[solved] Create pattern to logs

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
rodrigoaguilar
Posts: 2
Joined: Wed Jun 20, 2018 12:54 pm

[solved] Create pattern to logs

Post by rodrigoaguilar »

<184>BSR 64000(tm):[05/12-04:45:13.98- 07:tRDNts6586]-M-CLI-TRACKER[peter.parker]: command

Hello everyone, I don't know how to create a pattern for the previous records, I need to identify the user, in this case it is peter.parker

:D
Last edited by rodrigoaguilar on Mon Jun 25, 2018 8:21 am, edited 1 time in total.
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:

Re: Create pattern to logs

Post by scottwilkerson »

Here is a doc outlining creating grok patterns starting on page 2
https://assets.nagios.com/downloads/nag ... ilters.pdf

Here is a good place to test your patterns
https://grokdebug.herokuapp.com/
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
rodrigoaguilar
Posts: 2
Joined: Wed Jun 20, 2018 12:54 pm

Re: Create pattern to logs

Post by rodrigoaguilar »

tnks man
The result

Code: Select all

\<%{NUMBER:ID}\>%{WORD:model} %{NUMBER:model}\(.*\):\[(?<timestamp>%{MONTHNUM}/%{MONTHDAY}-%{TIME}).*- .*:.*\]-M-CLI-TRACKER\[%{USERNAME}\]:%{GREEDYDATA:message}


{
  "ID": [
    [
      "184"
    ]
  ],
  "BASE10NUM": [
    [
      "184",
      "64000"
    ]
  ],
  "model": [
    [
      "BSR"
    ],
    [
      "64000"
    ]
  ],
  "timestamp": [
    [
      "05/12-04:45:13.98"
    ]
  ],
  "MONTHNUM": [
    [
      "05"
    ]
  ],
  "MONTHDAY": [
    [
      "12"
    ]
  ],
  "TIME": [
    [
      "04:45:13.98"
    ]
  ],
  "HOUR": [
    [
      "04"
    ]
  ],
  "MINUTE": [
    [
      "45"
    ]
  ],
  "SECOND": [
    [
      "13.98"
    ]
  ],
  "USERNAME": [
    [
      "peter.parker"
    ]
  ],
  "message": [
    [
      " show run"
    ]
  ]
}
Last edited by tmcdonald on Fri Jun 22, 2018 4:19 pm, edited 1 time in total.
Reason: Please use [code][/code] tags around long output
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:

Re: Create pattern to logs

Post by scottwilkerson »

Excellent!
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Locked