Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-5896

GROK patterns are predfined patterns for regular expressions. It is much easier to read/manage complex expressions with GROK

    XMLWordPrintable

Details

    • New Feature Request
    • Status: Open
    • Low
    • Resolution: Unresolved
    • None
    • None
    • Server (S)
    • None

    Description

      It would be great if Zabbix internal regexp functions understands grok patterns. Best if it loads patterns from external file/dir during startup or extension of today regular expressions.

      Grok patterns are well-known patterns which can help with searching and replacing common type of information: https://github.com/logstash-plugins/.../grok-patterns
      Grok pattern needs to be "compiled" during saving, from this point it is normal regular expression.

      For example, it is very easy to parse syslog file using this pattern than write everything as more expression strings. And this could be very helpful.
      This could bring next level of security monitoring for Zabbix. In combination with log file processing, preprocessing and event correlation, this could be very strong tool.

      Today, security template for parsing complex log files is hard to create and even harder to read regexp.

      Easy syslog parsing with similar rule:
      Code:
      SYSLOGBASE %{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}:
      Instead of manualy entering expressions for each GROK pattern.

      Similar, regular expression replace function can use GROK patterns so names of variables can be used as replacement.

      For example, iregsub can be used as:

      iregsub

      iregsub("SYSLOGBASE %{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}", "\timestamp, \logsource")
      

      ()

      Attachments

        Activity

          People

            wiper Andris Zeila
            lukasm Lukáš Macura
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: