<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Bokamba / LogForge blog</title>
    <link>https://bokamba.com/blog</link>
    <description>Engineer-voiced notes on parsing logs: turning raw log lines into working regex, Grok patterns, Wazuh decoders, and rsyslog rulebases.</description>
    <language>en-us</language>
    <lastBuildDate>Fri, 03 Jul 2026 00:00:00 GMT</lastBuildDate>
    <atom:link href="https://bokamba.com/rss.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>Turning a raw log line into a working regex (and Grok, and a Wazuh decoder)</title>
      <link>https://bokamba.com/blog/log-to-regex/</link>
      <description>How field detection turns one log line into a named-capture regex, a Grok pattern, and a Wazuh decoder — and why the same idea is spelled three ways.</description>
      <pubDate>Fri, 03 Jul 2026 00:00:00 GMT</pubDate>
      <guid isPermaLink="true">https://bokamba.com/blog/log-to-regex/</guid>
    </item>
  </channel>
</rss>
