NAME

Search::ESsearcher::Templates::syslog - Provides syslog support for essearcher.

VERSION

Version 1.1.1

LOGSTASH

This uses a logstash configuration below.

input {
  syslog {
    host => "10.10.10.10"
    port => 11514
    type => "syslog"
  }
}

filter { }

output {
  if [type] == "syslog" {
    elasticsearch {
      hosts => [ "127.0.0.1:9200" ]
    }
  }
}

The important bit is "type" being set to "syslog". If that is not used, use the command line options field and fieldv.

Options

--host <log host>

The syslog server.

The search is done with .keyword appended to the field name.

--hostx <log host>

The syslog server.

Does not run the it through aonHost.

The search is done with .keyword appended to the field name.

--src <src server>

The source server sending to the syslog server.

The search is done with .keyword appended to the field name.

--srcx <src server>

The source server sending to the syslog server.

Does not run the it through aonHost.

The search is done with .keyword appended to the field name.

--program <program>

The name of the daemon/program in question.

--size <count>

The number of items to return.

--facility <facility>

The syslog facility.

--severity <severity>

The severity level of the message.

--pid <pid>

The PID that sent the message.

--dgt <date>

Date greater than.

--dgte <date>

Date greater than or equal to.

--dlt <date>

Date less than.

--dlte <date>

Date less than or equal to.

--msg <message>

Messages to match.

--field <field>

The term field to use for matching them all.

--fieldv <fieldv>

The value of the term field to matching them all.

AND, OR, or NOT shortcut

, OR
+ AND
! NOT

A list seperated by any of those will be transformed

These may be used with program, facility, pid, or host.

example: --program postfix,spamd

results: postfix OR spamd

HOST AND, OR, or NOT shortcut

, OR
+ AND
! NOT

A list of hosts seperated by any of those will be transformed. A host name should always end in a period unless it is a FQDN.

These may be used with host and src.

example: --src foo.,mail.bar.

results: /foo./ OR /mail.bar./

date

/^-/ appends "now" to it. So "-5m" becomes "now-5m".

/^u\:/ takes what is after ":" and uses Time::ParseDate to convert it to a unix time value.

Any thing not matching maching any of the above will just be passed on.

To install Search::ESsearcher, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Search::ESsearcher

CPAN shell

perl -MCPAN -e shell
install Search::ESsearcher

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

VERSION

LOGSTASH

Options

--host <log host>

--hostx <log host>

--src <src server>

--srcx <src server>

--program <program>

--size <count>

--facility <facility>

--severity <severity>

--pid <pid>

--dgt <date>

--dgte <date>

--dlt <date>

--dlte <date>

--msg <message>

--field <field>

--fieldv <fieldv>

AND, OR, or NOT shortcut

HOST AND, OR, or NOT shortcut

date

Module Install Instructions