[syslog-ng] db-parser
Balazs Scheidler
bazsi at balabit.hu
Tue Jul 14 09:03:59 CEST 2009
On Mon, 2009-07-13 at 19:59 +0200, ILLES, Marton wrote:
> Hi,
>
> First you should simply try a pattern like this:
>
> <pattern>@ESTRING:id_message: @</pattern>
>
> This would match your line and would extract the message id. Than you
> can work on extending it. Also probably the easiest option is to use the
> @ANYSTRING@ parser which would match everything till the end of the
> message. It is available in the 3.1 git tree:
>
> http://git.balabit.hu/?p=bazsi/syslog-ng-3.1.git;a=commit;h=c22ee8dad59b56b9f2d4f85282570d77e931d2be
>
> So your pattern would look something like this:
>
> <pattern>@ESTRING:id_message: @@ANYSTRING:rest@</pattern>
>
> In the sql statement you can than use the ${id_message} and ${rest}
> macros. (Note that ANYSTRING is available only in the 3.1 tree which
> uses the newer patterndb format!)
>
> let me know if it works.
I didn't have time to completely integrate your patterndb v2 patches, so
it still sits in a local branch and not on master.
But ANYSTRING is already there.
--
Bazsi
More information about the syslog-ng
mailing list