jeffgeiger/grokparse.rb

## grokparse.rb
#!/usr/bin/env ruby

=begin
USAGE:
cat example.log | ruby grokparse.rb
=end

require 'rubygems'
require 'grok-pure'
require 'pp'

grok = Grok.new
# Make sure these point to your pattern files
grok.add_patterns_from_file("/usr/local/share/grok/patterns/base")
grok.add_patterns_from_file("/usr/local/share/grok/patterns/bro")

pattern = '%{BROHTTP}'
grok.compile(pattern)
puts "PATTERN: #{pattern}"

while a = gets
 puts "IN: #{a}"
 match = grok.match(a)
 if match
  puts "MATCH:"
  pp match.captures
 else
  puts "No Match."
 end
end
	#!/usr/bin/env ruby

	=begin
	USAGE:
	cat example.log \| ruby grokparse.rb
	=end

	require 'rubygems'
	require 'grok-pure'
	require 'pp'

	grok = Grok.new
	# Make sure these point to your pattern files
	grok.add_patterns_from_file("/usr/local/share/grok/patterns/base")
	grok.add_patterns_from_file("/usr/local/share/grok/patterns/bro")

	pattern = '%{BROHTTP}'
	grok.compile(pattern)
	puts "PATTERN: #{pattern}"

	while a = gets
	puts "IN: #{a}"
	match = grok.match(a)
	if match
	puts "MATCH:"
	pp match.captures
	else
	puts "No Match."
	end
	end