{ "info": { "author": "Bj\u00f6rn Puttmann", "author_email": "nospam@poitin.de", "bugtrack_url": null, "classifiers": [ "Intended Audience :: System Administrators", "License :: OSI Approved :: Apache Software License", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: Implementation :: PyPy", "Topic :: System :: Logging" ], "description": ".. image:: https://readthedocs.org/projects/lumbermill/badge/?version=latest\n :target: http://lumbermill.readthedocs.org/en/latest/?badge=latest\n :alt: Documentation Status\n.. image:: https://travis-ci.org/dstore-dbap/LumberMill.svg?branch=master\n :target: https://travis-ci.org/dstore-dbap/LumberMill\n.. image:: https://coveralls.io/repos/dstore-dbap/LumberMill/badge.svg?branch=master&service=github :target: https://coveralls.io/github/dstore-dbap/LumberMill?branch=master\n\nLumberMill\n===========\n\nIntroduction\n''''''''''''\n\nCollect, parse and store logs with a configurable set of modules.\nInspired by `logstash `_ but\nwith a smaller memory footprint and faster startup time.\n\nCompatibility and Performance\n'''''''''''''''''''''''''''''\nTo run LumberMill you will need Python 2.7+.\nFor better performance, I heartly recommend running LumberMill with pypy.\nThe performance gain can be up to 5-6 times events/s throughput running single processed.\nTested with pypy-2.4, pypy-2.5 and pypy-4.1.\nA small benchmark comparing the performance of different python/pypy versions and logstash-1.4.2 can be found `here `_.\n\nInstallation\n''''''''''''\n\n**via pypi**\n\n::\n\n pip install LumberMill\n\n**manually**\n\nClone the github repository to /opt/LumberMill (or any other location that fits you better :):\n\n::\n\n git clone https://github.com/dstore-dbap/LumberMill.git /opt/LumberMill\n\nInstall the dependencies with pip:\n\n::\n\n cd /opt/LumberMill\n python setup.py install\n\nYou may need the MaxMind geo database. Install it with:\n\n::\n\n mkdir /usr/share/GeoIP\n cd /usr/share/GeoIP\n wget \"http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz\"\n gunzip GeoLiteCity.dat.gz\n\nNow you can give LumberMill a testdrive with:\n\n::\n\n wget https://raw.githubusercontent.com/dstore-dbap/LumberMill/master/conf/example-stdin.conf\n echo \"I'm a lumberjack, and I'm okay\" | lumbermill -c ./example-stdin.conf\n\nIf you get a \"command not found\" please check your pythonpath setting. Depending on how you installed LumberMill,\nthe executable can either be found in the bin dir of your python environment (e.g. /usr/lib64/pypy-2.4.0/bin/lumbermill)\nor in your default path (e.g. /usr/local/bin/lumbermill).\n\nOther basic configuration examples: https://github.com/dstore-dbap/LumberMill/tree/master/conf/.\n\nFor a how-to running LumberMill, Elasticsearch and Kibana on CentOS, feel free to visit\nhttp://www.netprojects.de/collect-visualize-your-logs-with-lumbermill-and-elasticsearch-on-centos/.\n\nConfiguration example (with explanations)\n'''''''''''''''''''''''''''''''''''''''''\n\nTo give a short introduction of how LumberMill works, here is a sample\nconfiguration.\nIts receiving apache and nginx access logs via syslog messages from a\nsyslog server and msgpacked events from\n`python-beaver `_ and\nstores them in an elasticsearch backend.\nBelow, I will explain each section in more detail.\n\n::\n\n # Sets number of parallel LumberMill processes.\n - Global:\n workers: 2\n\n # Listen on all interfaces, port 5151.\n - TcpServer:\n port: 5151\n receivers:\n - RegexParser\n\n # Listen on all interfaces, port 5152.\n - TcpServer:\n port: 5152\n mode: stream\n chunksize: 32768\n\n # Decode msgpacked data.\n - MsgPackParser:\n mode: stream\n\n # Extract fields.\n - RegexParser:\n source_field: data\n hot_rules_first: True\n field_extraction_patterns:\n - httpd_access_log: '(?P\\d+\\.\\d+\\.\\d+\\.\\d+)\\s+(?P\\w+|-)\\s+(?P\\w+|-)\\s+\\[(?P\\d+\\/\\w+\\/\\d+:\\d+:\\d+:\\d+\\s.\\d+)\\]\\s+\\\"(?P.*)\\\"\\s+(?P\\d+)\\s+(?P\\d+)'\n - http_common_access_log: '(?P\\d+\\.\\d+\\.\\d+\\.\\d+)\\s(?P\\d+\\.\\d+\\.\\d+\\.\\d+)\\s(?P\\w+|-)\\s(?P\\w+|-)\\s\\[(?P\\d+\\/\\w+\\/\\d+:\\d+:\\d+:\\d+\\s.\\d+)\\]\\s\\\"(?P.*)\\\"\\s(?P\\d+)\\s(?P\\d+)'\n - iptables: '(?P\\<\\d+\\>)(?P\\w+\\s+\\d+\\s+\\d+:\\d+:\\d+)\\s+(?P[\\w\\-\\._]+)\\s+kernel:.*?\\ iptables\\ (?P.*?)\\ :\\ IN=(?P.*?)\\ OUT=(?P.*?)\\ SRC=(?P.*?)\\ DST=(?P.*?)\\ LEN=(?P.*?)\\ .*?PROTO=(?P.*?)\\ SPT=(?P.*?)\\ DPT=(?P.*?)\\ WINDOW=.*'\n receivers:\n - SimpleStats:\n filter: $(lumbermill.event_type) != 'Unknown'\n # Print out messages that did not match\n - StdOutSink:\n filter: $(lumbermill.event_type) == 'Unknown'\n\n # Print out some stats every 10 seconds.\n - SimpleStats:\n interval: 10\n\n # Extract the syslog prival from events received via syslog.\n - SyslogPrivalParser:\n source_field: syslog_prival\n\n # Add a timestamp field.\n - AddDateTime:\n format: '%Y-%m-%dT%H:%M:%S.%f'\n target_field: \"@timestamp\"\n\n # Add geo info based on the lookup_fields. The first field in that yields a result from geoip will be used.\n - AddGeoInfo:\n geoip_dat_path: /usr/share/GeoIP/GeoLiteCity.dat\n source_fields: [x_forwarded_for, remote_ip]\n geo_info_fields: ['latitude', 'longitude', 'country_code']\n\n # Nginx logs request time in seconds with milliseconds as float. Apache logs microseconds as int.\n # At least cast nginx to integer.\n - Math:\n filter: if $(server_type) == \"nginx\"\n target_field: request_time\n function: float($(request_time)) * 1000\n\n # Map field values of to values in .\n - ModifyFields:\n filter: if $(http_status)\n action: map\n source_field: http_status\n map: {100: 'Continue', 200: 'OK', 301: 'Moved Permanently', 302: 'Found', 304: 'Not Modified', 400: 'Bad Request', 401: 'Unauthorized', 403: 'Forbidden', 404: 'Not Found', 500: 'Internal Server Error', 502: 'Bad Gateway'}\n\n # Kibana\u2019s \u2018bettermap\u2019 panel needs an array of floats in order to plot events on map.\n - ModifyFields:\n filter: if $(latitude)\n action: merge\n source_fields: [longitude, latitude]\n target_field: geoip\n\n # Extarct some fields from the user agent data.\n - UserAgentParser:\n source_fields: user_agent\n\n # Parse the url into its components.\n - UrlParser:\n source_field: uri\n target_field: uri_parsed\n parse_querystring: True\n querystring_target_field: params\n\n # Store events in elastic search.\n - ElasticSearchSink:\n nodes: [localhost]\n store_interval_in_secs: 5\n\n - StdOutSink\n\nLet me explain it in more detail:\n\n::\n\n # Sets number of parallel LumberMill processes.\n - Global:\n workers: 2\n\nThe Global section lets you configure some global properties of\nLumberMill. Here the number of parallel processes is set. In order to\nbe able to use multiple cores with python (yay to the\n`GIL `_) LumberMill can be started with\nmultiple parallel processes.\nDefault number of workers is CPU\\_COUNT - 1.\n\n::\n\n # Listen on all interfaces, port 5151.\n - TcpServer:\n port: 5151\n receivers:\n - RegexParser\n\nStarts a tcp server listening on all local interfaces port 5151. Each\nmodule comes with a set of default values, so you only need to provide\nsettings you need to customize.\nFor a description of the default values of a module, refer to the\nREADME.md in the modules directory or its docstring.\nBy default, a module will send its output to the next module in the\nconfiguration. To set a custom receiver, set the receivers value.