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
430
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
431 - regex: '(Windows (?:NT 5\.2|NT 5\.1))'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
432 os_replacement: 'Windows XP'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
433
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
434 # ie mobile des ktop mode
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
435 # spoofs nt 6.1. must come before windows 7
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
436 - regex: '(XBLWP7)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
437 os_replacement: 'Windows Phone'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
438
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
439 - regex: '(Windows NT 6\.1)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
440 os_replacement: 'Windows 7'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
441
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
442 - regex: '(Windows NT 6\.0)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
443 os_replacement: 'Windows Vista'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
444
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
445 - regex: '(Windows 98|Windows XP|Windows ME|Windows 95|Windows CE|Windows 7|Windows NT 4\.0|Windows Vista|Windows 2000|Windows 3.1)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
446
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
447 - regex: '(Windows NT 6\.2; ARM;)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
448 os_replacement: 'Windows RT'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
449
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
450 # is this a spoof or is nt 6.2 out and about in some capacity?
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
451 - regex: '(Windows NT 6\.2)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
452 os_replacement: 'Windows 8'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
453
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
454 - regex: '(Windows NT 5\.0)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
455 os_replacement: 'Windows 2000'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
456
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
457 - regex: '(Windows Phone) (\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
458 - regex: '(Windows Phone) OS (\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
459 - regex: '(Windows ?Mobile)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
460 os_replacement: 'Windows Mobile'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
461
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
462 - regex: '(WinNT4.0)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
463 os_replacement: 'Windows NT 4.0'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
464
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
465 - regex: '(Win98)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
466 os_replacement: 'Windows 98'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
467
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
468 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
469 # Tizen OS from Samsung
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
470 # spoofs Android so pushing it above
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
471 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
472 - regex: '(Tizen)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
473
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
474 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
475 # Mac OS
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
476 # http://en.wikipedia.org/wiki/Mac_OS_X#Versions
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
477 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
478 - regex: '(Mac OS X) (\d+)[_.](\d+)(?:[_.](\d+))?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
479
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
480 # IE on Mac doesn't specify version number
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
481 - regex: 'Mac_PowerPC'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
482 os_replacement: 'Mac OS'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
483
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
484 # builds before tiger don't seem to specify version?
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
485
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
486 # ios devices spoof (mac os x), so including intel/ppc prefixes
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
487 - regex: '(?:PPC|Intel) (Mac OS X)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
488
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
489 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
490 # iOS
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
491 # http://en.wikipedia.org/wiki/IOS_version_history
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
492 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
493 - regex: '(CPU OS|iPhone OS) (\d+)_(\d+)(?:_(\d+))?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
494 os_replacement: 'iOS'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
495
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
496 # remaining cases are mostly only opera uas, so catch opera as to not catch iphone spoofs
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
497 - regex: '(iPhone|iPad|iPod); Opera'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
498 os_replacement: 'iOS'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
499
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
500 # few more stragglers
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
501 - regex: '(iPhone|iPad|iPod).*Mac OS X.*Version/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
502 os_replacement: 'iOS'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
503
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
504 - regex: '(AppleTV)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
505 os_replacement: 'ATV OS X'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
506 os_v1_replacement: '$1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
507 os_v2_replacement: '$2'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
508
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
509 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
510 # Chrome OS
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
511 # if version 0.0.0, probably this stuff:
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
512 # http://code.google.com/p/chromium-os/issues/detail?id=11573
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
513 # http://code.google.com/p/chromium-os/issues/detail?id=13790
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
514 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
515 - regex: '(CrOS) [a-z0-9_]+ (\d+)\.(\d+)(?:\.(\d+))?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
516 os_replacement: 'Chrome OS'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
517
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
518 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
519 # Linux distros
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
520 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
521 - regex: '(Debian)-(\d+)\.(\d+)\.(\d+)(?:\.(\d+))?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
522 - regex: '(Linux Mint)(?:/(\d+))?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
523 - regex: '(Mandriva)(?: Linux)?/(\d+)\.(\d+)\.(\d+)(?:\.(\d+))?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
524
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
525 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
