[Lognorm] Escape [ and ]

Wed Jun 10 09:03:59 CEST 2015

 I think this is wrong. For example: unix timestamp. This is always number.

Среда, 10 июня 2015, 7:00 UTC от Chris Schafer <chrisp.schafer at gmail.com>:
>I believe it ends up taking everything as a string, but I could be wrong. 
>On Tue, Jun 9, 2015 at 11:59 PM Фадеев Виталий Львович < fvl at mail.ru > wrote:
>>And, probably, there is mismatch:
>>
>>$ cat num.txt 
>>num: 42
>>
>>$ cat num.rb
>>rule=:num: %answer:number%
>>
>>$lognormalizer -r num.rb -e json < num.txt 
>>{ "answer": "42" }
>>
>>But if i read on  https://en.wikipedia.org/wiki/JSON
>>
>>JSON's basic types are:
>>*  Number: a signed decimal number that may contain a fractional part and may use exponential  E notation . JSON does not allow non-numbers like  NaN , nor does it make any distinction between integer and floating-point. (Even though JavaScript uses a  double-precision floating-point format for all its numeric values, other languages implementing JSON may encode numbers differently)
>>*  String : a sequence of zero or more  Unicode characters. Strings are delimited with double-quotation marks and support a backslash  escaping syntax.
>>
>>So, i think lognorm return wrong JSON. This is must be without double quotes:
>>{ "answer": 42 }
>>
>>Is this expected behavior?
>>
>>>Also, i did not find how to get IPv6 and IPv4 string
>>>For example:
>>>
>>>IP: 2607:f8b0:4000:807::1006:
>>>IP: 64.233.160.106
>>>
>>>This all of google.com
>>>
>>>
>>>Среда, 10 июня 2015, 6:15 UTC от Chris Schafer <chrisp.schafer at gmail.com>:
>>>>Glad I can help. I spent way too much time learning this stuff and I don't get to use it often enough :)
>>>>On Tue, Jun 9, 2015 at 11:13 PM David Lang < david at lang.hm > wrote:
>>>>>On Wed, 10 Jun 2015, Фадеев Виталий Львович wrote:
>>>>>
>>>>>>
>>>>>> Hi!
>>>>>> I want to log all from apache. I use custom log in apache that looks like:
>>>>>>
>>>>>> [2015-06-09 18:27:07 197 NOVT] [192.168.1.67] [192.168.1.67] [192.168.1.254] [818] [/var/www/host/css/button.css] [192.168.1.67] [HTTP/1.1] [1] [-] [GET] [5064] [?v=0] [GET /css/button.css?v=0 HTTP/1.1] [-] [200] [200] [0] [/css/button.css] [hostname.domain] [hostname.domain] [+] [1540] [1138] ["  http://hostname.domain/index.html "] ["Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0"]
>>>>>>
>>>>>> For example, i create test.log that contains:
>>>>>> [2015-06-09 16:47:34 830 NOVT]
>>>>>>
>>>>>> and test.rb:
>>>>>> rule=:[%date:date-iso% %time:time-24hr% %microsec:number% %timezone:char-to:]%
>>>>>>
>>>>>> If i try i get:
>>>>>> $ lognormalizer -r test.rb -e json  < test.log
>>>>>> { "originalmsg": "[2015-06-09 16:47:34 830 NOVT]", "unparsed-data": "]" }
>>>>>>
>>>>>> How to parse data between [ and ] ?
>>>>>
>>>>>you almost have it correct. The only thing that you are missing is that char-to
>>>>>doesn't 'consume' the matching character, so your rule would need to be:
>>>>>
>>>>>rule=:[%date:date-iso% %time:time-24hr% %microsec:number% %timezone:char-to:]%]
>>>>>
>>>>>David Lang
>>>>>_______________________________________________
>>>>>Lognorm mailing list
>>>>>Lognorm at lists.adiscon.com
>>>>>http://lists.adiscon.net/mailman/listinfo/lognorm
>>>>>_______________________________________________
>>>>>Lognorm mailing list
>>>>>Lognorm at lists.adiscon.com
>>>>>http://lists.adiscon.net/mailman/listinfo/lognorm
>>>
>>>_______________________________________________
>>>Lognorm mailing list
>>>Lognorm at lists.adiscon.com
>>>http://lists.adiscon.net/mailman/listinfo/lognorm
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.adiscon.net/pipermail/lognorm/attachments/20150610/dc6dd84f/attachment.html>