[syslog-ng] How to use parser
大町 靖
ya_omachi at yahoo.co.jp
Wed Feb 8 06:57:02 CET 2012
Hello Robert,
Thanks for your effort.
I rewrite the configurtion below.
parser p1{
csv-parser(columns("Msg1","Msg2")
delimiters("#AA#")
# template ("$Msg1\n$Msg2");
};
destination d_mesge { file("/var/log/messages" template("$MSG1\nMSG2\n")); };
log { source(s_sys); parser(p1); destination(d_mesg); };
But the result isn't unexpected.
I want to divide by "#AA#". ("#AA#" is a string.)
It seems that the result is divided by the '#' or 'A' . (character).
For example, the messages is "12A456 #AA# 789".
The result is MSG1 = 12 MSG2=456.
I expect that MSG1=12A456 MSG2=789.
What should I do ?
Thanks,
Yasu
===
Hi,
remove the template() option from the parser definition and add it to the
definition of the destination.
Regards,
Robert
On 02/07/2012 03:50 PM, 大町 靖 wrote:
> Hello Experts,
>
> Please let me know how to use parser setting.
>
> This is the syslog message.
> Msg1 #AA# Msg2
>
> I want to divide this message.
> I expect the below.
> Msg1
> Msg2
>
> But It doesn't work well , though I wrote the configuration below.
> parser p1{
> csv-parser(columns("Msg1","Msg2")
> delimiters("#AA#")
> template ("$Msg1\n$Msg2");
> };
> log { source(s_sys); parser(p1); destination(d_mesg); };
>
> I check the output. The result wasn't unexpected.
> Msg1 #AA# Msg2
>
> If my configuration is wrong, please let me know.
>
> Thanks,
> Yasu
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
More information about the syslog-ng
mailing list