\nThis module will send its output directly to RegexParser.\n\n::\n\n # Listen on all interfaces, port 5152.\n - TcpServer:\n port: 5152\n mode: stream\n chunksize: 32768\n\nAlso starts a tcp server, listening on port 5152. The first tcp server\nuses newline as separator (which is the default) for each received\nevent.\nHere, the sever reads in max. 32k of data and passes this on to the next\nmodule.\n\n::\n\n # Decode msgpacked data.\n - MsgPackParser:\n mode: stream\n\nDecode the received data from the above tcp server in msgpack format.\nThis can be used to e.g. handle data send via\n`python-beaver `_\n\n::\n\n # Extract fields.\n - RegexParser:\n source_field: data\n hot_rules_first: True\n field_extraction_patterns:\n - httpd_access_log: '(?P\\d+\\.\\d+\\.\\d+\\.\\d+)\\s+(?P\\w+|-)\\s+(?P\\w+|-)\\s+\\[(?P\\d+\\/\\w+\\/\\d+:\\d+:\\d+:\\d+\\s.\\d+)\\]\\s+\\\"(?P.*)\\\"\\s+(?P\\d+)\\s+(?P\\d+)'\n - http_common_access_log: '(?P\\d+\\.\\d+\\.\\d+\\.\\d+)\\s(?P\\d+\\.\\d+\\.\\d+\\.\\d+)\\s(?P\\w+|-)\\s(?P\\w+|-)\\s\\[(?P\\d+\\/\\w+\\/\\d+:\\d+:\\d+:\\d+\\s.\\d+)\\]\\s\\\"(?P.*)\\\"\\s(?P\\d+)\\s(?P\\d+)'\n - iptables: '(?P\\<\\d+\\>)(?P\\w+\\s+\\d+\\s+\\d+:\\d+:\\d+)\\s+(?P[\\w\\-\\._]+)\\s+kernel:.*?\\ iptables\\ (?P.*?)\\ :\\ IN=(?P.*?)\\ OUT=(?P.*?)\\ SRC=(?P.*?)\\ DST=(?P.*?)\\ LEN=(?P.*?)\\ .*?PROTO=(?P.*?)\\ SPT=(?P.*?)\\ DPT=(?P.*?)\\ WINDOW=.*'\n receivers:\n - SimpleStats:\n filter: $(lumbermill.event_type) != 'Unknown'\n # Print out messages that did not match\n - StdOutSink:\n filter: $(lumbermill.event_type) == 'Unknown'\n\nUse regular expressions to extract fields from a log event.\nsource\\_field sets the field to apply the regex to.\nWith hot\\_rules\\_first set to True, the expressions will be applied in\norder of their hit counts.\nhttpd\\_access\\_log will set the event type to \"httpd\\_access\\_log\" if\nthe expression matches.\nNamed groups are used to set the field names. Grok patterns from\nLogstash can also be used.\nIn the receivers section, we can find output filters. These can be used\nto only send selected events to the receiving module.\nAs to the notation of event fields in such filters, please refer to the\n\"Event field notation\" section later in this document.\nIn this example the output filter uses the event metadata lumbermill\nfield. This data is set by LumberMill for every event received and\nwould look like this:\n\n::\n\n 'lumbermill': {'event_id': '90818a85f3aa3af302390bbe77fbc1c87800',\n 'event_type': 'Unknown',\n 'pid': 7800,\n 'received_by': 'vagrant-centos65.vagrantup.com',\n 'received_from': '127.0.0.1:61430',\n 'source_module': 'TcpServer'}}\n\nThis data is stored in a separate field to make it easier to drop it\nprior to store it in some backend.\n\n::\n\n # Print out some stats every 10 seconds.\n - SimpleStats:\n interval: 10\n\nPrints out some simple stats every interval seconds.\n\n::\n\n # Extract the syslog prival from events received via syslog.\n - SyslogPrivalParser:\n source_field: syslog_prival\n\nParses syslog prival values to human readable ones based on\n`RFC5424 `_.\n\n::\n\n # Add a timestamp field.\n - AddDateTime:\n format: '%Y-%m-%dT%H:%M:%S.%f'\n target_field: \"@timestamp\"\n\nAdds a timestamp field to the event. When you want to use kibana to view\nyour event data, this field is required.\n\n::\n\n # Add geo info based on the lookup_fields. The first field in that yields a result from geoip will be used.\n - AddGeoInfo:\n geoip_dat_path: /usr/share/GeoIP/GeoLiteCity.dat\n source_fields: [x_forwarded_for, remote_ip]\n geo_info_fields: ['latitude', 'longitude', 'country_code']\n\nAdds geo information fields to the event based on ip addresses found in\nsource\\_fields. The first ip address in source\\_fields that yields a\nresult will be used.\n\n::\n\n # Nginx logs request time in seconds with milliseconds as float. Apache logs microseconds as int.\n # At least cast nginx to integer.\n - Math:\n filter: if $(server_type) == \"nginx\"\n target_field: request_time\n function: float($(request_time)) * 1000\n\nAs it says in the comment. Nginx and apache use different time formats\nfor the request time field. This module lets you adjust the field to\naccommodate for that.\nAlso an input filter is used here. Only matching events will be modified\nby this module.\n\n::\n\n # Map field values of to values in .\n - ModifyFields:\n filter: if $(http_status)\n action: map\n source_field: http_status\n map: {100: 'Continue', 200: 'OK', 301: 'Moved Permanently', 302: 'Found', 304: 'Not Modified', 400: 'Bad Request', 401: 'Unauthorized', 403: 'Forbidden', 404: 'Not Found', 500: 'Internal Server Error', 502: 'Bad Gateway'}\n\nThis module shows how you can map event fields to new values. In this\nexample numeric http status codes are mapped to human readable values.\n\n::\n\n # Kibana\u2019s \u2018bettermap\u2019 panel needs an array of floats in order to plot events on map.\n - ModifyFields:\n filter: if $(latitude)\n action: merge\n source_fields: [longitude, latitude]\n target_field: geoip\n\nKibanas bettermap module expects the geodata to be found in one single\nfield. With this module the fields longitude and latitude are merged\ninto the geoip field.\n\n::\n\n # Extarct some fields from the user agent data.\n - UserAgentParser:\n source_fields: user_agent\n target_field: user_agent_info\n\nExtract user agent information from the user\\_agent field. This module\nwill set fields like user\\_agent\\_info.bot,\nuser\\_agent\\_info.browser.name etc.\n\n::\n\n # Parse the url into its components.\n - UrlParser:\n source_field: uri\n target_field: uri_parsed\n parse_querystring: True\n querystring_target_field: params\n\nExtract details from the uri field. This module will set fields like\nuri\\_parsed.scheme, uri\\_parsed.path, uri\\_parsed.query etc.\n\n::\n\n # Store events in elastic search.\n - ElasticSearchSink:\n nodes: [localhost]\n store_interval_in_secs: 5\n\nSend the received events to elasticsearch servers. nodes will set the\nnodes to connect to.\n\n::\n\n - StdOutSink\n\nEvents received by this module will be printed out to stdout. The\nRegexParser module was configured to send unmatched events to this\nmodule.\n\nThe different modules can be combined in any order.\n\nTo run LumberMill you will need Python 2.5+.\nFor better performance I recommend running LumberMill with pypy. Tested\nwith pypy-2.0.2, pypy-2.2.1, pypy-2.3 and pypy-2.4.\nFor IPC ZeroMq is used instead of the default multiprocessing.Queue.\nThis resulted in nearly 3 times of the performance with\nmultiprocessing.Queue.\n\nWorking modules\n'''''''''''''''\n\nEvent inputs\n^^^^^^^^^^^^\n\n- ElasticSearch, get documents from elasticsearch.\n- Kafka, receive events from apache kafka.\n- NmapScanner, scan network with nmap and emit result as new event.\n- RedisChannel, read events from redis channels.\n- RedisList, read events from redis lists.\n- Sniffer, sniff network traffic.\n- Spam, what it says on the can - spams LumberMill for testing.\n- SQS, read messages from amazons simple queue service.\n- StdIn, read stream from standard in.\n- TcpServer, read stream from a tcp socket.\n- UdpServer, read data from udp socket.\n- UnixSocket, read stream from a named socket on unix like systems.