ntang (ntang) wrote,


Just wrote a regex to parse syslog entries... from multiple hardware/os/software vendors.
while (<IN>) {
  s/Forwarded from [\w\.\-]+\:\s+//g;
  if ( /(\w+\s\d+\s\d{2}\:\d{2}\:\d{2})\s(netapp[\w\-]+)[\w\-\.]*\s\w+\s\w+\s\d+\s\d{2}\:\d{2}\:\d{2}\s\w+\s\[([^:]+)\]\:\s+(.+)\s*$/ ) {
    ($date,$host,$service,$message) = ($1,$2,$3,$4);
  elsif ( /(\w+\s\d+\s\d{2}\:\d{2}\:\d{2})\s([\w\-]+)[\w\-\.]*\s([^:]+)\:\s+(.+)\s*$/ ) {
    ($date,$host,$service,$message) = ($1,$2,$3,$4);
    if ( $service =~ /([^\[]+)\[\d+\]/ ) { $service = $1; }
  else { print "Non-matching line: [$_] \n"; next;  }
  print "DATE [$date] HOST [$host] SERVICE [$service] MESSAGE [$message]\n";
First it strips out the annoying fbsd "Forwarded from..." line. Then it checks to see if it's a netapp, which has a stupid double-timestamp format, then it parses everything else, and if the service name has a [pid] it strips that out too.

  • Where I am nowadays

    I haven't updated this in a million years... in case you're wondering why, it's because I've mostly moved on to other places. You can find my…

  • DSL

    I've been a loyal Megapath customer for years. (Something like 8 or 10, crazy, in that range...) They've had great service (and a great service -…

  • MySQL failover

    So we're running some MySQL at work, which is a little unusual for us, but is probably long overdue. (Specifically, it's for some Wordpress…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded