Mercurial > logstash
annotate regexes.yaml @ 33:0faebb0b0fa4
update to kibana 3, logstash 1.2.1, es 0.90.5
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Mon, 23 Sep 2013 11:50:21 -0700 |
parents | f2691b83bafa |
children |
rev | line source |
---|---|
30
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
1 user_agent_parsers: |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
2 #### SPECIAL CASES TOP #### |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
3 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
4 # must go before Firefox to catch SeaMonkey/Camino |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
5 - regex: '(SeaMonkey|Camino)/(\d+)\.(\d+)\.?([ab]?\d+[a-z]*)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
6 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
7 # Firefox |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
8 - regex: '(Pale[Mm]oon)/(\d+)\.(\d+)\.?(\d+)?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
9 family_replacement: 'Pale Moon (Firefox Variant)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
10 - regex: '(Fennec)/(\d+)\.(\d+)\.?([ab]?\d+[a-z]*)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
11 family_replacement: 'Firefox Mobile' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
12 - regex: '(Fennec)/(\d+)\.(\d+)(pre)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
13 family_replacement: 'Firefox Mobile' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
14 - regex: '(Fennec)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
15 family_replacement: 'Firefox Mobile' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
16 - regex: 'Mobile.*(Firefox)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
17 family_replacement: 'Firefox Mobile' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
18 - regex: '(Namoroka|Shiretoko|Minefield)/(\d+)\.(\d+)\.(\d+(?:pre)?)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
19 family_replacement: 'Firefox ($1)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
20 - regex: '(Firefox)/(\d+)\.(\d+)(a\d+[a-z]*)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
21 family_replacement: 'Firefox Alpha' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
22 - regex: '(Firefox)/(\d+)\.(\d+)(b\d+[a-z]*)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
23 family_replacement: 'Firefox Beta' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
24 - regex: '(Firefox)-(?:\d+\.\d+)?/(\d+)\.(\d+)(a\d+[a-z]*)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
25 family_replacement: 'Firefox Alpha' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
26 - regex: '(Firefox)-(?:\d+\.\d+)?/(\d+)\.(\d+)(b\d+[a-z]*)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
27 family_replacement: 'Firefox Beta' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
28 - regex: '(Namoroka|Shiretoko|Minefield)/(\d+)\.(\d+)([ab]\d+[a-z]*)?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
29 family_replacement: 'Firefox ($1)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
30 - regex: '(Firefox).*Tablet browser (\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
31 family_replacement: 'MicroB' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
32 - regex: '(MozillaDeveloperPreview)/(\d+)\.(\d+)([ab]\d+[a-z]*)?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
33 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
34 # e.g.: Flock/2.0b2 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
35 - regex: '(Flock)/(\d+)\.(\d+)(b\d+?)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
36 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
37 # RockMelt |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
38 - regex: '(RockMelt)/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
39 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
40 # e.g.: Fennec/0.9pre |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
41 - regex: '(Navigator)/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
42 family_replacement: 'Netscape' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
43 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
44 - regex: '(Navigator)/(\d+)\.(\d+)([ab]\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
45 family_replacement: 'Netscape' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
46 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
47 - regex: '(Netscape6)/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
48 family_replacement: 'Netscape' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
49 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
50 - regex: '(MyIBrow)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
51 family_replacement: 'My Internet Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
52 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
53 # Opera will stop at 9.80 and hide the real version in the Version string. |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
54 # see: http://dev.opera.com/articles/view/opera-ua-string-changes/ |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
55 - regex: '(Opera Tablet).*Version/(\d+)\.(\d+)(?:\.(\d+))?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
56 - regex: '(Opera)/.+Opera Mobi.+Version/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
57 family_replacement: 'Opera Mobile' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
58 - regex: 'Opera Mobi' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
59 family_replacement: 'Opera Mobile' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
60 - regex: '(Opera Mini)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
61 - regex: '(Opera Mini)/att/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
62 - regex: '(Opera)/9.80.*Version/(\d+)\.(\d+)(?:\.(\d+))?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
63 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
64 # Opera 14 for Android uses a WebKit render engine. |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
65 - regex: '(?:Mobile Safari).*(OPR)/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
66 family_replacement: 'Opera Mobile' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
67 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
68 # Palm WebOS looks a lot like Safari. |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
69 - regex: '(hpw|web)OS/(\d+)\.(\d+)(?:\.(\d+))?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
70 family_replacement: 'webOS Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
71 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
72 # LuaKit has no version info. |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
73 # http://luakit.org/projects/luakit/ |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
74 - regex: '(luakit)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
75 family_replacement: 'LuaKit' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
76 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
77 # Snowshoe |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
78 - regex: '(Snowshoe)/(\d+)\.(\d+).(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
79 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
80 # Lightning (for Thunderbird) |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
81 # http://www.mozilla.org/projects/calendar/lightning/ |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
82 - regex: '(Lightning)/(\d+)\.(\d+)([ab]?\d+[a-z]*)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
83 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
84 # Swiftfox |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
85 - regex: '(Firefox)/(\d+)\.(\d+)\.(\d+(?:pre)?) \(Swiftfox\)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
86 family_replacement: 'Swiftfox' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
87 - regex: '(Firefox)/(\d+)\.(\d+)([ab]\d+[a-z]*)? \(Swiftfox\)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
88 family_replacement: 'Swiftfox' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
89 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
90 # Rekonq |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
91 - regex: '(rekonq)/(\d+)\.(\d+) Safari' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
92 family_replacement: 'Rekonq' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
93 - regex: 'rekonq' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
94 family_replacement: 'Rekonq' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
95 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
96 # Conkeror lowercase/uppercase |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
97 # http://conkeror.org/ |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
98 - regex: '(conkeror|Conkeror)/(\d+)\.(\d+)\.?(\d+)?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
99 family_replacement: 'Conkeror' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
100 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
101 # catches lower case konqueror |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
102 - regex: '(konqueror)/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
103 family_replacement: 'Konqueror' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
104 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
105 - regex: '(WeTab)-Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
106 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
107 - regex: '(Comodo_Dragon)/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
108 family_replacement: 'Comodo Dragon' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
109 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
110 # Bots |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
111 - regex: '(YottaaMonitor|BrowserMob|HttpMonitor|YandexBot|Slurp|BingPreview|PagePeeker|ThumbShotsBot|WebThumb|URL2PNG|ZooShot|GomezA|Catchpoint bot|Willow Internet Crawler|Google SketchUp|Read%20Later)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
112 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
113 - regex: '(Symphony) (\d+).(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
114 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
115 - regex: '(Minimo)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
116 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
117 # Chrome Mobile |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
