[phpLogCon] msgparsers didn't works.
Clement PAULET
clement.paulet at outlook.fr
Mon Jun 2 17:00:23 CEST 2014
Hello,
Many people say that msgparsers didn't works, is someone have an operational install with custom msgparsers ?
I use the Datagram application for my Microsoft clients with the msgparser "datagram" but my eventlog columns are empty (Event ID, Event Source, ...).
I tested adapting the regex with my log format :
Example (eventlog) :
Jun 2 09:53:49 SERVER microsoft-windows-security-auditing[failure] 4625 An account failed to...
My regex :
/(.*) (\d+) (\d+):(\d+):(\d+) (\w+) (.*)\[(\w+)\] (\d+) ((\w+\\)?(\w+))?(.*)/
Nothing works with loganalyzer but the preg_match works (check with http://www.switchplane.com/awesome/preg-match-regular-expression-tester)
$arrArguments :
$arrArguments[SYSLOG_EVENT_ID] = $out[9]; $arrArguments[SYSLOG_EVENT_USER] = $out[10]; $arrArguments[SYSLOG_EVENT_SOURCE] = $out[7]; $arrArguments[SYSLOG_EVENT_LOGTYPE] = $out[8];/// $arrArguments[SYSLOG_SEVERITY] = $out[5]; $arrArguments[SYSLOG_EVENT_CATEGORY] = $out[7]; $arrArguments[SYSLOG_MESSAGE] = $out[13];
rsyslog : 7.6.3-2mongodb : 1:2.0.6-1.1loganalyzer : 3.6.5+dfsg-7~bpo70+1
Thanks for your future responses.
Have a nice day.
Clement
More information about the phpLogCon
mailing list