Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Advanced Search

How to write syslog parser in Metron's Strom?

How to write syslog parser in Metron's Strom?

Labels:
moj_72
Explorer

Created ‎08-27-2018 11:15 AM

I am using Metron 0.4.1

I want to write syslog parser but I don't know how to do it.

thanks for helping me.

Reply
566 Views
0 Kudos
2 REPLIES 2
Highlighted

Re: How to write syslog parser in Metron's Strom?

StefanDunkler
Contributor

Created ‎08-27-2018 11:38 AM

@mojgan ghasemi

  • You could start by defining it via Grok using the GrokParser. SYSLOG_HEADER + MESSAGE, where the SYSLOG_HEADER could look like:
<%{POSINT:syslog_priority}>%{SYSLOGTIMESTAMP:date} %{IPORHOST:device}
Reply
401 Views
0 Kudos
Highlighted

Re: How to write syslog parser in Metron's Strom?

ottobackwards
Contributor

Created ‎08-27-2018 06:34 PM

https://github.com/apache/metron/pull/1175

Supports RFC 5424 messages only

Reply
401 Views
0 Kudos
Don't have an account?
Register
Announcements
Product Announcements
[ANNOUNCE] New Cloudera Machine Learning Runtimes are available on CML and CDSW 1.9
Product Announcements
[ANNOUNCE] New Cloudera JDBC 2.6.23 Driver for Apache Impala Released
Product Announcements
[ANNOUNCE] New Cloudera ODBC 2.6.13 Driver for Apache Impala Released
Product Announcements
[ANNOUNCE] CDP Public Cloud Data Hub is now available on Google Cloud
Support Announcements
Validations - Cloudera Support's Predictive Alerting
View More Announcements