118 - regex: '(CrMo)/(\d+)\.(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
119 family_replacement: 'Chrome Mobile' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
120 - regex: '(CriOS)/(\d+)\.(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
121 family_replacement: 'Chrome Mobile iOS' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
122 - regex: '(Chrome)/(\d+)\.(\d+)\.(\d+)\.(\d+) Mobile' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
123 family_replacement: 'Chrome Mobile' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
124 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
125 # Chrome Frame must come before MSIE. |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
126 - regex: '(chromeframe)/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
127 family_replacement: 'Chrome Frame' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
128 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
129 # UC Browser |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
130 - regex: '(UCBrowser)[ /](\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
131 family_replacement: 'UC Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
132 - regex: '(UC Browser)[ /](\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
133 - regex: '(UC Browser|UCBrowser|UCWEB)(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
134 family_replacement: 'UC Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
135 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
136 # Tizen Browser (second case included in browser/major.minor regex) |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
137 - regex: '(SLP Browser)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
138 family_replacement: 'Tizen Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
139 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
140 # Epiphany browser (identifies as Chromium) |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
141 - regex: '(Epiphany)/(\d+)\.(\d+).(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
142 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
143 # Sogou Explorer 2.X |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
144 - regex: '(SE 2\.X) MetaSr (\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
145 family_replacement: 'Sogou Explorer' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
146 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
147 # Baidu Browsers (desktop spoofs chrome & IE, explorer is mobile) |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
148 - regex: '(baidubrowser)[/\s](\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
149 family_replacement: 'Baidu Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
150 - regex: '(FlyFlow)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
151 family_replacement: 'Baidu Explorer' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
152 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
153 # Pingdom |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
154 - regex: '(Pingdom.com_bot_version_)(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
155 family_replacement: 'PingdomBot' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
156 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
157 # Facebook |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
158 - regex: '(facebookexternalhit)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
159 family_replacement: 'FacebookBot' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
160 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
161 # Twitterbot |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
162 - regex: '(Twitterbot)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
163 family_replacement: 'TwitterBot' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
164 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
165 # Rackspace Monitoring |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
166 - regex: '(Rackspace Monitoring)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
167 family_replacement: 'RackspaceBot' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
168 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
169 # PyAMF |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
170 - regex: '(PyAMF)/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
171 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
172 # Yandex Browser |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
173 - regex: '(YaBrowser)/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
174 family_replacement: 'Yandex Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
175 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
176 # Mail.ru Amigo/Internet Browser (Chromium-based) |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
177 - regex: '(Chrome)/(\d+)\.(\d+)\.(\d+).* MRCHROME' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
178 family_replacement: 'Mail.ru Chromium Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
179 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
180 #### END SPECIAL CASES TOP #### |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
181 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
182 #### MAIN CASES - this catches > 50% of all browsers #### |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
183 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
184 # Browser/major_version.minor_version.beta_version |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
185 - regex: '(AdobeAIR|Chromium|FireWeb|Jasmine|ANTGalio|Midori|Fresco|Lobo|PaleMoon|Maxthon|Lynx|OmniWeb|Dillo|Camino|Demeter|Fluid|Fennec|Shiira|Sunrise|Chrome|Flock|Netscape|Lunascape|WebPilot|Vodafone|NetFront|Netfront|Konqueror|SeaMonkey|Kazehakase|Vienna|Iceape|Iceweasel|IceWeasel|Iron|K-Meleon|Sleipnir|Galeon|GranParadiso|Opera Mini|iCab|NetNewsWire|ThunderBrowse|Iris|UP\.Browser|Bunjalloo|Google Earth|Raven for Mac|Openwave)/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
186 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
187 # Browser/major_version.minor_version |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
188 - regex: '(Bolt|Jasmine|IceCat|Skyfire|Midori|Maxthon|Lynx|Arora|IBrowse|Dillo|Camino|Shiira|Fennec|Phoenix|Chrome|Flock|Netscape|Lunascape|Epiphany|WebPilot|Opera Mini|Opera|Vodafone|NetFront|Netfront|Konqueror|Googlebot|SeaMonkey|Kazehakase|Vienna|Iceape|Iceweasel|IceWeasel|Iron|K-Meleon|Sleipnir|Galeon|GranParadiso|iCab|NetNewsWire|Space Bison|Stainless|Orca|Dolfin|BOLT|Minimo|Tizen Browser|Polaris|Abrowser|Planetweb|ICE Browser)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
189 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
190 # Browser major_version.minor_version.beta_version (space instead of slash) |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
191 - regex: '(iRider|Crazy Browser|SkipStone|iCab|Lunascape|Sleipnir|Maemo Browser) (\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
192 # Browser major_version.minor_version (space instead of slash) |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
193 - regex: '(iCab|Lunascape|Opera|Android|Jasmine|Polaris) (\d+)\.(\d+)\.?(\d+)?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
194 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
195 # Kindle WebKit |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
196 - regex: '(Kindle)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
197 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
198 # weird android UAs |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
199 - regex: '(Android) Donut' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
200 v1_replacement: '1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
201 v2_replacement: '2' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
202 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
203 - regex: '(Android) Eclair' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
204 v1_replacement: '2' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
205 v2_replacement: '1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
206 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
207 - regex: '(Android) Froyo' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
208 v1_replacement: '2' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
209 v2_replacement: '2' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
210 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
211 - regex: '(Android) Gingerbread' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
212 v1_replacement: '2' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
213 v2_replacement: '3' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
214 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
215 - regex: '(Android) Honeycomb' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
216 v1_replacement: '3' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
217 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
218 # IE Mobile |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
219 - regex: '(IEMobile)[ /](\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
220 family_replacement: 'IE Mobile' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
221 # desktop mode |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
222 # http://www.anandtech.com/show/3982/windows-phone-7-review |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
223 - regex: '(MSIE) (\d+)\.(\d+).*XBLWP7' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
224 family_replacement: 'IE Large Screen' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
225 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
226 # AFTER THE EDGE CASES ABOVE! |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
227 - regex: '(Firefox)/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
228 - regex: '(Firefox)/(\d+)\.(\d+)(pre|[ab]\d+[a-z]*)?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
229 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
230 #### END MAIN CASES #### |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
231 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
232 #### SPECIAL CASES #### |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
233 - regex: '(Obigo)InternetBrowser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
234 - regex: '(Obigo)\-Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
