Skip to content



Constructor: F5

Product: bigip

Log type(s): sys, aaa, web

Log sample

ASM: unit_hostname=GET / HTTP/1.1\r\nHost:\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac #015"
notice auditd[6492]: Audit daemon rotating log files
debug crond[28026]: pam_unix(crond:session): session closed for user root

Parsing strategy

First of all, we catch the log\'s type define by the 2 first words (In the example : ASM, auditd, crond). The strategy is managed, depending on this type. If a new type is found, a exception is thrown. Grok pattern is used in most case to parse logs. Furthermore, Kv operator is used in ASM and pam_unix log\'s types.