Robust CLI syslog forensics tool
Project description
Logdissect is a CLI utility and Python library for analyzing log files and other data. It can parse, merge, filter, and export data (to log files, or JSON).
Options
usage: logdissect.py [-h] [--dhost DHOST] [--grep PATTERN] [--last LAST]
[--process PROCESS] [--protocol PROTOCOL] [--range RANGE]
[--utc] [--rdhost DHOST] [--rgrep PATTERN]
[--rprocess PROCESS] [--rprotocol PROTOCOL]
[--rshost SHOST] [--rsource SOURCE] [--shost SHOST]
[--source SOURCE] [--linejson LINEJSON] [--outlog OUTLOG]
[--label LABEL] [--sojson SOJSON] [--pretty] [--version]
[--verbose] [-s] [--list-parsers] [-p PARSER] [-z]
[-t TZONE]
[file [file ...]]
positional arguments:
file specify input files
optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit
--verbose set verbose terminal output
-s silence terminal output
--list-parsers return a list of available parsers
-p PARSER select a parser (default: syslog)
-z, --unzip include files compressed with gzip
-t TZONE specify timezone offset to UTC (e.g. '+0500')
filter options:
--dhost DHOST match a destination host
--grep PATTERN match a pattern
--last LAST match a preceeding time period (e.g. 5m/3h/2d/etc)
--process PROCESS match a source process
--protocol PROTOCOL match a protocol
--range RANGE match a time range (YYYYMMDDhhmm-YYYYMMDDhhmm)
--utc use UTC for range matching
--rdhost DHOST filter out a destination host
--rgrep PATTERN filter out a pattern
--rprocess PROCESS filter out a source process
--rprotocol PROTOCOL filter out a protocol
--rshost SHOST filter out a source host
--rsource SOURCE filter out a log source
--shost SHOST match a source host
--source SOURCE match a log source
output options:
--linejson LINEJSON set the output file for line by line JSON output
--outlog OUTLOG set the output file for standard log output
--label LABEL set label type for OUTLOG (fname|fpath)
--sojson SOJSON set the output file for single object JSON output
--pretty use pretty formatting for sojson output
==== Available parsing modules: ====
ciscoios : cisco ios parsing module
emerge : gentoo emerge log parsing module
linejson : logdissect object-per-line JSON parsing module
sojson : logdissect single object JSON parsing module
syslog : syslog (standard timestamp) parsing module
syslogiso : syslog (ISO timestamp) parsing module
syslognohost : syslog (standard timestamp, no host) parsing module
tcpdump : tcpdump terminal output parsing module
webaccess : web access log parsing module
windowsrsyslog : windows rsyslog agent log parsing module
Links
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
logdissect-3.1.1.tar.gz
(25.1 kB
view hashes)
