[syslog-ng] db-parser
Martin Holste
mcholste at gmail.com
Tue Jul 14 16:41:14 CEST 2009
You probably need to install libdbi (libdbi.sourceforge.net) and
probably some of the drivers for libdbi as well. It should compile
pretty easily with the standard configure make make install.
On Tue, Jul 14, 2009 at 8:48 AM, Jacopo Cappelli<jacopo89 at gmail.com> wrote:
> Ok i must use ANYSTRING but for use it i need the 3.1 version but i
> can't compile it...
> I download the snapshot from git-web but when i try to "make" but
> afsql.c:36:21: error: dbi/dbi.h: No such file or directory
>
> i download the wrong version?
>
> Thank,
> Jacopo
>
> 2009/7/14 Balazs Scheidler <bazsi at balabit.hu>:
>> On Mon, 2009-07-13 at 19:59 +0200, ILLES, Marton wrote:
>>> Hi,
>>>
>>> First you should simply try a pattern like this:
>>>
>>> <pattern>@ESTRING:id_message: @</pattern>
>>>
>>> This would match your line and would extract the message id. Than you
>>> can work on extending it. Also probably the easiest option is to use the
>>> @ANYSTRING@ parser which would match everything till the end of the
>>> message. It is available in the 3.1 git tree:
>>>
>>> http://git.balabit.hu/?p=bazsi/syslog-ng-3.1.git;a=commit;h=c22ee8dad59b56b9f2d4f85282570d77e931d2be
>>>
>>> So your pattern would look something like this:
>>>
>>> <pattern>@ESTRING:id_message: @@ANYSTRING:rest@</pattern>
>>>
>>> In the sql statement you can than use the ${id_message} and ${rest}
>>> macros. (Note that ANYSTRING is available only in the 3.1 tree which
>>> uses the newer patterndb format!)
>>>
>>> let me know if it works.
>>
>> I didn't have time to completely integrate your patterndb v2 patches, so
>> it still sits in a local branch and not on master.
>>
>> But ANYSTRING is already there.
>>
>> --
>> Bazsi
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
>>
>
>
>
> --
> Linux, Windows Xp ed MS-DOS
> (anche conosciuti come il Bello, il Brutto ed il Cattivo).
> -- Matt Welsh
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
More information about the syslog-ng
mailing list