Hi, I am having problem inserting logs into MySQL using match() that returns more than 10 arguements. destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO mydatabase (content_name) VALUES ('$10');\n") template-escape(yes)); }; filter f_filter { match ("^.*?: \"(.*)\",\"(.*)\",\"(.*)\",\"(.*)\",\"(.*)\",\"(.*)\",\"(.*)\",\"(.*)\",\"(.*)\",\"(.*)$"); }; log { source(s_stunnel); filter(f_filter); destination(d_mysql); }; incoming log message is as followed: "test1","test2","test3","test4","test5","test6","test7","test8","test9","testN","testN1" catting mysql.pipe: $>cat /tmp/mysql.pipe INSERT INTO mydatabase (content_name) VALUES ('test10'); So instead of 'testN', I am getting the 'test1' appends with 0 which is 'test10' Thanks for the help! ____________________________________________________________________________________ Any questions? Get answers on any topic at www.Answers.yahoo.com. Try it now.
your destination is wrong. it should something more like this destination d_mysql { pipe("/var/log/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); }; This will form a proper mysql statement. But to simplify for your example: destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO mydatabase (content_name) VALUES *('$10')*;\n") template-escape(yes)); }; Try reviewing your regex to capture only what you want and then try again. You could for example try making the regex capture only the bit you want so it is contained in $1 instead. But yes I see there is a problem getting the 10th argument, perhaps one of the devs will have more info on how to get $10. -h Hari Sekhon Fat Wallet wrote:
Hi,
I am having problem inserting logs into MySQL using match() that returns more than 10 arguements.
destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO mydatabase (content_name) VALUES ('$10');\n") template-escape(yes)); };
filter f_filter { match ("^.*?: \"(.*)\",\"(.*)\",\"(.*)\",\"(.*)\",\"(.*)\",\"(.*)\",\"(.*)\",\"(.*)\",\"(.*)\",\"(.*)$"); };
log { source(s_stunnel); filter(f_filter); destination(d_mysql); };
incoming log message is as followed: "test1","test2","test3","test4","test5","test6","test7","test8","test9","testN","testN1"
catting mysql.pipe: $>cat /tmp/mysql.pipe
INSERT INTO mydatabase (content_name) VALUES ('test10');
So instead of 'testN', I am getting the 'test1' appends with 0 which is 'test10'
Thanks for the help!
------------------------------------------------------------------------ Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites <http://farechase.yahoo.com/promo-generic-14795097;_ylc=X3oDMTFtNW45amVpBF9TAzk3NDA3NTg5BF9zAzI3MTk0ODEEcG9zAzEEc2VjA21haWx0YWdsaW5lBHNsawNxMS0wNw--> to find flight and hotel bargains. ------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
one more thought, did you try ${10} or something? This works in shell so it's worth a try. -h Hari Sekhon Fat Wallet wrote:
Hi,
I am having problem inserting logs into MySQL using match() that returns more than 10 arguements.
destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO mydatabase (content_name) VALUES ('$10');\n") template-escape(yes)); };
filter f_filter { match ("^.*?: \"(.*)\",\"(.*)\",\"(.*)\",\"(.*)\",\"(.*)\",\"(.*)\",\"(.*)\",\"(.*)\",\"(.*)\",\"(.*)$"); };
log { source(s_stunnel); filter(f_filter); destination(d_mysql); };
incoming log message is as followed: "test1","test2","test3","test4","test5","test6","test7","test8","test9","testN","testN1"
catting mysql.pipe: $>cat /tmp/mysql.pipe
INSERT INTO mydatabase (content_name) VALUES ('test10');
So instead of 'testN', I am getting the 'test1' appends with 0 which is 'test10'
Thanks for the help!
------------------------------------------------------------------------ Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites <http://farechase.yahoo.com/promo-generic-14795097;_ylc=X3oDMTFtNW45amVpBF9TAzk3NDA3NTg5BF9zAzI3MTk0ODEEcG9zAzEEc2VjA21haWx0YWdsaW5lBHNsawNxMS0wNw--> to find flight and hotel bargains. ------------------------------------------------------------------------
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
On Thu, 2007-03-01 at 10:24 +0000, Hari Sekhon wrote:
one more thought, did you try ${10} or something?
This works in shell so it's worth a try.
currently syslog-ng supports max $9. It's not too difficult to add more, I'll look into it. -- Bazsi
Just a thought. I read that it is much more efficient to use and maybe it can make do your job easier. * * filter f_xntp_filter_no_regexp { # original line: "xntpd[1567]: time error -1159.777379 is way too large (set clock manually); program("xntpd") and match("time error .* is way too large .* set clock manually"); }; ** * Use this instead: * filter f_xntp_filter_no_regexp { # original line: "xntpd[1567]: time error -1159.777379 is way too large (set clock manually); program("xntpd") and match("time error") and match("is way too large") and match("set clock manually"); }; * * You can see this information in http://www.campin.net/syslog-ng/faq.html#perf * * Regards, Bruno. On 3/1/07, Balazs Scheidler <bazsi@balabit.hu> wrote:
On Thu, 2007-03-01 at 10:24 +0000, Hari Sekhon wrote:
one more thought, did you try ${10} or something?
This works in shell so it's worth a try.
currently syslog-ng supports max $9. It's not too difficult to add more, I'll look into it.
-- Bazsi
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
participants (4)
-
Balazs Scheidler
-
Bruno Vieira
-
Fat Wallet
-
Hari Sekhon