Thanks for sharing!
On Thursday, 25 August 2016 12:32:59 UTC+2, ravedog wrote:
>
>
> Hi,
>
> Thanks for your answer, I solved this yesterday and i thought I share my
> findings here in case anyone else have the same need.
> Due to the solution looking like this (parsing being made in the client
> not the server or application), this is not graylog related directly but
> highly indirectly.
>
> When creating the GELF, I put a bash function in the middle of it that
> would read all the file paths from this log file. It would then dump it
> into an array in which it would create a field name per entry in sequence
> for graylog to get.
>
> So the GELF looks like this
> ...
> "_clamav_infected":"1",
> '$(FILES)' # Function
> ...
>
>
>
> The function:
>
> /bin/cat ${clamscan_output} | /bin/grep ^/ > $INFECTED
>
> readarray i < $INFECTED
> for lines in "${i[@]}"
> do
> echo '"_clamsav_infected_file_'$NUMBER'":'$i ','
> ((NUMBER++))
> done
>
>
>
>
> With this each file entrie in the logfile will output a new field so it
> looks like this when its getting sent:
>
> ...
> "_clamav_infected":"1",
> "_clamsav_infected_file_0":"/path/to/virus virus-name"
> "_clamsav_infected_file_1":"/path/to/virus virus-name"
> "_clamsav_infected_file_2":"/path/to/virus virus-name"
> "_clamsav_infected_file_3":"/path/to/virus virus-name"
> ...
>
> So if anyone needs to read and send an unknown amounts of entries from a
> file into separate fields, this is one solution.
>
> br,
>
> R
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/f4e0c83e-22ea-4b62-938d-5998d111d781%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
