Hi, it's possible to personalize mysql logging? actually i have $HOST,$FACILITY,$PRIORITY,$LEVEL,$TAG,$YEAR-$MONT-$DAY, $HOUR:$MIN:$SEC; $PROGRAM,$MSG i want to decompose $MGS in sub-level field because in $MSG i have a email-id and i use it to make web research. Thanks, Jacopo -- Linux, Windows Xp ed MS-DOS (anche conosciuti come il Bello, il Brutto ed il Cattivo). -- Matt Welsh
On Mon, 2009-07-06 at 11:58 +0200, Jacopo Cappelli wrote:
Hi, it's possible to personalize mysql logging? actually i have $HOST,$FACILITY,$PRIORITY,$LEVEL,$TAG,$YEAR-$MONT-$DAY, $HOUR:$MIN:$SEC; $PROGRAM,$MSG i want to decompose $MGS in sub-level field because in $MSG i have a email-id and i use it to make web research.
with syslog-ng 3.0 you can. you can either parse the message using db-parser(), or csv-parser() (see the related blog posts, google will find them) once your message is parsed, you can reference custom fields in your sql destination, thus put any parsed value in a separate SQL column. -- Bazsi
2009/7/6 Balazs Scheidler <bazsi@balabit.hu>:
On Mon, 2009-07-06 at 11:58 +0200, Jacopo Cappelli wrote:
Hi, it's possible to personalize mysql logging? actually i have $HOST,$FACILITY,$PRIORITY,$LEVEL,$TAG,$YEAR-$MONT-$DAY, $HOUR:$MIN:$SEC; $PROGRAM,$MSG i want to decompose $MGS in sub-level field because in $MSG i have a email-id and i use it to make web research.
with syslog-ng 3.0 you can.
you can either parse the message using db-parser(), or csv-parser() (see the related blog posts, google will find them)
once your message is parsed, you can reference custom fields in your sql destination, thus put any parsed value in a separate SQL column.
-- Bazsi
parser p_assp { csv-parser(columns("ID_MESSAGE","MSG") delimiters(" ") flags(escape-none) template("${HOST}") ); }; my $MSG is: m-1234-5678 <other information of mail delivery> i want to have a field on mysql named id_message that contain the message id but i have a difficult to do a parser that do it... Thanks, Jacopo -- Linux, Windows Xp ed MS-DOS (anche conosciuti come il Bello, il Brutto ed il Cattivo). -- Matt Welsh
2009/7/6 Jacopo Cappelli <jacopo89@gmail.com>:
2009/7/6 Balazs Scheidler <bazsi@balabit.hu>:
On Mon, 2009-07-06 at 11:58 +0200, Jacopo Cappelli wrote:
Hi, it's possible to personalize mysql logging? actually i have $HOST,$FACILITY,$PRIORITY,$LEVEL,$TAG,$YEAR-$MONT-$DAY, $HOUR:$MIN:$SEC; $PROGRAM,$MSG i want to decompose $MGS in sub-level field because in $MSG i have a email-id and i use it to make web research.
with syslog-ng 3.0 you can.
you can either parse the message using db-parser(), or csv-parser() (see the related blog posts, google will find them)
once your message is parsed, you can reference custom fields in your sql destination, thus put any parsed value in a separate SQL column.
-- Bazsi
parser p_assp { csv-parser(columns("ID_MESSAGE","MSG") delimiters(" ") flags(escape-none) template("${HOST}") ); };
my $MSG is: m-1234-5678 <other information of mail delivery>
i want to have a field on mysql named id_message that contain the message id but i have a difficult to do a parser that do it...
Thanks, Jacopo
Mmm... Ok work but with csv-parser parse all string? It's possible to split only the first word? Because i can't do 20 field on db for store all split... Thanks, Jacopo -- Linux, Windows Xp ed MS-DOS (anche conosciuti come il Bello, il Brutto ed il Cattivo). -- Matt Welsh
On Mon, 2009-07-06 at 17:15 +0200, Jacopo Cappelli wrote:
2009/7/6 Jacopo Cappelli <jacopo89@gmail.com>:
2009/7/6 Balazs Scheidler <bazsi@balabit.hu>:
On Mon, 2009-07-06 at 11:58 +0200, Jacopo Cappelli wrote:
Hi, it's possible to personalize mysql logging? actually i have $HOST,$FACILITY,$PRIORITY,$LEVEL,$TAG,$YEAR-$MONT-$DAY, $HOUR:$MIN:$SEC; $PROGRAM,$MSG i want to decompose $MGS in sub-level field because in $MSG i have a email-id and i use it to make web research.
with syslog-ng 3.0 you can.
you can either parse the message using db-parser(), or csv-parser() (see the related blog posts, google will find them)
once your message is parsed, you can reference custom fields in your sql destination, thus put any parsed value in a separate SQL column.
-- Bazsi
parser p_assp { csv-parser(columns("ID_MESSAGE","MSG") delimiters(" ") flags(escape-none) template("${HOST}") ); };
my $MSG is: m-1234-5678 <other information of mail delivery>
i want to have a field on mysql named id_message that contain the message id but i have a difficult to do a parser that do it...
Thanks, Jacopo
Mmm... Ok work but with csv-parser parse all string? It's possible to split only the first word? Because i can't do 20 field on db for store all split...
You can use the "greedy" flag, then your last field will get the "rest of the line" not just one column. -- Bazsi
2009/7/8 Balazs Scheidler <bazsi@balabit.hu>:
On Mon, 2009-07-06 at 17:15 +0200, Jacopo Cappelli wrote:
2009/7/6 Jacopo Cappelli <jacopo89@gmail.com>:
2009/7/6 Balazs Scheidler <bazsi@balabit.hu>:
On Mon, 2009-07-06 at 11:58 +0200, Jacopo Cappelli wrote:
Hi, it's possible to personalize mysql logging? actually i have $HOST,$FACILITY,$PRIORITY,$LEVEL,$TAG,$YEAR-$MONT-$DAY, $HOUR:$MIN:$SEC; $PROGRAM,$MSG i want to decompose $MGS in sub-level field because in $MSG i have a email-id and i use it to make web research.
with syslog-ng 3.0 you can.
you can either parse the message using db-parser(), or csv-parser() (see the related blog posts, google will find them)
once your message is parsed, you can reference custom fields in your sql destination, thus put any parsed value in a separate SQL column.
-- Bazsi
parser p_assp { csv-parser(columns("ID_MESSAGE","MSG") delimiters(" ") flags(escape-none) template("${HOST}") ); };
my $MSG is: m-1234-5678 <other information of mail delivery>
i want to have a field on mysql named id_message that contain the message id but i have a difficult to do a parser that do it...
Thanks, Jacopo
Mmm... Ok work but with csv-parser parse all string? It's possible to split only the first word? Because i can't do 20 field on db for store all split...
You can use the "greedy" flag, then your last field will get the "rest of the line" not just one column.
-- Bazsi
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
If i use flags(greedy) syslog-ng not log on mysql. Without log. syslog-ng -V syslog-ng 3.0.3 Revision: ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master#08c9bf9d98e4e021756adc12c42605840140ba8b Compile-Date: Jun 25 2009 07:10:36 Enable-Threads: on Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-Sun-STREAMS: off Enable-Sun-Door: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: off Enable-SSL: on Enable-SQL: on Enable-Linux-Caps: on Enable-Pcre: off Hi, Jacopo -- Linux, Windows Xp ed MS-DOS (anche conosciuti come il Bello, il Brutto ed il Cattivo). -- Matt Welsh
participants (2)
-
Balazs Scheidler
-
Jacopo Cappelli