235 - regex: '(Obigo|OBIGO)[^\d]*(\d+)(?:.(\d+))?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
236 family_replacement: 'Obigo' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
237 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
238 - regex: '(MAXTHON|Maxthon) (\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
239 family_replacement: 'Maxthon' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
240 - regex: '(Maxthon|MyIE2|Uzbl|Shiira)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
241 v1_replacement: '0' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
242 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
243 - regex: 'PLAYSTATION 3.+WebKit' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
244 family_replacement: 'NetFront NX' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
245 - regex: 'PLAYSTATION 3' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
246 family_replacement: 'NetFront' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
247 - regex: '(PlayStation Portable)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
248 family_replacement: 'NetFront' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
249 - regex: '(PlayStation Vita)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
250 family_replacement: 'NetFront NX' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
251 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
252 - regex: 'AppleWebKit.+ (NX)/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
253 family_replacement: 'NetFront NX' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
254 - regex: '(Nintendo 3DS)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
255 family_replacement: 'NetFront NX' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
256 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
257 - regex: '(BrowseX) \((\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
258 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
259 - regex: '(NCSA_Mosaic)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
260 family_replacement: 'NCSA Mosaic' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
261 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
262 # Polaris/d.d is above |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
263 - regex: '(POLARIS)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
264 family_replacement: 'Polaris' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
265 - regex: '(Embider)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
266 family_replacement: 'Polaris' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
267 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
268 - regex: '(BonEcho)/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
269 family_replacement: 'Bon Echo' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
270 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
271 - regex: 'M?QQBrowser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
272 family_replacement: 'QQ Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
273 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
274 - regex: '(iPod).+Version/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
275 family_replacement: 'Mobile Safari' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
276 - regex: '(iPod).*Version/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
277 family_replacement: 'Mobile Safari' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
278 - regex: '(iPhone).*Version/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
279 family_replacement: 'Mobile Safari' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
280 - regex: '(iPhone).*Version/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
281 family_replacement: 'Mobile Safari' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
282 - regex: '(iPad).*Version/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
283 family_replacement: 'Mobile Safari' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
284 - regex: '(iPad).*Version/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
285 family_replacement: 'Mobile Safari' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
286 - regex: '(iPod|iPhone|iPad);.*CPU.*OS (\d+)(?:_\d+)?_(\d+).*Mobile' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
287 family_replacement: 'Mobile Safari' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
288 - regex: '(iPod|iPhone|iPad)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
289 family_replacement: 'Mobile Safari' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
290 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
291 - regex: '(AvantGo) (\d+).(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
292 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
293 - regex: '(OneBrowser)/(\d+).(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
294 family_replacement: 'ONE Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
295 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
296 - regex: '(Avant)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
297 v1_replacement: '1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
298 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
299 # This is the Tesla Model S (see similar entry in device parsers) |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
300 - regex: '(QtCarBrowser)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
301 v1_replacement: '1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
302 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
303 - regex: '(iBrowser/Mini)(\d+).(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
304 family_replacement: 'iBrowser Mini' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
305 # nokia browsers |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
306 # based on: http://www.developer.nokia.com/Community/Wiki/User-Agent_headers_for_Nokia_devices |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
307 - regex: '^(Nokia)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
308 family_replacement: 'Nokia Services (WAP) Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
309 - regex: '(NokiaBrowser)/(\d+)\.(\d+).(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
310 family_replacement: 'Nokia Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
311 - regex: '(NokiaBrowser)/(\d+)\.(\d+).(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
312 family_replacement: 'Nokia Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
313 - regex: '(NokiaBrowser)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
314 family_replacement: 'Nokia Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
315 - regex: '(BrowserNG)/(\d+)\.(\d+).(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
316 family_replacement: 'Nokia Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
317 - regex: '(Series60)/5\.0' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
318 family_replacement: 'Nokia Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
319 v1_replacement: '7' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
320 v2_replacement: '0' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
321 - regex: '(Series60)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
322 family_replacement: 'Nokia OSS Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
323 - regex: '(S40OviBrowser)/(\d+)\.(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
324 family_replacement: 'Ovi Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
325 - regex: '(Nokia)[EN]?(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
326 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
327 # BlackBerry devices |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
328 - regex: '(BB10);' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
329 family_replacement: 'BlackBerry WebKit' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
330 - regex: '(PlayBook).+RIM Tablet OS (\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
331 family_replacement: 'BlackBerry WebKit' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
332 - regex: '(Black[bB]erry).+Version/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
333 family_replacement: 'BlackBerry WebKit' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
334 - regex: '(Black[bB]erry)\s?(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
335 family_replacement: 'BlackBerry' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
336 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
337 - regex: '(OmniWeb)/v(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
338 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
339 - regex: '(Blazer)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
340 family_replacement: 'Palm Blazer' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
341 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
342 - regex: '(Pre)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
343 family_replacement: 'Palm Pre' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
344 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
345 - regex: '(Links) \((\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
346 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
347 - regex: '(QtWeb) Internet Browser/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
348 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
349 #- regex: '\(iPad;.+(Version)/(\d+)\.(\d+)(?:\.(\d+))?.*Safari/' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
350 # family_replacement: 'iPad' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
351 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
352 # Amazon Silk, should go before Safari |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
353 - regex: '(Silk)/(\d+)\.(\d+)(?:\.([0-9\-]+))?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
354 family_replacement: 'Amazon Silk' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
355 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
356 # Phantomjs, should go before Safari |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
357 - regex: '(PhantomJS)/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
358 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
359 # WebKit Nightly |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
360 - regex: '(AppleWebKit)/(\d+)\.?(\d+)?\+ .* Safari' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
