[syslog-ng] syslog-ng 3.4.0 parserdb on other than MESSAGE

Balazs Scheidler bazsi at balabit.hu
Tue Jan 15 21:29:16 CET 2013


Hi,

Slightly tested patch against syslog-ng 3.4 attached. It was slightly
more involved than I've thought, but still not more than half an hour.

Since I've handed over maintenance of 3.4 to Algernon, it's his call
whether he integrates it there. I'm going to pick this for 3.5.

On Tue, 2013-01-15 at 07:24 +0100, Balazs Scheidler wrote:
> ----- Original message ----- 
> > OK, from what Balazs writes below I guess it is not possible to 
> > use the parserdb functionality on the "$HOST $PROGRAM" contents. 
> > 
> > Can someone confirm this is the case? If it can be done, a quick
> pointer 
> > please. 
> > 
> > If it can not be done, but I want to, how can I do it? 
> > 
> > rewrite { 
> >                     set("$MSG" value("orig.message")); 
> >                     set("$HOST($PROGRAM)" value("MESSAGE")); 
> > } 
> > parser(pattern_host_program); 
> > rewrite { 
> >                     set("$orig.message" value("MESSAGE")); 
> >                     set("" value("orig.message")); 
> > } 
> > parser(pattern_message); 
> 
> this one should work, except for one thing. Values with dots in their
> name has to be enclosed by braces. 
> 
> eg. ${orig.message} 
> 
> but I'd really add the template option, that's much easier. 
> 
> > ... 
> > all of my filters, log statements etc. 
> > 
> 
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> 

-- 
Bazsi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: q
Type: text/x-patch
Size: 12292 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130115/b2242fc7/attachment.bin 


More information about the syslog-ng mailing list