Permalink
Browse files

Added a syslog parser

  • Loading branch information...
1 parent 141a379 commit 399a228fa9fb814b2e139abbe2030fa62b9824b4 @jbohman committed Jul 27, 2010
Showing with 44 additions and 0 deletions.
  1. +5 −0 logsandra.yaml
  2. +39 −0 logsandra/monitor/parsers/syslog.py
View
@@ -18,3 +18,8 @@ paths:
parser:
name: 'clf'
format: '%h %l %u %t %r %s %O %{Referer}i %{User-Agent}i'
+
+ - path: ~/coding/cassandra/syslog
+ recursive: False
+ parser:
+ name: 'syslog'
@@ -0,0 +1,39 @@
+import re
+import dateutil.parser
+
+from logsandra.monitor.parsers import BaseParser
+
+class SyslogParser(BaseParser):
+
+ def parse(self, line, source, data):
+ elements = line.split(' ')
+
+
+ date = ' '.join(elements[0:3])
+ date = dateutil.parser.parse(date, fuzzy=True)
+
+ keywords = []
+
+ host = elements[3]
+ keywords.append('host:%s' % host)
+ keywords.append(host)
+
+ program = elements[4][0:-1]
+ result = re.search(r'(.+)\[([0-9]+)\]', program)
+ if result:
+ program, pid = result.groups()
+ keywords.append('program:%s' % program)
+ keywords.append('pid:%s' % pid)
+ keywords.append(program)
+ keywords.append(pid)
+ else:
+ keywords.append('program:%s' % program)
+ keywords.append(program)
+
+
+ content = elements[5:]
+ keywords.append(' '.join(content))
+ for c in content:
+ keywords.append(c)
+
+ return self.log_entries.add(date=date, entry=line, source=source, keywords=keywords)

0 comments on commit 399a228

Please sign in to comment.