1 2 Previous Next 15 Replies Latest reply on May 18, 2016 11:46 PM by andy777

    Weird syslog parsing issue causing gibberish events to show up




      I was trying to write a custom parser for one of our applications (ManageEngine Password Manager Pro) to collect syslog and once I imported a test file, the event does show up correctly, along with like another 10 gibberish events. The regex expression I'm using for my parser is as below:


      (.*?):(\d*.\d*.\d*.\d) ([a-zA-Z\_]*) \d*\/\d*\/\d* \d*:\d*:\d* ([a-zA-Z]*) (.*) ([a-zA-Z0-9-]*):(.*):(.*)


      My sample syslog:


      admin: Account_Added 2009/12/23 11:39:00 Success pmp_test windows-server1:account1:Testing

      Using this regex, I was able to capture everything, except the date and time which I don't need. When I finished rolling out the parser to the data source and imported the test log file, I got the events, but also received weird gibberish like below:

      Screen Shot 2016-05-16 at 2.10.51 PM.png

      Does anybody know why these are being captured?


      Anh Pham

        1 2 Previous Next