On Thu, Mar 20, 2003 at 03:19:22PM -0000, m@ervius.net wrote:
Hi,
I'm trying to insert a variety of different logs into a MySql database from syslog-ng. The logs are coming from cisco routers, squid proxys, FW1 etc. and have a varying number of fields.
The database tables are created with fields that match the different log formats, - src IP, dest IP, protocol etc.
Since I can match the incoming logs with regexps, it is possible to be absolutely sure that a given log message will fit into a given table.
What I then would like to do is to split the $MSG into its different columns (separated by whitespace) and call the corresponding destination which would look something like this:
destination cisco_icmp { pipe("/tmp/icmp.pipe" template("INSERT INTO router_icmp (host, priority, date, time, program, access_list, if, type_code ) VALUES ( '$HOST', '$PRIORITY', '$YEAR-$MONTH-$DAY', $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG[6]', '$MSG[8]', '$MSG[13]' );\n") template-escape(yes)); };
Is this possible to do in syslog-ng? Or is there any other method of getting the values from the $MSG variable?
I could of course read it from the pipe with some awk or perl script and build the sql-syntax from there. But since I will have quite a few different table formats it would then need a perl interpreter running for each table. Not very pretty IMO.
something similar is available in 1.9.x but that is still not ready for production environments. the syntax is to use $1 .. $9 in place of $MSG[13] -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1