Since we have some old servers running Asterisk 1.2, I had a requirement to change the grok filters to match the slight difference in the log format, I added and changed the following:
Changed the following 2 to have no square brackets around the date, and added the new date format above as the format used in 1.2 is not ISO8601
ASTLOG1 %{ASTDATESHORT:timestamp} %{ASTLEVEL:severity}[\d+] %{ASTSRC:asterisk_src_file}:%{ASTCONTENT}
ASTLOG2 %{ASTDATESHORT:timestamp} %{ASTLEVEL:severity}[\d+] Ext. %{ASTEXTNO}: %{GREEDYDATA}
ASTTIMEOUT Packet timed out after %{NUMBER}ms with no response
ASTLOG ^(:?%{ASTLOG1}|%{ASTLOG2}|%{ASTTIMEOUT})
This has stopped me from getting grokparsefailure messages, although I haven't tested it for an extended period yet. There are probably more hidden problems I haven't found yet as I know that the log format has changed significantly since this version. Although I am not sure what version these filters were written for.
aberrios85
commented
8 years ago
Since we have some old servers running Asterisk 1.2, I had a requirement to change the grok filters to match the slight difference in the log format, I added and changed the following:
Added
ASTDATESHORT %{MONTH:month} +%{MONTHDAY:day_number} %{TIME:time}
different log types
Changed the following 2 to have no square brackets around the date, and added the new date format above as the format used in 1.2 is not ISO8601
ASTLOG1 %{ASTDATESHORT:timestamp} %{ASTLEVEL:severity}[\d+] %{ASTSRC:asterisk_src_file}:%{ASTCONTENT} ASTLOG2 %{ASTDATESHORT:timestamp} %{ASTLEVEL:severity}[\d+] Ext. %{ASTEXTNO}: %{GREEDYDATA} ASTTIMEOUT Packet timed out after %{NUMBER}ms with no response ASTLOG ^(:?%{ASTLOG1}|%{ASTLOG2}|%{ASTTIMEOUT})
This has stopped me from getting grokparsefailure messages, although I haven't tested it for an extended period yet. There are probably more hidden problems I haven't found yet as I know that the log format has changed significantly since this version. Although I am not sure what version these filters were written for.