Parse::Syslog::Line - Simple syslog line parser
version 2.9
I wanted a very simple log parser for network based syslog input. Nothing existed that simply took a line and returned a hash ref all parsed out.
use Parse::Syslog::Line qw(parse_syslog_line);
$Parse::Syslog::Line::DateTimeCreate = 1;
my $href = parse_syslog_line( $msg );
#
# $href = {
# preamble => '13',
# priority => 'notice',
# priority_int => 5,
# facility => 'user',
# facility_int => 8,
# date => 'YYYY-MM-DD',
# time => 'HH::MM:SS',
# epoch => 1361095933,
# datetime_str => 'YYYY-MM-DD HH:MM:SS',
# datet_str => 'YYYY-MM-DD HH:MM:SS',
# datetime_obj => new DateTime(), # If installed
# datetime_raw => 'Feb 17 11:12:13'
# date_raw => 'Feb 17 11:12:13'
# date_raw => 'Feb 17 11:12:13'
# host_raw => 'hostname', # Hostname as it appeared in the message
# host => 'hostname', # Hostname without domain
# domain => 'blah.com', # if provided
# program_raw => 'sshd(blah)[pid]',
# program_name => 'sshd',
# program_sub => 'pam_unix',
# program_pid => 20345,
# content => 'the rest of the message'
# message => 'program[pid]: the rest of the message',
# message_raw => 'The message as it was passed',
# ntp => 'ok', # Only set for Cisco messages
# };
...
Exported by default: parse_syslog_line( $one_line_of_syslog_message );
Optional Exports: :preamble preamble_priority preamble_facility
:constants
%LOG_FACILITY
%LOG_PRIORITY
If this variable is set to 1 (the default), parse_syslog_line() will try it's best to extract a "program" field from the input. This is the most expensive set of regex in the module, so if you don't need that pre-parsed, you can speed the module up significantly by setting this variable.
Vendors who do proprietary non-sense with their syslog formats are to blame for this setting.
Usage:
$Parse::Syslog::Line::ExtractProgram = 0;
If this variable is set to 1 (the default), a DateTime object will be returned in the $m->{datetime_obj} field. Otherwise, this will be skipped.
Usage:
$Parse::Syslog::Line::DateTimeCreate = 0;
If this variable is set to 1, the number of seconds from UNIX epoch
will be returned in the $m->{epoch} field. If DateTimeCreate is
not set, the parser will use HTTP::Date to perform the parsing
Usage:
$Parse::Syslog::Line::EpochCreate = 1;
This variable defaults to 0, set to 1 to delete all keys in the return hash ending in "_raw"
Usage:
$Parse::Syslog::Line::PruneRaw = 1;
This variable defaults to 0, set to 1 to delete all keys in the return hash which are undefined.
Usage:
$Parse::Syslog::Line::PruneEmpty = 1;
This should be an array of fields you'd like to be removed from the hash reference.
Usage:
@Parse::Syslog::Line::PruneFields = qw(date_str date_raw facility_int priority_int);
Allows the use of different regex sets, the default is stable. This is mostly a developer level feature to allow easy benchmarking of features against previous release.
Usage:
$Parse::Syslog::Line::RegexSet = 'devel';
Returns a hash reference of syslog message parsed data.
Takes the Integer portion of the syslog messsage and returns a hash reference as such:
$prioRef = {
'preamble' => 13
'as_text' => 'notice',
'as_int' => 5,
};
Takes the Integer portion of the syslog messsage and returns a hash reference as such:
$facRef = {
'preamble' => 13
'as_text' => 'user',
'as_int' => 8,
};
This module is developed with Dist::Zilla. To build from the repository, use Dist::Zilla:
dzil authordeps |cpanm
dzil build
dzil test
-
Github Page
-
AnnoCPAN: Annotated CPAN documentation
-
CPAN Ratings
-
RT: CPAN's request tracker
-
Search CPAN
-
Mattia Barbon
Contribution of patch to support faster HTTP::Date routines
-
Alexander Hartmaier
Contribution of log samples for Cisco devices and testing
-
Shawn Wilson
Contribution of patch to support custom date parsing function
Brad Lhotsky brad@divisionbyzero.net
This software is Copyright (c) 2015 by Brad Lhotsky.
This is free software, licensed under:
The (three-clause) BSD License