\n- Zmq, read events from a zeromq.\n\nEvent parsers\n^^^^^^^^^^^^^\n\n- Base64Parser, parse base64 data.\n- CollectdParser, parse collectd binary protocol data.\n- CSVParser, parse a char separated string.\n- DomainNameParser, parse a domain name or url to tld, subdomain etc. parts.\n- InflateParser, inflates any fields with supported compression codecs.\n- JsonParser, parse a json formatted string.\n- LineParser, split lines at a seperator and emit each line as new\n event.\n- MsgPackParser, parse a msgpack encoded string.\n- RegexParser, parse a string using regular expressions and named\n capturing groups.\n- SyslogPrivalParser, parse the syslog prival value (RFC5424).\n- UrlParser, parse the query string from an url.\n- UserAgentParser, parse a http user agent string.\n- XPathParser, parse an XML document via an xpath expression.\n\nEvent modifiers\n^^^^^^^^^^^^^^^\n\n- AddDateTime, adds a timestamp field.\n- AddDnsLookup. adds dns data.\n- AddGeoInfo, adds geo info fields.\n- DropEvent, discards event.\n- ExecPython, execute custom python code.\n- Facet, collect all encountered variations of en event value over a\n configurable period of time.\n- HttpRequest, execute an arbritrary http request and store result.\n- Math, execute arbitrary math functions.\n- MergeEvent, merge multiple events to one single event.\n- ModifyFields, some methods to change extracted fields, e.g. insert,\n delete, replace, castToInteger etc.\n- Permutate, takes a list in the event data emits events for all\n possible permutations of that list.\n\nOutputs\n^^^^^^^\n\n- DevNullSink, discards all data that it receives.\n- ElasticSearchSink, stores data entries in an elasticsearch index.\n- FileSink, store events in a file.\n- GraphiteSink, send metrics to graphite server.\n- LoggerSink, sends data to lumbermill internal logger for output.\n- MongoDbSink, stores data entries in a mongodb index.\n- RedisChannelSink, publish incoming events to redis channel.\n- RedisListSink, publish incoming events to redis list.\n- StdOutSink, prints all received data to standard out.\n- SQSSink, sends events to amazons simple queue service.\n- SyslogSink, send events to syslog.\n- WebHdfsSink, store events in hdfs via webhdfs.\n- ZmqSink, sends incoming event to zeromq.\n\nMisc modules\n^^^^^^^^^^^^\n\n- EventBuffer, store received events in a persistent backend until the\n event was successfully handled.\n- KeyValueStore, simple wrapper around the python simplekv module.\n- RedisStore, use redis to store and retrieve values, e.g. to store the\n result of the XPathParser modul.\n- SimpleStats, simple statistic module just for event rates etc.\n- Statistics, more versatile. Configurable fields for collecting\n statistic data.\n- Tarpit, slows event propagation down - for testing.\n- Throttle, throttle event count over a given time period.\n\nCluster modules\n^^^^^^^^^^^^^^^\n\n- Pack, base pack module. Handles pack leader and pack member\n discovery.\n- PackConfiguration, syncs leader configuration to pack members.\n\nWebserver modules\n^^^^^^^^^^^^^^^^^\n\n- WebGui, a web interface to LumberMill.\n- WebserverTornado, base webserver module. Handles all incoming\n requests.\n\nEvent flow basics\n'''''''''''''''''\n\n- an input module receives an event.\n- the event data will be wrapped in a default event dictionary of the\n following structure: { \"data\": payload, \"lumbermill\": { \"event\\_id\":\n unique event id, \"event\\_type\": \"Unknown\", \"received\\_from\": ip\n address of sender, \"source\\_module\": caller\\_class\\_name, } }\n- the input module sends the new event to its receivers. Either by\n adding it to a queue or by calling the receivers handleEvent method.