Script to parse rsyslog continuously updating file and send out a URLParsing through log file and printing out regex backreferencesHow to parse fields out of a text file and write them to another fileShell script and crontab to capture file size, name and date in a CSV file and then send via email?awk : parse and write to another fileHow to extract IP and URL from a log filehow come my backup script fails to build the tar.gz file and send it over scp?init.d script to filter command output and send to logBash script: parse subdirectory and not current directoriesrsyslog: send logs to different file by filtering syslogsTcl script with multiple spawn expect and send
Lay out the Carpet
Is a stroke of luck acceptable after a series of unfavorable events?
Proof of work - lottery approach
Opposite of a diet
How does it work when somebody invests in my business?
Class Action - which options I have?
How long to clear the 'suck zone' of a turbofan after start is initiated?
How can a function with a hole (removable discontinuity) equal a function with no hole?
How to Reset Passwords on Multiple Websites Easily?
How to safely derail a train during transit?
How do I go from 300 unfinished/half written blog posts, to published posts?
Short story about space worker geeks who zone out by 'listening' to radiation from stars
How do scammers retract money, while you can’t?
How to write papers efficiently when English isn't my first language?
How does Loki do this?
How to be diplomatic in refusing to write code that breaches the privacy of our users
What happens if you roll doubles 3 times then land on "Go to jail?"
CREATE opcode: what does it really do?
Do sorcerers' subtle spells require a skill check to be unseen?
What does "I’d sit this one out, Cap," imply or mean in the context?
A particular customize with green line and letters for subfloat
How can I get through very long and very dry, but also very useful technical documents when learning a new tool?
Escape a backup date in a file name
Purchasing a ticket for someone else in another country?
Script to parse rsyslog continuously updating file and send out a URL
Parsing through log file and printing out regex backreferencesHow to parse fields out of a text file and write them to another fileShell script and crontab to capture file size, name and date in a CSV file and then send via email?awk : parse and write to another fileHow to extract IP and URL from a log filehow come my backup script fails to build the tar.gz file and send it over scp?init.d script to filter command output and send to logBash script: parse subdirectory and not current directoriesrsyslog: send logs to different file by filtering syslogsTcl script with multiple spawn expect and send
I am currently using cisco ISE which only sends out RADIUS accounting messages in syslog format rather on port 1813. we are forwarding these syslogs to central rsyslog server and stored as msg.log file.
I need to write a code which helps me parse this file in real time and send output as an URL based on the logs
the main intention is to
1> parse the msg.log
2> get the username and Ip address from a continuously updating log file
3> use username and IP address in a URL
Log file content :
CISE_RADIUS_Accounting 000011 1 0 2016-05-09 12:53:52.823 +03:00 0000012451 3000 NOTICE Radius-Accounting: RADIUS Accounting start request, ConfigVersionId=104, Device IP Address=10.0.0.12, RequestLatency=12, NetworkDeviceName=DefaultNetworkDevice, User-Name=UserA, NAS-IP-Address=10.0.0.1, Framed-IP-Address=10.0.0.16, Session-Timeout=90, Calling-Station-ID=, Acct-Status-Type=Start, Acct-Session-Id=6, cisco-av-pair=audit-session-id=5
what i want :
if the log has acct-status-type=start
then fetch detail from fields Framed-IP-Address=10.0.0.16 and User-name=UserA
output :: send out URL
the fetched username and ip address will be used in the below URL
https://1.1.1.1:8999/wbc/APICrl?requexml=<request><login><username><UserA/anyusername in the log file><ipaddress><ipaddressfromlog></ipaddress></username></login>
scripting logs cisco radius
New contributor
|
show 2 more comments
I am currently using cisco ISE which only sends out RADIUS accounting messages in syslog format rather on port 1813. we are forwarding these syslogs to central rsyslog server and stored as msg.log file.
I need to write a code which helps me parse this file in real time and send output as an URL based on the logs
the main intention is to
1> parse the msg.log
2> get the username and Ip address from a continuously updating log file
3> use username and IP address in a URL
Log file content :
CISE_RADIUS_Accounting 000011 1 0 2016-05-09 12:53:52.823 +03:00 0000012451 3000 NOTICE Radius-Accounting: RADIUS Accounting start request, ConfigVersionId=104, Device IP Address=10.0.0.12, RequestLatency=12, NetworkDeviceName=DefaultNetworkDevice, User-Name=UserA, NAS-IP-Address=10.0.0.1, Framed-IP-Address=10.0.0.16, Session-Timeout=90, Calling-Station-ID=, Acct-Status-Type=Start, Acct-Session-Id=6, cisco-av-pair=audit-session-id=5
what i want :
if the log has acct-status-type=start
then fetch detail from fields Framed-IP-Address=10.0.0.16 and User-name=UserA
output :: send out URL
the fetched username and ip address will be used in the below URL
https://1.1.1.1:8999/wbc/APICrl?requexml=<request><login><username><UserA/anyusername in the log file><ipaddress><ipaddressfromlog></ipaddress></username></login>
scripting logs cisco radius
New contributor
1
can you add what do you want as an output ?
