[syslog-ng] message parsing help
blenox at gmx.net
blenox at gmx.net
Tue Oct 4 19:15:58 CEST 2005
Hello All, i have a few questions about syslog-ng message parsing
is it possible to scan each syslog message for system-notification*(traffic)
once this matches, to insert the values !splitted!
into a database with the the following fields:
device_id
start_time
duration
policy_id
service
ip_proto
src_zone
dst_zone
action
sent
rcvd
src_ip
dst_ip
src_port
dst_port
src_xlated_ip
dst_xlated_ip
port
session_id
the whole message looks like this:
Oct 3 15:35:32 172.10.0.10 NS50: NetScreen device_id=NS50 [No
Name]system-notification-00257(traffic): start_time="2005-10-03 15:01:37"
duration=21 policy_id=1 service=https proto=6 src zone=Trust dst
zone=Untrust action=Permit sent=2454 rcvd=1601 src=172.18.12.10
dst=172.17.10.24 src_port=1458 dst_port=443 src-xlated ip=172.18.12.113
port=1458 session_id=63649
i was able to filter certain messages, but never to split up the real
"message field".
Any help with examples would be great im using syslog-ng 1.6.8
Cheers and thank's in advance
Marco
--
GMX DSL = Maximale Leistung zum minimalen Preis!
2000 MB nur 2,99, Flatrate ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl
More information about the syslog-ng
mailing list