Hi Hari, I'm using 2.0rc but I have solved the problem. I have modified macros.c, line 127, it scapes all characters that are littler than ' ' (space), I just added a new condition to avoid tabs scaping. Best Regards. On 9/22/06, Hari Sekhon <hpsekhon@googlemail.com> wrote:
what version of syslog-ng are you using?
-h
Manuel Mora wrote:
Hi, I'm using syslog-ng as a central logging server, we are redirectioning some machine's logs to a FIFO pipe that is connected to a MySQL DB via a bash script (the typical syslog-ng , MySQL and php-syslog-ng scenario).
destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); };
Our Windows machines are forwarding logs to the central logging server using SNARE and SNARE uses horizontal tabs as field separator. Early we started to notice that the messages had a strange format in our DB so we redirectioned logs to a file using the same template to check for problems.
In the field corresponding to '$MSG' we obtained the next message (with \011\ instead of tabs) :
'EMGDCW502.esp.e-corpnet.org\011MSWinEventLog\0111\011Security\01111688642\011Wed
Sep 06 11:20:06 2006\011540\011Security\011ANONYMOUS LOGON\011Well Known Group\011Success Audit\011EMGDCW502\011Logon/Logoff\011\011Successful Network Logon: User Name: Domain: Logon ID: (0x1,0xFAC17236) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: EMCANW501 Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.210.32.230 Source Port: 0 \01111688641'
If we use template-escape(no) the message was received correctly so there is a problem with the parsing when template-escape is set to yes, it affects tab characters and it should affect only to ' and " characters.
Are there any solutions for this?
Best Regards. Manuel Mora _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Hari Sekhon
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html