<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">I don't have anything quite as
elaborate as what you have, but here is an example I have running
in my production environment<br>
<br>
<br>
template t_rule_id { template("${.classifier.rule_id}\n");
template_escape(no); };<br>
<br>
destination d_msgid_profiler {<br>
program("/opt/flare/bin/msgid_profiler"
template(t_rule_id) );<br>
};<br>
<br>
I use a patterndb message parser to end up with the macro
.classifier.rule_id and then send that to my program.<br>
<br>
Basically what you have done.<br>
<br>
One of the things that I do to troubleshoot things like this is to
make a destination such as<br>
<br>
template t_json { template("$(format-json --scope everything
)\n"); template_escape(no); };<br>
destination d_syslog_json { file("/var/log/syslog-json.log"
owner("root") group("syslogs") perm(0640) template(t_json)); };<br>
<br>
and then add this destination right beside the one that you are
having problems with.<br>
<br>
log {<br>
source(your_source);<br>
destination(d_mesg);<br>
destination(d_syslog_json);<br>
};<br>
<br>
and then you can look at all of the macros that are present in the
/var/log/syslog-json.log file and verify<br>
what you think is happening.<br>
<br>
To look at the json object in an easy to use manner, see
<a class="moz-txt-link-freetext" href="http://jsonprettyprint.com/">http://jsonprettyprint.com/</a><br>
<br>
Evan.<br>
<br>
<br>
<br>
On 03/09/2014 04:50 PM, Justin B wrote:<br>
</div>
<blockquote
cite="mid:CACLzEeJx_nLq2D-9hYEm2QSZpUhqDhF8bAYSdTH8pKqYWvJuEw@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
Can you share me a sample of the shell script that I can write to
read the message lines that are being passed and extract those
values into a different variables and output them into output log
files??<br>
<br>
<div class="gmail_quote">On Fri, Mar 7, 2014 at 4:10 PM, Balazs
Scheidler <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:bazsi77@gmail.com" target="_blank">bazsi77@gmail.com</a>></span>
wrote:<br>
<blockquote style="BORDER-LEFT:#ccc 1px solid;MARGIN:0px 0px 0px
0.8ex;PADDING-LEFT:1ex" class="gmail_quote">
<p dir="ltr">You can on stdin but not as arguments.<br>
</p>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_quote">On Mar 7, 2014 9:24 PM, "Justin
B" <<a moz-do-not-send="true"
href="mailto:justinkala@gmail.com" target="_blank">justinkala@gmail.com</a>>
wrote:<br type="attribution">
<blockquote style="BORDER-LEFT:#ccc 1px solid;MARGIN:0px
0px 0px 0.8ex;PADDING-LEFT:1ex" class="gmail_quote">
<div>Yes Empty Fields.</div>
<div> </div>
<div>I am using this log path</div>
<div>log { source (remote); filter (f_messages);
parser (p_apache);destination (r_messages); };</div>
<div> </div>
<div> </div>
<div>Are you saying the I cannot pass the Macro values
to a shell script through Program on destination
driver??<br>
<br>
</div>
<div class="gmail_quote">On Fri, Mar 7, 2014 at 2:47
PM, Evan Rempel <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:erempel@uvic.ca" target="_blank">erempel@uvic.ca</a>></span>
wrote:<br>
<blockquote style="BORDER-LEFT:#ccc 1px
solid;MARGIN:0px 0px 0px 0.8ex;PADDING-LEFT:1ex"
class="gmail_quote">My recollection is that macros
are not expanded for program names. Whant you get
is the environment variables from<br>
the shell that is used to start your program, so
in most cases this will be empty.<br>
<br>
I think this is dangerous and did mantion it on
the list previously.<br>
<div><br>
<br>
On 03/06/2014 10:32 PM, Balazs Scheidler wrote:<br>
> What do you get in your script? Empty
fields?<br>
><br>
> The program destination has to be on a
direct log path subsequent to the parser.<br>
><br>
</div>
<div>> On Mar 4, 2014 7:27 PM, "Justin B" <<a
moz-do-not-send="true"
href="mailto:justinkala@gmail.com"
target="_blank">justinkala@gmail.com</a>
<mailto:<a moz-do-not-send="true"
href="mailto:justinkala@gmail.com"
target="_blank">justinkala@gmail.com</a>>>
wrote:<br>
><br>
><br>
> Hello<br>
> On My Apache logs I applied
csv_parser() and defined the Macros.<br>
> parser p_apache {<br>
> csv-parser(columns("apache.ETSTAMP",
"apache.TYPE",
"apache.EHOSTNAME","apache.ESOURCE",
"apache.EOUTCOME",
"apache.EMSG","apache.EUSERID")<br>
> delimiters("|") );<br>
> };<br>
> I want to launch a script whenever the
UDP messages are in.So I defined the<br>
> destination d_mesg
(program("/tmp/test.sh"
template("|${apache.ETSTAMP}|${apache.TYPE}|${apache.EHOSTNAME}|${apache.ESOURCE}|${apache.EOUTCOME}|${apache.EMSG}|${apache.EUSERID}\n"));
};<br>
> script is working fine with other
destination drivers. Please help<br>
> --<br>
> Kale<br clear="all">
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
</blockquote>
</body>
</html>