go-syslog icon indicating copy to clipboard operation
go-syslog copied to clipboard

Published 20 hours ago verified publisher icon influxdata

Log parser in another format

Open gadekalp opened this issue 4 years ago • 1 comments

Hello,

We are trying to use go-syslog parser to parse syslogs for one of our system but our logs are in format as below:

Oct 11 22:14:15 su: 'su root' failed for lonvick on /dev/pts/8

So is there any way/standard to parse the logs in this format?

as we have checked the go-syslog supports logs in format of

<152> Oct 11 22:14:15 su: 'su root' failed for lonvick on /dev/pts/8

Any help on this will be appreciated.

gadekalp avatar Oct 15 '21 06:10 gadekalp

Hello @gadekalp,

nope RFC 3164 mandates the PRI part (https://datatracker.ietf.org/doc/html/rfc3164#section-4.1.1) to exist.

And the corresponding parser doesn't have an option to make it optional, at the moment.

I'd suggest to simply prepend a "fake" PRI (eg., <1>) to your logs before handing them to go-syslog.

leodido avatar Oct 19 '21 09:10 leodido