[Lognorm] normalization of vmware date format
Christopher.Racky at web.de
Christopher.Racky at web.de
Wed Jul 1 10:42:39 CEST 2015
Hello together,
I wonder, that I did not get any response after one month.
Is my question so bad, is there no solution available yet or is this mailing-list dead?
Best regards
Chris
> Gesendet: Montag, 01. Juni 2015 um 21:21 Uhr
> Von: Christopher.Racky at web.de
> An: lognorm at lists.adiscon.com
> Betreff: normalization of vmware date format
>
> Hi list,
>
> VMWare ESXi Systems have raw log messages like this:
> <35>2015-05-18T07:56:48Z hostname.fqdn.de DCUI: Authentication of user root failed
> The date-format does not match to the "standard" Format of any RFC (as far as I see).
>
> How can I add this date into _one_ field via log-normalization?
> A rule like this
> rule=:<%prio:number%>%time:char-to:Z%Z %host:word% ...
> is to generic, but this "variation" of RFC5424 is not supported by this kind of rule:
> rule=:<%prio:number%>%time:date-rfc5424 %host:word% ...
> as you can see here:
> [root at bug log]# echo "<35>2015-05-18T07:56:48Z host DCUI: Authentication of user root failed" | lognormalizer -r /etc/csiem.rb
> [cee at 115 originalmsg="<35>2015-05-18T07:56:48Z host DCUI: Authentication of user root failed" unparsed-data="56:48Z host DCUI: Authentication of user root failed"]
>
> Because I later want to insert this date via rsyslog ommysql I guess there is also missing converting support. Right?
>
>
>
> By the way:
> When will the next version of liblognorm be released? Beginning of May seems to over ;)
> There are a couple of important bugfixes of the new version...
>
> best regards
> Chris
More information about the Lognorm
mailing list