collecting-big-ip-logs-via-tcp-nxlog.conf 1.06 KB
Newer Older
NXLog CI User's avatar
NXLog CI User committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
<Extension _syslog>
    Module          xm_syslog
</Extension>

<Extension _json>
    Module          xm_json
</Extension>

<Extension kvp>
    Module          xm_kvp
    KVPDelimiter    " "
    KVDelimiter     =
    EscapeChar      \\
</Extension>

<Input in>
    Module          im_tcp
    Host            0.0.0.0
    Port            1514
    <Exec>
        parse_syslog();
        if  $Message =~ /^([a-z]*) ([a-zA-Z]*)(.*)$/
        {
            $F5MsgLevel = $1;
            $F5Proc = $2;
            $F5Message = $3;
            if $F5Message =~ /^\[[0-9]*\]: ([0-9]*):([0-9]+): (.*)$/
            {
                $F5MsgID = $1;
                $F5MsgSev = $2;
                $F5Msg = $3;
                if $F5Msg =~ /RAW: ([a-z]*)\(([a-z_]*)\): ([a-zA-Z]+=.+)/
                {
                    $F5Process = $1;
                    $F5Module = $2;
                    kvp->parse_kvp($3);
                }
            }
        }
    </Exec>
</Input>

<Output out>
    Module          om_file
    File            "/var/log/f5.log"
    Exec            to_json();
</Output>