[syslog-ng] syslog-ng 3.4.0 parserdb on other than MESSAGE
Evan Rempel
erempel at uvic.ca
Tue Jan 15 06:56:17 CET 2013
OK, from what Balazs writes below I guess it is not possible to
use the parserdb functionality on the "$HOST $PROGRAM" contents.
Can someone confirm this is the case? If it can be done, a quick pointer please.
If it can not be done, but I want to, how can I do it?
rewrite {
set("$MSG" value("orig.message"));
set("$HOST($PROGRAM)" value("MESSAGE"));
}
parser(pattern_host_program);
rewrite {
set("$orig.message" value("MESSAGE"));
set("" value("orig.message"));
}
parser(pattern_message);
...
all of my filters, log statements etc.
Evan.
________________________________________
From: Balazs Scheidler [bazsi77 at gmail.com]
Sent: Saturday, December 22, 2012 6:50 AM
To: Syslog-ng users' and developers' mailing list; Evan Rempel
Subject: Re: [syslog-ng] syslog-ng 3.4.0beta1 has been released
----- Original message -----
>
> I thought that 3.4 was going to include
>
> - junctions so that results of multiple parsers could be combined
it is in.
>
> - the ability to run a parser against a user defined macro rather than
> always parsing the complete MESSAGE marcro.
csvparser has a template() option, but dbparser doesn't (though that's trivial to add).
what I had in mind (fully n dimensional patterndb) wasn't finished, and I didn't want to wait any longer.
>
> Did these features fail to make it into 3.4 or is the documentation just
> missing these items?
>
docs is not yet competely updated.
contributions would be welcome there too.
More information about the syslog-ng
mailing list