[syslog-ng] Growing log files (i.e. access.log) and regex.

Robert.Becker at motoristsgroup.com Robert.Becker at motoristsgroup.com
Tue Oct 11 19:24:03 CEST 2005





Here's the scenario.  We have a JBoss server that outputs to *.log files.
After doing all the research I could, I found out the only way to get these
logs sent to syslog-ng was through a tail & logger command. The problem
with that is logger appends the date and some other information to that
logged message.  When attempting to put that information in a mysql
database I'm getting errors.  So, what I would like to do is use some form
of regex to alter the statement so it can be inserted into a database.
There are basically two things that need to be changed.  First, logger
appends the date/time it receives the message and it also says it is coming
from logger.  I would like to remove that date and switch logger to jboss
or something similar.

Here is an example of what I am doing.

This is a line from the jboss log file:
2005-10-11 13:14:15,848 DEBUG
[org.jboss.resource.connectionmanager.IdleRemover] run: IdleRemover
notifying pools, interval: 450000

Then I send the log through logger to syslog-ng:

#!/bin/sh
tail -f /opt/jboss/server/default/log/boot.log | logger -p local7.info

The log gets turned into this:
Oct 11 13:14:15 src at linuxp17 logger: 2005-10-11 13:14:15,848 DEBUG
[org.jboss.resource.connectionmanager.IdleRemover] run: IdleRemover
notifying pools, interval: 450000

What I need is:

Oct 11 13:14:15 src at linuxp17 jboss: DEBUG
[org.jboss.resource.connectionmanager.IdleRemover] run: IdleRemover
notifying pools, interval: 450000


Now, I've thought of using awk in the tail/logger script to remove the
date, but that does not take care of the logger/jboss substitution.  Anyone
have any ideas?  Can syslog-ng do this with the match() function?

-Rob Becker
Systems Engineer
Motorists Insurance


**********************************************************************
The information contained in this message is confidential and is
intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Motorists Insurance Group will not be liable for direct, special, indirect or consequential damages arising from the alteration of the contents of this message by a third party or as a result of any virus being passed on.

**********************************************************************


More information about the syslog-ng mailing list