526 # Symbian + Symbian OS
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
527 # http://en.wikipedia.org/wiki/History_of_Symbian
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
528 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
529 - regex: '(Symbian[Oo][Ss])/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
530 os_replacement: 'Symbian OS'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
531 - regex: '(Symbian/3).+NokiaBrowser/7\.3'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
532 os_replacement: 'Symbian^3 Anna'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
533 - regex: '(Symbian/3).+NokiaBrowser/7\.4'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
534 os_replacement: 'Symbian^3 Belle'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
535 - regex: '(Symbian/3)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
536 os_replacement: 'Symbian^3'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
537 - regex: '(Series 60|SymbOS|S60)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
538 os_replacement: 'Symbian OS'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
539 - regex: '(MeeGo)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
540 - regex: 'Symbian [Oo][Ss]'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
541 os_replacement: 'Symbian OS'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
542 - regex: 'Series40;'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
543 os_replacement: 'Nokia Series 40'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
544
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
545 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
546 # BlackBerry devices
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
547 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
548 - regex: '(BB10);.+Version/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
549 os_replacement: 'BlackBerry OS'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
550 - regex: '(Black[Bb]erry)[0-9a-z]+/(\d+)\.(\d+)\.(\d+)(?:\.(\d+))?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
551 os_replacement: 'BlackBerry OS'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
552 - regex: '(Black[Bb]erry).+Version/(\d+)\.(\d+)\.(\d+)(?:\.(\d+))?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
553 os_replacement: 'BlackBerry OS'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
554 - regex: '(RIM Tablet OS) (\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
555 os_replacement: 'BlackBerry Tablet OS'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
556 - regex: '(Play[Bb]ook)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
557 os_replacement: 'BlackBerry Tablet OS'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
558 - regex: '(Black[Bb]erry)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
559 os_replacement: 'BlackBerry OS'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
560
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
561 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
562 # Firefox OS
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
563 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
564 - regex: '\(Mobile;.+Firefox/\d+\.\d+'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
565 os_replacement: 'Firefox OS'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
566
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
567 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
568 # BREW
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
569 # yes, Brew is lower-cased for Brew MP
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
570 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
571 - regex: '(BREW)[ /](\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
572 - regex: '(BREW);'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
573 - regex: '(Brew MP|BMP)[ /](\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
574 os_replacement: 'Brew MP'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
575 - regex: 'BMP;'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
576 os_replacement: 'Brew MP'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
577
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
578 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
579 # Google TV
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
580 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
581 - regex: '(GoogleTV) (\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
582 # Old style
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
583 - regex: '(GoogleTV)\/\d+'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
584
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
585 - regex: '(WebTV)/(\d+).(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
586
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
587 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
588 # Misc mobile
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
589 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
590 - regex: '(hpw|web)OS/(\d+)\.(\d+)(?:\.(\d+))?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
591 os_replacement: 'webOS'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
592 - regex: '(VRE);'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
593
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
594 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
595 # Generic patterns
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
596 # since the majority of os cases are very specific, these go last
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
597 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
598 # first.second.third.fourth bits
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
599 - regex: '(SUSE|Fedora|Red Hat|PCLinuxOS)/(\d+)\.(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
600
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
601 # first.second.third bits
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
602 - regex: '(SUSE|Fedora|Red Hat|Puppy|PCLinuxOS|CentOS)/(\d+)\.(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
603
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
604 # first.second bits
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
605 - regex: '(Ubuntu|Kindle|Bada|Lubuntu|BackTrack|Red Hat|Slackware)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
606
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
607 # just os
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
608 - regex: '(Windows|OpenBSD|FreeBSD|NetBSD|Ubuntu|Kubuntu|Android|Arch Linux|CentOS|WeTab|Slackware)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
609 - regex: '(Linux)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
610 - regex: '(Linux|BSD)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
611 - regex: 'SunOS'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
612 os_replacement: 'Solaris'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
613
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
614 device_parsers:
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
615 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
616 # incomplete!
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
617 # multiple replacement placeholds i.e. ($1) ($2) help solve problem of single device with multiple representations in ua
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
618 # e.g. HTC Dream S should parse to the same device as HTC_DreamS
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
619 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
620
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
621 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
622 # incomplete!
