[syslog-ng] $MSG parsing question
Hubert Lang
lang at brennercom.net
Thu Jun 29 14:48:09 CEST 2006
Hello,
i have a few questions about the message parser, basically
i want to parse/split up the MESSAGE field
itself and write the splitted up message in a mysql
database, i cant find any documents about how this
can be done, do i need an external parser (perl or
whatever) or can this be done within syslog-ng.conf?
right now i just can write the whole message to the mysqldb
syslog-ng.conf
template("INSERT INTO logs (host, facility, priority,
level, tag, date,time, program, msg) VALUES ( '$HOST',
'$FACILITY','$PRIORITY', '$LEVEL', '$TAG',
'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG'
);\n")
template-escape(yes));
so it gets written to the database in this way:
INSERT INTO logs (host, facility, priority, level, tag,
date,time, program, msg) VALUES ( '10.44.10.253',
'local4','notice', 'notice', 'a5', '2006-06-29',
'14:39:46', 'NS25', 'NS25: NetScreen device_id=NS25
[Root]system-notification-00257(traffic):
start_time=\"2006-06-29 14:38:38\" duration=0 policy_id=95
service=http proto=6 src zone=Untrust dst zone=Untrust
action=Deny sent=0 rcvd=0 src=10.10.10.225
dst=208.174.52.61 src_port=2042 dst_port=80 session_id=0'
);
now i want to split up the message part itself
system-notification traffic, insert the
start_time/duration/policy_id/service/proto/src-zone etc
etc in a different table
this perl script
http://www.optekconsulting.com/tools/nstf.pl has every
field i need,
Any Help is really welcome
Cheers
Hubert
--
Die e-Mail-Boxes von Brennercom sind Virus-gesichert und Spam-gefiltert.
Le caselle e-Mail di Brennercom sono protette da sistemi antivirus e antispam.
http://www.brennercom.it
More information about the syslog-ng
mailing list