[syslog-ng] template() parameter for apache-accesslog-parser
Scheidler, Balázs
balazs.scheidler at balabit.com
Tue Jun 20 19:37:54 UTC 2017
Submit it as a pr, it looks good to me and makes perfect sense.
On Jun 20, 2017 17:01, "Czanik, Péter" <peter.czanik at balabit.com> wrote:
> Hi,
>
> I ran into a situation, that an apache access log message arrives as a
> field in a CSV file. Rigth now the apache-accesslog-parser is always run on
> the MESSAGE template, but in this case I'd need to run this parser on
> csv.apache instead of MESSAGE.
>
> What do you think about the following change? It would keep the default
> behavior but enable me to use a different a template.
>
> Bye,
> CzP
>
> linux-pzl9:/usr/share/syslog-ng/include/scl/apache # diff -u
> /root/syslog-ng/scl/apache/apache.conf apache.conf
> --- /root/syslog-ng/scl/apache/apache.conf 2017-06-19
> 13:47:20.044547152 +0200
> +++ apache.conf 2017-06-20 16:51:06.740528980 +0200
> @@ -19,7 +19,7 @@
> # COPYING for details.
> #
> ###########################################################
> ##################
> -block parser apache-accesslog-parser(prefix(".apache.")) {
> +block parser apache-accesslog-parser(prefix(".apache.")
> template("${MESSAGE}")) {
>
>
> channel {
> @@ -29,6 +29,7 @@
> dialect(escape-double-char)
> flags(strip-whitespace)
> delimiters(" ")
> + template(`template`)
> quote-pairs('""[]')
> # field names match of that of Logstash
> columns("clientip", "ident", "auth",
>
>
> Peter Czanik (CzP) <peter.czanik at balabit.com>
> Balabit / syslog-ng upstream
> https://www.balabit.com/blog/author/peterczanik/
> https://twitter.com/PCzanik
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170620/ba918912/attachment.html>
More information about the syslog-ng
mailing list