[syslog-ng] about mysql log
Balazs Scheidler
bazsi at balabit.hu
Wed Jul 8 09:56:50 CEST 2009
On Mon, 2009-07-06 at 17:15 +0200, Jacopo Cappelli wrote:
> 2009/7/6 Jacopo Cappelli <jacopo89 at gmail.com>:
> > 2009/7/6 Balazs Scheidler <bazsi at balabit.hu>:
> >> On Mon, 2009-07-06 at 11:58 +0200, Jacopo Cappelli wrote:
> >>> Hi,
> >>> it's possible to personalize mysql logging?
> >>> actually i have
> >>> $HOST,$FACILITY,$PRIORITY,$LEVEL,$TAG,$YEAR-$MONT-$DAY,
> >>> $HOUR:$MIN:$SEC; $PROGRAM,$MSG
> >>> i want to decompose $MGS in sub-level field because in $MSG i have a
> >>> email-id and i use it to make web research.
> >>
> >> with syslog-ng 3.0 you can.
> >>
> >> you can either parse the message using db-parser(), or csv-parser() (see
> >> the related blog posts, google will find them)
> >>
> >> once your message is parsed, you can reference custom fields in your sql
> >> destination, thus put any parsed value in a separate SQL column.
> >>
> >> --
> >> Bazsi
> >
> > parser p_assp {
> > csv-parser(columns("ID_MESSAGE","MSG")
> > delimiters(" ")
> > flags(escape-none)
> > template("${HOST}")
> > );
> > };
> >
> > my $MSG is:
> > m-1234-5678 <other information of mail delivery>
> >
> > i want to have a field on mysql named id_message that contain the
> > message id but i have a difficult to do a parser that do it...
> >
> > Thanks,
> > Jacopo
> >
>
> Mmm... Ok work but with csv-parser parse all string? It's possible to
> split only the first word? Because i can't do 20 field on db for store
> all split...
You can use the "greedy" flag, then your last field will get the "rest
of the line" not just one column.
--
Bazsi
More information about the syslog-ng
mailing list