[prev in list] [next in list] [prev in thread] [next in thread] 

List:       syslog-ng
Subject:    [syslog-ng] $MSG parsing question
From:       "Hubert Lang" <lang () brennercom ! net>
Date:       2006-06-29 12:48:09
Message-ID: web-23712843 () bkom ! it
[Download RAW message or body]

Hello,


i have a few questions about the message parser, basically
i want to parse/split up the MESSAGE field
itself and write the splitted up message in a mysql
database, i cant find any documents about how this
can be done, do i need an external parser (perl or
whatever) or can this be done within syslog-ng.conf?


right now i just can write the whole message to the mysqldb


syslog-ng.conf

template("INSERT INTO logs (host, facility, priority,
level, tag, date,time, program, msg) VALUES ( '$HOST',
'$FACILITY','$PRIORITY', '$LEVEL', '$TAG',
'$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG'
);\n")
template-escape(yes));

so it gets written to the database in this way:

INSERT INTO logs (host, facility, priority, level, tag,
date,time, program, msg) VALUES ( '10.44.10.253',
'local4','notice', 'notice', 'a5', '2006-06-29',
'14:39:46', 'NS25', 'NS25: NetScreen device_id=NS25
 [Root]system-notification-00257(traffic):
start_time=\"2006-06-29 14:38:38\" duration=0 policy_id=95
service=http proto=6 src zone=Untrust dst zone=Untrust
action=Deny sent=0 rcvd=0 src=10.10.10.225
dst=208.174.52.61 src_port=2042 dst_port=80 session_id=0'
);


now i want to split up the message part itself
system-notification traffic, insert the
start_time/duration/policy_id/service/proto/src-zone etc
etc in a different table


this perl script
http://www.optekconsulting.com/tools/nstf.pl has every
field i need,


Any Help is really welcome


Cheers


Hubert



--
Die e-Mail-Boxes von Brennercom sind Virus-gesichert und Spam-gefiltert.
Le caselle e-Mail di Brennercom sono protette da sistemi antivirus e antispam.

http://www.brennercom.it
_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic