Script to parse rsyslog continuously updating file and send out a URLParsing through log file and printing out regex backreferencesHow to parse fields out of a text file and write them to another fileShell script and crontab to capture file size, name and date in a CSV file and then send via email?awk : parse and write to another fileHow to extract IP and URL from a log filehow come my backup script fails to build the tar.gz file and send it over scp?init.d script to filter command output and send to logBash script: parse subdirectory and not current directoriesrsyslog: send logs to different file by filtering syslogsTcl script with multiple spawn expect and send

Lay out the Carpet

Is a stroke of luck acceptable after a series of unfavorable events?

Proof of work - lottery approach

Opposite of a diet

How does it work when somebody invests in my business?

Class Action - which options I have?

How long to clear the 'suck zone' of a turbofan after start is initiated?

How can a function with a hole (removable discontinuity) equal a function with no hole?

How to Reset Passwords on Multiple Websites Easily?

How to safely derail a train during transit?

How do I go from 300 unfinished/half written blog posts, to published posts?

Short story about space worker geeks who zone out by 'listening' to radiation from stars

How do scammers retract money, while you can’t?

How to write papers efficiently when English isn't my first language?

How does Loki do this?

How to be diplomatic in refusing to write code that breaches the privacy of our users

What happens if you roll doubles 3 times then land on "Go to jail?"

CREATE opcode: what does it really do?

Do sorcerers' subtle spells require a skill check to be unseen?

What does "I’d sit this one out, Cap," imply or mean in the context?

A particular customize with green line and letters for subfloat

How can I get through very long and very dry, but also very useful technical documents when learning a new tool?

Escape a backup date in a file name

Purchasing a ticket for someone else in another country?



Script to parse rsyslog continuously updating file and send out a URL


Parsing through log file and printing out regex backreferencesHow to parse fields out of a text file and write them to another fileShell script and crontab to capture file size, name and date in a CSV file and then send via email?awk : parse and write to another fileHow to extract IP and URL from a log filehow come my backup script fails to build the tar.gz file and send it over scp?init.d script to filter command output and send to logBash script: parse subdirectory and not current directoriesrsyslog: send logs to different file by filtering syslogsTcl script with multiple spawn expect and send













-1















I am currently using cisco ISE which only sends out RADIUS accounting messages in syslog format rather on port 1813. we are forwarding these syslogs to central rsyslog server and stored as msg.log file.



I need to write a code which helps me parse this file in real time and send output as an URL based on the logs



the main intention is to
1> parse the msg.log
2> get the username and Ip address from a continuously updating log file
3> use username and IP address in a URL



Log file content :



CISE_RADIUS_Accounting 000011 1 0 2016-05-09 12:53:52.823 +03:00 0000012451 3000 NOTICE Radius-Accounting: RADIUS Accounting start request, ConfigVersionId=104, Device IP Address=10.0.0.12, RequestLatency=12, NetworkDeviceName=DefaultNetworkDevice, User-Name=UserA, NAS-IP-Address=10.0.0.1, Framed-IP-Address=10.0.0.16, Session-Timeout=90, Calling-Station-ID=, Acct-Status-Type=Start, Acct-Session-Id=6, cisco-av-pair=audit-session-id=5


what i want :



if the log has acct-status-type=start
then fetch detail from fields Framed-IP-Address=10.0.0.16 and User-name=UserA



output :: send out URL
the fetched username and ip address will be used in the below URL



https://1.1.1.1:8999/wbc/APICrl?requexml=<request><login><username><UserA/anyusername in the log file><ipaddress><ipaddressfromlog></ipaddress></username></login>









share|improve this question









New contributor




Ravi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.















  • 1





    can you add what do you want as an output ?

    – Vivek Kanadiya
    yesterday











  • send out URL 1.1.1.1:8999/wbc/APICrl?requexml=UserA/anyusername in the log fileipaddressfromlog

    – Ravi
    yesterday











  • Where are you getting 1.1.1.1:8999? do you want if..then.. script ?

    – Vivek Kanadiya
    yesterday











  • the 1.1.1.1 is a firewall which only accepts API (xml) on port 8999. so if the log contiants acct-status-type= start then script one with 1.1.1.1:8999/wbc/APICrl?requexml=LOGINUserA/anyusername in the log fileipaddressfromlog else same URL with LOGOUT

    – Ravi
    yesterday












  • Which bit is logfile? I'd strongly recommend that you format it as code by editing your question, selecting all the logfile part, and then using the marker on the Edit menu.

    – roaima
    yesterday
















-1















I am currently using cisco ISE which only sends out RADIUS accounting messages in syslog format rather on port 1813. we are forwarding these syslogs to central rsyslog server and stored as msg.log file.



I need to write a code which helps me parse this file in real time and send output as an URL based on the logs



the main intention is to
1> parse the msg.log
2> get the username and Ip address from a continuously updating log file
3> use username and IP address in a URL



Log file content :



CISE_RADIUS_Accounting 000011 1 0 2016-05-09 12:53:52.823 +03:00 0000012451 3000 NOTICE Radius-Accounting: RADIUS Accounting start request, ConfigVersionId=104, Device IP Address=10.0.0.12, RequestLatency=12, NetworkDeviceName=DefaultNetworkDevice, User-Name=UserA, NAS-IP-Address=10.0.0.1, Framed-IP-Address=10.0.0.16, Session-Timeout=90, Calling-Station-ID=, Acct-Status-Type=Start, Acct-Session-Id=6, cisco-av-pair=audit-session-id=5


what i want :



if the log has acct-status-type=start
then fetch detail from fields Framed-IP-Address=10.0.0.16 and User-name=UserA



output :: send out URL
the fetched username and ip address will be used in the below URL



https://1.1.1.1:8999/wbc/APICrl?requexml=<request><login><username><UserA/anyusername in the log file><ipaddress><ipaddressfromlog></ipaddress></username></login>









share|improve this question









New contributor




Ravi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.















  • 1





    can you add what do you want as an output ?

    – Vivek Kanadiya
    yesterday











  • send out URL 1.1.1.1:8999/wbc/APICrl?requexml=UserA/anyusername in the log fileipaddressfromlog

    – Ravi
    yesterday











  • Where are you getting 1.1.1.1:8999? do you want if..then.. script ?

    – Vivek Kanadiya
    yesterday











  • the 1.1.1.1 is a firewall which only accepts API (xml) on port 8999. so if the log contiants acct-status-type= start then script one with 1.1.1.1:8999/wbc/APICrl?requexml=LOGINUserA/anyusername in the log fileipaddressfromlog else same URL with LOGOUT

    – Ravi
    yesterday












  • Which bit is logfile? I'd strongly recommend that you format it as code by editing your question, selecting all the logfile part, and then using the marker on the Edit menu.

    – roaima
    yesterday














-1












-1








-1








I am currently using cisco ISE which only sends out RADIUS accounting messages in syslog format rather on port 1813. we are forwarding these syslogs to central rsyslog server and stored as msg.log file.



I need to write a code which helps me parse this file in real time and send output as an URL based on the logs



the main intention is to
1> parse the msg.log
2> get the username and Ip address from a continuously updating log file
3> use username and IP address in a URL



Log file content :



CISE_RADIUS_Accounting 000011 1 0 2016-05-09 12:53:52.823 +03:00 0000012451 3000 NOTICE Radius-Accounting: RADIUS Accounting start request, ConfigVersionId=104, Device IP Address=10.0.0.12, RequestLatency=12, NetworkDeviceName=DefaultNetworkDevice, User-Name=UserA, NAS-IP-Address=10.0.0.1, Framed-IP-Address=10.0.0.16, Session-Timeout=90, Calling-Station-ID=, Acct-Status-Type=Start, Acct-Session-Id=6, cisco-av-pair=audit-session-id=5


what i want :



if the log has acct-status-type=start
then fetch detail from fields Framed-IP-Address=10.0.0.16 and User-name=UserA



output :: send out URL
the fetched username and ip address will be used in the below URL



https://1.1.1.1:8999/wbc/APICrl?requexml=<request><login><username><UserA/anyusername in the log file><ipaddress><ipaddressfromlog></ipaddress></username></login>









share|improve this question









New contributor




Ravi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












I am currently using cisco ISE which only sends out RADIUS accounting messages in syslog format rather on port 1813. we are forwarding these syslogs to central rsyslog server and stored as msg.log file.



I need to write a code which helps me parse this file in real time and send output as an URL based on the logs



the main intention is to
1> parse the msg.log
2> get the username and Ip address from a continuously updating log file
3> use username and IP address in a URL



Log file content :



CISE_RADIUS_Accounting 000011 1 0 2016-05-09 12:53:52.823 +03:00 0000012451 3000 NOTICE Radius-Accounting: RADIUS Accounting start request, ConfigVersionId=104, Device IP Address=10.0.0.12, RequestLatency=12, NetworkDeviceName=DefaultNetworkDevice, User-Name=UserA, NAS-IP-Address=10.0.0.1, Framed-IP-Address=10.0.0.16, Session-Timeout=90, Calling-Station-ID=, Acct-Status-Type=Start, Acct-Session-Id=6, cisco-av-pair=audit-session-id=5


what i want :



if the log has acct-status-type=start
then fetch detail from fields Framed-IP-Address=10.0.0.16 and User-name=UserA



output :: send out URL
the fetched username and ip address will be used in the below URL



https://1.1.1.1:8999/wbc/APICrl?requexml=<request><login><username><UserA/anyusername in the log file><ipaddress><ipaddressfromlog></ipaddress></username></login>






scripting logs cisco radius






share|improve this question









New contributor




Ravi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Ravi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited yesterday







Ravi













New contributor




Ravi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked yesterday









RaviRavi

13




13




New contributor




Ravi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Ravi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Ravi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.







  • 1





    can you add what do you want as an output ?

    – Vivek Kanadiya
    yesterday











  • send out URL 1.1.1.1:8999/wbc/APICrl?requexml=UserA/anyusername in the log fileipaddressfromlog

    – Ravi
    yesterday











  • Where are you getting 1.1.1.1:8999? do you want if..then.. script ?

