Parse::Syslog::Line - Simple syslog line parser
version 3.3
I wanted a very simple log parser for network based syslog input. Nothing existed that simply took a line and returned a hash ref all parsed out.
use Parse::Syslog::Line qw(parse_syslog_line); $Parse::Syslog::Line::DateTimeCreate = 1; my $href = parse_syslog_line( $msg ); # # $href = { # preamble => '13', # priority => 'notice', # priority_int => 5, # facility => 'user', # facility_int => 8, # date => 'YYYY-MM-DD', # time => 'HH::MM:SS', # epoch => 1361095933, # datetime_str => 'YYYY-MM-DD HH:MM:SS', # datetime_obj => new DateTime(), # If installed # datetime_raw => 'Feb 17 11:12:13' # date_raw => 'Feb 17 11:12:13' # host_raw => 'hostname', # Hostname as it appeared in the message # host => 'hostname', # Hostname without domain # domain => 'blah.com', # if provided # program_raw => 'sshd(blah)[pid]', # program_name => 'sshd', # program_sub => 'pam_unix', # program_pid => 20345, # content => 'the rest of the message' # message => 'program[pid]: the rest of the message', # message_raw => 'The message as it was passed', # ntp => 'ok', # Only set for Cisco messages # }; ...
Exported by default: parse_syslog_line( $one_line_of_syslog_message );
Optional Exports: :preamble preamble_priority preamble_facility
:constants %LOG_FACILITY %LOG_PRIORITY
If this variable is set to 1 (the default), parse_syslog_line() will try it's best to extract a "program" field from the input. This is the most expensive set of regex in the module, so if you don't need that pre-parsed, you can speed the module up significantly by setting this variable.
Vendors who do proprietary non-sense with their syslog formats are to blame for this setting.
Usage:
$Parse::Syslog::Line::ExtractProgram = 0;
If this variable is set to 1 (the default), a DateTime object will be returned in the $m->{datetime_obj} field. Otherwise, this will be skipped.
$Parse::Syslog::Line::DateTimeCreate = 0;
If this variable is set to 1, the number of seconds from UNIX epoch will be returned in the $m->{epoch} field. If DateTimeCreate is not set, the parser will use HTTP::Date to perform the parsing
HTTP::Date
$Parse::Syslog::Line::EpochCreate = 1;
This variable defaults to 0, set to 1 to delete all keys in the return hash ending in "_raw"
$Parse::Syslog::Line::PruneRaw = 1;
This variable defaults to 0, set to 1 to delete all keys in the return hash which are undefined.
$Parse::Syslog::Line::PruneEmpty = 1;
This should be an array of fields you'd like to be removed from the hash reference.
@Parse::Syslog::Line::PruneFields = qw(date_raw facility_int priority_int);
Allows the use of different regex sets, the default is stable. This is mostly a developer level feature to allow easy benchmarking of features against previous release.
$Parse::Syslog::Line::RegexSet = 'devel';
Returns a hash reference of syslog message parsed data.
Takes the Integer portion of the syslog messsage and returns a hash reference as such:
$prioRef = { 'preamble' => 13 'as_text' => 'notice', 'as_int' => 5, };
$facRef = { 'preamble' => 13 'as_text' => 'user', 'as_int' => 8, };
This module is developed with Dist::Zilla. To build from the repository, use Dist::Zilla:
dzil authordeps |cpanm dzil build dzil test
Github Page
http://github.com/reyjrar/Parse-Syslog-Line
AnnoCPAN: Annotated CPAN documentation
http://annocpan.org/dist/Parse-Syslog-Line
CPAN Ratings
http://cpanratings.perl.org/d/Parse-Syslog-Line
RT: CPAN's request tracker
http://rt.cpan.org/NoAuth/Bugs.html?Dist=Parse-Syslog-Line
Search CPAN
http://search.cpan.org/dist/Parse-Syslog-Line
Contribution of patch to support faster HTTP::Date routines
Contribution of log samples for Cisco devices and testing
Contribution of patch to support custom date parsing function
Brad Lhotsky <brad@divisionbyzero.net>
This software is Copyright (c) 2015 by Brad Lhotsky.
This is free software, licensed under:
The (three-clause) BSD License
To install Parse::Syslog::Line, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Parse::Syslog::Line
CPAN shell
perl -MCPAN -e shell install Parse::Syslog::Line
For more information on module installation, please visit the detailed CPAN module installation guide.