Install syslog-ng-mod-grok by entering the following commands in the terminal:
sudo apt update sudo apt install syslog-ng-mod-grok
Description:
Enhanced system logging daemon (Grok parser support)
syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, databases (SQL and NoSQL alike) and more. . Key features: . * receive and send RFC3164 and RFC5424 style syslog messages * work with any kind of unstructured data * receive and send JSON formatted messages * classify and structure logs with builtin parsers (csv-parser(), db-parser(), etc.) * normalize, crunch and process logs as they flow through the system * hand on messages for further processing using message queues (like AMQP), files or databases (like PostgreSQL or MongoDB). . Grok is an advanced pattern format (like PatternDB) used primarily by LogStash, which allows users to parse unstructured data into a structured format. This module allows syslog-ng users to use Grok patterns, too.
Homepage: https://github.com/balabit/syslog-ng-incubator
Version: 0.6.2-0.1
Section: universe/admin