Announcing PyLogsParser 0.2

  • Sharebar

Wallix logo Wallix LogBox team is happy to announce version 0.2 of PyLogsParser.

Version 0.2 is a minor release and brings the following features:

  • Improvement of best practices in tags naming conventions. Logs contain common informations such as username, IP address, informations about transport protocol… In order to ease log post-processing we must define a common method to name those tags and not deal for example with a series of “login, user, username, userid” all describing a user id. The list below is a series of tag names that must be used when relevant:
    • local_mac : MAC address of the local host.
    • local_ip : IP adress of the local host.
    • local_host : hostname or FQDN of the local host.
    • local_port : listening port of a local service.
    • source_mac : MAC address of a source host.
    • source_ip : IP address of a source host.
    • source_host : hostname or FQDN of a source host.
    • source_port : source port of a network connection.
    • dest_mac : MAC address of a destination host.
    • dest_ip : IP address of a destination host.
    • dest_host : hostname or FQDN of a destination host.
    • dest_port : destination port of a network connection.
    • protocol : network or software protocol name or numeric id such as TCP, NTP, SMTP.
    • inbound_int : network interface for incoming data.
    • outbound_int : network interface for outgoing data.
    • bind_int : binding interface for a network service.
    • message_id : message or transaction id.
    • message_sender : message sender id.
    • message_recipient : message recipient id.
    • status : component status such as FAIL, success, 404.
    • action : action taken by a component such as DELETED, migrated, DROP, open.
    • method : component access method such as GET, key_auth.
    • event_id : id describing an event.
    • user : a user id.
    • len : a data size.
    • url : an URL as defined in rfc1738.
  • Cleaning up of previous normalizers, they now follow the tags naming conventions.
  • It is now possible to specify custom paths for normalizers in addition to the system default path.

Version 0.2 also adds the following new log format normalizers:

  • Snare Syslog agent for Windows.
  • Arkoon FAST360 log format.
  • MS Exchange 2007 Message Tracking Log format.
  • Amazon S3 log parser contributed by Olivier Hervieu.

And of course various bug fixes. Full changelog is available on github. The tar ball version can be dowloaded on github download area.

Incoming search terms:

  • Source:
  • s3 log python
  • python parse syslog
  • amazon s3 log analyzer
  • python amazon s3 log parser
  • python custom log analyzer
  • python exchange log parser
  • python log parser ip
  • python microsoft logparser
  • python s3 access log analyzer
This entry was posted in development, log and tagged , , . Bookmark the permalink.