syslog reader

parddhillon's Avatar

parddhillon

03 May, 2018 10:21 AM

Hi,

I am trying to get pml to work with my syslog on Debian stretch
Log looks like this:

May 2 12:05:06 server1 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<sDk+Dzdr5o4AAAAAAAAAAAAAAAAAAAAB>
May 2 12:05:06 server1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<1lM+DzdrpooAAAAAAAAAAAAAAAAAAAAB>
May 2 12:05:11 server1 systemd[1]: Started Session 6049 of user admin.

Have tried both the following:
"syslog1": {
    "display": "Syslog",
    "path": "/var/log/messages",
    "refresh": 5,
    "max": 50,
    "notify": false,
    "format": {
        "regex": "|(.*?) ([0-9]{1,2}) ([0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}) ([a-zA-Z0-9_\-\.]{1,256}) ([A-Za-z0-9_\-\/\.]{1,32})\[(.*?)\]:(.*)|",
        "match": {
            "Date": 3,
            "Source": 4,
            "Tag_ID": 5,
            "PID": 6,
            "Message": 7
        },
        "types": {
            "Date": "date:H:i:s",
            "Source": "txt",
            "Tag_ID": "txt",
            "PID": "numeral",
            "Message": "txt"
        }
    }
}

and

"syslog1": {
    "display" : "Syslog",
    "path" : "/var/log/syslog",
    "refresh" : 20,
    "max" : 20,
    "notify" : false,
    "format" : {
        "regex": "|<([0-9]{1,3})>([0-9]) ([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2}T[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}.[0-9]{1,6}.[0-9]{1,2}:[0-9]{1,2}) (.*?) (.*?) (.*?) (.*?) (.*?) (.*?)$|",
        "match": {
            "Date" : 3,
            "Time" : 3,
            "Source" : 5,
            "PID" : 6,
            "Message" : 9
        },
        "types": {
            "Date" : "date:d:M:Y",
            "Time" : "date:H:i:s",
            "Source" : "txt",
            "PID" : "numeral",
            "Message" : "txt"
        }
    }
}

first configuration doesnt even come up in the list on pml for some reason but second config shows the page but no entries with following message in footer:
no new log found in 4151ms with 1M of logs, 0 skipped line(s), 6930 unreadable line(s).
File /var/log/syslog_test was last modified on 2018/05/03 11:03:51 at Europe/London, size is 1M

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

29 Nov, 2018 07:29 PM
11 Nov, 2018 07:20 AM
31 Oct, 2018 08:09 AM
28 Oct, 2018 05:43 PM
23 Oct, 2018 02:53 PM