361 family_replacement: 'WebKit Nightly' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
362 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
363 # Safari |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
364 - regex: '(Version)/(\d+)\.(\d+)(?:\.(\d+))?.*Safari/' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
365 family_replacement: 'Safari' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
366 # Safari didn't provide "Version/d.d.d" prior to 3.0 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
367 - regex: '(Safari)/\d+' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
368 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
369 - regex: '(OLPC)/Update(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
370 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
371 - regex: '(OLPC)/Update()\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
372 v1_replacement: '0' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
373 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
374 - regex: '(SEMC\-Browser)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
375 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
376 - regex: '(Teleca)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
377 family_replacement: 'Teleca Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
378 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
379 - regex: '(Phantom)/V(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
380 family_replacement: 'Phantom Browser' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
381 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
382 - regex: '([MS]?IE) (\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
383 family_replacement: 'IE' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
384 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
385 - regex: '(python-requests)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
386 family_replacement: 'Python Requests' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
387 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
388 os_parsers: |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
389 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
390 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
391 # Android |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
392 # can actually detect rooted android os. do we care? |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
393 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
394 - regex: '(Android) (\d+)\.(\d+)(?:[.\-]([a-z0-9]+))?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
395 - regex: '(Android)\-(\d+)\.(\d+)(?:[.\-]([a-z0-9]+))?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
396 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
397 - regex: '(Android) Donut' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
398 os_v1_replacement: '1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
399 os_v2_replacement: '2' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
400 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
401 - regex: '(Android) Eclair' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
402 os_v1_replacement: '2' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
403 os_v2_replacement: '1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
404 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
405 - regex: '(Android) Froyo' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
406 os_v1_replacement: '2' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
407 os_v2_replacement: '2' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
408 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
409 - regex: '(Android) Gingerbread' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
410 os_v1_replacement: '2' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
411 os_v2_replacement: '3' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
412 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
413 - regex: '(Android) Honeycomb' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
414 os_v1_replacement: '3' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
415 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
416 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
417 # Kindle Android |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
418 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
419 - regex: '(Silk-Accelerated=[a-z]{4,5})' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
420 os_replacement: 'Android' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
421 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
422 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
423 # Windows |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
424 # http://en.wikipedia.org/wiki/Windows_NT#Releases |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
425 # possibility of false positive when different marketing names share same NT kernel |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
426 # e.g. windows server 2003 and windows xp |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
427 # lots of ua strings have Windows NT 4.1 !?!?!?!? !?!? !? !????!?! !!! ??? !?!?! ? |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
428 # (very) roughly ordered in terms of frequency of occurence of regex (win xp currently most frequent, etc) |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
429 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
430 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
431 - regex: '(Windows (?:NT 5\.2|NT 5\.1))' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
432 os_replacement: 'Windows XP' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
433 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
434 # ie mobile des ktop mode |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
435 # spoofs nt 6.1. must come before windows 7 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
436 - regex: '(XBLWP7)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
437 os_replacement: 'Windows Phone' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
438 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
439 - regex: '(Windows NT 6\.1)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
440 os_replacement: 'Windows 7' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
441 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
442 - regex: '(Windows NT 6\.0)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
443 os_replacement: 'Windows Vista' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
444 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
445 - regex: '(Windows 98|Windows XP|Windows ME|Windows 95|Windows CE|Windows 7|Windows NT 4\.0|Windows Vista|Windows 2000|Windows 3.1)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
446 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
447 - regex: '(Windows NT 6\.2; ARM;)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
448 os_replacement: 'Windows RT' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
449 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
450 # is this a spoof or is nt 6.2 out and about in some capacity? |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
451 - regex: '(Windows NT 6\.2)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
452 os_replacement: 'Windows 8' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
453 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
454 - regex: '(Windows NT 5\.0)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
455 os_replacement: 'Windows 2000' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
456 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
457 - regex: '(Windows Phone) (\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
458 - regex: '(Windows Phone) OS (\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
459 - regex: '(Windows ?Mobile)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
460 os_replacement: 'Windows Mobile' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
461 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
462 - regex: '(WinNT4.0)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
463 os_replacement: 'Windows NT 4.0' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
464 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
465 - regex: '(Win98)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
466 os_replacement: 'Windows 98' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
467 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
468 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
469 # Tizen OS from Samsung |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
470 # spoofs Android so pushing it above |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
471 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
472 - regex: '(Tizen)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
473 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
474 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
475 # Mac OS |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
476 # http://en.wikipedia.org/wiki/Mac_OS_X#Versions |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
477 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
478 - regex: '(Mac OS X) (\d+)[_.](\d+)(?:[_.](\d+))?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
479 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
480 # IE on Mac doesn't specify version number |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
481 - regex: 'Mac_PowerPC' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
482 os_replacement: 'Mac OS' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
483 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
484 # builds before tiger don't seem to specify version? |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
485 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
486 # ios devices spoof (mac os x), so including intel/ppc prefixes |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
487 - regex: '(?:PPC|Intel) (Mac OS X)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
488 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
489 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
490 # iOS |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
491 # http://en.wikipedia.org/wiki/IOS_version_history |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
