On Tue, Jun 11, 2013 at 5:37 PM, termo meter <[email protected]> wrote:
> Hi All, > > > > I want to ask, in rsyslog, how can we standardize the logs output. For e.g > : > > > > Let say, this is my fwall logs sample:- > > > > <163>May 23 2013 15:59:55: %ASA-3-106014: Deny inbound icmp src > outside:69.12.34.53 dst outside:192.168.0.10 (type 8, code 0) > > > > i want to process the incoming log and produce output like this:- > > > > device:firewall alertdate: May-23-2013, alerttime: 15:59:55, > Protocol:icmp, sourceip:69.12.34.53, destip: 192.168.0.10 > > > > The reason is i need to standardize the logs, different devices produce > different type/format of logs. It is difficult to find/analyse in the > future if the log in raw format. > > I guess this presentation has the base information that you need: http://www.slideshare.net/rainergerhards1/rsyslog-log-normalization Rainer > > > Thanks. > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
