[syslog-ng] Can TAG field be terminated by space?
Balazs Scheidler
bazsi at balabit.hu
Mon Dec 31 10:59:23 CET 2007
On Sun, 2007-12-30 at 08:22 -0800, Evan Rempel wrote:
> MSG is not sufficient because it forces the message, program and PID to be controlled
> as one piece. My example of recreating the original syslog record was overly simplistic
> and can be accomplished as you indicate with the MSG expansion.
>
> I had forgotten about PID which seems appropriate, PROVIDED it is not required to be numeric.
> We have a few applications that use the text between the [] as an instance name
> and is made up of letters and numbers.
>
> All of the more complicated examples I can think of are for data mining purposes
> and as such go through an external program that places the syslog data into a storage
> engine (database). In all of these cases, external parsing of the program[pid] can
> be done. IMHO it would be cleaner to parse the message in syslog-ng to create an output
> stream that has all of the message pieces broken apart
>
> DATE HOST FACILITY PRIORITY PROGRAM PID MSGONLY
>
> and this seems to have been addressed by the PID, with the one caveate that it must accept
> non-numeric data.
It does.
--
Bazsi
More information about the syslog-ng
mailing list