[syslog-ng] Time Conversion and String delimiter

Kyaw Kyi KKyi at nyx.com
Tue Jul 30 17:50:34 CEST 2013 

Hi,
I have a non-standard (not rfc 5414) log message format coming into syslog-ng client. I am trying to use csv-parser to parse into custom macros and send it off to syslog-ng host in the correct format.

With no-parse option, how do I make syslog-ng handle this incoming timestamp: [July 30, 2013 10:19:06 AM] ? It would be so much easier to simply use the timestamp for the time message received in syslog-ng (e.g $DATE marco) but I have to extract the timestamp from the message itself somehow.

Example: [July 30, 2013 10:19:06 AM EDT] DisplayType=CLEAR ClassName=Host....

Secondly, the documentation of syslog-ng seems to hint that I can use string delimiter in parser. "Currently only the csv-parser is implemented, which can separate columns based on delimiter characters and strings." but it also says that "If you specify multiple characters, every character will be treated as a delimiter." . Is there a way for me to use a string, not single characters, as delimiters in csv-parser?

Thanks.

------------------------------------------------------------------------------

Please consider the environment before printing this email.

Visit our website at http://www.nyse.com <http://www.nyse.com>
*****************************************************************************
Note: The information contained in this message and any attachment to it is privileged, confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by replying to the message, and please delete it from your system. Thank you. NYSE Euronext.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130730/4a5d1e29/attachment.htm

More information about the syslog-ng mailing list