    – Vivek Kanadiya
    yesterday











  • the 1.1.1.1 is a firewall which only accepts API (xml) on port 8999. so if the log contiants acct-status-type= start then script one with 1.1.1.1:8999/wbc/APICrl?requexml=LOGINUserA/anyusername in the log fileipaddressfromlog else same URL with LOGOUT

    – Ravi
    yesterday












  • Which bit is logfile? I'd strongly recommend that you format it as code by editing your question, selecting all the logfile part, and then using the marker on the Edit menu.

    – roaima
    yesterday













  • 1





    can you add what do you want as an output ?

    – Vivek Kanadiya
    yesterday











  • send out URL 1.1.1.1:8999/wbc/APICrl?requexml=UserA/anyusername in the log fileipaddressfromlog

    – Ravi
    yesterday











  • Where are you getting 1.1.1.1:8999? do you want if..then.. script ?

    – Vivek Kanadiya
    yesterday











  • the 1.1.1.1 is a firewall which only accepts API (xml) on port 8999. so if the log contiants acct-status-type= start then script one with 1.1.1.1:8999/wbc/APICrl?requexml=LOGINUserA/anyusername in the log fileipaddressfromlog else same URL with LOGOUT

    – Ravi
    yesterday












  • Which bit is logfile? I'd strongly recommend that you format it as code by editing your question, selecting all the logfile part, and then using the marker on the Edit menu.

    – roaima
    yesterday








1




1





can you add what do you want as an output ?

– Vivek Kanadiya
yesterday





can you add what do you want as an output ?

– Vivek Kanadiya
yesterday













send out URL 1.1.1.1:8999/wbc/APICrl?requexml=UserA/anyusername in the log fileipaddressfromlog

– Ravi
yesterday





send out URL 1.1.1.1:8999/wbc/APICrl?requexml=UserA/anyusername in the log fileipaddressfromlog

– Ravi
yesterday













Where are you getting 1.1.1.1:8999? do you want if..then.. script ?

– Vivek Kanadiya
yesterday





Where are you getting 1.1.1.1:8999? do you want if..then.. script ?

– Vivek Kanadiya
yesterday













the 1.1.1.1 is a firewall which only accepts API (xml) on port 8999. so if the log contiants acct-status-type= start then script one with 1.1.1.1:8999/wbc/APICrl?requexml=LOGINUserA/anyusername in the log fileipaddressfromlog else same URL with LOGOUT

– Ravi
yesterday






the 1.1.1.1 is a firewall which only accepts API (xml) on port 8999. so if the log contiants acct-status-type= start then script one with 1.1.1.1:8999/wbc/APICrl?requexml=LOGINUserA/anyusername in the log fileipaddressfromlog else same URL with LOGOUT

– Ravi
yesterday














Which bit is logfile? I'd strongly recommend that you format it as code by editing your question, selecting all the logfile part, and then using the marker on the Edit menu.

– roaima
yesterday






Which bit is logfile? I'd strongly recommend that you format it as code by editing your question, selecting all the logfile part, and then using the marker on the Edit menu.

– roaima
yesterday











0






active

oldest

votes











Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);






Ravi is a new contributor. Be nice, and check out our Code of Conduct.









draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f508751%2fscript-to-parse-rsyslog-continuously-updating-file-and-send-out-a-url%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes








Ravi is a new contributor. Be nice, and check out our Code of Conduct.









draft saved

draft discarded


















Ravi is a new contributor. Be nice, and check out our Code of Conduct.












Ravi is a new contributor. Be nice, and check out our Code of Conduct.











Ravi is a new contributor. Be nice, and check out our Code of Conduct.














Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f508751%2fscript-to-parse-rsyslog-continuously-updating-file-and-send-out-a-url%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-cisco, logs, radius, scripting

Popular posts from this blog

Frič See also Navigation menuinternal link

Identify plant with long narrow paired leaves and reddish stems Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?What is this plant with long sharp leaves? Is it a weed?What is this 3ft high, stalky plant, with mid sized narrow leaves?What is this young shrub with opposite ovate, crenate leaves and reddish stems?What is this plant with large broad serrated leaves?Identify this upright branching weed with long leaves and reddish stemsPlease help me identify this bulbous plant with long, broad leaves and white flowersWhat is this small annual with narrow gray/green leaves and rust colored daisy-type flowers?What is this chilli plant?Does anyone know what type of chilli plant this is?Help identify this plant

fontconfig warning: “/etc/fonts/fonts.conf”, line 100: unknown “element blank” The 2019 Stack Overflow Developer Survey Results Are In“tar: unrecognized option --warning” during 'apt-get install'How to fix Fontconfig errorHow do I figure out which font file is chosen for a system generic font alias?Why are some apt-get-installed fonts being ignored by fc-list, xfontsel, etc?Reload settings in /etc/fonts/conf.dTaking 30 seconds longer to boot after upgrade from jessie to stretchHow to match multiple font names with a single <match> element?Adding a custom font to fontconfigRemoving fonts from fontconfig <match> resultsBroken fonts after upgrading Firefox ESR to latest Firefox