[syslog-ng] Program() in destination driver not working for Macros defined in CSV-PARSER
Justin B
justinkala at gmail.com
Mon Mar 10 00:50:18 CET 2014
Can you share me a sample of the shell script that I can write to read the
message lines that are being passed and extract those values into a
different variables and output them into output log files??
On Fri, Mar 7, 2014 at 4:10 PM, Balazs Scheidler <bazsi77 at gmail.com> wrote:
> You can on stdin but not as arguments.
> On Mar 7, 2014 9:24 PM, "Justin B" <justinkala at gmail.com> wrote:
>
>> Yes Empty Fields.
>>
>> I am using this log path
>> log { source (remote); filter (f_messages); parser (p_apache);destination
>> (r_messages); };
>>
>>
>> Are you saying the I cannot pass the Macro values to a shell script
>> through Program on destination driver??
>>
>> On Fri, Mar 7, 2014 at 2:47 PM, Evan Rempel <erempel at uvic.ca> wrote:
>>
>>> My recollection is that macros are not expanded for program names. Whant
>>> you get is the environment variables from
>>> the shell that is used to start your program, so in most cases this will
>>> be empty.
>>>
>>> I think this is dangerous and did mantion it on the list previously.
>>>
>>>
>>> On 03/06/2014 10:32 PM, Balazs Scheidler wrote:
>>> > What do you get in your script? Empty fields?
>>> >
>>> > The program destination has to be on a direct log path subsequent to
>>> the parser.
>>> >
>>> > On Mar 4, 2014 7:27 PM, "Justin B" <justinkala at gmail.com <mailto:
>>> justinkala at gmail.com>> wrote:
>>> >
>>> >
>>> > Hello
>>> > On My Apache logs I applied csv_parser() and defined the Macros.
>>> > parser p_apache {
>>> > csv-parser(columns("apache.ETSTAMP", "apache.TYPE",
>>> "apache.EHOSTNAME","apache.ESOURCE", "apache.EOUTCOME",
>>> "apache.EMSG","apache.EUSERID")
>>> > delimiters("|") );
>>> > };
>>> > I want to launch a script whenever the UDP messages are in.So I
>>> defined the
>>> > destination d_mesg (program("/tmp/test.sh"
>>> template("|${apache.ETSTAMP}|${apache.TYPE}|${apache.EHOSTNAME}|${apache.ESOURCE}|${apache.EOUTCOME}|${apache.EMSG}|${apache.EUSERID}\n"));
>>> };
>>> > script is working fine with other destination drivers. Please help
>>> > --
>>> > Kale
>>> >
>>> >
>>> ______________________________________________________________________________
>>> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> > Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>> >
>>> >
>>> >
>>> >
>>> >
>>> ______________________________________________________________________________
>>> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> > Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>> >
>>>
>>>
>>> --
>>> Evan Rempel erempel at uvic.ca
>>> Senior Systems Administrator 250.721.7691
>>> Data Centre Services, University Systems, University of Victoria
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>
>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
--
Kaladhar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140309/0e819cb3/attachment.htm
More information about the syslog-ng
mailing list