Work :) Another thing :P it's possible to log @ESTRING:id_message: @ only if contains specific word? Thanks, Jacopo 2009/7/14 Martin Holste <mcholste@gmail.com>:
You probably need to install libdbi (libdbi.sourceforge.net) and probably some of the drivers for libdbi as well. It should compile pretty easily with the standard configure make make install.
On Tue, Jul 14, 2009 at 8:48 AM, Jacopo Cappelli<jacopo89@gmail.com> wrote:
Ok i must use ANYSTRING but for use it i need the 3.1 version but i can't compile it... I download the snapshot from git-web but when i try to "make" but afsql.c:36:21: error: dbi/dbi.h: No such file or directory
i download the wrong version?
Thank, Jacopo
2009/7/14 Balazs Scheidler <bazsi@balabit.hu>:
On Mon, 2009-07-13 at 19:59 +0200, ILLES, Marton wrote:
Hi,
First you should simply try a pattern like this:
<pattern>@ESTRING:id_message: @</pattern>
This would match your line and would extract the message id. Than you can work on extending it. Also probably the easiest option is to use the @ANYSTRING@ parser which would match everything till the end of the message. It is available in the 3.1 git tree:
http://git.balabit.hu/?p=bazsi/syslog-ng-3.1.git;a=commit;h=c22ee8dad59b56b9...
So your pattern would look something like this:
<pattern>@ESTRING:id_message: @@ANYSTRING:rest@</pattern>
In the sql statement you can than use the ${id_message} and ${rest} macros. (Note that ANYSTRING is available only in the 3.1 tree which uses the newer patterndb format!)
let me know if it works.
I didn't have time to completely integrate your patterndb v2 patches, so it still sits in a local branch and not on master.
But ANYSTRING is already there.
-- Bazsi
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Linux, Windows Xp ed MS-DOS (anche conosciuti come il Bello, il Brutto ed il Cattivo). -- Matt Welsh ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Linux, Windows Xp ed MS-DOS (anche conosciuti come il Bello, il Brutto ed il Cattivo). -- Matt Welsh