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
623 # HTC
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
624 # http://en.wikipedia.org/wiki/List_of_HTC_phones
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
625 # this is quickly getting unwieldy
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
626 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
627 # example: Mozilla/5.0 (Linux; U; Android 2.3.2; fr-fr; HTC HD2 Build/FRF91) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
628 - regex: 'HTC ([A-Z][a-z0-9]+) Build'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
629 device_replacement: 'HTC $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
630 # example: Mozilla/5.0 (Linux; U; Android 2.1; es-es; HTC Legend 1.23.161.1 Build/ERD79) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17,gzip
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
631 - regex: 'HTC ([A-Z][a-z0-9 ]+) \d+\.\d+\.\d+\.\d+'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
632 device_replacement: 'HTC $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
633 # example: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; HTC_Touch_Diamond2_T5353; Windows Phone 6.5.3.5)
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
634 - regex: 'HTC_Touch_([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
635 device_replacement: 'HTC Touch ($1)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
636 # should come after HTC_Touch
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
637 - regex: 'USCCHTC(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
638 device_replacement: 'HTC $1 (US Cellular)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
639 - regex: 'Sprint APA(9292)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
640 device_replacement: 'HTC $1 (Sprint)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
641 - regex: 'HTC ([A-Za-z0-9]+ [A-Z])'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
642 device_replacement: 'HTC $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
643 - regex: 'HTC[-_/\s]([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
644 device_replacement: 'HTC $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
645 - regex: '(ADR[A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
646 device_replacement: 'HTC $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
647 - regex: '(HTC)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
648
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
649 # Tesla Model S
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
650 - regex: '(QtCarBrowser)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
651 device_replacement: 'Tesla Model S'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
652
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
653 # Samsung
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
654 - regex: '(SamsungSGHi560)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
655 device_replacement: 'Samsung SGHi560'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
656
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
657 #########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
658 # Ericsson - must come before nokia since they also use symbian
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
659 #########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
660 - regex: 'SonyEricsson([A-Za-z0-9]+)/'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
661 device_replacement: 'Ericsson $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
662
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
663 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
664 # PlayStation
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
665 # The Vita spoofs the Kindle
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
666 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
667 - regex: 'PLAYSTATION 3'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
668 device_replacement: 'PlayStation 3'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
669 - regex: '(PlayStation Portable)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
670 - regex: '(PlayStation Vita)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
671
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
672 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
673 # incomplete!
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
674 # Kindle
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
675 # http://amazonsilk.wordpress.com/useful-bits/silk-user-agent/
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
676 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
677 - regex: '(KFOT Build)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
678 device_replacement: 'Kindle Fire'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
679 - regex: '(KFTT Build)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
680 device_replacement: 'Kindle Fire HD'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
681 - regex: '(KFJWI Build)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
682 device_replacement: 'Kindle Fire HD 8.9" WiFi'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
683 - regex: '(KFJWA Build)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
684 device_replacement: 'Kindle Fire HD 8.9" 4G'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
685 - regex: '(Kindle Fire)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
686 - regex: '(Kindle)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
687 - regex: '(Silk)/(\d+)\.(\d+)(?:\.([0-9\-]+))?'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
688 device_replacement: 'Kindle Fire'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
689
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
690 #########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
691 # Android General Device Matching (far from perfect)
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
692 #########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
693 - regex: 'Android[\- ][\d]+\.[\d]+; [A-Za-z]{2}\-[A-Za-z]{2}; WOWMobile (.+) Build'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
694 - regex: 'Android[\- ][\d]+\.[\d]+\-update1; [A-Za-z]{2}\-[A-Za-z]{2}; (.+) Build'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
695 - regex: 'Android[\- ][\d]+\.[\d]+\.[\d]+; [A-Za-z]{2}\-[A-Za-z]{2}; (.+) Build'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
696 - regex: 'Android[\- ][\d]+\.[\d]+\.[\d]+;[A-Za-z]{2}\-[A-Za-z]{2};(.+) Build'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
697 - regex: 'Android[\- ][\d]+\.[\d]+; [A-Za-z]{2}\-[A-Za-z]{2}; (.+) Build'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
698 - regex: 'Android[\- ][\d]+\.[\d]+\.[\d]+; (.+) Build'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
699 - regex: 'Android[\- ][\d]+\.[\d]+; (.+) Build'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
700
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
701 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
702 # NOKIA
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
703 # nokia NokiaN8-00 comes before iphone. sometimes spoofs iphone
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
704 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
705 - regex: 'NokiaN([0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
706 device_replacement: 'Nokia N$1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
707 - regex: 'NOKIA([A-Za-z0-9\v-]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
708 device_replacement: 'Nokia $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
709 - regex: 'Nokia([A-Za-z0-9\v-]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
