[stunnel-users] Grok log parsing

• Previous message (by thread): [stunnel-users] Loss of ability to use Stunnel-Blat, and a solution
• Next message (by thread): [stunnel-users] Grok log parsing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I would ask if someone use Grok log parsing for stunnel and, if yes,
what kind of filter statement are you using?

At the moment I've just created 2 parser:

STUNNEL_AcceptedConnectionParser

%{date("yyyy.MM.dd HH:mm:ss"):date}
LOG%{integer:loglevel}\[%{integer:session_id}\]\: Service
\[%{word:csb_name}\-%{word:csb_port}\] accepted connection from
%{ipv4:caller_ip}\:%{port:caller_port}

and

STUNNEL_ConnectionClosedParser

%{date("yyyy.MM.dd HH:mm:ss"):date}
LOG%{integer:loglevel}\[%{integer:session_id}\]\: Connection closed\:
%{integer:byte_tx} byte\(s\) sent to SSL\, %{integer:byte_rx}
byte\(s\) sent to socket


I'm new with Grok and all the things related to log match-and-parse,
so I think that there will be a much better solution than mine, anyway
Google this time doesn't help unfortunately.

Thank you so much to all those who will help me with this stuff!

Manuele

• Previous message (by thread): [stunnel-users] Loss of ability to use Stunnel-Blat, and a solution
• Next message (by thread): [stunnel-users] Grok log parsing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]