This makes several assumptions based soley upon the sample data provided:
Updated: Simplified 1 regex and improved another.
#! perl -slw use strict; my %log; while( <DATA> ) { my( $src, $mode, $rest ) = m' ( ^ \S+ ) \s+ - \s+ ( [^\[:]+ ) (?: \[ \d+ \] )? : \s* ( .+ $ ) 'x; ## $rest =~ s[ (?: \S+ \. ){1,4} \S+ ][****]gx; $rest =~ s[ (?: [\w-]+ \. ){1,4} [\w-]+ ][****]gx; ## $rest =~ s[ [a-z] (?= [^:]* [A-Z] [^:\s]+ \d ) [^:\s]+ $rest =~ s[ [a-z] \w+ \d : ][****]gx; ++$log{ $src }{ $mode }{$rest}; } for my $src ( sort keys %log ) { print $src; for my $mode ( sort keys %{ $log{ $src } } ) { print " $mode"; print " ($log{ $src}{ $mode }{ $_ }) $_" for sort keys %{ $log{ $src}{ $mode } }; } } __DATA__ your sample data
Produces (after update):
C:\test>junk5 infocache02 ldap_cachemgr (1) Error: Unable to refresh from profile:tls_automount_profil +e. (error=1) (1) libsldap: Status: 91 Mesg: openConnection: simple bind fa +iled - Can't connect to the LDAP server sendmail (3) **** Losing ./**** savemail panic (2) **** SYSERR(root): savemail: cannot save rejected email an +ywhere mail2-in postfix/smtpd (2) warning: ****: address not listed for **** (4) warning: ****: hostname **** verification failed: hostname + nor servname provided, or not known mail2-out ntpd (5) sendto(****): Bad file descriptor postfix/smtp (1) warning: malformed domain name in resource data of MX reco +rd for ****: (1) warning: numeric domain name in resource data of MX record + for ****: **** (1) warning: valid_hostname: empty hostname
In reply to Re: adaptive syslog message parsing
by BrowserUk
in thread adaptive syslog message parsing
by Anonymous Monk
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |