[rsyslog] OmoracleStatement format
Damjan Žiberna
damjanster at gmail.com
Thu Jul 29 13:24:29 CEST 2010
>
> I think it would be best to split the RFC3339 date via the property
> replacer
> (using start and end position) and then feed this to omoracle.
>
> The full doc on property replacer is here:
>
> http://www.rsyslog.com/doc/property_replacer.html
I first thought I could replace some strings with regex, but I've got a fix
from coworker to solve the issue like this:
$template OmoracleStatement,"INSERT INTO
SYSLOG(hostname,ts,hostip,facility,severity,program,message) VALUES
(:hostname,to_timestamp_tz(:dategen || ' ' || :timegen, 'YYYY-MM-DD
HH24:MI:SS.FF6TZH:TZM'),:hostip,:facility,:severity,:program,:message)"
$template
TestStmt,"%hostname%%timereported:0:10:date-rfc3339%%timereported:12:32:date-rfc3339%%fromhost-ip%%syslogfacility%%syslogseverity%%programname%%msg%"
It works great now.
> >
> > 2. hostname doesn't get written - I only get 127.0.0.1
>
> It would be useful to write a quick debug file
>
> *.* /var/log/debug.log;RSYSLOG_DebugFormat
>
> This shows what exactly is stored in which property and can probably used
> to
> solve the question what exactly happens.
>
It seems that the issue with timestamp was the cause of all the problems.
The data got displaced for one colon. Not it works like a charm.
Thanks for the help.
More information about the rsyslog
mailing list