syslog reader
Hi,
I am trying to get pml to work with my syslog on Debian stretch
Log looks like this:
May 2 12:05:06 server1 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<sDk+Dzdr5o4AAAAAAAAAAAAAAAAAAAAB>
May 2 12:05:06 server1 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<1lM+DzdrpooAAAAAAAAAAAAAAAAAAAAB>
May 2 12:05:11 server1 systemd[1]: Started Session 6049 of user admin.
Have tried both the following:
"syslog1": {
"display": "Syslog",
"path": "/var/log/messages",
"refresh": 5,
"max": 50,
"notify": false,
"format": {
"regex": "|(.*?) ([0-9]{1,2}) ([0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}) ([a-zA-Z0-9_\-\.]{1,256}) ([A-Za-z0-9_\-\/\.]{1,32})\[(.*?)\]:(.*)|",
"match": {
"Date": 3,
"Source": 4,
"Tag_ID": 5,
"PID": 6,
"Message": 7
},
"types": {
"Date": "date:H:i:s",
"Source": "txt",
"Tag_ID": "txt",
"PID": "numeral",
"Message": "txt"
}
}
}
and
"syslog1": {
"display" : "Syslog",
"path" : "/var/log/syslog",
"refresh" : 20,
"max" : 20,
"notify" : false,
"format" : {
"regex": "|<([0-9]{1,3})>([0-9]) ([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2}T[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}.[0-9]{1,6}.[0-9]{1,2}:[0-9]{1,2}) (.*?) (.*?) (.*?) (.*?) (.*?) (.*?)$|",
"match": {
"Date" : 3,
"Time" : 3,
"Source" : 5,
"PID" : 6,
"Message" : 9
},
"types": {
"Date" : "date:d:M:Y",
"Time" : "date:H:i:s",
"Source" : "txt",
"PID" : "numeral",
"Message" : "txt"
}
}
}
first configuration doesnt even come up in the list on pml for some reason but second config shows the page but no entries with following message in footer:
no new log found in 4151ms with 1M of logs, 0 skipped line(s), 6930 unreadable line(s).
File /var/log/syslog_test was last modified on 2018/05/03 11:03:51 at Europe/London, size is 1M
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac