如何解决流利的OpenWRT日志解析器
现在,我正在努力从许多OenWRT路由器收集日志,并能流畅地完成此任务。
不幸的是,我不知道为什么解析器无法正常工作。
例如,日志如下:
Aug 15 06:55:05 HOST123 daemon:warning Expiring: (mcpd_process_query_timer)
Aug 15 06:55:05 HOST123 daemon:warning Sending IGMPv2 query of len: 8
Aug 15 06:55:05 HOST123 daemon:warning MLD QUERY: MRT is 00:0a ifindex=15
Aug 15 06:55:05 HOST123 daemon:warning Sending Query size: 28
Aug 15 06:55:07 HOST123 daemon:notice iptv (8359): udhcpc: sending renew to 192.168.131.1
Aug 15 06:55:21 HOST123 daemon:notice data (8351): udhcpc: sending renew to 192.168.130.1
Aug 15 07:06:17 HOST123 daemon:notice voice (6262): udhcpc: sending renew to 192.168.117.1
Aug 15 07:06:17 HOST123 daemon:notice voice (6262): udhcpc: lease of 192.168.117.8 obtained,lease time 600
Aug 15 07:06:22 HOST123 daemon:notice mgmt (6263): udhcpc: sending renew to 192.168.121.1
Aug 15 07:06:22 HOST123 daemon:notice mgmt (6263): udhcpc: lease of 192.168.121.8 obtained,lease time 600
Aug 15 07:06:24 HOST123 daemon:notice iptv (6261): udhcpc: sending renew to 192.168.131.1
Aug 15 07:06:25 HOST123 daemon:notice iptv (6261): udhcpc: lease of 192.168.131.8 obtained,lease time 600
我的配置:
<source>
@type syslog
port 1514
tag scom
<parse>
@type syslog
expression /^(?<logtime>[^ ]) (?<host>HOST\d{4}) (?<facility>[^ ]*) (?<message>[\d\w\s\S\W]*)$/
time_key logtime
time_format "%b %d %T"
</parse>
</source>
或
<source>
@type syslog
port 1514
tag scom
expression /^\(?<time>[^ ]*) (?<host>[^ ]*) (?<facility>[^ ]*) (?<message>[\d\w\s\S\W]*)$/
time_format "%b %d %H:%M:%s"
</source>
怎么了?
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
