Short answer: grok parsers. Longer answer: syslog is more a transport, not just a log format, so it encapsulates a wide variety of data sources. Your best bet is probably to use NiFi to listen for syslog from a remote host (ListenSyslog) and then route each application in the syslog to a different kafka topic. That way you have kafka topics for each type of data you care about eg sshd, login, cups... whatever. From there it’s easiest to use a grok parser in metron to pull out the fields. There are many prebuilt patterns for the common services around on the web.
Simon > On 25 Oct 2017, at 05:55, Farrukh Naveed Anjum <[email protected]> > wrote: > > Hi, > > How can I get syslog in metron any help (pattern / parser). Kindly help ? > > -- > With Regards > Farrukh Naveed Anjum
