Chad C. Walstrom wrote:
template("INSERT INTO mytable ( host, facility, priority, level, tag, date, time, program, msg) VALUES( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG');\n"));
Mordechai T. Abzug wrote:
NB: from a security perspective, this may not be a good idea. What if $MSG is created by a hostile host and includes a single quote followed by some SQL statement? This is the standard "mixed code + externally supplied data" problem.
It looks like I'll have to go with raw data output, probably pipe-delimited with the $MSG text as the last field. I could see the next iteration of the template() option to be an escaped version, where you can specify what your escape character should be and which characters it should apply to. Something like: destination{ file("/tmp/blah" template( "$MSG" escape("\") to-escape("'\"\\") ) ); }; Nasty grammar to escape ', ", and \, but necessary if you think about it. Ideas, flames, suggestions? BTW, I'm willing to code and send in patches; I just need to figure out this funky use of scheme... -- Chad Walstrom <chewie@wookimus.net> | a.k.a. ^chewie http://www.wookimus.net/ | s.k.a. gunnarr Key fingerprint = B4AB D627 9CBD 687E 7A31 1950 0CC7 0B18 206C 5AFD