-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
grok.go
61 lines (49 loc) · 1.54 KB
/
grok.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package main
import (
"bufio"
"fmt"
"os"
"strings"
"github.com/vjeantet/grok"
)
func AddDefaultPatterns(g *grok.Grok) (err error) {
// Nginx
err = g.AddPattern("NGINX_ERROR_DATESTAMP", `\d{4}/\d{2}/\d{2}[- ]%{TIME}`)
if err != nil {
return err
}
err = g.AddPattern("NGINX_ERROR_LOG", `%{NGINX_ERROR_DATESTAMP:timestamp} \[%{DATA:err_severity}\] (%{NUMBER:pid:int}#%{NUMBER}: \*%{NUMBER}|\*%{NUMBER}) %{DATA:message}(?:, client: "?%{IPORHOST:client}"?)(?:, server: %{IPORHOST:server})(?:, request: "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}")?(?:, upstream: "%{DATA:upstream}")?(?:, host: "%{URIHOST:host}")?(?:, referrer: "%{URI:referrer}")?`)
if err != nil {
return err
}
return nil
}
func ReadPatternsFromFile(g *grok.Grok, filename string) error {
file, err := os.Open(filename)
if err != nil {
return err
}
defer file.Close()
log.Printf("Adding grok patterns from \"%s\"", filename)
scanner := bufio.NewScanner(file)
for scanner.Scan() {
line := strings.TrimSpace(scanner.Text())
// Skip comments and empty lines
if strings.HasPrefix(line, "#") || line == "" {
continue
}
parts := strings.SplitN(line, " ", 2)
if len(parts) != 2 {
return fmt.Errorf("Cannot parse patterns in \"%s\"", filename)
}
patternName, pattern := strings.TrimSpace(parts[0]), strings.TrimSpace(parts[1])
if patternName == "" || pattern == "" {
return fmt.Errorf("Empty pattern definition in \"%s\"", filename)
}
err := g.AddPattern(patternName, pattern)
if err != nil {
return err
}
}
return nil
}