TTY grok filter needs changed


(panaman) #1

The current TTY grok filter does not match if does not contain "/dev"
It will not match the secure log on centos.

Jan 24 16:19:36 USOHWC-ESCTL1 sudo: panaman : TTY=pts/1 ; PWD=/home/panaman ; USER=root ; COMMAND=/bin/tail /var/log/secure

If you change the TTY grok filter to the following, it will work:

TTY ((:?)(/dev/)?(pts|tty([pq])?)(\w+)?/?(?:[0-9]+))

(Magnus Bäck) #2

Perhaps you can send a pull request for this? Or at least file an issue?


(panaman) #3

I went to go file an issue but it says to post it here


(Magnus Bäck) #4

Yes, and I confirm that this (likely) is a bug. Therefore an issue is in order.


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.