[syslog-ng] db-parser
Martin Holste
mcholste at gmail.com
Wed Jul 15 15:03:51 CEST 2009
ESTRING will match all characters up until the match character given
and store them in the macro provided, in this case "id_message." The
match character is the last character before the @ symbol, in this
case, a space (ASCII 0x20).
On Wed, Jul 15, 2009 at 4:34 AM, Jacopo Cappelli<jacopo89 at gmail.com> wrote:
> Work :)
> Another thing :P
> it's possible to log @ESTRING:id_message: @ only if contains specific word?
>
> Thanks,
> Jacopo
>
> 2009/7/14 Martin Holste <mcholste at gmail.com>:
>> You probably need to install libdbi (libdbi.sourceforge.net) and
>> probably some of the drivers for libdbi as well. It should compile
>> pretty easily with the standard configure make make install.
>>
>> On Tue, Jul 14, 2009 at 8:48 AM, Jacopo Cappelli<jacopo89 at gmail.com> wrote:
>>> Ok i must use ANYSTRING but for use it i need the 3.1 version but i
>>> can't compile it...
>>> I download the snapshot from git-web but when i try to "make" but
>>> afsql.c:36:21: error: dbi/dbi.h: No such file or directory
>>>
>>> i download the wrong version?
>>>
>>> Thank,
>>> Jacopo
>>>
>>> 2009/7/14 Balazs Scheidler <bazsi at balabit.hu>:
>>>> On Mon, 2009-07-13 at 19:59 +0200, ILLES, Marton wrote:
>>>>> Hi,
>>>>>
>>>>> First you should simply try a pattern like this:
>>>>>
>>>>> <pattern>@ESTRING:id_message: @</pattern>
>>>>>
>>>>> This would match your line and would extract the message id. Than you
>>>>> can work on extending it. Also probably the easiest option is to use the
>>>>> @ANYSTRING@ parser which would match everything till the end of the
>>>>> message. It is available in the 3.1 git tree:
>>>>>
>>>>> http://git.balabit.hu/?p=bazsi/syslog-ng-3.1.git;a=commit;h=c22ee8dad59b56b9f2d4f85282570d77e931d2be
>>>>>
>>>>> So your pattern would look something like this:
>>>>>
>>>>> <pattern>@ESTRING:id_message: @@ANYSTRING:rest@</pattern>
>>>>>
>>>>> In the sql statement you can than use the ${id_message} and ${rest}
>>>>> macros. (Note that ANYSTRING is available only in the 3.1 tree which
>>>>> uses the newer patterndb format!)
>>>>>
>>>>> let me know if it works.
>>>>
>>>> I didn't have time to completely integrate your patterndb v2 patches, so
>>>> it still sits in a local branch and not on master.
>>>>
>>>> But ANYSTRING is already there.
>>>>
>>>> --
>>>> Bazsi
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Linux, Windows Xp ed MS-DOS
>>> (anche conosciuti come il Bello, il Brutto ed il Cattivo).
>>> -- Matt Welsh
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>>
>>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.campin.net/syslog-ng/faq.html
>>
>>
>
>
>
> --
> Linux, Windows Xp ed MS-DOS
> (anche conosciuti come il Bello, il Brutto ed il Cattivo).
> -- Matt Welsh
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
More information about the syslog-ng
mailing list