README
¶
syslog parser
Example CLI usage (from honeytail root)
honeytail -p syslog -k $HONEYTAIL_WRITEKEY \
-f /var/log/auth.log \
--dataset 'MY_TEST_DATASET' \
--syslog.mode 'rfc5424'
Log Formatting
You will need to configure your syslog daemon to use the right format. For example, to use RFC5424 with rsyslog, set the following in your /etc/rsyslog.conf.
$ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format
RFC5424
Example line
<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] An application event log entry...
RFC3164
Example line
<34>Oct 11 22:14:15 mymachine su: 'su root' failed for user on /dev/pts/8
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Options ¶
type Options struct {
Mode string `long:"mode" description:"Syslog mode. Supported values are rfc3164 and rfc5424"`
ProcessList string `` /* 130-byte string literal not displayed */
NumParsers int `hidden:"true" description:"number of parsers to spin up"`
}
Options defines the options relevant to the syslog parser
type Parser ¶
type Parser struct {
// contains filtered or unexported fields
}
Parser implements the Parser interface
type SyslogLineParser ¶
type SyslogLineParser struct {
// contains filtered or unexported fields
}
func NewSyslogLineParser ¶
func NewSyslogLineParser(mode string, processList string) (*SyslogLineParser, error)
NewSyslogLineParser factory
Source Files
Click to show internal directories.
Click to hide internal directories.