On Mon, Nov 05, 2001 at 03:03:15PM -0800, Nate Campi wrote:
I just setup sqlsyslogd to output to a mysql database from a program() destination, and it prepends the <29> to the messages sent there as well.
I've been inputting logs into the database all day now, and I see that many different priorities are reported. The problem is that some prioritites are single digit (i.e. <6>) while others are double digit (i.e. <29>), messing up my C prog which parses the syslog messages. It counts on the timestamp portion being a certain number of characters. I found this in afprogram.c: if (self->dest) A_WRITE_STRING(&self->dest->buffer->super, c_format("<%i>%S %S %S\n", msg->pri, msg->date, msg->host, msg->msg)); I tried to remove the priority part: if (self->dest) A_WRITE_STRING(&self->dest->buffer->super, c_format("%S %S %S\n", msg->date, msg->host, msg->msg)); but it won't compile: -DHAVE_CONFIG_H -I. -I/usr/src/syslog-ng-1.4.14/src -I. -O2 -Wall -I/usr/src/libol-0.2.23/src -D_GNU_SOURCE -c afstreams.c /usr/src/libol-0.2.23/utils/make_class <afprogram.c >afprogram.c.xT /bin/sh: /usr/src/libol-0.2.23/utils/make_class: No such file or directory make[3]: *** [afprogram.c.x] Error 127 make[3]: Leaving directory `/usr/src/syslog-ng-1.4.14/src' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/usr/src/syslog-ng-1.4.14/src' make[1]: *** [all-recursive-am] Error 2 make[1]: Leaving directory `/usr/src/syslog-ng-1.4.14/src' make: *** [all-recursive] Error 1 I would really like to ditch the priority info, but if not, can't I at least format the entry like you can with printf() to keep a leading zero when it's a single digit priority? I don't know where c_format() is defined, and if it will accept formatting like this. I suck at C and don't want to have to rewrite this db entry program, I'd have to do it in Perl, and it would be much harder for me than simply modifying syslog-ng a little. TIA, -- Nate Campi http://www.campin.net GnuPG key: 0xC17AEF79 Key fingerprint = BF12 722F 8799 E614 33CC FAB7 5A90 C464 C17A EF79 If I had a ( for every $ the government spent, what would I have? Typical unix response: Too many ('s.