Log type(s): sys, aaa, web
ASM: unit_hostname=GET / HTTP/1.1\r\nHost: 22.214.171.124\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac #015"
notice auditd: Audit daemon rotating log files
debug crond: pam_unix(crond:session): session closed for user root
First of all, we catch the log\'s type define by the 2 first words (In the example : ASM, auditd, crond). The strategy is managed, depending on this type. If a new type is found, a exception is thrown. Grok pattern is used in most case to parse logs. Furthermore, Kv operator is used in ASM and pam_unix log\'s types.