[Lognorm] Escape [ and ]

Thu Jun 11 07:30:40 CEST 2015

lognorm processes log messages and log messages are by definition
always string and so lognorm always returns string in the initial
implementation. It is right that one can argue we should return other
types if they are obvious and that's a good argument, but it would
break compatibility at least for existing types. There is also a
reinterpret capability.

Rainer

2015-06-10 9:03 GMT+02:00 Фадеев Виталий Львович <fvl at mail.ru>:
> I think this is wrong. For example: unix timestamp. This is always number.
>
>
> Среда, 10 июня 2015, 7:00 UTC от Chris Schafer <chrisp.schafer at gmail.com>:
>
> I believe it ends up taking everything as a string, but I could be wrong.
> On Tue, Jun 9, 2015 at 11:59 PM Фадеев Виталий Львович <fvl at mail.ru> wrote:
>
> And, probably, there is mismatch:
>
> $ cat num.txt
> num: 42
>
> $ cat num.rb
> rule=:num: %answer:number%
>
> $lognormalizer -r num.rb -e json < num.txt
> { "answer": "42" }
>
> But if i read on https://en.wikipedia.org/wiki/JSON
>
> JSON's basic types are:
>
> Number: a signed decimal number that may contain a fractional part and may
> use exponential E notation. JSON does not allow non-numbers like NaN, nor
> does it make any distinction between integer and floating-point. (Even
> though JavaScript uses a double-precision floating-point format for all its
> numeric values, other languages implementing JSON may encode numbers
> differently)
> String: a sequence of zero or more Unicode characters. Strings are delimited
> with double-quotation marks and support a backslash escaping syntax.
>
> So, i think lognorm return wrong JSON. This is must be without double
> quotes:
> { "answer": 42 }
>
> Is this expected behavior?
>
> Also, i did not find how to get IPv6 and IPv4 string
> For example:
>
> IP: 2607:f8b0:4000:807::1006:
> IP: 64.233.160.106
>
> This all of google.com
>
>
> Среда, 10 июня 2015, 6:15 UTC от Chris Schafer <chrisp.schafer at gmail.com>:
>
> Glad I can help. I spent way too much time learning this stuff and I don't
> get to use it often enough :)
> On Tue, Jun 9, 2015 at 11:13 PM David Lang <david at lang.hm> wrote:
>
> On Wed, 10 Jun 2015, Фадеев Виталий Львович wrote:
>
>>
>> Hi!
>> I want to log all from apache. I use custom log in apache that looks like:
>>
>> [2015-06-09 18:27:07 197 NOVT] [192.168.1.67] [192.168.1.67]
>> [192.168.1.254] [818] [/var/www/host/css/button.css] [192.168.1.67]
>> [HTTP/1.1] [1] [-] [GET] [5064] [?v=0] [GET /css/button.css?v=0 HTTP/1.1]
>> [-] [200] [200] [0] [/css/button.css] [hostname.domain] [hostname.domain]
>> [+] [1540] [1138] [" http://hostname.domain/index.html "] ["Mozilla/5.0
>> (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0"]
>>
>> For example, i create test.log that contains:
>> [2015-06-09 16:47:34 830 NOVT]
>>
>> and test.rb:
>> rule=:[%date:date-iso% %time:time-24hr% %microsec:number%
>> %timezone:char-to:]%
>>
>> If i try i get:
>> $ lognormalizer -r test.rb -e json  < test.log
>> { "originalmsg": "[2015-06-09 16:47:34 830 NOVT]", "unparsed-data": "]" }
>>
>> How to parse data between [ and ] ?
>
> you almost have it correct. The only thing that you are missing is that
> char-to
> doesn't 'consume' the matching character, so your rule would need to be:
>
> rule=:[%date:date-iso% %time:time-24hr% %microsec:number%
> %timezone:char-to:]%]
>
> David Lang
> _______________________________________________
> Lognorm mailing list
> Lognorm at lists.adiscon.com
> http://lists.adiscon.net/mailman/listinfo/lognorm
> _______________________________________________
> Lognorm mailing list
> Lognorm at lists.adiscon.com
> http://lists.adiscon.net/mailman/listinfo/lognorm
>
>
> _______________________________________________
> Lognorm mailing list
> Lognorm at lists.adiscon.com
> http://lists.adiscon.net/mailman/listinfo/lognorm
>
>
>
>
> _______________________________________________
> Lognorm mailing list
> Lognorm at lists.adiscon.com
> http://lists.adiscon.net/mailman/listinfo/lognorm
>