logstruct
parses and estimates log original format like a printf
format argument from existing text log data.
At first, install logstrut with following command.
get github.com/m-mizutani/logstruct
Invoke logstruct
command and output formats.
$ logstruct /var/log/auth.log
0 : Dec * *:*:* pylon sshd[*]: Invalid user from 139.162.122.110
1 : Dec * *:*:* pylon sshd[*]: Invalid user * from *
2 : Dec * *:*:* pylon sshd[*]: Connection closed by * [preauth]
3 : Dec * *:*:* pylon sshd[*]: input_userauth_request: invalid user [preauth]
4 : Dec * *:*:* pylon sshd[*]: input_userauth_request: invalid user * [preauth]
5 : Dec 27 19:*:* pylon sshd[*]: fatal: no hostkey alg [preauth]
(snip)
Export model and save it to a file.
logstruct -e exported.model /var/log/auth.log
And import it.
logstruct -i exported.model /var/log/auth.2.log
--log-level
or -l
option can choose log leve from debug
, info
and warn
.
logstruct -l info /var/log/auth.log