Hello and hi,
For a while I’ve had an Input that was collecting logs from Nutanix. However the messages were just there. Not much was being done to them. Recently I wanted to get some useful information out of them.
I wanted to ask if anyone has ever succeded in parsing Nutanix logs? I’ve searched on the web for an existing template but haven’t found any. I will try doing it myself of course but I would be a fool to reinvent the wheel if someone has already done this. Also looking for some advice on how to approach this topic. The logs are being sent via rsyslog and they don’t look very friendly to parse. Here are some sample messages:
Type: PATH
NTNX-CZ212300MQ-A-CVM audispd[16351]: node=ntnx-cz212300mq-a-cvm type=PATH msg=audit(1724672825.685:175637587): item=0 name="/home/nutanix/data/logs/vip_cleanup_cluster_external_vip.log" inode=2362462 dev=09:02 mode=0100750 ouid=1000 ogid=1000 rdev=00:00 obj=sysadm_u:object_r:user_home_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
Type: USER_END
NTNX-CZ212300MV-B-CVM audispd[3207]: node=ntnx-cz212300mv-b-cvm type=USER_END msg=audit(1724672765.831:184044615): pid=1483 uid=0 auid=0 ses=5411056 subj=sysadm_u:sysadm_r:sysadm_su_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_xauth acct="nutanix" exe="/usr/bin/su" hostname=? addr=? terminal=? res=success'
The type field is the one I would probably want to look at when trying to sort the messages in some way, but doing this by hand is going to be such a pain, so I come here asking for a solution (if there already exists one) or some advice on how to approach this task.
Thanks and have a good day.
Graylog: 5.2.5