Logprep: The swiss army knife for logs

This is the documentation for Logprep. The swiss army knife for logs. It provides tools for:

• collection of logs from various sources

• normalization via different processors

• shipping to different datalake targets

• generation of events for load testing

• pseudonymization and depseudonymization of fields in log data to comply with GDPR

and it is written in Python!

• Installation
  • PIP
  • GIT
  • Docker
  • Helm
• User Manual
  • Introduction
    • Connectors
    • Pipelines
    • Processors
  • Executing Logprep
    • Event Generation
    • Pseudonymization Tools
    • Restart Behavior
    • Exit Codes
    • Healthchecks
    • Event Generation Guide
  • Verifying the Configuration
  • Testing Rules
    • Dry Run
    • Rule Tests
    • Custom Tests
    • Example Tests
  • Security Best Practices
• Configuration
  • Configuration File Structure
  • Input
    • ConfluentkafkaInput
    • DummyInput
    • HTTPInput
    • JsonInput
    • JsonlInput
    • FileInput
  • Output
    • ConfluentKafkaOutput
    • ConfluentKafkaGeneratorOutput
    • ConsoleOutput
    • JsonlOutput
    • OpensearchOutput
    • S3Output
    • HTTPOutput
    • HTTPGeneratorOutput
  • Processors
    • Amides
    • Calculator
    • Clusterer
    • Concatenator
    • DatetimeExtractor
    • Deleter
    • Dissector
    • DomainLabelExtractor
    • DomainResolver
    • Dropper
    • FieldManager
    • GenericAdder
    • GenericResolver
    • GeoipEnricher
    • Grokker
    • IpInformer
    • KeyChecker
    • Labeler
    • ListComparison
    • PreDetector
    • Pseudonymizer
    • Replacer
    • Requester
    • SelectiveExtractor
    • StringSplitter
    • TemplateReplacer
    • Timestamper
    • TimestampDiffer
  • Rules
    • Basic Functionality
    • Rule Files
    • Log message field value access
    • Filter
    • RuleTree
  • Getters
    • FileGetter
    • HttpGetter
  • Metrics
    • Configuration
    • Processing Times in Events
    • Metrics Overview
  • YAML Tags
    • Include tags
    • Anchor tags
• Development
  • Architecture
    • Overview
    • Starting Logprep
    • Pipeline Manager
    • Pipeline
    • Input
    • Processor
    • Ruletree
    • Output
    • Event flow
    • Multiprocessing
    • Legend
  • Implementing a new Connector
    • Input
    • Output
    • Error Output
    • Factory
  • Implementing a new Processor
    • Concurrency/IPC
    • Getting started
    • Processor
    • Tests
  • Registring a new Component
    • Registry
    • Factory
  • Testing
    • Executing Tests
    • Log Messages
  • Processor Case Examples
    • Lucene regex filter
    • Concatenator
    • Calculator
    • Dissector
    • Dissector
    • FieldManager
    • Generic Adder
    • Grokker
    • Configuration of the GeoipEnricher
    • IpInformer
    • KeyChecker
    • Requester
    • StringSplitter
    • Timestamper
    • TimestampDiffer
  • Start Logprep programaticly
• Example Deployments
  • Docker Compose Example Deployment
    • Run without Logprep Container (default)
    • Run with Logprep Container
    • Run with getting config from http server with basic authentication
    • Run with getting config from http server with mTLS authentication
    • Interacting with the Compose Environment
    • Utilizing FDA and UCL
  • Kubernetes Example Deployment
    • Setup Minikube
    • Deploy the example
    • Use local container images

• Index

• Module Index