From loganalyzer at valentinenews.net Fri May 7 18:27:05 2010 From: loganalyzer at valentinenews.net (loganalyzer at valentinenews.net) Date: Fri, 7 May 2010 10:27:05 -0600 Subject: [phpLogCon] Custom log parsing Message-ID: <201005071027.05508.loganalyzer@valentinenews.net> I receive logs from a device that sends in a non standard format and would like to modify LogAnalyzer to support it. These are going to be disk files. The fields will be: [ date | host | facilities,severity | msg ] The device sends the facilities/severeties as a comma seperated text field. For example system,user,info or routing,ospf,error. I can use rsyslog to parse these and send as a syslog type message, but I feel the better route is a proper view. From looking at the code, these are what I'm thinking I should modify. include/function_config.php (create a custom ViewID) include/constants_logstream.php (create the fields for the View) class/logstreamlineparser[xxxxxxxxx].class.php (create the parser) Am I missing something? Is there a better way to do this so it can be shared back as a plugin? Any help is appreciated. -Shem From loganalyzer at valentinenews.net Fri May 7 18:27:05 2010 From: loganalyzer at valentinenews.net (loganalyzer at valentinenews.net) Date: Fri, 7 May 2010 10:27:05 -0600 Subject: [phpLogCon] Custom log parsing Message-ID: <201005071027.05508.loganalyzer@valentinenews.net> I receive logs from a device that sends in a non standard format and would like to modify LogAnalyzer to support it. These are going to be disk files. The fields will be: [ date | host | facilities,severity | msg ] The device sends the facilities/severeties as a comma seperated text field. For example system,user,info or routing,ospf,error. I can use rsyslog to parse these and send as a syslog type message, but I feel the better route is a proper view. From looking at the code, these are what I'm thinking I should modify. include/function_config.php (create a custom ViewID) include/constants_logstream.php (create the fields for the View) class/logstreamlineparser[xxxxxxxxx].class.php (create the parser) Am I missing something? Is there a better way to do this so it can be shared back as a plugin? Any help is appreciated. -Shem From loganalyzer at valentinenews.net Fri May 7 18:27:05 2010 From: loganalyzer at valentinenews.net (loganalyzer at valentinenews.net) Date: Fri, 7 May 2010 10:27:05 -0600 Subject: [phpLogCon] Custom log parsing Message-ID: <201005071027.05508.loganalyzer@valentinenews.net> I receive logs from a device that sends in a non standard format and would like to modify LogAnalyzer to support it. These are going to be disk files. The fields will be: [ date | host | facilities,severity | msg ] The device sends the facilities/severeties as a comma seperated text field. For example system,user,info or routing,ospf,error. I can use rsyslog to parse these and send as a syslog type message, but I feel the better route is a proper view. From looking at the code, these are what I'm thinking I should modify. include/function_config.php (create a custom ViewID) include/constants_logstream.php (create the fields for the View) class/logstreamlineparser[xxxxxxxxx].class.php (create the parser) Am I missing something? Is there a better way to do this so it can be shared back as a plugin? Any help is appreciated. -Shem