710 device_replacement: 'Nokia $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
711 - regex: 'NOKIA ([A-Za-z0-9\-]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
712 device_replacement: 'Nokia $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
713 - regex: 'Nokia ([A-Za-z0-9\-]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
714 device_replacement: 'Nokia $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
715 - regex: 'Lumia ([A-Za-z0-9\-]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
716 device_replacement: 'Lumia $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
717 - regex: 'Symbian'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
718 device_replacement: 'Nokia'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
719
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
720 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
721 # BlackBerry
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
722 # http://www.useragentstring.com/pages/BlackBerry/
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
723 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
724 - regex: 'BB10; ([A-Za-z0-9\- ]+)\)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
725 device_replacement: 'BlackBerry $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
726 - regex: '(PlayBook).+RIM Tablet OS'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
727 device_replacement: 'BlackBerry Playbook'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
728 - regex: 'Black[Bb]erry ([0-9]+);'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
729 device_replacement: 'BlackBerry $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
730 - regex: 'Black[Bb]erry([0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
731 device_replacement: 'BlackBerry $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
732 - regex: 'Black[Bb]erry;'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
733 device_replacement: 'BlackBerry'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
734
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
735 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
736 # PALM / HP
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
737 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
738 # some palm devices must come before iphone. sometimes spoofs iphone in ua
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
739 - regex: '(Pre)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
740 device_replacement: 'Palm Pre'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
741 - regex: '(Pixi)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
742 device_replacement: 'Palm Pixi'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
743 - regex: '(Touch[Pp]ad)/(\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
744 device_replacement: 'HP TouchPad'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
745 - regex: 'HPiPAQ([A-Za-z0-9]+)/(\d+).(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
746 device_replacement: 'HP iPAQ $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
747 - regex: 'Palm([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
748 device_replacement: 'Palm $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
749 - regex: 'Treo([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
750 device_replacement: 'Palm Treo $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
751 - regex: 'webOS.*(P160UNA)/(\d+).(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
752 device_replacement: 'HP Veer'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
753
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
754 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
755 # AppleTV
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
756 # No built in browser that I can tell
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
757 # Stack Overflow indicated iTunes-AppleTV/4.1 as a known UA for app available and I'm seeing it in live traffic
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
758 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
759 - regex: '(AppleTV)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
760 device_replacement: 'AppleTV'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
761
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
762 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
763 # Catch the google mobile crawler before checking for iPhones.
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
764 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
765
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
766 - regex: 'AdsBot-Google-Mobile'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
767 device_replacement: 'Spider'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
768
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
769 - regex: 'Googlebot-Mobile/(\d+).(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
770 device_replacement: 'Spider'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
771
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
772 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
773 # complete but probably catches spoofs
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
774 # iSTUFF
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
775 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
776 # ipad and ipod must be parsed before iphone
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
777 # cannot determine specific device type from ua string. (3g, 3gs, 4, etc)
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
778 - regex: '(iPad) Simulator;'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
779 - regex: '(iPad);'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
780 - regex: '(iPod);'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
781 - regex: '(iPhone) Simulator;'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
782 - regex: '(iPhone);'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
783
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
784 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
785 # Acer
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
786 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
787 - regex: 'acer_([A-Za-z0-9]+)_'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
788 device_replacement: 'Acer $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
789 - regex: 'acer_([A-Za-z0-9]+)_'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
790 device_replacement: 'Acer $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
791
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
792 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
793 # Alcatel
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
794 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
795 - regex: 'ALCATEL-([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
796 device_replacement: 'Alcatel $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
797 - regex: 'Alcatel-([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
798 device_replacement: 'Alcatel $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
799
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
800 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
801 # Amoi
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
802 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
803 - regex: 'Amoi\-([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
804 device_replacement: 'Amoi $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
805 - regex: 'AMOI\-([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
806 device_replacement: 'Amoi $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
807
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
