I would ask if someone use Grok log parsing for stunnel and, if yes, what kind of filter statement are you using?
At the moment I've just created 2 parser:
STUNNEL_AcceptedConnectionParser
%{date("yyyy.MM.dd HH:mm:ss"):date} LOG%{integer:loglevel}[%{integer:session_id}]: Service [%{word:csb_name}-%{word:csb_port}] accepted connection from %{ipv4:caller_ip}:%{port:caller_port}
and
STUNNEL_ConnectionClosedParser
%{date("yyyy.MM.dd HH:mm:ss"):date} LOG%{integer:loglevel}[%{integer:session_id}]: Connection closed: %{integer:byte_tx} byte(s) sent to SSL, %{integer:byte_rx} byte(s) sent to socket
I'm new with Grok and all the things related to log match-and-parse, so I think that there will be a much better solution than mine, anyway Google this time doesn't help unfortunately.
Thank you so much to all those who will help me with this stuff!
Manuele
For those who need Grok parsing rules and helpers, I've just implemented it with Datadog and it's working like a charm.
Here I've shared my configuration: https://github.com/mtrimarchi/StunnelGrok4Datadog
Bye!
Manuele
-
Manuele Trimarchi