[stunnel-users] Grok log parsing
Manuele Trimarchi
info at trimarchimanuele.it
Tue Jul 17 11:51:13 CEST 2018
I would ask if someone use Grok log parsing for stunnel and, if yes,
what kind of filter statement are you using?
At the moment I've just created 2 parser:
STUNNEL_AcceptedConnectionParser
%{date("yyyy.MM.dd HH:mm:ss"):date}
LOG%{integer:loglevel}\[%{integer:session_id}\]\: Service
\[%{word:csb_name}\-%{word:csb_port}\] accepted connection from
%{ipv4:caller_ip}\:%{port:caller_port}
and
STUNNEL_ConnectionClosedParser
%{date("yyyy.MM.dd HH:mm:ss"):date}
LOG%{integer:loglevel}\[%{integer:session_id}\]\: Connection closed\:
%{integer:byte_tx} byte\(s\) sent to SSL\, %{integer:byte_rx}
byte\(s\) sent to socket
I'm new with Grok and all the things related to log match-and-parse,
so I think that there will be a much better solution than mine, anyway
Google this time doesn't help unfortunately.
Thank you so much to all those who will help me with this stuff!
Manuele
More information about the stunnel-users
mailing list