[rsyslog] Parsing very non standard input

Rainer Gerhards rgerhards at hq.adiscon.com
Wed Jan 18 14:30:04 CET 2017


A specific parser module is the best and a quite simple solution. Parser
modules were actually introduced for the use case you mention.

Raine

Sent from phone, thus brief.

Am 18.01.2017 09:58 schrieb "Benoit DOLEZ" <bdolez at pom-monitoring.com>:

> Hi,
>
> I don't find how to properly parse a log from tcp/udp input that do not
> respect standard protocol.
>
> The line received has the format :
>   YYYY-MM-DD HH:MM:SS HOSTNAME SEVERITY ID MESSAGE
>
> sample:
> 2016-11-12 10:54:24 TEST.company.corp INFO 2346 This is the message
>
> I want this log format be processed (by my big conf) like others BSD/IETF
> logs :
>   - timereported : 2016-11-12 10:54:24
>   - hostname (and others) : TEST.company.corp
>   - severity : info
>   - programname (and others) : ID2346
>
> I tried mmexternal (that give the best result), mmnormalize, ... but it
> seem that I need to write a specific parser module.
>
> Do you know a simplest&better solution ?
>
> Regards
>
> Benoit
>
> --
> Benoit DOLEZ, POM Monitoring, http://www.pom-monitoring.com/
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>


More information about the rsyslog mailing list