[syslog-ng] db-parser
Jacopo Cappelli
jacopo89 at gmail.com
Wed Jul 15 11:34:19 CEST 2009
Work :)
Another thing :P
it's possible to log @ESTRING:id_message: @ only if contains specific word?
Thanks,
Jacopo
2009/7/14 Martin Holste <mcholste at gmail.com>:
> You probably need to install libdbi (libdbi.sourceforge.net) and
> probably some of the drivers for libdbi as well. It should compile
> pretty easily with the standard configure make make install.
>
> On Tue, Jul 14, 2009 at 8:48 AM, Jacopo Cappelli<jacopo89 at gmail.com> wrote:
>> Ok i must use ANYSTRING but for use it i need the 3.1 version but i
>> can't compile it...
>> I download the snapshot from git-web but when i try to "make" but
>> afsql.c:36:21: error: dbi/dbi.h: No such file or directory
>>
>> i download the wrong version?
>>
>> Thank,
>> Jacopo
>>
>> 2009/7/14 Balazs Scheidler <bazsi at balabit.hu>:
>>> On Mon, 2009-07-13 at 19:59 +0200, ILLES, Marton wrote:
>>>> Hi,
>>>>
>>>> First you should simply try a pattern like this:
>>>>
>>>> <pattern>@ESTRING:id_message: @</pattern>
>>>>
>>>> This would match your line and would extract the message id. Than you
>>>> can work on extending it. Also probably the easiest option is to use the
>>>> @ANYSTRING@ parser which would match everything till the end of the
>>>> message. It is available in the 3.1 git tree:
>>>>
>>>> http://git.balabit.hu/?p=bazsi/syslog-ng-3.1.git;a=commit;h=c22ee8dad59b56b9f2d4f85282570d77e931d2be
>>>>
>>>> So your pattern would look something like this:
>>>>
>>>> <pattern>@ESTRING:id_message: @@ANYSTRING:rest@</pattern>
>>>>
>>>> In the sql statement you can than use the ${id_message} and ${rest}
>>>> macros. (Note that ANYSTRING is available only in the 3.1 tree which
>>>> uses the newer patterndb format!)
>>>>
>>>> let me know if it works.
>>>
>>> I didn't have time to completely integrate your patterndb v2 patches, so
>>> it still sits in a local branch and not on master.
>>>
>>> But ANYSTRING is already there.
>>>
>>> --
>>> Bazsi
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>>
>>>
>>
>>
>>
>> --
>> Linux, Windows Xp ed MS-DOS
>> (anche conosciuti come il Bello, il Brutto ed il Cattivo).
>> -- Matt Welsh
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
>>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
--
Linux, Windows Xp ed MS-DOS
(anche conosciuti come il Bello, il Brutto ed il Cattivo).
-- Matt Welsh
More information about the syslog-ng
mailing list