Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
luxter2017-04-03 10:39:21
syslog
luxter, 2017-04-03 10:39:21

How to parse log (Logstash, grok patterns)?

Good day! There is this log:

<13>1 2017-04-03T10:02:02+03:00 192.168.0.163 - - - - <14> <smg1016m> 10:00:27.350841 [INFO] alarm-led: set [green]<->[green] [0]

Through Logstash, everything is filtered and sent to ES + Kibana, but its appearance is not at all readable. The main grok patterns stumble on this log.
For all the main logs, I divide it like this:
<%{NONNEGINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}
and everything is fine, but when there are symbols of multiple dashes and others, they spoil everything. How to be?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
W
wolf1742016-11-15 14:45:06
How is msgid formed in a syslog message? 0Reply
L
L0ns2019-10-06 19:10:23
syslog-ng logs are not sent, what am I doing wrong? 1Reply
D
DVoropaev2017-08-15 12:06:24
What literature on rsyslog should be read? 1Reply
M
MaxxZ2017-11-20 14:43:57
Windows NAS Accounting via Syslog. Is it possible? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question