NAME

saftpresse - a modular and configurable logfile analyzer

VERSION

version 1.6

Synopsis

  usage: bin/saftpresse
        [--config|-c <file>]
        [--log-level|-l <level>]
        [--help|-h]

Description

Saftpresse is a modular log file analyzer written perl.

It features plugin architecture for

Inputs

For reading events from multiple sources.

Log::Saftpresse::Input::Stdin

Reads log lines from STDIN.

Log::Saftpresse::Input::FileTail

Will read all new lines from a file like tail(1) does.

Log::Saftpresse::Input::Server

Line based TCP server. (eg. for syslog)

Log::Saftpresse::Input::RELP

A TCP server implmenting the RELP protocol.

Log::Saftpresse::Input::Redis

Will read events from a redis queue.

Log::Saftpresse::Input::Lumberjack

A server implementing the lumberjack protocol v1/v2 used by logstash and beats.

Log::Saftpresse::Input::Command

A input reading output of a command.

Log::Saftpresse::Input::Journald

Read events from systemd journal.

Plugins

For processing of events.

Plugins are able to convert or alter events. They can add additional information like dns lookup or geo-locations. They can also create relationships between events. For example measure the time between the connect and disconnect of a client.

A counter api could be used to meter events and their content.

Log::Saftpresse::Plugin::Amavis

Plugin for amavisd-new log output.

Log::Saftpresse::Plugin::Apache

Plugin for apache httpd log output.

Log::Saftpresse::Plugin::GeoIP

Plugin for looking up ip in GeoIP database.

Log::Saftpresse::Plugin::GraphitLineFormat

Plugin for parsing graphit line format messages.

Log::Saftpresse::Plugin::LinuxNetfilter

Plugin for parsing output of linux netfilters LOG target.

Log::Saftpresse::Plugin::Postfix

Plugin for parsing postfix mail logs based on pflogsumm.

Log::Saftpresse::Plugin::PostfixGeoStats

Plugin to add geoip information to postfix events.

Log::Saftpresse::Plugin::Syslog

Plugin to parse syslog network line format.

Log::Saftpresse::Plugin::SyslogFile

Plugin to parse syslog file format. (/var/log/...)

Outputs

Multiple outputs can be defined for storing of events.

Log::Saftpresse::Output::Elasticsearch

Write events to an elasticsearch server.

Log::Saftpresse::Output::Graphite

Write graphit events to an carbon line reciever.

Log::Saftpresse::Output::JSON

Dump events in JSON format.

Log::Saftpresse::Output::Redis

Write events to a redis queue.

Counter Outputs

Multiple outputs can be defined for storing of counter data.

Log::Saftpresse::CountersOutput::Dump

Dumper metric data.

Log::Saftpresse::CountersOutput::Graphite

Write metrics to a carbon line reciever.

Architecture

The saftpresse engine is currently designed as a single process using non-blocking IO.

AUTHOR

Markus Benning <ich@markusbenning.de>

COPYRIGHT AND LICENSE

This software is Copyright (c) 1998 by James S. Seymour, 2015 by Markus Benning.

This is free software, licensed under:

  The GNU General Public License, Version 2, June 1991