[syslog-ng] Program() in destination driver not working for Macros defined in CSV-PARSER
Balazs Scheidler
bazsi77 at gmail.com
Fri Mar 7 17:39:10 CET 2014
Rereading my answer I may not have been completely clear. Make sure that
your parser and the program destination are actually connected on the same
log path.
E.g.
log { source(...); parser(p_apache); destination(d_program); };
If your apache parser is on an independent log path, it won't work:
log { source(...); parser(p_apache); destination(...); };
log { source(...); destination(d_program); };
e.g. independent log paths will not inherit from the values set by the
earlier log statements. changes are only propagated through the same
pipeline.
Hope this helps.
On Fri, Mar 7, 2014 at 7:32 AM, Balazs Scheidler <bazsi77 at gmail.com> wrote:
> What do you get in your script? Empty fields?
>
> The program destination has to be on a direct log path subsequent to the
> parser.
> On Mar 4, 2014 7:27 PM, "Justin B" <justinkala at gmail.com> wrote:
>
>>
>> Hello
>>
>> On My Apache logs I applied csv_parser() and defined the Macros.
>> parser p_apache {
>> csv-parser(columns("apache.ETSTAMP", "apache.TYPE",
>> "apache.EHOSTNAME","apache.ESOURCE", "apache.EOUTCOME",
>> "apache.EMSG","apache.EUSERID")
>> delimiters("|") );
>> };
>>
>> I want to launch a script whenever the UDP messages are in.So I defined
>> the
>>
>> destination d_mesg (program("/tmp/test.sh"
>> template("|${apache.ETSTAMP}|${apache.TYPE}|${apache.EHOSTNAME}|${apache.ESOURCE}|${apache.EOUTCOME}|${apache.EMSG}|${apache.EUSERID}\n"));
>> };
>>
>> script is working fine with other destination drivers. Please help
>> --
>> Kale
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
--
Bazsi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140307/e09edadc/attachment-0001.htm
More information about the syslog-ng
mailing list