492 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
493 - regex: '(CPU OS|iPhone OS) (\d+)_(\d+)(?:_(\d+))?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
494 os_replacement: 'iOS' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
495 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
496 # remaining cases are mostly only opera uas, so catch opera as to not catch iphone spoofs |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
497 - regex: '(iPhone|iPad|iPod); Opera' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
498 os_replacement: 'iOS' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
499 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
500 # few more stragglers |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
501 - regex: '(iPhone|iPad|iPod).*Mac OS X.*Version/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
502 os_replacement: 'iOS' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
503 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
504 - regex: '(AppleTV)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
505 os_replacement: 'ATV OS X' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
506 os_v1_replacement: '$1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
507 os_v2_replacement: '$2' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
508 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
509 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
510 # Chrome OS |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
511 # if version 0.0.0, probably this stuff: |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
512 # http://code.google.com/p/chromium-os/issues/detail?id=11573 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
513 # http://code.google.com/p/chromium-os/issues/detail?id=13790 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
514 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
515 - regex: '(CrOS) [a-z0-9_]+ (\d+)\.(\d+)(?:\.(\d+))?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
516 os_replacement: 'Chrome OS' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
517 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
518 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
519 # Linux distros |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
520 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
521 - regex: '(Debian)-(\d+)\.(\d+)\.(\d+)(?:\.(\d+))?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
522 - regex: '(Linux Mint)(?:/(\d+))?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
523 - regex: '(Mandriva)(?: Linux)?/(\d+)\.(\d+)\.(\d+)(?:\.(\d+))?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
524 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
525 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
526 # Symbian + Symbian OS |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
527 # http://en.wikipedia.org/wiki/History_of_Symbian |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
528 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
529 - regex: '(Symbian[Oo][Ss])/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
530 os_replacement: 'Symbian OS' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
531 - regex: '(Symbian/3).+NokiaBrowser/7\.3' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
532 os_replacement: 'Symbian^3 Anna' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
533 - regex: '(Symbian/3).+NokiaBrowser/7\.4' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
534 os_replacement: 'Symbian^3 Belle' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
535 - regex: '(Symbian/3)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
536 os_replacement: 'Symbian^3' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
537 - regex: '(Series 60|SymbOS|S60)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
538 os_replacement: 'Symbian OS' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
539 - regex: '(MeeGo)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
540 - regex: 'Symbian [Oo][Ss]' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
541 os_replacement: 'Symbian OS' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
542 - regex: 'Series40;' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
543 os_replacement: 'Nokia Series 40' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
544 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
545 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
546 # BlackBerry devices |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
547 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
548 - regex: '(BB10);.+Version/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
549 os_replacement: 'BlackBerry OS' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
550 - regex: '(Black[Bb]erry)[0-9a-z]+/(\d+)\.(\d+)\.(\d+)(?:\.(\d+))?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
551 os_replacement: 'BlackBerry OS' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
552 - regex: '(Black[Bb]erry).+Version/(\d+)\.(\d+)\.(\d+)(?:\.(\d+))?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
553 os_replacement: 'BlackBerry OS' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
554 - regex: '(RIM Tablet OS) (\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
555 os_replacement: 'BlackBerry Tablet OS' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
556 - regex: '(Play[Bb]ook)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
557 os_replacement: 'BlackBerry Tablet OS' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
558 - regex: '(Black[Bb]erry)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
559 os_replacement: 'BlackBerry OS' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
560 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
561 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
562 # Firefox OS |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
563 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
564 - regex: '\(Mobile;.+Firefox/\d+\.\d+' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
565 os_replacement: 'Firefox OS' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
566 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
567 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
568 # BREW |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
569 # yes, Brew is lower-cased for Brew MP |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
570 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
571 - regex: '(BREW)[ /](\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
572 - regex: '(BREW);' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
573 - regex: '(Brew MP|BMP)[ /](\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
574 os_replacement: 'Brew MP' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
575 - regex: 'BMP;' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
576 os_replacement: 'Brew MP' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
577 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
578 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
579 # Google TV |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
580 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
581 - regex: '(GoogleTV) (\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
582 # Old style |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
583 - regex: '(GoogleTV)\/\d+' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
584 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
585 - regex: '(WebTV)/(\d+).(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
586 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
587 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
588 # Misc mobile |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
589 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
590 - regex: '(hpw|web)OS/(\d+)\.(\d+)(?:\.(\d+))?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
591 os_replacement: 'webOS' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
592 - regex: '(VRE);' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
593 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
594 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
595 # Generic patterns |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
596 # since the majority of os cases are very specific, these go last |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
597 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
598 # first.second.third.fourth bits |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
599 - regex: '(SUSE|Fedora|Red Hat|PCLinuxOS)/(\d+)\.(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
600 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
601 # first.second.third bits |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
602 - regex: '(SUSE|Fedora|Red Hat|Puppy|PCLinuxOS|CentOS)/(\d+)\.(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
603 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
604 # first.second bits |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
605 - regex: '(Ubuntu|Kindle|Bada|Lubuntu|BackTrack|Red Hat|Slackware)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
606 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
607 # just os |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
608 - regex: '(Windows|OpenBSD|FreeBSD|NetBSD|Ubuntu|Kubuntu|Android|Arch Linux|CentOS|WeTab|Slackware)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
609 - regex: '(Linux)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
610 - regex: '(Linux|BSD)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
611 - regex: 'SunOS' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
612 os_replacement: 'Solaris' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
613 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
614 device_parsers: |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
615 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
616 # incomplete! |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
617 # multiple replacement placeholds i.e. ($1) ($2) help solve problem of single device with multiple representations in ua |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
618 # e.g. HTC Dream S should parse to the same device as HTC_DreamS |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
619 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
