Multiple regex matching from a single source

[Matthew Macdonald-Wallace]

Hi all,

I'm building a basic SIEM for my home network using Fluentd, Loki, and Grafana.

My Unifi controller sends the logs to port 1514 on my fluentd server, however it sends loads of different lines from multiple devices and they're all in slightly different formats.

I've managed to pattern-match the main one I'm concerned about (inbound attempts to access the network), however I'd love to match the other lines as well.

At the moment, I'm using the regex_parser - do I need to have multiple parsers, one for each regex, or is the another way of doing it?

Thanks in advance,

Matt

[Kentaro Hayashi]

I'm not sure, but multi_format parser may help you.

https://github.com/repeatedly/fluent-plugin-multi-format-parser

Regards,

2021年2月21日日曜日 17:23:37 UTC+9 mattm...@gmail.com:

[Matthew Macdonald-Wallace]

Thanks, my concern with Multiparser is that the code hasn't been updated in quite some time - I wasn't sure if it was still maintained or not?

[cosmo09...@gmail.com]

Hi,

Fluentd v1 API is stable since 2016.

If there is no issue, 3rd party plugin will be working well.

Cheers,

Hiroshi

2021年2月22日月曜日 16:42:11 UTC+9 mattm...@gmail.com: