Can you share me a sample of the shell script that I can write to read the message lines that are being passed and extract those values into a different variables and output them into output log files??<br><br>
<div class="gmail_quote">On Fri, Mar 7, 2014 at 4:10 PM, Balazs Scheidler <span dir="ltr"><<a href="mailto:bazsi77@gmail.com" target="_blank">bazsi77@gmail.com</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT:#ccc 1px solid;MARGIN:0px 0px 0px 0.8ex;PADDING-LEFT:1ex" class="gmail_quote">
<p dir="ltr">You can on stdin but not as arguments.<br></p>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_quote">On Mar 7, 2014 9:24 PM, "Justin B" <<a href="mailto:justinkala@gmail.com" target="_blank">justinkala@gmail.com</a>> wrote:<br type="attribution">
<blockquote style="BORDER-LEFT:#ccc 1px solid;MARGIN:0px 0px 0px 0.8ex;PADDING-LEFT:1ex" class="gmail_quote">
<div>Yes Empty Fields.</div>
<div> </div>
<div>I am using this log path</div>
<div>log { source (remote); filter (f_messages); parser (p_apache);destination (r_messages); };</div>
<div> </div>
<div> </div>
<div>Are you saying the I cannot pass the Macro values to a shell script through Program on destination driver??<br><br></div>
<div class="gmail_quote">On Fri, Mar 7, 2014 at 2:47 PM, Evan Rempel <span dir="ltr"><<a href="mailto:erempel@uvic.ca" target="_blank">erempel@uvic.ca</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT:#ccc 1px solid;MARGIN:0px 0px 0px 0.8ex;PADDING-LEFT:1ex" class="gmail_quote">My recollection is that macros are not expanded for program names. Whant you get is the environment variables from<br>
the shell that is used to start your program, so in most cases this will be empty.<br><br>I think this is dangerous and did mantion it on the list previously.<br>
<div><br><br>On 03/06/2014 10:32 PM, Balazs Scheidler wrote:<br>> What do you get in your script? Empty fields?<br>><br>> The program destination has to be on a direct log path subsequent to the parser.<br>><br>
</div>
<div>> On Mar 4, 2014 7:27 PM, "Justin B" <<a href="mailto:justinkala@gmail.com" target="_blank">justinkala@gmail.com</a> <mailto:<a href="mailto:justinkala@gmail.com" target="_blank">justinkala@gmail.com</a>>> wrote:<br>
><br>><br>> Hello<br>> On My Apache logs I applied csv_parser() and defined the Macros.<br>> parser p_apache {<br>> csv-parser(columns("apache.ETSTAMP", "apache.TYPE", "apache.EHOSTNAME","apache.ESOURCE", "apache.EOUTCOME", "apache.EMSG","apache.EUSERID")<br>
> delimiters("|") );<br>> };<br>> I want to launch a script whenever the UDP messages are in.So I defined the<br>> destination d_mesg (program("/tmp/test.sh" template("|${apache.ETSTAMP}|${apache.TYPE}|${apache.EHOSTNAME}|${apache.ESOURCE}|${apache.EOUTCOME}|${apache.EMSG}|${apache.EUSERID}\n")); };<br>
> script is working fine with other destination drivers. Please help<br>> --<br>> Kale<br>><br>> ______________________________________________________________________________<br>> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
><br>><br>><br>><br>> ______________________________________________________________________________<br>> Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
> Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>> FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
><br><br><br></div><span><font color="#888888">--<br>Evan Rempel <a href="mailto:erempel@uvic.ca" target="_blank">erempel@uvic.ca</a><br>Senior Systems Administrator <a href="tel:250.721.7691" target="_blank" value="+12507217691">250.721.7691</a><br>
Data Centre Services, University Systems, University of Victoria<br></font></span>
<div>
<div>______________________________________________________________________________<br>Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br></div></div></blockquote></div><br><br clear="all"><br><br>______________________________________________________________________________<br>Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br><br></blockquote></div></div></div><br>______________________________________________________________________________<br>Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br><br></blockquote></div><br><br clear="all"><br>-- <br>Kaladhar