handle *.log.fmt specifiers and regex conversion
Project description
logfmt1 handles *.log.fmt files to transform LogFormat / placeholder strings to regular expressions (named capture groups). Currently just comes with rules for Apache definitions. It bundles a logex and update-logfmt to create/rewrite *.log.fmt files globally.
{
"class": "apache combined",
"record": "%h %l %u %t \"%r\" %>s %b",
}
It’s basically meant for universal log parsing, whilst reducing manual configuration or the restrain on basic log variants. It originated in modseccfg. This Python package is mostly a stub. You should preferrably install the system package:
apt install python3-logfmt1
This will yield the proper /usr/share/logfmt/ structure and the run-parts wrapper update-logfmt. The grok placeholders are supported, but remain untested.
logfmt1
To craft a regex:
import logfmt1, json
fmt = json.load(open("/.../access.log.fmt", "r"))
rx = logfmt1.regex(fmt)
rx = logfmt1.rx2re(rx) # turn into Python regex
Or with plain old guesswork / presuming a standard log format:
rx = logfmt1.regex({"class": "apache combined"})
Though that’s of course not the intended use case, and hinges on predefined formats in /usr/share/logfmt/.
logex
Very crudementary extractor for log files:
logex .../access.log --tab @host @date +id
Which of course handles the .fmt implicitly.
update-logfmt
The Python package does bundle a run-parts wrapper, but just the apache collector, and a local Python copy of the format database. It should discover all *.log files nonetheless and pair them with .fmt declarations.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
