Skip to content

Instantly share code, notes, and snippets.

@actionjack

actionjack/Example log

Created November 19, 2018 14:29
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save actionjack/0172aaafbf1fe432ef25772f32376c77 to your computer and use it in GitHub Desktop.
Save actionjack/0172aaafbf1fe432ef25772f32376c77 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Example log
Start-Date: 2018-11-19 14:23:29
Commandline: apt-get -y install less vim
Install: vim-common:amd64 (2:8.0.0197-4+deb9u1, automatic), vim-runtime:amd64 (2:8.0.0197-4+deb9u1, automatic), vim:amd64 (2:8.0.0197-4+deb9u1), xxd:amd64 (2:8.0.0197-4+deb9u1, automatic), libgpm2:amd64 (1.20.4-6.2+b1, automatic), less:amd64 (481-2.1)
End-Date: 2018-11-19 14:23:37
Start-Date: 2018-11-19 14:25:58
Commandline: apt-get remove vim
Remove: vim:amd64 (2:8.0.0197-4+deb9u1)
End-Date: 2018-11-19 14:25:59
@actionjack
Copy link
Author 

    <source>
      @apt-history.log
      @type tail
      format multiline
      format_firstline /^Start-Date/
      format1 /Start-Date: (?<start_date>[^ ].*)\n/
      format2 /Commandline: (?<command_line>[^ ].*)\n/
      format3 /^(?<action>\S+)(?<message>.*)\n/
      format4 /End-Date: (?<end_date>([^)]+)\))/
      path /var/log/apt/history.log
      pos_file /var/log/apt/history.log.pos
      tag apt
    </source>

@actionjack
Copy link
Author

Also tried:

    <source>
      @id apt-history.log
      @type tail
      format multiline
      format_firstline /^Start-Date:/
      format1 /^Start-Date: (?<time>[^ ]+  [^ ]+)(?<msg>(.|[\n\r])+)End-Date: [^ ]+  [^ ]+/
      path /var/log/apt/history.log
      pos_file /var/log/apt/apt.pos
      log_level debug
      tag apt
    </source>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment