[syslog-ng]$MSG into different variables?
syslog-ng@lists.balabit.hu
syslog-ng@lists.balabit.hu
Thu, 20 Mar 2003 15:19:22 -0000 (UTC)
Hi,
I'm trying to insert a variety of different logs into a MySql database
from syslog-ng. The logs are coming from cisco routers, squid proxys, FW1
etc. and have a varying number of fields.
The database tables are created with fields that match the different log
formats, - src IP, dest IP, protocol etc.
Since I can match the incoming logs with regexps, it is possible to be
absolutely sure that a given log message will fit into a given table.
What I then would like to do is to split the $MSG into its different
columns (separated by whitespace) and call the corresponding destination
which would look something like this:
destination cisco_icmp {
pipe("/tmp/icmp.pipe"
template("INSERT INTO router_icmp (host, priority, date, time, program,
access_list, if, type_code ) VALUES ( '$HOST', '$PRIORITY',
'$YEAR-$MONTH-$DAY', $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG[6]',
'$MSG[8]', '$MSG[13]' );\n") template-escape(yes));
};
Is this possible to do in syslog-ng? Or is there any other method of
getting the values from the $MSG variable?
I could of course read it from the pipe with some awk or perl script and
build the sql-syntax from there. But since I will have quite a few
different table formats it would then need a perl interpreter running for
each table. Not very pretty IMO.
Any suggestions? Have I missed something?
Thanks!
// Martin