– Vivek Kanadiya
yesterday
send out URL 1.1.1.1:8999/wbc/APICrl?requexml=UserA/anyusername in the log fileipaddressfromlog
– Ravi
yesterday
Where are you getting 1.1.1.1:8999? do you wantif..then..
script ?
– Vivek Kanadiya
yesterday
the 1.1.1.1 is a firewall which only accepts API (xml) on port 8999. so if the log contiants acct-status-type= start then script one with 1.1.1.1:8999/wbc/APICrl?requexml=LOGINUserA/anyusername in the log fileipaddressfromlog else same URL with LOGOUT
– Ravi
yesterday
Which bit is logfile? I'd strongly recommend that youformat it as code
by editing your question, selecting all the logfile part, and then using themarker on the Edit menu.
– roaima
yesterday
|
show 2 more comments
I am currently using cisco ISE which only sends out RADIUS accounting messages in syslog format rather on port 1813. we are forwarding these syslogs to central rsyslog server and stored as msg.log file.
I need to write a code which helps me parse this file in real time and send output as an URL based on the logs
the main intention is to
1> parse the msg.log
2> get the username and Ip address from a continuously updating log file
3> use username and IP address in a URL
Log file content :
CISE_RADIUS_Accounting 000011 1 0 2016-05-09 12:53:52.823 +03:00 0000012451 3000 NOTICE Radius-Accounting: RADIUS Accounting start request, ConfigVersionId=104, Device IP Address=10.0.0.12, RequestLatency=12, NetworkDeviceName=DefaultNetworkDevice, User-Name=UserA, NAS-IP-Address=10.0.0.1, Framed-IP-Address=10.0.0.16, Session-Timeout=90, Calling-Station-ID=, Acct-Status-Type=Start, Acct-Session-Id=6, cisco-av-pair=audit-session-id=5
what i want :
if the log has acct-status-type=start
then fetch detail from fields Framed-IP-Address=10.0.0.16 and User-name=UserA
output :: send out URL
the fetched username and ip address will be used in the below URL
https://1.1.1.1:8999/wbc/APICrl?requexml=<request><login><username><UserA/anyusername in the log file><ipaddress><ipaddressfromlog></ipaddress></username></login>
scripting logs cisco radius
New contributor
I am currently using cisco ISE which only sends out RADIUS accounting messages in syslog format rather on port 1813. we are forwarding these syslogs to central rsyslog server and stored as msg.log file.
I need to write a code which helps me parse this file in real time and send output as an URL based on the logs
the main intention is to
1> parse the msg.log
2> get the username and Ip address from a continuously updating log file
3> use username and IP address in a URL
Log file content :
CISE_RADIUS_Accounting 000011 1 0 2016-05-09 12:53:52.823 +03:00 0000012451 3000 NOTICE Radius-Accounting: RADIUS Accounting start request, ConfigVersionId=104, Device IP Address=10.0.0.12, RequestLatency=12, NetworkDeviceName=DefaultNetworkDevice, User-Name=UserA, NAS-IP-Address=10.0.0.1, Framed-IP-Address=10.0.0.16, Session-Timeout=90, Calling-Station-ID=, Acct-Status-Type=Start, Acct-Session-Id=6, cisco-av-pair=audit-session-id=5
what i want :
if the log has acct-status-type=start
then fetch detail from fields Framed-IP-Address=10.0.0.16 and User-name=UserA
output :: send out URL
the fetched username and ip address will be used in the below URL
https://1.1.1.1:8999/wbc/APICrl?requexml=<request><login><username><UserA/anyusername in the log file><ipaddress><ipaddressfromlog></ipaddress></username></login>
scripting logs cisco radius
scripting logs cisco radius
New contributor
New contributor
edited yesterday
Ravi
New contributor
asked yesterday
RaviRavi
13
13
New contributor
New contributor
1
can you add what do you want as an output ?
– Vivek Kanadiya
yesterday
send out URL 1.1.1.1:8999/wbc/APICrl?requexml=UserA/anyusername in the log fileipaddressfromlog
– Ravi
yesterday
Where are you getting 1.1.1.1:8999? do you wantif..then..
script ?
