[syslog-ng] Parsing Question
Jakub Jankowski
shasta at toxcorp.com
Fri Jul 29 19:22:36 CEST 2011
On 2011-07-29, Brandon Phelps wrote:
> Could anyone explain how I would parse a message that looks like this:
> Jul 29 08:58:38 192.168.1.1 id=firewall sn=0017C5158708 time="2011-07-29
> 08:58:38" fw=100.1.1.1 pri=6 c=262144 m=98 msg="Connection Opened" n=0
> src=192.168.2.100:123:X0 dst=74.1.2.3:X1 proto=udp/ntp
>
> I am logging to mysql and would like to extract the 'src' and 'dst'
> fields from the above message so that I can insert them into indexed
> fields in my database.
[...]
> Is my only option in this case to write a perl script or something that
> watches a named pipe and have syslog-ng log to the named pipe instead,
> while my perl script does the actual parsing? Or can I do what I want
> with syslog-ng alone?
You seriously need to look at patterndb functionality.
http://bazsi.blogs.balabit.com/2009/03/an-introduction-to-db-parser/
http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guide-admin-en.html/index.html-single.html#chapter-patterndb
HTH.
--
Jakub Jankowski|shasta at toxcorp.com|http://toxcorp.com/
GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
More information about the syslog-ng
mailing list