[syslog-ng] change msg text before db inserting
Henk van Lingen
H.G.K.vanLingen at uu.nl
Fri Jun 26 10:14:53 CEST 2009
Hi,
Is is possible to change the message text before it is inserted
into a database?
I have syslog-ng-3.0.2 running and it does insert the messages directly
into a PostgreSQL database, using the new sql(type(pgsql) destination
feature.
The problem is I have lots of cisco firewall loggings, and in the database
I have of gin index for doing full text searching. For this index,
the database decomposes the message into tokens. I want to be able to
search on IP-numbers. However, in lines like
world/123.456.192.46(0) -> some-fwsm/123.456.221.121(0)
this won't work because the tokens are world/123.456.192.46 and
/123.456.192.46, not 123.456.192.46.
To solve the prob it would be nice if there is a way to replace the slashes
with spaces before the message goes to the database.
Regards,
--
Henk van Lingen, (o- -+
Netwerk & Telefonie, ICT Service Center /\ |
Universiteit Utrecht, Jenalaan 18a, kamer 1.40 v_/_
http://henk.vanlingen.net/ http://www.tuxtown.net/netiquette/
More information about the syslog-ng
mailing list