808 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
809 # Amoi
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
810 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
811 - regex: 'Asus\-([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
812 device_replacement: 'Asus $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
813 - regex: 'ASUS\-([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
814 device_replacement: 'Asus $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
815
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
816 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
817 # Bird
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
818 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
819 - regex: 'BIRD\-([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
820 device_replacement: 'Bird $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
821 - regex: 'BIRD\.([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
822 device_replacement: 'Bird $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
823 - regex: 'BIRD ([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
824 device_replacement: 'Bird $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
825
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
826 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
827 # Dell
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
828 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
829 - regex: 'Dell ([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
830 device_replacement: 'Dell $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
831
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
832 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
833 # DoCoMo
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
834 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
835 - regex: 'DoCoMo/2\.0 ([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
836 device_replacement: 'DoCoMo $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
837 - regex: '([A-Za-z0-9]+)_W\;FOMA'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
838 device_replacement: 'DoCoMo $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
839 - regex: '([A-Za-z0-9]+)\;FOMA'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
840 device_replacement: 'DoCoMo $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
841
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
842 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
843 # Huawei
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
844 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
845 - regex: 'Huawei([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
846 device_replacement: 'Huawei $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
847 - regex: 'HUAWEI-([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
848 device_replacement: 'Huawei $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
849 - regex: 'vodafone([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
850 device_replacement: 'Huawei Vodafone $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
851
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
852 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
853 # i-mate
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
854 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
855 - regex: 'i\-mate ([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
856 device_replacement: 'i-mate $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
857
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
858 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
859 # kyocera
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
860 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
861 - regex: 'Kyocera\-([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
862 device_replacement: 'Kyocera $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
863 - regex: 'KWC\-([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
864 device_replacement: 'Kyocera $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
865
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
866 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
867 # lenovo
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
868 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
869 - regex: 'Lenovo\-([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
870 device_replacement: 'Lenovo $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
871 - regex: 'Lenovo_([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
872 device_replacement: 'Lenovo $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
873
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
874 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
875 # lg
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
876 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
877 - regex: 'LG/([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
878 device_replacement: 'LG $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
879 - regex: 'LG-LG([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
880 device_replacement: 'LG $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
881 - regex: 'LGE-LG([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
882 device_replacement: 'LG $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
883 - regex: 'LGE VX([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
884 device_replacement: 'LG $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
885 - regex: 'LG ([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
886 device_replacement: 'LG $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
887 - regex: 'LGE LG\-AX([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
888 device_replacement: 'LG $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
889 - regex: 'LG\-([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
890 device_replacement: 'LG $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
891 - regex: 'LGE\-([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
892 device_replacement: 'LG $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
893 - regex: 'LG([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
894 device_replacement: 'LG $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
895
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
896 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
897 # kin
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
898 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
899 - regex: '(KIN)\.One (\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
900 device_replacement: 'Microsoft $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
901 - regex: '(KIN)\.Two (\d+)\.(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
902 device_replacement: 'Microsoft $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
903
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
904 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
905 # motorola
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
906 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
907 - regex: '(Motorola)\-([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
908 - regex: 'MOTO\-([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
909 device_replacement: 'Motorola $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
910 - regex: 'MOT\-([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
911 device_replacement: 'Motorola $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
912
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
913 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
914 # nintendo
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
