It would be great if Zabbix internal regexp functions understands grok patterns. Best if it loads patterns from external file/dir during startup or extension of today regular expressions.
Grok patterns are well-known patterns which can help with searching and replacing common type of information: https://github.com/logstash-plugins/.../grok-patterns
Grok pattern needs to be "compiled" during saving, from this point it is normal regular expression.
For example, it is very easy to parse syslog file using this pattern than write everything as more expression strings. And this could be very helpful.
This could bring next level of security monitoring for Zabbix. In combination with log file processing, preprocessing and event correlation, this could be very strong tool.
Easy syslog parsing with similar rule:
Grok patterns are well-known patterns which can help with searching and replacing common type of information: https://github.com/logstash-plugins/.../grok-patterns
Grok pattern needs to be "compiled" during saving, from this point it is normal regular expression.
For example, it is very easy to parse syslog file using this pattern than write everything as more expression strings. And this could be very helpful.
This could bring next level of security monitoring for Zabbix. In combination with log file processing, preprocessing and event correlation, this could be very strong tool.
Easy syslog parsing with similar rule:
Code:
SYSLOGBASE %{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logsource} %{SYSLOGPROG}: