panaman
(panaman)
January 24, 2017, 4:21pm
1
The current TTY grok filter does not match if does not contain "/dev"
It will not match the secure log on centos.
Jan 24 16:19:36 USOHWC-ESCTL1 sudo: panaman : TTY=pts/1 ; PWD=/home/panaman ; USER=root ; COMMAND=/bin/tail /var/log/secure
If you change the TTY grok filter to the following, it will work:
TTY ((:?)(/dev/)?(pts|tty([pq])?)(\w+)?/?(?:[0-9]+))
Perhaps you can send a pull request for this? Or at least file an issue?
1 Like
panaman
(panaman)
January 31, 2017, 9:49pm
3
I went to go file an issue but it says to post it here
Yes, and I confirm that this (likely) is a bug. Therefore an issue is in order.
system
(system)
Closed
March 1, 2017, 6:59am
5
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.