1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
require "grok"
require "pp"
patterns = {}
matches = [
#"%{SYSLOGBASE} Accepted %{NOTSPACE:method} for %{DATA:user} from %{IPORHOST:client} port %{INT:port}",
#"%{SYSLOGBASE} Did not receive identification string from %{IPORHOST:client}",
#"%{SYSLOGBASE} error: PAM: authentication error for %{DATA:user} from %{IPORHOST:client}",
"%{SYSLOGBASE} .*"
#"%{COMBINEDAPACHELOG}",
#"%{UNINDEXED}hello (?=%{GREEDYDATA})%{WORD}"
#"( *%{DATA:key}:%{NOTSPACE:value})+"
]
pile = Grok::Pile.new
pile.add_patterns_from_file("../patterns/base")
matches.collect do |m|
#g = Grok.new
#g.add_patterns_from_file("../patterns/base")
pile.compile(m)
end
bytes = 0
time_start = Time.now.to_f
$stdin.each do |line|
grok, m = pile.match(line)
if m
#data = Hash.new { |h,k| h[k] = Array.new }
#m.each_capture do |key, value|
#data[key] << value
#end
#pp data
#pp m.captures
m.each_capture do |key, value|
p key => value
end
#bytes += line.length
break
end
end
#time_end = Time.now.to_f
#puts "parse rate: #{ (bytes / 1024) / (time_end - time_start) }"
|
