Hello all, This may be off topic, but I would be very appreciative of any help. I am using the sqlsyslogd file from http://www.frasunek.com/sources/security/sqlsyslogd/. But when it reads from the logs coming into syslog, on the time stamp field, it adds some text in <> signs, and does not fully capture the time stamp. Does anyone know what these are? And more important, how does one get the script to get fully imput the time stamp in the syslogs? Does anyone have any tricks to the sqlsyslog.c file that might fix this? If this is not the correct forum, then please forward me to the right person or place. Thank you in advance, Ron Clark actual syslog: Sep 30 16:03:05 system1 /kernel: mysql entry: | 15468 | <118>Sep 30 18: | system1 | psmintr |
On Thu, Sep 30, 2004 at 08:16:08PM -0500, Ron Clark wrote:
This may be off topic, but I would be very appreciative of any help. I am using the sqlsyslogd file from http://www.frasunek.com/sources/security/sqlsyslogd/.
Well it's not off topic, since it deals with syslog-ng also.
But when it reads from the logs coming into syslog, on the time stamp field, it adds some text in <> signs, and does not fully capture the time stamp. Does anyone know what these are? And more important, how does one get the script to get fully imput the time stamp in the syslogs? Does anyone have any tricks to the sqlsyslog.c file that might fix this?
Use templates, as Bazsi said to the last person who asked: https://lists.balabit.hu/pipermail/syslog-ng/2004-July/006256.html In the old days I patched sqlsyslogd to simply not print that part of the message, pretty simple actually: diff sqlsyslogd.c sqlsyslogd-orig.c 141c141 < loghost = strtok((strstr(buf,">") + 1) + 16, " "); ---
loghost = strtok(buf + 16, " ");
143,144c143 < strlen(logprog) + 3; */ < logmesg = (strstr(buf,">") + 1) + 16 + strlen(loghost) + ---
logmesg = buf + 16 + strlen(loghost) +
...but use the template option for sure. -- Nate "C is quirky, flawed, and an enormous success." - Dennis M. Ritchie.
participants (2)
-
Nate Campi
-
Ron Clark