<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">No problem about my name. My fast
fingers make tonnes of errors.<br>
<br>
The application does not log into a file, so that isn't a really
good option.<br>
I have the patterndb working for this, however, I came across
another line that is<br>
<br>
... 20 more<br>
<br>
and has a continuation line preceding it that does NOT end in ...
so I have filter<br>
that one out.<br>
<br>
Does anyone handle java stack dumps gracefully :-)<br>
<br>
Evan<br>
<br>
On 03/20/2018 06:07 AM, Nagy, Gábor wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAETAYnCPJNfLD-z7i4H+F5uGFiH6gOX9UVwj6SF0Yr4L9v6bNg@mail.gmail.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div dir="ltr">Sorry Evan for mistyping your name. :)</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Mar 20, 2018 at 2:06 PM, Nagy,
Gábor <span dir="ltr"><<a
href="mailto:gabor.nagy@balabit.com" target="_blank"
moz-do-not-send="true">gabor.nagy@balabit.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi Elen!<br>
<br>
Does your application log into a file? Because then you
could use multi-line file source with a well-defined
prefix as the "<span
style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">{date}
{host} {program}:</span>".
<div><br>
</div>
<div>Regards,</div>
<div>Gabor</div>
</div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Mar 15, 2018 at 7:10
AM, Scheidler, Balázs <span dir="ltr"><<a
href="mailto:balazs.scheidler@balabit.com"
target="_blank" moz-do-not-send="true">balazs.scheidler@balabit.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="auto">The <span
class="m_-4500865000135016209m_5465107750960201948m_8211379849010350452money">$1</span> is
not set in this case, you can however use
template functions in the value part. E.g. set
line based on the @PCRE@ matcher and overwrite
its value using an expression $(substr $line 0
-3)
<div dir="auto"><br>
</div>
<div dir="auto">Would that work for you?</div>
<div dir="auto"><br>
</div>
</div>
<div class="m_-4500865000135016209HOEnZb">
<div class="m_-4500865000135016209h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mar 15, 2018
02:08, "Evan Rempel" <<a
href="mailto:erempel@uvic.ca"
target="_blank" moz-do-not-send="true">erempel@uvic.ca</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">I have a
case where an application logs something
like<br>
<br>
{date} {host} {program}: my first
line...<br>
...my second line...<br>
...and my third line.<br>
<br>
<br>
I want to make a correlation and unwrap
these lines into<br>
<br>
{date} {host} {program}: my first line
my second line and my third line.<br>
<br>
<br>
I started writing the patterndb to do
this, but matching the ... at the end<br>
<br>
of the line is difficult, so I used
@PCRE:line:(.*)\.\.\.$@<br>
<br>
but I then need to only use the $1 to
set a value<br>
<br>
<values><br>
<value
name="mymessage">$1</value><br>
</values><br>
<br>
<br>
Would this be the correct syntax to do
this?<br>
<br>
Is there an easier way that would
perform well?<br>
<br>
Thanks,<br>
<br>
______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://lists.balabit.hu/mailm<wbr>an/listinfo/syslog-ng</a><br>
Documentation: <a
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://www.balabit.com/support<wbr>/documentation/?product=syslog<wbr>-ng</a><br>
FAQ: <a
href="http://www.balabit.com/wiki/syslog-ng-faq"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://www.balabit.com/wiki/sy<wbr>slog-ng-faq</a><br>
<br>
</blockquote>
</div>
</div>
</div>
</div>
<br>
______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a
href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://lists.balabit.hu/mailm<wbr>an/listinfo/syslog-ng</a><br>
Documentation: <a
href="http://www.balabit.com/support/documentation/?product=syslog-ng"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://www.balabit.com/support<wbr>/documentation/?product=<wbr>syslog-ng</a><br>
FAQ: <a
href="http://www.balabit.com/wiki/syslog-ng-faq"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://www.balabit.com/wiki/sy<wbr>slog-ng-faq</a><br>
<br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">N��n�r����)em�h�yhiם�w^��</pre>
</blockquote>
<p><br>
</p>
</body>
</html>