[syslog-ng] template() parameter for apache-accesslog-parser

[Czanik, Péter]

Hi,

I ran into a situation, that an apache access log message arrives as a
field in a CSV file. Rigth now the apache-accesslog-parser is always run on
the MESSAGE template, but in this case I'd need to run this parser on
csv.apache instead of MESSAGE.

What do you think about the following change? It would keep the default
behavior but enable me to use a different a template.

Bye,
CzP

linux-pzl9:/usr/share/syslog-ng/include/scl/apache # diff -u
/root/syslog-ng/scl/apache/apache.conf apache.conf
--- /root/syslog-ng/scl/apache/apache.conf    2017-06-19 13:47:20.044547152
+0200
+++ apache.conf    2017-06-20 16:51:06.740528980 +0200
@@ -19,7 +19,7 @@
 # COPYING for details.
 #
 #############################################################################
-block parser apache-accesslog-parser(prefix(".apache.")) {
+block parser apache-accesslog-parser(prefix(".apache.")
template("${MESSAGE}")) {


     channel {
@@ -29,6 +29,7 @@
                 dialect(escape-double-char)
                 flags(strip-whitespace)
                 delimiters(" ")
+                template(`template`)
                 quote-pairs('""[]')
                 # field names match of that of Logstash
                 columns("clientip", "ident", "auth",


Peter Czanik (CzP) <peter.czanik at balabit.com>
Balabit / syslog-ng upstream
https://www.balabit.com/blog/author/peterczanik/
https://twitter.com/PCzanik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170620/e07c27ad/attachment.html>