NAME
Parse::Syslog::Line - Simple syslog line parser
VERSION
version 1.8
SYNOPSIS
I wanted a very simple log parser for network based syslog input. Nothing existed that simply took a line and returned a hash ref all parsed out.
use Parse::Syslog::Line qw(parse_syslog_line);
$Parse::Syslog::Line::DateTimeCreate = 1;
my $href = parse_syslog_line( $msg );
#
# $href = {
# preamble => '13',
# priority => 'notice',
# priority_int => 5,
# facility => 'user',
# facility_int => 8,
# date => 'YYYY-MM-DD',
# time => 'HH::MM:SS',
# epoch => 1361095933,
# datetime_str => 'YYYY-MM-DD HH:MM:SS',
# datet_str => 'YYYY-MM-DD HH:MM:SS',
# datetime_obj => new DateTime(), # If installed
# datetime_raw => 'Feb 17 11:12:13'
# date_raw => 'Feb 17 11:12:13'
# date_raw => 'Feb 17 11:12:13'
# host_raw => 'hostname', # Hostname as it appeared in the message
# host => 'hostname', # Hostname without domain
# domain => 'blah.com', # if provided
# program_raw => 'sshd(blah)[pid]',
# program_name => 'sshd',
# program_sub => 'pam_unix',
# program_pid => 20345,
# content => 'the rest of the message'
# message => 'program[pid]: the rest of the message',
# message_raw => 'The message as it was passed',
# };
...EXPORT
Exported by default: parse_syslog_line( $one_line_of_syslog_message );
Optional Exports: :preamble preamble_priority preamble_facility
:constants
%LOG_FACILITY
%LOG_PRIORITYVARIABLES
DateTimeCreate
If this variable is set to 1 (the default), a DateTime object will be returned in the $m->{datetime_obj} field. Otherwise, this will be skipped.
Usage:
$Parse::Syslog::Line::DateTimeCreate = 0;EpochCreate
If this variable is set to 1, the number of seconds from UNIX epoch will be returned in the $m->{epoch} field. If DateTimeCreate is not set, the parser will use HTTP::Date to perform the parsing
Usage:
$Parse::Syslog::Line::EpochCreate = 1;PruneRaw
This variable defaults to 0, set to 1 to delete all keys in the return hash ending in "_raw"
Usage:
$Parse::Syslog::Line::PruneRaw = 1;PruneEmpty
This variable defaults to 0, set to 1 to delete all keys in the return hash which are undefined.
Usage:
$Parse::Syslog::Line::PruneEmpty = 1;PruneFields
This should be an array of fields you'd like to be removed from the hash reference.
Usage:
@Parse::Syslog::Line::PruneFields = qw(date_str date_raw facility_int priority_int);FUNCTIONS
parse_syslog_line
Returns a hash reference of syslog message parsed data.
preamble_priority
Takes the Integer portion of the syslog messsage and returns a hash reference as such:
$prioRef = {
'preamble' => 13
'as_text' => 'notice',
'as_int' => 5,
};preamble_facility
Takes the Integer portion of the syslog messsage and returns a hash reference as such:
$facRef = {
'preamble' => 13
'as_text' => 'user',
'as_int' => 8,
};DEVELOPMENT
This module is developed with Dist::Zilla. To build from the repository, use Dist::Zilla:
dzil authordeps |cpanm
dzil build
dzil testGithub Page
AnnoCPAN: Annotated CPAN documentation
CPAN Ratings
RT: CPAN's request tracker
Search CPAN
ACKNOWLEDGEMENTS
- Mattia Barbon
-
Contribution of patch to support faster HTTP::Date routines
- Alexander Hartmaier
-
Contribution of log samples for Cisco devices and testing
- Shawn Wilson
-
Contribution of patch to support custom date parsing function
AUTHOR
Brad Lhotsky <brad@divisionbyzero.net>
COPYRIGHT AND LICENSE
This software is Copyright (c) 2012 by Brad Lhotsky.
This is free software, licensed under:
The (three-clause) BSD License