[rsyslog] Parsing very non standard input

mostolog at gmail.com mostolog at gmail.com
Wed Jan 18 09:59:36 CET 2017


have you tried mmnormalize?


El 18/01/17 a las 09:58, Benoit DOLEZ escribió:
> Hi,
>
> I don't find how to properly parse a log from tcp/udp input that do 
> not respect standard protocol.
>
> The line received has the format :
>   YYYY-MM-DD HH:MM:SS HOSTNAME SEVERITY ID MESSAGE
>
> sample:
> 2016-11-12 10:54:24 TEST.company.corp INFO 2346 This is the message
>
> I want this log format be processed (by my big conf) like others 
> BSD/IETF logs :
>   - timereported : 2016-11-12 10:54:24
>   - hostname (and others) : TEST.company.corp
>   - severity : info
>   - programname (and others) : ID2346
>
> I tried mmexternal (that give the best result), mmnormalize, ... but 
> it seem that I need to write a specific parser module.
>
> Do you know a simplest&better solution ?
>
> Regards
>
> Benoit
>



More information about the rsyslog mailing list