^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ conmon\[[0-9]+\]: .*$
^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ pod-(rproxy|lrproxy|www|database|cloud|git|notes|music|metrics|dash)[[:alnum:]\-]*\[[0-9]+\]:.*$
^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ restic-batch\[[0-9]+\]: Backing up [-_[:alnum:]]+$
^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ systemd\[[0-9]+\]: Finished (Podman auto-update service|Pod service auto-update service|Prune dangling podman images|Backup snapshots using restic)\.$
^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ systemd\[[0-9]+\]: var-lib-containers-storage-overlay\.mount: Succeeded\.$
^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ systemd\[[0-9]+\]: (restic-batch\.service): Consumed ([0-9]{1,2}min )?[0-9]{1,2}\.[0-9]{3}s CPU time\.$
^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ podman\[[0-9]+\]:$
^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ podman\[[0-9]+\]: [-[:digit:]]{10} [.:[:digit:]]{8,18} \+[[:digit:]]{4} [[:alpha:]]{3,4} m=\+[.[:digit:]]+ container health_status [[:alnum:]]{64} \(.*health_status=healthy.*\)$
^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ podman\[[0-9]+\]: [-[:digit:]]{10} [.:[:digit:]]{8,18} \+[[:digit:]]{4} [[:alpha:]]{3,4} m=\+[.[:digit:]]+ container (create|init|start|attach|exec_died|died|cleanup|remove) [[:alnum:]]{64} \(.*\)$
^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ podman\[[0-9]+\]: [-[:digit:]]{10} [.:[:digit:]]{8,18} \+[[:digit:]]{4} [[:alpha:]]{3,4} m=\+[.[:digit:]]+ image (remove|prune) [[:alnum:]]{64}$
^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ podman\[[0-9]+\]: [-[:digit:]]{10} [.:[:digit:]]{8,18} \+[[:digit:]]{4} [[:alpha:]]{3,4} m=\+[.[:digit:]]+ image untag [[:alnum:]]{64} [._[:alnum:]\-]+/[._[:alnum:]\-]+/[._[:alnum:]\-]+:[._[:alnum:]\-]+$
^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ podman\[[0-9]+\]: [-[:digit:]]{10} [.:[:digit:]]{8,18} \+[[:digit:]]{4} [[:alpha:]]{3,4} m=\+[.[:digit:]]+ image pull(  [._/:[:alnum:]\-]+)?$
^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ podman\[[0-9]+\]: [[:alnum:]]{64}$
^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ kernel: \[\s*[0-9]+\.[0-9]+\] audit: type=1326 audit\([.:0-9]+\): auid=[0-9]+ uid=[0-9]+ gid=[0-9]+ ses=[0-9]+ subj=unconfined pid=[0-9]+ comm="(git|git-remote-http|git-receive-pac|gitea)" exe="(/app/gitea/gitea|/usr/bin/git|/usr/bin/git-receive-pack|/usr/libexec/git-core/git|/usr/libexec/git-core/git-remote-http|/usr/libexec/git-core/git-remote-https)" sig=0 arch=c000003e syscall=324 compat=0 ip=[[:alnum:]]+ code=0x50000$
^([[:alpha:]]{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]\-]+ kernel: \[\s*[0-9]+\.[0-9]+\] audit: type=1326 audit\([.:0-9]+\): auid=[0-9]+ uid=[0-9]+ gid=[0-9]+ ses=[0-9]+ subj=unconfined pid=[0-9]+ comm="ffmpeg" exe="/usr/bin/ffmpeg" sig=0 arch=c000003e syscall=324 compat=0 ip=[[:alnum:]]+ code=0x50000$