Rereading my answer I may not have been completely clear. Make sure that your parser and the program destination are actually connected on the same log path.

E.g.

log { source(...); parser(p_apache); destination(d_program); };

If your apache parser is on an independent log path, it won't work:

log { source(...); parser(p_apache); destination(...); };

log { source(...); destination(d_program); };

e.g. independent log paths will not inherit from the values set by the earlier log statements. changes are only propagated through the same pipeline.

Hope this helps.

On Fri, Mar 7, 2014 at 7:32 AM, Balazs Scheidler <bazsi77@gmail.com> wrote:

What do you get in your script? Empty fields?

The program destination has to be on a direct log path subsequent to the parser.

On Mar 4, 2014 7:27 PM, "Justin B" <justinkala@gmail.com> wrote:

Hello

On My Apache logs I applied csv_parser() and defined the Macros.

parser p_apache {
csv-parser(columns("apache.ETSTAMP", "apache.TYPE", "apache.EHOSTNAME","apache.ESOURCE", "apache.EOUTCOME", "apache.EMSG","apache.EUSERID")
delimiters("|") );
};

I want to launch a script whenever the UDP messages are in.So I defined the

destination d_mesg (program("/tmp/test.sh" template("|${apache.ETSTAMP}|${apache.TYPE}|${apache.EHOSTNAME}|${apache.ESOURCE}|${apache.EOUTCOME}|${apache.EMSG}|${apache.EUSERID}\n")); };

script is working fine with other destination drivers. Please help
--
Kale

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

--
Bazsi