1
answer

multiline message

Hello. I have a question.

I get multiline messages

how can I combine into a single line, multiline message ??

for example this message, In this message 4 lines

Jul 21 17:59:10 <14> 1 2016-07-04T00: 53: 02.000000 + 03: 00 node = sec-sflow type = SYSCALL msg = audit (1467579182.055: 3248181): arch = 111

2 syscall = success = yes exit = 4 a0 = 7fc7783127a8 a1 = 2 a2 = a3 = 0 8 items = 1 ppid = 11013 pid = 30363 auid = 0 0 uid = gid = 0 = 0 euid

AskedJanuary 25, 2017 - 12:39pm
1
answer

Multiline Headerline Regex Error

I am trying to use the multlog module in order to start ingesting a custom log:

I have the following regex: \^(\d{2}|\d).(\d{2}|\d).(\d{4})\s(\d\d|\d):(\d\d|\d):(\d\d|\d)\s(AM|PM).\[(.*)\](.*)

This works in a regex test; however I cannot get it to work with the log file that looks something like this

9/10/2015 11:29:16 AM [0-3-1-SecondaryPortStatus.cs-17] GetStatus for IP: 192.168.0.231 on port: 5016

AskedSeptember 15, 2015 - 4:12pm