From dcc721a95bef6f0d8e6d8775b8efe33e5aecd562 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 15 Apr 2024 18:28:20 +0200 Subject: Adding upstream version 8.2402.0. Signed-off-by: Daniel Baumann --- contrib/mmgrok/README | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 contrib/mmgrok/README (limited to 'contrib/mmgrok/README') diff --git a/contrib/mmgrok/README b/contrib/mmgrok/README new file mode 100644 index 0000000..1194212 --- /dev/null +++ b/contrib/mmgrok/README @@ -0,0 +1,32 @@ +Grok Message Modify Plugin + +Using hundreds of grok patterns from logstash-patterns-core. + +Build + +This plugin requires libfastjson (always present in rsyslog core), glib2, and grok packages. + +If you use RH/CentOS/Fedora, you'll have to build grok rpms by yourself as follow: + + sudo yum install -y yum-utils rpmdevtools + git clone git@github.com:jordansissel/grok.git + mkdir -p ~/rpmbuild/SPECS/; cp grok/grok.spec.template ~/rpmbuild/SPECS/grok.spec + (mkdir -p ~/rpmbuild/SOURCES/; cd ~/rpmbuild/SOURCES/; spectool -g ../SPECS/grok.spec) + sudo yum-builddep ~/rpmbuild/SPECS/grok.spec + rpmbuild -bb ~/rpmbuild/SPECS/grok.spec + # use yum command instead of rpm, because grok depends on libevent, pcre, tokyocabinet + sudo yum install -y libjson-c-devel glib2-devel ~/rpmbuild/RPMS/x86_64/grok*.rpm + +Example + +module(load="mmgrok") +template(name="tmlp" type="string" string="%$!msg!test%\n") +action(type="mmgrok" patterndir="path/to/yourpatternsDir" match="%{WORD:test}" source="msg" target="!msg") +action(type="omfile" file="path/to/file" template="tmlp") + +Description + +patterndir: path to grok patterns dir, default: /usr/share/grok/patterns/base +match:the pattern used to match message +source: the source message/variable to be matched +target: the root path to write the captured json tree -- cgit v1.2.3