620 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
621 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
622 # incomplete! |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
623 # HTC |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
624 # http://en.wikipedia.org/wiki/List_of_HTC_phones |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
625 # this is quickly getting unwieldy |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
626 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
627 # example: Mozilla/5.0 (Linux; U; Android 2.3.2; fr-fr; HTC HD2 Build/FRF91) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
628 - regex: 'HTC ([A-Z][a-z0-9]+) Build' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
629 device_replacement: 'HTC $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
630 # example: Mozilla/5.0 (Linux; U; Android 2.1; es-es; HTC Legend 1.23.161.1 Build/ERD79) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17,gzip |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
631 - regex: 'HTC ([A-Z][a-z0-9 ]+) \d+\.\d+\.\d+\.\d+' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
632 device_replacement: 'HTC $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
633 # example: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; HTC_Touch_Diamond2_T5353; Windows Phone 6.5.3.5) |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
634 - regex: 'HTC_Touch_([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
635 device_replacement: 'HTC Touch ($1)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
636 # should come after HTC_Touch |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
637 - regex: 'USCCHTC(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
638 device_replacement: 'HTC $1 (US Cellular)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
639 - regex: 'Sprint APA(9292)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
640 device_replacement: 'HTC $1 (Sprint)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
641 - regex: 'HTC ([A-Za-z0-9]+ [A-Z])' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
642 device_replacement: 'HTC $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
643 - regex: 'HTC[-_/\s]([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
644 device_replacement: 'HTC $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
645 - regex: '(ADR[A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
646 device_replacement: 'HTC $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
647 - regex: '(HTC)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
648 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
649 # Tesla Model S |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
650 - regex: '(QtCarBrowser)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
651 device_replacement: 'Tesla Model S' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
652 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
653 # Samsung |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
654 - regex: '(SamsungSGHi560)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
655 device_replacement: 'Samsung SGHi560' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
656 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
657 ######### |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
658 # Ericsson - must come before nokia since they also use symbian |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
659 ######### |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
660 - regex: 'SonyEricsson([A-Za-z0-9]+)/' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
661 device_replacement: 'Ericsson $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
662 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
663 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
664 # PlayStation |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
665 # The Vita spoofs the Kindle |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
666 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
667 - regex: 'PLAYSTATION 3' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
668 device_replacement: 'PlayStation 3' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
669 - regex: '(PlayStation Portable)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
670 - regex: '(PlayStation Vita)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
671 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
672 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
673 # incomplete! |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
674 # Kindle |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
675 # http://amazonsilk.wordpress.com/useful-bits/silk-user-agent/ |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
676 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
677 - regex: '(KFOT Build)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
678 device_replacement: 'Kindle Fire' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
679 - regex: '(KFTT Build)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
680 device_replacement: 'Kindle Fire HD' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
681 - regex: '(KFJWI Build)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
682 device_replacement: 'Kindle Fire HD 8.9" WiFi' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
683 - regex: '(KFJWA Build)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
684 device_replacement: 'Kindle Fire HD 8.9" 4G' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
685 - regex: '(Kindle Fire)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
686 - regex: '(Kindle)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
687 - regex: '(Silk)/(\d+)\.(\d+)(?:\.([0-9\-]+))?' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
688 device_replacement: 'Kindle Fire' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
689 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
690 ######### |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
691 # Android General Device Matching (far from perfect) |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
692 ######### |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
693 - regex: 'Android[\- ][\d]+\.[\d]+; [A-Za-z]{2}\-[A-Za-z]{2}; WOWMobile (.+) Build' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
694 - regex: 'Android[\- ][\d]+\.[\d]+\-update1; [A-Za-z]{2}\-[A-Za-z]{2}; (.+) Build' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
695 - regex: 'Android[\- ][\d]+\.[\d]+\.[\d]+; [A-Za-z]{2}\-[A-Za-z]{2}; (.+) Build' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
696 - regex: 'Android[\- ][\d]+\.[\d]+\.[\d]+;[A-Za-z]{2}\-[A-Za-z]{2};(.+) Build' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
697 - regex: 'Android[\- ][\d]+\.[\d]+; [A-Za-z]{2}\-[A-Za-z]{2}; (.+) Build' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
698 - regex: 'Android[\- ][\d]+\.[\d]+\.[\d]+; (.+) Build' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
699 - regex: 'Android[\- ][\d]+\.[\d]+; (.+) Build' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
700 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
701 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
702 # NOKIA |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
703 # nokia NokiaN8-00 comes before iphone. sometimes spoofs iphone |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
704 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
705 - regex: 'NokiaN([0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
706 device_replacement: 'Nokia N$1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
707 - regex: 'NOKIA([A-Za-z0-9\v-]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
708 device_replacement: 'Nokia $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
709 - regex: 'Nokia([A-Za-z0-9\v-]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
710 device_replacement: 'Nokia $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
711 - regex: 'NOKIA ([A-Za-z0-9\-]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
712 device_replacement: 'Nokia $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
713 - regex: 'Nokia ([A-Za-z0-9\-]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
714 device_replacement: 'Nokia $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
715 - regex: 'Lumia ([A-Za-z0-9\-]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
716 device_replacement: 'Lumia $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
717 - regex: 'Symbian' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
718 device_replacement: 'Nokia' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
719 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
720 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
721 # BlackBerry |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
722 # http://www.useragentstring.com/pages/BlackBerry/ |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
723 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
724 - regex: 'BB10; ([A-Za-z0-9\- ]+)\)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
725 device_replacement: 'BlackBerry $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
726 - regex: '(PlayBook).+RIM Tablet OS' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
727 device_replacement: 'BlackBerry Playbook' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
728 - regex: 'Black[Bb]erry ([0-9]+);' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
729 device_replacement: 'BlackBerry $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
730 - regex: 'Black[Bb]erry([0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
731 device_replacement: 'BlackBerry $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
732 - regex: 'Black[Bb]erry;' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
733 device_replacement: 'BlackBerry' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
734 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
735 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
736 # PALM / HP |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
737 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
738 # some palm devices must come before iphone. sometimes spoofs iphone in ua |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
739 - regex: '(Pre)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
740 device_replacement: 'Palm Pre' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
741 - regex: '(Pixi)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
742 device_replacement: 'Palm Pixi' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
743 - regex: '(Touch[Pp]ad)/(\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
744 device_replacement: 'HP TouchPad' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
745 - regex: 'HPiPAQ([A-Za-z0-9]+)/(\d+).(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
746 device_replacement: 'HP iPAQ $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
747 - regex: 'Palm([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
748 device_replacement: 'Palm $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
749 - regex: 'Treo([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
750 device_replacement: 'Palm Treo $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
751 - regex: 'webOS.*(P160UNA)/(\d+).(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
752 device_replacement: 'HP Veer' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
753 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
754 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
755 # AppleTV |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
756 # No built in browser that I can tell |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
757 # Stack Overflow indicated iTunes-AppleTV/4.1 as a known UA for app available and I'm seeing it in live traffic |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
758 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
759 - regex: '(AppleTV)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
760 device_replacement: 'AppleTV' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
761 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
762 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
763 # Catch the google mobile crawler before checking for iPhones. |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
764 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
765 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
766 - regex: 'AdsBot-Google-Mobile' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
767 device_replacement: 'Spider' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
768 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
769 - regex: 'Googlebot-Mobile/(\d+).(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
770 device_replacement: 'Spider' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
771 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
772 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
773 # complete but probably catches spoofs |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
774 # iSTUFF |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
775 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
776 # ipad and ipod must be parsed before iphone |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
777 # cannot determine specific device type from ua string. (3g, 3gs, 4, etc) |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
778 - regex: '(iPad) Simulator;' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
779 - regex: '(iPad);' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
780 - regex: '(iPod);' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
781 - regex: '(iPhone) Simulator;' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
782 - regex: '(iPhone);' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
783 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
784 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
785 # Acer |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
786 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
787 - regex: 'acer_([A-Za-z0-9]+)_' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
788 device_replacement: 'Acer $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
789 - regex: 'acer_([A-Za-z0-9]+)_' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
790 device_replacement: 'Acer $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
791 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
792 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
793 # Alcatel |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
794 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
795 - regex: 'ALCATEL-([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
796 device_replacement: 'Alcatel $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
797 - regex: 'Alcatel-([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
798 device_replacement: 'Alcatel $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
799 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
800 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
801 # Amoi |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
802 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
803 - regex: 'Amoi\-([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
804 device_replacement: 'Amoi $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
805 - regex: 'AMOI\-([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
806 device_replacement: 'Amoi $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
807 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
808 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
809 # Amoi |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
810 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
811 - regex: 'Asus\-([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
812 device_replacement: 'Asus $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
813 - regex: 'ASUS\-([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
814 device_replacement: 'Asus $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
815 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
816 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
817 # Bird |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
818 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
819 - regex: 'BIRD\-([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
820 device_replacement: 'Bird $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
821 - regex: 'BIRD\.([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
822 device_replacement: 'Bird $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
823 - regex: 'BIRD ([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
824 device_replacement: 'Bird $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
825 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
826 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
827 # Dell |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
828 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
829 - regex: 'Dell ([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
830 device_replacement: 'Dell $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
831 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
832 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
833 # DoCoMo |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
834 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
835 - regex: 'DoCoMo/2\.0 ([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
836 device_replacement: 'DoCoMo $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
837 - regex: '([A-Za-z0-9]+)_W\;FOMA' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
838 device_replacement: 'DoCoMo $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
839 - regex: '([A-Za-z0-9]+)\;FOMA' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
840 device_replacement: 'DoCoMo $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
841 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
842 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
843 # Huawei |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
844 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
845 - regex: 'Huawei([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
846 device_replacement: 'Huawei $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
847 - regex: 'HUAWEI-([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
848 device_replacement: 'Huawei $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
849 - regex: 'vodafone([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
850 device_replacement: 'Huawei Vodafone $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
851 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
852 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
853 # i-mate |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
854 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
855 - regex: 'i\-mate ([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
856 device_replacement: 'i-mate $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
857 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
858 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
859 # kyocera |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
860 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
861 - regex: 'Kyocera\-([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
862 device_replacement: 'Kyocera $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
863 - regex: 'KWC\-([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
864 device_replacement: 'Kyocera $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
865 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
866 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
867 # lenovo |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
868 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
869 - regex: 'Lenovo\-([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
870 device_replacement: 'Lenovo $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
871 - regex: 'Lenovo_([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
872 device_replacement: 'Lenovo $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
873 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
874 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
875 # lg |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
876 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
877 - regex: 'LG/([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
878 device_replacement: 'LG $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
879 - regex: 'LG-LG([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
