On 03/01/2011 07:36 PM, Balazs Scheidler wrote:
This patch I've just pushed to my repo at git://git.balabit.hu/gyp/syslog-ng-3.2.git does just that:
commit 31cedfa84839459046a5b0acd5fb42339e1da807 Author: Peter Gyongyosi<gyp@balabit.hu> Date: Fri Feb 25 11:31:03 2011 +0100
pdbtool patternize: added the --no-parse option
This allows for the manual processing of the to-be-patternized log messages instead of requiring it to be in a parsable RFC-compliant log format.
After this, you can do things like
cat logfile.log | cut -d' ' -f4- | pdbtool patternize --no-parse -f -
It's still based on 3.2, but I guess it should apply trivially on 3.3 as well. If not, let me know and I'll open my 3.3 branch and add it there, too. (And if you're not doing it already, you should really try patternize with 3.3, as since a couple of days ago, it contains Balint Kovacs's patch which allows you to specify word delimiters instead of using only the hardcoded space char for this purpose, which can *drastically* improve the quality of your patterns.)
Can you please paste a Signed-off-by line in an email reply (or perhaps rebase the patch with the signed-off-by line added) please?
Hi, I've created my 3.3 branch at git://git.balabit.hu/gyp/syslog-ng-3.3.git and added the patch there with the Signed-off line: commit 8e2d2608f7a50c52f9a26315cdf639d173c69f15 Author: Peter Gyongyosi<gyp@balabit.hu> Date: Wed Mar 2 10:38:01 2011 +0100 pdbtool patternize: added the --no-parse option This allows for the manual processing of the to-be-patternized log messages instead of requiring it to be in a parsable RFC-compliant log format. Signed-off-by: Peter Gyongyosi<gyp@balabit.hu> greets, Peter