– Vivek Kanadiya
yesterday
the 1.1.1.1 is a firewall which only accepts API (xml) on port 8999. so if the log contiants acct-status-type= start then script one with 1.1.1.1:8999/wbc/APICrl?requexml=LOGINUserA/anyusername in the log fileipaddressfromlog else same URL with LOGOUT
– Ravi
yesterday
Which bit is logfile? I'd strongly recommend that youformat it as code
by editing your question, selecting all the logfile part, and then using themarker on the Edit menu.
– roaima
yesterday
|
show 2 more comments
1
can you add what do you want as an output ?
– Vivek Kanadiya
yesterday
send out URL 1.1.1.1:8999/wbc/APICrl?requexml=UserA/anyusername in the log fileipaddressfromlog
– Ravi
yesterday
Where are you getting 1.1.1.1:8999? do you wantif..then..
script ?
– Vivek Kanadiya
yesterday
the 1.1.1.1 is a firewall which only accepts API (xml) on port 8999. so if the log contiants acct-status-type= start then script one with 1.1.1.1:8999/wbc/APICrl?requexml=LOGINUserA/anyusername in the log fileipaddressfromlog else same URL with LOGOUT
– Ravi
yesterday
Which bit is logfile? I'd strongly recommend that youformat it as code
by editing your question, selecting all the logfile part, and then using themarker on the Edit menu.
– roaima
yesterday
1
1
can you add what do you want as an output ?
– Vivek Kanadiya
yesterday
can you add what do you want as an output ?
– Vivek Kanadiya
yesterday
send out URL 1.1.1.1:8999/wbc/APICrl?requexml=UserA/anyusername in the log fileipaddressfromlog
– Ravi
yesterday
send out URL 1.1.1.1:8999/wbc/APICrl?requexml=UserA/anyusername in the log fileipaddressfromlog
– Ravi
yesterday
Where are you getting 1.1.1.1:8999? do you want
if..then..
script ?– Vivek Kanadiya
yesterday
Where are you getting 1.1.1.1:8999? do you want
if..then..
script ?– Vivek Kanadiya
yesterday
the 1.1.1.1 is a firewall which only accepts API (xml) on port 8999. so if the log contiants acct-status-type= start then script one with 1.1.1.1:8999/wbc/APICrl?requexml=LOGINUserA/anyusername in the log fileipaddressfromlog else same URL with LOGOUT
– Ravi
yesterday
the 1.1.1.1 is a firewall which only accepts API (xml) on port 8999. so if the log contiants acct-status-type= start then script one with 1.1.1.1:8999/wbc/APICrl?requexml=LOGINUserA/anyusername in the log fileipaddressfromlog else same URL with LOGOUT
– Ravi
yesterday
Which bit is logfile? I'd strongly recommend that you
format it as code
by editing your question, selecting all the logfile part, and then using the
marker on the Edit menu.– roaima
yesterday
Which bit is logfile? I'd strongly recommend that you
format it as code
by editing your question, selecting all the logfile part, and then using the
marker on the Edit menu.– roaima
yesterday
|
show 2 more comments
0
active
oldest
votes
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Ravi is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f508751%2fscript-to-parse-rsyslog-continuously-updating-file-and-send-out-a-url%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Ravi is a new contributor. Be nice, and check out our Code of Conduct.
Ravi is a new contributor. Be nice, and check out our Code of Conduct.
Ravi is a new contributor. Be nice, and check out our Code of Conduct.
Ravi is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f508751%2fscript-to-parse-rsyslog-continuously-updating-file-and-send-out-a-url%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
-cisco, logs, radius, scripting
1
can you add what do you want as an output ?
– Vivek Kanadiya
yesterday
send out URL 1.1.1.1:8999/wbc/APICrl?requexml=UserA/anyusername in the log fileipaddressfromlog
– Ravi
yesterday
Where are you getting 1.1.1.1:8999? do you want
if..then..
script ?– Vivek Kanadiya
yesterday
the 1.1.1.1 is a firewall which only accepts API (xml) on port 8999. so if the log contiants acct-status-type= start then script one with 1.1.1.1:8999/wbc/APICrl?requexml=LOGINUserA/anyusername in the log fileipaddressfromlog else same URL with LOGOUT
– Ravi
yesterday
Which bit is logfile? I'd strongly recommend that you
format it as code
by editing your question, selecting all the logfile part, and then using themarker on the Edit menu.
– roaima
yesterday