No subject

Mon Jan 16 15:48:14 CET 2012

this correct?
So I set it up to look for four(4) columns of data and to be "greedy"
on the last column.

I have played around with the number of columns and even used a
rewrite function instead. But the Parser continues to produce empty
variables.  And my template just echos out my default value.

Any thoughts?

 parser p_et_logmessage {
        csv-parser(
                #columns("ETMSG")
                #columns("ETMSG.ISODATE")
                columns("ETMSG.ISODATE", "ETMSG.EASI", "ETMSG.SOURCE",
"ETMSG.BODY")
                delimiters(" ")
                #template("${MSG}")
                flags(greedy)
        );
};

rewrite r_rewrite_set{set('${ETMSG.BODY:-nothing}', value("MESSAGE"));};

template t_et_basic_logmessage {
             template("${ETMSG.BODY:-nothing}\n"); template_escape(no); };

destination destination_info {
        tcp("host2" port(8080)
                template(t_et_basic_logmessage)
                log_disk_fifo_size(32212254720)
        );
};

log {
        source(INTAKE);
        parser(p_et_logmessage);
        destination(destination_info);
};

On Mon, Feb 6, 2012 at 11:07 AM, T. A. Smooth <catdaaaady at gmail.com> wrote:
>
> I can only assume I am not implementing this correctly. :-)
>
> But I have a parser I am trying to use so I can take a subset of the info=
rmation of a message and send that subset to another=A0receiver.
> This is the whole message:
>
>> <13>Feb=A0 4 18:40:17 myhost syslogng: 2012-02-04T18:40:17-08:00 myhosts=
erver-http /tmp/logs/access_log=A0=A0=A0 Hi Mom
>
>
> What I want to do is send out the message as :
>
>> <13>Feb=A0 4 18:40:17 myhost syslogng: Hi Mom
>
>
> Notice how I dropped the middle part out.
>
> From what I have read, the parser acts on the message body alone. Is this=
 correct?
> So I set it up to look for four(4) columns of data and to be "greedy" on =
the last column.
>
> I have played around with the number of columns and even used a rewrite f=
unction instead. But the Parser continues to produce empty variables. =A0An=
d my template just echos out my default value.
>
> Any thoughts?
>
>
>>
>>
>>
>> =A0parser p_et_logmessage {
>> =A0=A0=A0=A0=A0=A0=A0 csv-parser(
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 #columns("ETMSG")
>> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 #columns("ETMSG.ISODATE")
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 columns("ETMSG.ISODATE", "ETMSG.EASI", "=
ETMSG.SOURCE", "ETMSG.BODY")
>> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 delimiters(" ")
>> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 #template("${MSG}")
>> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 flags(greedy)
>> =A0=A0=A0=A0=A0=A0=A0 );
>> };
>
>
>>
>> rewrite r_rewrite_set{set('${ETMSG.BODY:-nothing}', value("MESSAGE"));};
>>
>> template t_et_basic_logmessage {
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0template("${ETMSG.BODY:-nothing}\n"); templat=
e_escape(no); };
>>
>>
>> destination destination_info {
>> =A0=A0=A0=A0=A0=A0=A0 tcp("host2" port(8080)
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 template(t_et_basic_logmessage)
>> =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 log_disk_fifo_size(3221225=
4720)
>> =A0=A0=A0=A0=A0=A0=A0 );
>> };
>>
>> log {
>> =A0=A0=A0=A0=A0=A0=A0 source(INTAKE);
>> =A0=A0=A0=A0=A0=A0=A0 parser(p_et_logmessage);
>> =A0=A0=A0=A0=A0=A0=A0 destination(destination_info);
>> };
>
>
>
>
> My latest Post: Givenchy Fall/Winter 2012 Collection =96 Runway | Highsno=
biety.com
> Get a signature like this. CLICK HERE.