Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to write syslog parser in Metron's Strom?

How to write syslog parser in Metron's Strom?

New Contributor

I am using Metron 0.4.1

I want to write syslog parser but I don't know how to do it.

thanks for helping me.

2 REPLIES 2
Highlighted

Re: How to write syslog parser in Metron's Strom?

Contributor

@mojgan ghasemi

  • You could start by defining it via Grok using the GrokParser. SYSLOG_HEADER + MESSAGE, where the SYSLOG_HEADER could look like:
<%{POSINT:syslog_priority}>%{SYSLOGTIMESTAMP:date} %{IPORHOST:device} 

Re: How to write syslog parser in Metron's Strom?

Contributor

https://github.com/apache/metron/pull/1175

Supports RFC 5424 messages only