880 device_replacement: 'LG $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
881 - regex: 'LGE-LG([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
882 device_replacement: 'LG $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
883 - regex: 'LGE VX([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
884 device_replacement: 'LG $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
885 - regex: 'LG ([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
886 device_replacement: 'LG $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
887 - regex: 'LGE LG\-AX([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
888 device_replacement: 'LG $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
889 - regex: 'LG\-([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
890 device_replacement: 'LG $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
891 - regex: 'LGE\-([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
892 device_replacement: 'LG $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
893 - regex: 'LG([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
894 device_replacement: 'LG $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
895 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
896 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
897 # kin |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
898 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
899 - regex: '(KIN)\.One (\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
900 device_replacement: 'Microsoft $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
901 - regex: '(KIN)\.Two (\d+)\.(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
902 device_replacement: 'Microsoft $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
903 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
904 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
905 # motorola |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
906 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
907 - regex: '(Motorola)\-([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
908 - regex: 'MOTO\-([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
909 device_replacement: 'Motorola $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
910 - regex: 'MOT\-([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
911 device_replacement: 'Motorola $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
912 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
913 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
914 # nintendo |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
915 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
916 - regex: '(Nintendo WiiU)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
917 device_replacement: 'Nintendo Wii U' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
918 - regex: 'Nintendo (DS|3DS|DSi|Wii);' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
919 device_replacement: 'Nintendo $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
920 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
921 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
922 # pantech |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
923 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
924 - regex: 'Pantech([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
925 device_replacement: 'Pantech $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
926 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
927 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
928 # philips |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
929 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
930 - regex: 'Philips([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
931 device_replacement: 'Philips $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
932 - regex: 'Philips ([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
933 device_replacement: 'Philips $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
934 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
935 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
936 # Samsung |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
937 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
938 - regex: 'SAMSUNG-([A-Za-z0-9\-]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
939 device_replacement: 'Samsung $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
940 - regex: 'SAMSUNG\; ([A-Za-z0-9\-]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
941 device_replacement: 'Samsung $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
942 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
943 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
944 # Sega |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
945 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
946 - regex: 'Dreamcast' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
947 device_replacement: 'Sega Dreamcast' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
948 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
949 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
950 # Softbank |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
951 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
952 - regex: 'Softbank/1\.0/([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
953 device_replacement: 'Softbank $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
954 - regex: 'Softbank/2\.0/([A-Za-z0-9]+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
955 device_replacement: 'Softbank $1' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
956 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
957 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
958 # WebTV |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
959 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
960 - regex: '(WebTV)/(\d+).(\d+)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
961 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
962 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
963 # Generic Smart Phone |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
964 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
965 - regex: '(hiptop|avantgo|plucker|xiino|blazer|elaine|up.browser|up.link|mmp|smartphone|midp|wap|vodafone|o2|pocket|mobile|pda)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
966 device_replacement: "Generic Smartphone" |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
967 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
968 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
969 # Generic Feature Phone |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
970 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
971 - regex: '^(1207|3gso|4thp|501i|502i|503i|504i|505i|506i|6310|6590|770s|802s|a wa|acer|acs\-|airn|alav|asus|attw|au\-m|aur |aus |abac|acoo|aiko|alco|alca|amoi|anex|anny|anyw|aptu|arch|argo|bell|bird|bw\-n|bw\-u|beck|benq|bilb|blac|c55/|cdm\-|chtm|capi|comp|cond|craw|dall|dbte|dc\-s|dica|ds\-d|ds12|dait|devi|dmob|doco|dopo|el49|erk0|esl8|ez40|ez60|ez70|ezos|ezze|elai|emul|eric|ezwa|fake|fly\-|fly_|g\-mo|g1 u|g560|gf\-5|grun|gene|go.w|good|grad|hcit|hd\-m|hd\-p|hd\-t|hei\-|hp i|hpip|hs\-c|htc |htc\-|htca|htcg)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
972 device_replacement: 'Generic Feature Phone' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
973 - regex: '^(htcp|htcs|htct|htc_|haie|hita|huaw|hutc|i\-20|i\-go|i\-ma|i230|iac|iac\-|iac/|ig01|im1k|inno|iris|jata|java|kddi|kgt|kgt/|kpt |kwc\-|klon|lexi|lg g|lg\-a|lg\-b|lg\-c|lg\-d|lg\-f|lg\-g|lg\-k|lg\-l|lg\-m|lg\-o|lg\-p|lg\-s|lg\-t|lg\-u|lg\-w|lg/k|lg/l|lg/u|lg50|lg54|lge\-|lge/|lynx|leno|m1\-w|m3ga|m50/|maui|mc01|mc21|mcca|medi|meri|mio8|mioa|mo01|mo02|mode|modo|mot |mot\-|mt50|mtp1|mtv |mate|maxo|merc|mits|mobi|motv|mozz|n100|n101|n102|n202|n203|n300|n302|n500|n502|n505|n700|n701|n710|nec\-|nem\-|newg|neon)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
974 device_replacement: 'Generic Feature Phone' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
975 - regex: '^(netf|noki|nzph|o2 x|o2\-x|opwv|owg1|opti|oran|ot\-s|p800|pand|pg\-1|pg\-2|pg\-3|pg\-6|pg\-8|pg\-c|pg13|phil|pn\-2|pt\-g|palm|pana|pire|pock|pose|psio|qa\-a|qc\-2|qc\-3|qc\-5|qc\-7|qc07|qc12|qc21|qc32|qc60|qci\-|qwap|qtek|r380|r600|raks|rim9|rove|s55/|sage|sams|sc01|sch\-|scp\-|sdk/|se47|sec\-|sec0|sec1|semc|sgh\-|shar|sie\-|sk\-0|sl45|slid|smb3|smt5|sp01|sph\-|spv |spv\-|sy01|samm|sany|sava|scoo|send|siem|smar|smit|soft|sony|t\-mo|t218|t250|t600|t610|t618|tcl\-|tdg\-|telm|tim\-|ts70|tsm\-|tsm3|tsm5|tx\-9|tagt)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
976 device_replacement: 'Generic Feature Phone' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
977 - regex: '^(talk|teli|topl|tosh|up.b|upg1|utst|v400|v750|veri|vk\-v|vk40|vk50|vk52|vk53|vm40|vx98|virg|vite|voda|vulc|w3c |w3c\-|wapj|wapp|wapu|wapm|wig |wapi|wapr|wapv|wapy|wapa|waps|wapt|winc|winw|wonu|x700|xda2|xdag|yas\-|your|zte\-|zeto|aste|audi|avan|blaz|brew|brvw|bumb|ccwa|cell|cldc|cmd\-|dang|eml2|fetc|hipt|http|ibro|idea|ikom|ipaq|jbro|jemu|jigs|keji|kyoc|kyok|libw|m\-cr|midp|mmef|moto|mwbp|mywa|newt|nok6|o2im|pant|pdxg|play|pluc|port|prox|rozo|sama|seri|smal|symb|treo|upsi|vx52|vx53|vx60|vx61|vx70|vx80|vx81|vx83|vx85|wap\-|webc|whit|wmlb|xda\-|xda_)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
978 device_replacement: 'Generic Feature Phone' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
979 |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
980 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
981 # Spiders (this is hack...) |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
982 ########## |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
983 - regex: '(bot|borg|google(^tv)|yahoo|slurp|msnbot|msrbot|openbot|archiver|netresearch|lycos|scooter|altavista|teoma|gigabot|baiduspider|blitzbot|oegp|charlotte|furlbot|http%20client|polybot|htdig|ichiro|mogimogi|larbin|pompos|scrubby|searchsight|seekbot|semanticdiscovery|silk|snappy|speedy|spider|voila|vortex|voyager|zao|zeal|fast\-webcrawler|converacrawler|dataparksearch|findlinks|crawler)' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
984 device_replacement: 'Spider' |
f2691b83bafa
update to ES 0.90.0 and logstash 1.1.12
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
985 |