[Lognorm] CSV

David Lang david at lang.hm
Fri May 8 22:19:45 CEST 2015 

I agree there is a bug in the liblognorm csv output. If I do the same test 
without csv, or using json it works. I don't get a segmentation fault, but I do 
get blank output.

root at ISEC25:~# echo "May  8 15:11:38 fritz user1: hallo" |/usr/lib/lognorm/lognormalizer -e csv  -r del3

root at ISEC25:~# echo "May  8 15:11:38 fritz user1: hallo" |/usr/lib/lognorm/lognormalizer -e json  -r del3
{ "user": "user1:", "rcvdfrom": "fritz", "rcvdat": "May  8 15:11:38" }

David Lang

On Fri, 8 
May 2015, 
Christopher.Racky at web.de wrote:

> Date: Fri, 8 May 2015 15:28:37 +0200
> From: Christopher.Racky at web.de
> Reply-To: lognorm <lognorm at lists.adiscon.com>
> To: lognorm at lists.adiscon.com
> Subject: [Lognorm] CSV
> 
> Hi,
>
> On my rhel6 system I get a segfault:
>
> [root at bug log]# lognormalizer -e csv  -r /etc/rsyslog.rb
> May  8 15:11:38 fritz user1: hallo
> Segmentation fault
>
> Meanwhile this works as expected:
>
> [root at bug log]# lognormalizer  -r /etc/rsyslog.rb
> May  8 15:11:38 fritz user1: hallo
> [cee at 115 user="user1:" rcvdfrom="fritz" rcvdat="May  8 15:11:38"]
>
>
>
> Seems to be a bug in lognormalizer...
>
> Config file looks like:
> prefix=%rcvdat:date-rfc3164% %rcvdfrom:word%
> rule=: %user:word% hallo
>
>
> [root at bug log]# yum info liblognorm1
> Loaded plugins: fastestmirror, presto
> Loading mirror speeds from cached hostfile
> * base: centos.mirror.linuxwerk.com
> * extras: mirror.de.leaseweb.net
> * updates: ftp.fau.de
> Installed Packages
> Name        : liblognorm1
> Arch        : x86_64
> Version     : 1.1.1
> Release     : 1.el6
> Size        : 88 k
> Repo        : installed
> From repo   : rsyslog-v8-stable
> Summary     : Fast samples-based log normalization library
> URL         : http://www.liblognorm.com
> License     : LGPLv2+
> Description : Briefly described, liblognorm is a tool to normalize log data.
>
>
> regards
> Chris
> _______________________________________________
> Lognorm mailing list
> Lognorm at lists.adiscon.com
> http://lists.adiscon.net/mailman/listinfo/lognorm
>

More information about the Lognorm mailing list