I am trying to parse a log file
I have tried several iterations to get my rule to work
The time is hr:min:sec
how should the rule be on this?
"unparsed-data": " time=15:54:37 devname=\"CSPCFW01-M\" devid=\"FG3H0E5818903304\" logid=\"0000000013\" type=\"traffic\" subtype=\"forward\" level=\"notice\" vd=\"root\" eventtime=1562104477 srcip=10.18.66.10 srcport=47292 srcintf=\"VLAN66\" srcintfrole=\"lan\" dstip=10.18.70.228 dstport=53 dstintf=\"VLAN714\" dstintfrole=\"lan\" poluuid=\"c90ba4ee-fd82-51e8-1c37-dcd8078e44b8\" sessionid=40256898 proto=17 action=\"accept\" policyid=5 policytype=\"policy\" service=\"DNS\" dstcountry=\"Reserved\" srccountry=\"Reserved\" trandisp=\"noop\" duration=180 sentbyte=68 rcvdbyte=227 sentpkt=1 rcvdpkt=1 appcat=\"unscanned\" devtype=\"Unknown\" unauthuser=\"admin\" unauthusersource=\"kerberos\" mastersrcmac=\"00:0c:29:eb:3d:87\" srcmac=\"00:0c:29:eb:3d:87\" srcserver=1 dstdevtype=\"Linux PC\" dstosname=\"Linux\" dstosversion=\"3.10.0-957. (x64)\" dstunauthuser=\"admin\" dstunauthusersource=\"kerberos\" masterdstmac=\"00:0c:29:30:e8:bd\" dstmac=\"00:0c:29:30:e8:bd\" dstserver=1" }
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
I have tried several iterations to get my rule to work
The time is hr:min:sec
how should the rule be on this?
"unparsed-data": " time=15:54:37 devname=\"CSPCFW01-M\" devid=\"FG3H0E5818903304\" logid=\"0000000013\" type=\"traffic\" subtype=\"forward\" level=\"notice\" vd=\"root\" eventtime=1562104477 srcip=10.18.66.10 srcport=47292 srcintf=\"VLAN66\" srcintfrole=\"lan\" dstip=10.18.70.228 dstport=53 dstintf=\"VLAN714\" dstintfrole=\"lan\" poluuid=\"c90ba4ee-fd82-51e8-1c37-dcd8078e44b8\" sessionid=40256898 proto=17 action=\"accept\" policyid=5 policytype=\"policy\" service=\"DNS\" dstcountry=\"Reserved\" srccountry=\"Reserved\" trandisp=\"noop\" duration=180 sentbyte=68 rcvdbyte=227 sentpkt=1 rcvdpkt=1 appcat=\"unscanned\" devtype=\"Unknown\" unauthuser=\"admin\" unauthusersource=\"kerberos\" mastersrcmac=\"00:0c:29:eb:3d:87\" srcmac=\"00:0c:29:eb:3d:87\" srcserver=1 dstdevtype=\"Linux PC\" dstosname=\"Linux\" dstosversion=\"3.10.0-957. (x64)\" dstunauthuser=\"admin\" dstunauthusersource=\"kerberos\" masterdstmac=\"00:0c:29:30:e8:bd\" dstmac=\"00:0c:29:30:e8:bd\" dstserver=1" }
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.