\n- if no receivers are configured, the next module in config will be the\n default receiver.\n- each following module will process the event via its handleEvent\n method and pass it on to its receivers.\n- each module can have an input filter and an output filter to manage\n event propagation through the modules.\n- output modules can not have receivers.\n\nConfiguration basics\n''''''''''''''''''''\n\nThe configuration is stored in a yaml formatted file. Each module\nconfiguration follows the same pattern:\n\n::\n\n - SomeModuleName:\n id: AliasModuleName # \n filter: if $(cache_status) == \"-\"\n add_fields: {'my_new_field': 'my_new_value'}\n delete_fields: ['drop_this_field', 'drop_that_field']\n event_type: my_custom_type\n receivers:\n - ModuleName\n - ModuleAlias:\n filter: if $('event_type') == 'httpd_access_log'\n\n- module: specifies the module name and maps to the class name of the\n module.\n- id: use to set an alias name if you run more than just one instance\n of a module.\n- filter: apply a filter to incoming events. Only matching events will\n be handled by this module.\n- add\\_fields: if the event is handled by the module add this fields to\n the event.\n- delete\\_fields: if the event is handled by the module delete this\n fields from the event.\n- event\\_type: if the event is handled by the module set event\\_type to\n this value.\n- receivers: ModuleName or id of the receiving modules. If a filter is\n provided, only matching events will be send to receiver. If no\n receivers are configured, the next module in config will be the\n default receiver.\n\nFor modules that support the storage of intermediate values in redis: \\*\nconfiguration['redis-client']: name of the redis client as set in the\nconfiguration. \\* configuration['redis-key']: key used to store the data\nin redis. \\* configuration['redis-ttl']: ttl of the stored data in\nredis.\n\nFor configuration details of each module refer to its docstring.\n\nEvent field notation\n''''''''''''''''''''\n\nThe following examples refer to this event data:\n\n::\n\n {'bytes_send': '3395',\n 'data': '192.168.2.20 - - [28/Jul/2006:10:27:10 -0300] \"GET /wiki/Monty_Python/?spanish=inquisition HTTP/1.0\" 200 3395\\n',\n 'datetime': '28/Jul/2006:10:27:10 -0300',\n 'lumbermill': {\n 'event_id': '715bd321b1016a442bf046682722c78e',\n 'event_type': 'httpd_access_log',\n \"received_from\": '127.0.0.1',\n \"source_module\": 'StdIn',\n },\n 'http_status': '200',\n 'identd': '-',\n 'remote_ip': '192.168.2.20',\n 'url': 'GET /wiki/Monty_Python/?spanish=inquisition HTTP/1.0',\n 'fields': ['nobody', 'expects', 'the'],\n 'params': { u'spanish': [u'inquisition']},\n 'user': '-'}\n\nNotation in configuration fields like source\\_field or target\\_field\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nJust use the field name. If referring to a nested dict or a list, use\ndots:\n\n::\n\n - RegexParser:\n source_field: fields.2\n\n - RegexParser:\n source_field: params.spanish\n\nNotation in strings\n^^^^^^^^^^^^^^^^^^^\n\nUse $(variable\\_name) notation. If referring to a nested dict or a list,\nuse dots:\n\n::\n\n - ElasticSearchSink:\n index_name: 1perftests\n doc_id: $(fields.0)-$(params.spanish.0)\n\nNotation in module filters\n^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nUse $(variable\\_name) notation. If referring to a nested dict, use dots:\n\n::\n\n - StdOutSink:\n filter: if $(fields.0) == \"nobody\" and $(params.spanish.0) == 'inquisition'\n\nFilters\n-------\n\nModules can have an input filter:\n\n::\n\n - StdOutSink:\n filter: if $(remote_ip) == '192.168.2.20' and re.match('^GET', $(url))\n\nModules can have an output filter:\n\n::\n\n - RegexParser:\n ...