[syslog-ng] Parser not parsing :-)
T. A. Smooth
catdaaaady at gmail.com
Mon Feb 6 20:37:58 CET 2012
Okay this is really weird. Sorry again.
I pasted contents of the email here with the configuration .
Hopefully this is not too much of a inconvenience.
http://pastebin.com/YQUD5TrA
On Mon, Feb 6, 2012 at 11:27 AM, T. A. Smooth <catdaaaady at gmail.com> wrote:
> Looks like my last email was chopped off .
> Here it is again.
> ################
>
> I can only assume I am not implementing this correctly. :-)
>
> But I have a parser I am trying to use so I can take a subset of the
> information of a message and send that subset to another receiver.
> This is the whole message:
>
> <13>Feb 4 18:40:17 myhost syslogng: 2012-02-04T18:40:17-08:00
> myhostserver-http /tmp/logs/access_log Hi Mom
>
> What I want to do is send out the message as :
>
> <13>Feb 4 18:40:17 myhost syslogng: Hi Mom
>
> Notice how I dropped the middle part out.
>
> From what I have read, the parser acts on the message body alone. Is
> this correct?
> So I set it up to look for four(4) columns of data and to be "greedy"
> on the last column.
>
> I have played around with the number of columns and even used a
> rewrite function instead. But the Parser continues to produce empty
> variables. And my template just echos out my default value.
>
> Any thoughts?
>
>
>
>
>
> parser p_et_logmessage {
> csv-parser(
> #columns("ETMSG")
> #columns("ETMSG.ISODATE")
> columns("ETMSG.ISODATE", "ETMSG.EASI", "ETMSG.SOURCE",
> "ETMSG.BODY")
> delimiters(" ")
> #template("${MSG}")
> flags(greedy)
> );
> };
>
> rewrite r_rewrite_set{set('${ETMSG.BODY:-nothing}', value("MESSAGE"));};
>
> template t_et_basic_logmessage {
> template("${ETMSG.BODY:-nothing}\n"); template_escape(no); };
>
>
> destination destination_info {
> tcp("host2" port(8080)
> template(t_et_basic_logmessage)
> log_disk_fifo_size(32212254720)
> );
> };
>
> log {
> source(INTAKE);
> parser(p_et_logmessage);
> destination(destination_info);
> };
>
>
>
>
>
>
>
>
> On Mon, Feb 6, 2012 at 11:07 AM, T. A. Smooth <catdaaaady at gmail.com> wrote:
>>
>> I can only assume I am not implementing this correctly. :-)
>>
>> But I have a parser I am trying to use so I can take a subset of the information of a message and send that subset to another receiver.
>> This is the whole message:
>>
>>> <13>Feb 4 18:40:17 myhost syslogng: 2012-02-04T18:40:17-08:00 myhostserver-http /tmp/logs/access_log Hi Mom
>>
>>
>> What I want to do is send out the message as :
>>
>>> <13>Feb 4 18:40:17 myhost syslogng: Hi Mom
>>
>>
>> Notice how I dropped the middle part out.
>>
>> From what I have read, the parser acts on the message body alone. Is this correct?
>> So I set it up to look for four(4) columns of data and to be "greedy" on the last column.
>>
>> I have played around with the number of columns and even used a rewrite function instead. But the Parser continues to produce empty variables. And my template just echos out my default value.
>>
>> Any thoughts?
>>
>>
>>>
>>>
>>>
>>> parser p_et_logmessage {
>>> csv-parser(
>>> #columns("ETMSG")
>>> #columns("ETMSG.ISODATE")
>>> columns("ETMSG.ISODATE", "ETMSG.EASI", "ETMSG.SOURCE", "ETMSG.BODY")
>>> delimiters(" ")
>>> #template("${MSG}")
>>> flags(greedy)
>>> );
>>> };
>>
>>
>>>
>>> rewrite r_rewrite_set{set('${ETMSG.BODY:-nothing}', value("MESSAGE"));};
>>>
>>> template t_et_basic_logmessage {
>>> template("${ETMSG.BODY:-nothing}\n"); template_escape(no); };
>>>
>>>
>>> destination destination_info {
>>> tcp("host2" port(8080)
>>> template(t_et_basic_logmessage)
>>> log_disk_fifo_size(32212254720)
>>> );
>>> };
>>>
>>> log {
>>> source(INTAKE);
>>> parser(p_et_logmessage);
>>> destination(destination_info);
>>> };
>>
>>
>>
>>
>> My latest Post: Givenchy Fall/Winter 2012 Collection – Runway | Highsnobiety.com
>> Get a signature like this. CLICK HERE.
More information about the syslog-ng
mailing list