Another alternative to regular expression based message parsing that has native support within syslog-ng: patterndb (<a href="http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/features/pattern-db" rel="nofollow">http://www.balabit.com/network-security/syslog-ng/opensource...</a>)<p>Very fast and a bit complex to setup, but well documented and well tooled. Mature. It could do with some more community love, tbh.
As this appears to have been submitted by the author: the site is very difficult to read on an iPad. The font size toggles between small and large every few seconds. Easily reproduced in both Chrome and Safari.
What's the key differentiator between this and logstash? Obviously logstash has this beat on the number of patterns simply because it's been around for longer. If this is truly different (superior and/or faster) than logstash's grok parser, I wonder if this could be implemented as a sort of meta-parser in logstash, possibly useful in cases where someone would have instead resorted to building a grok definition.