915 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
916 - regex: '(Nintendo WiiU)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
917 device_replacement: 'Nintendo Wii U'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
918 - regex: 'Nintendo (DS|3DS|DSi|Wii);'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
919 device_replacement: 'Nintendo $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
920
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
921 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
922 # pantech
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
923 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
924 - regex: 'Pantech([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
925 device_replacement: 'Pantech $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
926
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
927 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
928 # philips
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
929 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
930 - regex: 'Philips([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
931 device_replacement: 'Philips $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
932 - regex: 'Philips ([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
933 device_replacement: 'Philips $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
934
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
935 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
936 # Samsung
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
937 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
938 - regex: 'SAMSUNG-([A-Za-z0-9\-]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
939 device_replacement: 'Samsung $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
940 - regex: 'SAMSUNG\; ([A-Za-z0-9\-]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
941 device_replacement: 'Samsung $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
942
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
943 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
944 # Sega
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
945 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
946 - regex: 'Dreamcast'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
947 device_replacement: 'Sega Dreamcast'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
948
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
949 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
950 # Softbank
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
951 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
952 - regex: 'Softbank/1\.0/([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
953 device_replacement: 'Softbank $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
954 - regex: 'Softbank/2\.0/([A-Za-z0-9]+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
955 device_replacement: 'Softbank $1'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
956
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
957 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
958 # WebTV
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
959 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
960 - regex: '(WebTV)/(\d+).(\d+)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
961
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
962 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
963 # Generic Smart Phone
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
964 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
965 - regex: '(hiptop|avantgo|plucker|xiino|blazer|elaine|up.browser|up.link|mmp|smartphone|midp|wap|vodafone|o2|pocket|mobile|pda)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
966 device_replacement: "Generic Smartphone"
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
967
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
968 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
969 # Generic Feature Phone
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
970 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
971 - regex: '^(1207|3gso|4thp|501i|502i|503i|504i|505i|506i|6310|6590|770s|802s|a wa|acer|acs\-|airn|alav|asus|attw|au\-m|aur |aus |abac|acoo|aiko|alco|alca|amoi|anex|anny|anyw|aptu|arch|argo|bell|bird|bw\-n|bw\-u|beck|benq|bilb|blac|c55/|cdm\-|chtm|capi|comp|cond|craw|dall|dbte|dc\-s|dica|ds\-d|ds12|dait|devi|dmob|doco|dopo|el49|erk0|esl8|ez40|ez60|ez70|ezos|ezze|elai|emul|eric|ezwa|fake|fly\-|fly_|g\-mo|g1 u|g560|gf\-5|grun|gene|go.w|good|grad|hcit|hd\-m|hd\-p|hd\-t|hei\-|hp i|hpip|hs\-c|htc |htc\-|htca|htcg)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
972 device_replacement: 'Generic Feature Phone'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
973 - regex: '^(htcp|htcs|htct|htc_|haie|hita|huaw|hutc|i\-20|i\-go|i\-ma|i230|iac|iac\-|iac/|ig01|im1k|inno|iris|jata|java|kddi|kgt|kgt/|kpt |kwc\-|klon|lexi|lg g|lg\-a|lg\-b|lg\-c|lg\-d|lg\-f|lg\-g|lg\-k|lg\-l|lg\-m|lg\-o|lg\-p|lg\-s|lg\-t|lg\-u|lg\-w|lg/k|lg/l|lg/u|lg50|lg54|lge\-|lge/|lynx|leno|m1\-w|m3ga|m50/|maui|mc01|mc21|mcca|medi|meri|mio8|mioa|mo01|mo02|mode|modo|mot |mot\-|mt50|mtp1|mtv |mate|maxo|merc|mits|mobi|motv|mozz|n100|n101|n102|n202|n203|n300|n302|n500|n502|n505|n700|n701|n710|nec\-|nem\-|newg|neon)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
974 device_replacement: 'Generic Feature Phone'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
975 - regex: '^(netf|noki|nzph|o2 x|o2\-x|opwv|owg1|opti|oran|ot\-s|p800|pand|pg\-1|pg\-2|pg\-3|pg\-6|pg\-8|pg\-c|pg13|phil|pn\-2|pt\-g|palm|pana|pire|pock|pose|psio|qa\-a|qc\-2|qc\-3|qc\-5|qc\-7|qc07|qc12|qc21|qc32|qc60|qci\-|qwap|qtek|r380|r600|raks|rim9|rove|s55/|sage|sams|sc01|sch\-|scp\-|sdk/|se47|sec\-|sec0|sec1|semc|sgh\-|shar|sie\-|sk\-0|sl45|slid|smb3|smt5|sp01|sph\-|spv |spv\-|sy01|samm|sany|sava|scoo|send|siem|smar|smit|soft|sony|t\-mo|t218|t250|t600|t610|t618|tcl\-|tdg\-|telm|tim\-|ts70|tsm\-|tsm3|tsm5|tx\-9|tagt)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
976 device_replacement: 'Generic Feature Phone'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
977 - regex: '^(talk|teli|topl|tosh|up.b|upg1|utst|v400|v750|veri|vk\-v|vk40|vk50|vk52|vk53|vm40|vx98|virg|vite|voda|vulc|w3c |w3c\-|wapj|wapp|wapu|wapm|wig |wapi|wapr|wapv|wapy|wapa|waps|wapt|winc|winw|wonu|x700|xda2|xdag|yas\-|your|zte\-|zeto|aste|audi|avan|blaz|brew|brvw|bumb|ccwa|cell|cldc|cmd\-|dang|eml2|fetc|hipt|http|ibro|idea|ikom|ipaq|jbro|jemu|jigs|keji|kyoc|kyok|libw|m\-cr|midp|mmef|moto|mwbp|mywa|newt|nok6|o2im|pant|pdxg|play|pluc|port|prox|rozo|sama|seri|smal|symb|treo|upsi|vx52|vx53|vx60|vx61|vx70|vx80|vx81|vx83|vx85|wap\-|webc|whit|wmlb|xda\-|xda_)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
978 device_replacement: 'Generic Feature Phone'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
979
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
980 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
981 # Spiders (this is hack...)
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
982 ##########
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
983 - regex: '(bot|borg|google(^tv)|yahoo|slurp|msnbot|msrbot|openbot|archiver|netresearch|lycos|scooter|altavista|teoma|gigabot|baiduspider|blitzbot|oegp|charlotte|furlbot|http%20client|polybot|htdig|ichiro|mogimogi|larbin|pompos|scrubby|searchsight|seekbot|semanticdiscovery|silk|snappy|speedy|spider|voila|vortex|voyager|zao|zeal|fast\-webcrawler|converacrawler|dataparksearch|findlinks|crawler)'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
984 device_replacement: 'Spider'
f2691b83bafa update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
985