[Lognorm] normalization of vmware date format
Christopher.Racky at web.de
Christopher.Racky at web.de
Mon Jun 1 21:21:56 CEST 2015
Hi list,
VMWare ESXi Systems have raw log messages like this:
<35>2015-05-18T07:56:48Z hostname.fqdn.de DCUI: Authentication of user root failed
The date-format does not match to the "standard" Format of any RFC (as far as I see).
How can I add this date into _one_ field via log-normalization?
A rule like this
rule=:<%prio:number%>%time:char-to:Z%Z %host:word% ...
is to generic, but this "variation" of RFC5424 is not supported by this kind of rule:
rule=:<%prio:number%>%time:date-rfc5424 %host:word% ...
as you can see here:
[root at bug log]# echo "<35>2015-05-18T07:56:48Z host DCUI: Authentication of user root failed" | lognormalizer -r /etc/csiem.rb
[cee at 115 originalmsg="<35>2015-05-18T07:56:48Z host DCUI: Authentication of user root failed" unparsed-data="56:48Z host DCUI: Authentication of user root failed"]
Because I later want to insert this date via rsyslog ommysql I guess there is also missing converting support. Right?
By the way:
When will the next version of liblognorm be released? Beginning of May seems to over ;)
There are a couple of important bugfixes of the new version...
best regards
Chris
More information about the Lognorm
mailing list