If you find a solution to this, *please please please* post it to the list! :-) Thanks! --J
-----Original Message----- From: m@ervius.net [mailto:m@ervius.net] Sent: Thursday, March 20, 2003 9:19 AM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]$MSG into different variables?
Hi,
I'm trying to insert a variety of different logs into a MySql database from syslog-ng. The logs are coming from cisco routers, squid proxys, FW1 etc. and have a varying number of fields.
The database tables are created with fields that match the different log formats, - src IP, dest IP, protocol etc.
Since I can match the incoming logs with regexps, it is possible to be absolutely sure that a given log message will fit into a given table.
What I then would like to do is to split the $MSG into its different columns (separated by whitespace) and call the corresponding destination which would look something like this:
destination cisco_icmp { pipe("/tmp/icmp.pipe" template("INSERT INTO router_icmp (host, priority, date, time, program, access_list, if, type_code ) VALUES ( '$HOST', '$PRIORITY', '$YEAR-$MONTH-$DAY', $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG[6]', '$MSG[8]', '$MSG[13]' );\n") template-escape(yes)); };
Is this possible to do in syslog-ng? Or is there any other method of getting the values from the $MSG variable?
I could of course read it from the pipe with some awk or perl script and build the sql-syntax from there. But since I will have quite a few different table formats it would then need a perl interpreter running for each table. Not very pretty IMO.
Any suggestions? Have I missed something?
Thanks!
// Martin
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html