Feature #107: Multiple format per LML sources - Prelude-LML - UNITY 360

Feature #107

Multiple format per LML sources

Added by Yoann VANDOORSELAERE over 18 years ago. Updated almost 15 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Yoann VANDOORSELAERE

Target version:

0.9.1

Start date:

Due date:

% Done:

Resolution:

fixed

Description

Implement the ability to read different log input format from the same LML source.

[format=syslog]
time-format = "%b %d %H:%M:%S" 
prefix-regex = "^(?P<timestamp>.{15}) (?P<hostname>\S+) (?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?" 
udp-server = 0.0.0.0:514

[format=apache]
prefix-regex = "^(?P<hostname>\S+) - - \[(?P<timestamp>.{20}) \+.{4}\] " 
time-format = "%d/%b/%Y:%H:%M:%S" 
udp-server = 0.0.0.0:514

Example above will allow LML to understand both format on the 0.0.0.0:514 source.

History

#1 Updated by Yoann VANDOORSELAERE over 18 years ago

Status changed from New to Closed
Resolution set to fixed

Implemented in r7425.

#2 Updated by Yoann VANDOORSELAERE almost 15 years ago

Project changed from PRELUDE SIEM to Prelude-LML
Category deleted (4)
Target version deleted (~~0.9.1~~)

Also available in: Atom PDF

Project

General

Profile

Issues

Feature #107

Multiple format per LML sources

History

#1 Updated by Yoann VANDOORSELAERE over 18 years ago

#2 Updated by Yoann VANDOORSELAERE almost 15 years ago