[syslog-ng] db-parser
Jacopo Cappelli
jacopo89 at gmail.com
Tue Jul 14 15:48:57 CEST 2009
Ok i must use ANYSTRING but for use it i need the 3.1 version but i
can't compile it...
I download the snapshot from git-web but when i try to "make" but
afsql.c:36:21: error: dbi/dbi.h: No such file or directory
i download the wrong version?
Thank,
Jacopo
2009/7/14 Balazs Scheidler <bazsi at balabit.hu>:
> On Mon, 2009-07-13 at 19:59 +0200, ILLES, Marton wrote:
>> Hi,
>>
>> First you should simply try a pattern like this:
>>
>> <pattern>@ESTRING:id_message: @</pattern>
>>
>> This would match your line and would extract the message id. Than you
>> can work on extending it. Also probably the easiest option is to use the
>> @ANYSTRING@ parser which would match everything till the end of the
>> message. It is available in the 3.1 git tree:
>>
>> http://git.balabit.hu/?p=bazsi/syslog-ng-3.1.git;a=commit;h=c22ee8dad59b56b9f2d4f85282570d77e931d2be
>>
>> So your pattern would look something like this:
>>
>> <pattern>@ESTRING:id_message: @@ANYSTRING:rest@</pattern>
>>
>> In the sql statement you can than use the ${id_message} and ${rest}
>> macros. (Note that ANYSTRING is available only in the 3.1 tree which
>> uses the newer patterndb format!)
>>
>> let me know if it works.
>
> I didn't have time to completely integrate your patterndb v2 patches, so
> it still sits in a local branch and not on master.
>
> But ANYSTRING is already there.
>
> --
> Bazsi
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
--
Linux, Windows Xp ed MS-DOS
(anche conosciuti come il Bello, il Brutto ed il Cattivo).
-- Matt Welsh
More information about the syslog-ng
mailing list