Syslog: How can I interpret this in realtime?
-
I have Kiwi syslog running on Windows and capturing the pfsense log output to file. But how do you get from the raw message data into something meaningful? The message format and separators don't seem to conform to some of the more common Unix based log file structures I've looked at.
I want to parse the message string in realtime and create my own tables with header titles. I could probably make some sense of the message string parsing the ofline saved file with an Excel template but this isn't realtime when I want to troubleshoot applications and their connections as they run. Is there an easy way to 'analyze' the syslog output in realtime?
Sample log output:
08-09-2017 10:42:05 Local0.Info 192.168.1.1 Aug 9 10:41:37 filterlog: 5,,,1000000103,pppoe0,match,block,in,4,0x0,,52,13142,0,none,6,tcp,44,92.45.103.246,80.234.159.124,80,52256,0,SA,457397558,2569890616,16384,,mss
08-09-2017 10:41:52 Local0.Info 192.168.1.1 Aug 9 10:41:23 filterlog: 5,,,1000000103,pppoe0,match,block,in,4,0x0,,52,65512,0,none,6,tcp,44,92.45.103.246,80.234.159.124,80,59521,0,SA,1373236878,4140268976,16384,,mss
08-09-2017 10:41:44 Local0.Info 192.168.1.1 Aug 9 10:41:16 filterlog: 5,,,1000000103,pppoe0,match,block,in,4,0x0,,57,0,0,DF,17,udp,69,185.165.29.89,80.234.159.124,52052,111,49
08-09-2017 10:41:25 Local0.Info 192.168.1.1 Aug 9 10:40:56 filterlog: 5,,,1000000103,pppoe0,match,block,in,4,0x0,,249,54321,0,none,6,tcp,40,178.62.198.6,80.234.159.124,53374,2455,0,S,4057808422,,65535,,