From clement.paulet at outlook.fr  Mon Jun  2 17:00:23 2014
From: clement.paulet at outlook.fr (Clement PAULET)
Date: Mon, 2 Jun 2014 17:00:23 +0200
Subject: [phpLogCon] msgparsers didn't works.
Message-ID: <DUB109-W197E930CB855C8033513C4E6200@phx.gbl>

Hello,
Many people say that msgparsers didn't works, is someone have an operational install with custom msgparsers ?
I use the Datagram application for my Microsoft clients with the msgparser "datagram" but my eventlog columns are empty (Event ID, Event Source, ...).
I tested adapting the regex with my log format :
Example (eventlog) :
Jun  2 09:53:49 SERVER microsoft-windows-security-auditing[failure] 4625 An account failed to...
My regex :
/(.*) (\d+) (\d+):(\d+):(\d+) (\w+) (.*)\[(\w+)\] (\d+) ((\w+\\)?(\w+))?(.*)/
Nothing works with loganalyzer but the preg_match works (check with http://www.switchplane.com/awesome/preg-match-regular-expression-tester)
$arrArguments :
$arrArguments[SYSLOG_EVENT_ID] = $out[9];                        $arrArguments[SYSLOG_EVENT_USER] = $out[10];                        $arrArguments[SYSLOG_EVENT_SOURCE] = $out[7];                        $arrArguments[SYSLOG_EVENT_LOGTYPE] = $out[8];///                     $arrArguments[SYSLOG_SEVERITY] = $out[5];                        $arrArguments[SYSLOG_EVENT_CATEGORY] = $out[7];                        $arrArguments[SYSLOG_MESSAGE] = $out[13];
rsyslog :  7.6.3-2mongodb : 1:2.0.6-1.1loganalyzer : 3.6.5+dfsg-7~bpo70+1
Thanks for your future responses.
Have a nice day.
Clement
 		 	   		  

From clement.paulet at outlook.fr  Mon Jun  2 17:00:23 2014
From: clement.paulet at outlook.fr (Clement PAULET)
Date: Mon, 2 Jun 2014 17:00:23 +0200
Subject: [phpLogCon] msgparsers didn't works.
Message-ID: <DUB109-W197E930CB855C8033513C4E6200@phx.gbl>

Hello,
Many people say that msgparsers didn't works, is someone have an operational install with custom msgparsers ?
I use the Datagram application for my Microsoft clients with the msgparser "datagram" but my eventlog columns are empty (Event ID, Event Source, ...).
I tested adapting the regex with my log format :
Example (eventlog) :
Jun  2 09:53:49 SERVER microsoft-windows-security-auditing[failure] 4625 An account failed to...
My regex :
/(.*) (\d+) (\d+):(\d+):(\d+) (\w+) (.*)\[(\w+)\] (\d+) ((\w+\\)?(\w+))?(.*)/
Nothing works with loganalyzer but the preg_match works (check with http://www.switchplane.com/awesome/preg-match-regular-expression-tester)
$arrArguments :
$arrArguments[SYSLOG_EVENT_ID] = $out[9];                        $arrArguments[SYSLOG_EVENT_USER] = $out[10];                        $arrArguments[SYSLOG_EVENT_SOURCE] = $out[7];                        $arrArguments[SYSLOG_EVENT_LOGTYPE] = $out[8];///                     $arrArguments[SYSLOG_SEVERITY] = $out[5];                        $arrArguments[SYSLOG_EVENT_CATEGORY] = $out[7];                        $arrArguments[SYSLOG_MESSAGE] = $out[13];
rsyslog :  7.6.3-2mongodb : 1:2.0.6-1.1loganalyzer : 3.6.5+dfsg-7~bpo70+1
Thanks for your future responses.
Have a nice day.
Clement