diff options
| author | ahattouti-canaltp <abdel.hattouti@canaltp.fr> | 2014-09-05 12:58:33 +0400 |
|---|---|---|
| committer | ahattouti-canaltp <abdel.hattouti@canaltp.fr> | 2014-09-05 12:58:33 +0400 |
| commit | 7997d9b013816a39d0f3be661b596bacf6aa7bae (patch) | |
| tree | e346c704175d25d656a01a85b45867efd3268be0 /misc | |
| parent | 52230fb700f0bea2b59f655ba7c4559aa079d0f5 (diff) | |
Update README.md
the right pull request
Diffstat (limited to 'misc')
| -rw-r--r-- | misc/log-analytics/README.md | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/misc/log-analytics/README.md b/misc/log-analytics/README.md index 7842da798a..6c4aadf675 100644 --- a/misc/log-analytics/README.md +++ b/misc/log-analytics/README.md @@ -249,5 +249,19 @@ exec python /path/to/misc/log-analytics/import_logs.py \ --log-format-name=nginx_json - ``` +# regex example for syslog format (centralized logs) + +## log format exemple + +``` +Aug 31 23:59:59 tt-srv-name www.tt.com: 1.1.1.1 - - [31/Aug/2014:23:59:59 +0200] "GET /index.php HTTP/1.0" 200 3838 "http://www.tt.com/index.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0" 365020 www.tt.com +``` + +## Corresponding regex + +``` +--log-format-regex='.* ((?P<ip>\S+) \S+ \S+ \[(?P<date>.*?) (?P<timezone>.*?)\] "\S+ (?P<path>.*?) \S+" (?P<status>\S+) (?P<length>\S+) "(?P<referrer>.*?)" "(?P<user_agent>.*?)").*' +``` + And that's all ! |