\n receivers:\n - StdOutSink:\n filter: if $(remote_ip) == '192.168.2.20' and re.match('^GET', $(url))\n\n\n\nA rough sketch for using LumberMill with syslog-ng\n'''''''''''''''''''''''''''''''''''''''''''''''''''\n\nSend e.g. apache access logs to syslog (/etc/httpd/conf/httpd.conf):\n\n::\n\n ...\n CustomLog \"| /usr/bin/logger -p local1.info -t apache2\" common\n ...\n\nConfigure the linux syslog-ng service to send data to a tcp address\n(/etc/syslog-ng.conf):\n\n::\n\n ...\n destination d_gambolputty { tcp( localhost port(5151) ); };\n filter f_httpd_access { facility(local1); };\n log { source(s_sys); filter(f_httpd_access); destination(d_gambolputty); flags(final);};\n ... \n\nConfigure LumberMill to listen on localhost\n5151(./conf/lumbermill.conf):\n\n::\n\n ...\n - TcpServer:\n interface: localhost\n port: 5151\n ...", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/dstore-dbap/LumberMill/", "keywords": null, "license": "LICENSE", "maintainer": null, "maintainer_email": null, "name": "LumberMill", "package_url": "https://pypi.org/project/LumberMill/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/LumberMill/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/dstore-dbap/LumberMill/" }, "release_url": "https://pypi.org/project/LumberMill/0.9.0.2/", "requires_dist": null, "requires_python": null, "summary": "A logparser with module support.", "version": "0.9.0.2" }, "last_serial": 2088823, "releases": { "0.8.9": [ { "comment_text": "", "digests": { "md5": "ad42a387bed2e0c5754744c4cd116353", "sha256": "d8b6220cf24f0b95bc7337c1259cde79bc4b71f105d6ca4181ffcdab6f5032ee" }, "downloads": -1, "filename": "LumberMill-0.8.9.tar.gz", "has_sig": false, "md5_digest": "ad42a387bed2e0c5754744c4cd116353", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 315431, "upload_time": "2015-12-11T15:12:38", "url": "https://files.pythonhosted.org/packages/55/35/438d9aae50360011110e2a252552f4ef70d778ee6ff83ceb08509e5bb23a/LumberMill-0.8.9.tar.gz" } ], "0.9.0.1": [ { "comment_text": "", "digests": { "md5": "abd784e2f09aab90b223ea7bc270d7f5", "sha256": "8c1d613ffba8c94b372415c3fdd1642d6f89346e1092e4f8703561d4b590ede0" }, "downloads": -1, "filename": "LumberMill-0.9.0.1.tar.gz", "has_sig": false, "md5_digest": "abd784e2f09aab90b223ea7bc270d7f5", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 317985, "upload_time": "2015-12-18T14:08:40", "url": "https://files.pythonhosted.org/packages/34/fc/161af520e3cc3f7b7cee2d76541179661745f91b829d1e748b9a1091ceb7/LumberMill-0.9.0.1.tar.gz" } ], "0.9.0.2": [ { "comment_text": "", "digests": { "md5": "a6b1c79ef5108f75a01f12518ac0aa52", "sha256": "fa12fd3f37a2ad97312cd5dcf4767b2ce93e1ede6a57bb113567ffec813db281" }, "downloads": -1, "filename": "LumberMill-0.9.0.2.tar.gz", "has_sig": false, "md5_digest": "a6b1c79ef5108f75a01f12518ac0aa52", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 320640, "upload_time": "2016-04-28T14:18:09", "url": "https://files.pythonhosted.org/packages/a7/28/f83efcf06f819a01293b602902845b06e3615a9ae69e87cac33222533a94/LumberMill-0.9.0.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "a6b1c79ef5108f75a01f12518ac0aa52", "sha256": "fa12fd3f37a2ad97312cd5dcf4767b2ce93e1ede6a57bb113567ffec813db281" }, "downloads": -1, "filename": "LumberMill-0.9.0.2.tar.gz", "has_sig": false, "md5_digest": "a6b1c79ef5108f75a01f12518ac0aa52", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 320640, "upload_time": "2016-04-28T14:18:09", "url": "https://files.pythonhosted.org/packages/a7/28/f83efcf06f819a01293b602902845b06e3615a9ae69e87cac33222533a94/LumberMill-0.9.0.2.tar.gz" } ] }