Page 1 of 1
[solved] Create pattern to logs
Posted: Fri Jun 22, 2018 4:51 am
by rodrigoaguilar
<184>BSR 64000(tm):[05/12-04:45:13.98- 07:tRDNts6586]-M-CLI-TRACKER[peter.parker]: command
Hello everyone, I don't know how to create a pattern for the previous records, I need to identify the user, in this case it is peter.parker
Re: Create pattern to logs
Posted: Fri Jun 22, 2018 10:00 am
by scottwilkerson
Here is a doc outlining creating grok patterns starting on page 2
https://assets.nagios.com/downloads/nag ... ilters.pdf
Here is a good place to test your patterns
https://grokdebug.herokuapp.com/
Re: Create pattern to logs
Posted: Fri Jun 22, 2018 3:28 pm
by rodrigoaguilar
tnks man
The result
Code: Select all
\<%{NUMBER:ID}\>%{WORD:model} %{NUMBER:model}\(.*\):\[(?<timestamp>%{MONTHNUM}/%{MONTHDAY}-%{TIME}).*- .*:.*\]-M-CLI-TRACKER\[%{USERNAME}\]:%{GREEDYDATA:message}
{
"ID": [
[
"184"
]
],
"BASE10NUM": [
[
"184",
"64000"
]
],
"model": [
[
"BSR"
],
[
"64000"
]
],
"timestamp": [
[
"05/12-04:45:13.98"
]
],
"MONTHNUM": [
[
"05"
]
],
"MONTHDAY": [
[
"12"
]
],
"TIME": [
[
"04:45:13.98"
]
],
"HOUR": [
[
"04"
]
],
"MINUTE": [
[
"45"
]
],
"SECOND": [
[
"13.98"
]
],
"USERNAME": [
[
"peter.parker"
]
],
"message": [
[
" show run"
]
]
}
Re: Create pattern to logs
Posted: Fri Jun 22, 2018 4:43 pm
by scottwilkerson
Excellent!