[rsyslog] Parsing very non standard input
rgerhards at hq.adiscon.com
Wed Jan 18 14:30:04 CET 2017
A specific parser module is the best and a quite simple solution. Parser
modules were actually introduced for the use case you mention.
Sent from phone, thus brief.
Am 18.01.2017 09:58 schrieb "Benoit DOLEZ" <bdolez at pom-monitoring.com>:
> I don't find how to properly parse a log from tcp/udp input that do not
> respect standard protocol.
> The line received has the format :
> YYYY-MM-DD HH:MM:SS HOSTNAME SEVERITY ID MESSAGE
> 2016-11-12 10:54:24 TEST.company.corp INFO 2346 This is the message
> I want this log format be processed (by my big conf) like others BSD/IETF
> logs :
> - timereported : 2016-11-12 10:54:24
> - hostname (and others) : TEST.company.corp
> - severity : info
> - programname (and others) : ID2346
> I tried mmexternal (that give the best result), mmnormalize, ... but it
> seem that I need to write a specific parser module.
> Do you know a simplest&better solution ?
> Benoit DOLEZ, POM Monitoring, http://www.pom-monitoring.com/
> rsyslog mailing list
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
More information about the rsyslog