[syslog-ng] Syslog-NG Windows Agent collecting Logs
Balazs Scheidler
bazsi at balabit.hu
Tue Mar 1 20:09:44 CET 2011
On Mon, 2011-02-07 at 12:45 +0100, Zoltán Pallagi wrote:
> Hi,
>
> Unfortunatelly, agent cannot do that. It doesn't parse the message parts
> coming from file source, just will use the whole line as a full message.
> If you need these information, you should use patterndb or filters to
> parse in syslog-ng.
perhaps use a dedicated port to accept messages from the Agent, and
rewrite the message to remove the header. The easiest way would be to
use csv-parser(), by separating the message using space as a separator.
Then assign the parsed out values to the normal syslog-ng name-value
pairs.
Something along the lines of:
parser p_winagent { csv-parser(delimiters(' ') columns('app.date', 'app.pri', 'app.name', 'MESSAGE') flags(greedy)); };
This will assign the various fields into name-value pairs and the remaining
field into "MESSAGE" which is the same as the syslog message field.
>
> On 2011-02-07 12:07, Heinze, René wrote:
> > Hi,
> >
> >
> >
> > I´m having the following problem with the Syslog-Agent for Windows:
> >
> > Our application writes log messages in a log file according the schema: “date + priority + application name + message text”
> >
> > When the Syslog-ng agent collects those log messages from the file it does not extract date, priority, etc. from the log message but assigns its own values (according its configuration) and uses the entire line as message text.
> >
> > What we want instead is that the Syslog-ng agent extracts that information from the line and uses only the actual message text as message text.
> >
> > Is this possible?
> >
> >
> >
> > Thanks.
> >
> >
> >
> > René
> >
> > ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.campin.net/syslog-ng/faq.html
> >
> >
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
--
Bazsi
More information about the syslog-ng
mailing list