Log parser in another format

[gadekalp]

Hello,

We are trying to use go-syslog parser to parse syslogs for one of our system but our logs are in format as below:

Oct 11 22:14:15 su: 'su root' failed for lonvick on /dev/pts/8

So is there any way/standard to parse the logs in this format?

as we have checked the go-syslog supports logs in format of

<152> Oct 11 22:14:15 su: 'su root' failed for lonvick on /dev/pts/8

Any help on this will be appreciated.

[leodido]

Hello @gadekalp,

nope RFC 3164 mandates the PRI part (https://datatracker.ietf.org/doc/html/rfc3164#section-4.1.1) to exist.

And the corresponding parser doesn't have an option to make it optional, at the moment.

I'd suggest to simply prepend a "fake" PRI (eg., <1>) to your logs before handing them to go-syslog.