From luckydogxf at gmail.com Mon Nov 13 11:05:50 2017 From: luckydogxf at gmail.com (luckydog xf) Date: Mon, 13 Nov 2017 18:05:50 +0800 Subject: [phpLogCon] Field 'host' does not display at the correct column Message-ID: Hi, I'm running MySQL and Rsyslog to analyze Switch logs. Below is the original log entry. ============================== Nov 13 17:32:01 2017 AAA %%10SC/6/SC_AAA_SUCCESS(l): -DevIP=10.10.3.241-AAAType=ACCOUNT-AAAScheme= radius-scheme test-Service=login-UserName=h3c at system; AAA is successful. =============================== /etc/rsyslog.conf is pretty simple: local7.* :ommysql:127.0.0.1,Syslog,rsyslog,xxxx =============================================== Date Facility Severity Host Syslogtag ProcessID Messagetype Message Today 17:42:14 LOCAL7 WARNING 2017 AAA ......... ================================================ Apparently,field "Host" should be AAA, while "2017" should be the first column. So what's the probable reason causing problem? Thanks a lot. From jpeters2 at wested.org Mon Nov 13 17:40:35 2017 From: jpeters2 at wested.org (Joaquin Petersen) Date: Mon, 13 Nov 2017 08:40:35 -0800 (PST) Subject: [phpLogCon] Field 'host' does not display at the correct column In-Reply-To: References: Message-ID: <1032044605.45151951.1510591235236.JavaMail.zimbra@wested.org> Hi, You may need to investigate the format in which your switch vendor produces logs. I've seen a similar condition with Aruba switches: http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Question-about-syslog-message-format/td-p/8918 It may come down to parsing the format sent by your switch for entry in to your sql db. There may be a plugin already available, but I haven't gotten far enough to find one. From: "luckydog xf" To: phplogcon at lists.adiscon.com Sent: Monday, November 13, 2017 2:05:50 AM Subject: [phpLogCon] Field 'host' does not display at the correct column Hi, I'm running MySQL and Rsyslog to analyze Switch logs. Below is the original log entry. ============================== Nov 13 17:32:01 2017 AAA %%10SC/6/SC_AAA_SUCCESS(l): -DevIP=10.10.3.241-AAAType=ACCOUNT-AAAScheme= radius-scheme test-Service=login-UserName=h3c at system; AAA is successful. =============================== /etc/rsyslog.conf is pretty simple: local7.* :ommysql:127.0.0.1,Syslog,rsyslog,xxxx =============================================== Date Facility Severity Host Syslogtag ProcessID Messagetype Message Today 17:42:14 LOCAL7 WARNING 2017 AAA ......... ================================================ Apparently,field "Host" should be AAA, while "2017" should be the first column. So what's the probable reason causing problem? Thanks a lot. _______________________________________________ phpLogCon mailing list http://lists.adiscon.net/mailman/listinfo/phplogcon http://www.phplogcon.org From luckydogxf at gmail.com Mon Nov 13 11:05:50 2017 From: luckydogxf at gmail.com (luckydog xf) Date: Mon, 13 Nov 2017 18:05:50 +0800 Subject: [phpLogCon] Field 'host' does not display at the correct column Message-ID: Hi, I'm running MySQL and Rsyslog to analyze Switch logs. Below is the original log entry. ============================== Nov 13 17:32:01 2017 AAA %%10SC/6/SC_AAA_SUCCESS(l): -DevIP=10.10.3.241-AAAType=ACCOUNT-AAAScheme= radius-scheme test-Service=login-UserName=h3c at system; AAA is successful. =============================== /etc/rsyslog.conf is pretty simple: local7.* :ommysql:127.0.0.1,Syslog,rsyslog,xxxx =============================================== Date Facility Severity Host Syslogtag ProcessID Messagetype Message Today 17:42:14 LOCAL7 WARNING 2017 AAA ......... ================================================ Apparently,field "Host" should be AAA, while "2017" should be the first column. So what's the probable reason causing problem? Thanks a lot. From jpeters2 at wested.org Mon Nov 13 17:40:35 2017 From: jpeters2 at wested.org (Joaquin Petersen) Date: Mon, 13 Nov 2017 08:40:35 -0800 (PST) Subject: [phpLogCon] Field 'host' does not display at the correct column In-Reply-To: References: Message-ID: <1032044605.45151951.1510591235236.JavaMail.zimbra@wested.org> Hi, You may need to investigate the format in which your switch vendor produces logs. I've seen a similar condition with Aruba switches: http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Question-about-syslog-message-format/td-p/8918 It may come down to parsing the format sent by your switch for entry in to your sql db. There may be a plugin already available, but I haven't gotten far enough to find one. From: "luckydog xf" To: phplogcon at lists.adiscon.com Sent: Monday, November 13, 2017 2:05:50 AM Subject: [phpLogCon] Field 'host' does not display at the correct column Hi, I'm running MySQL and Rsyslog to analyze Switch logs. Below is the original log entry. ============================== Nov 13 17:32:01 2017 AAA %%10SC/6/SC_AAA_SUCCESS(l): -DevIP=10.10.3.241-AAAType=ACCOUNT-AAAScheme= radius-scheme test-Service=login-UserName=h3c at system; AAA is successful. =============================== /etc/rsyslog.conf is pretty simple: local7.* :ommysql:127.0.0.1,Syslog,rsyslog,xxxx =============================================== Date Facility Severity Host Syslogtag ProcessID Messagetype Message Today 17:42:14 LOCAL7 WARNING 2017 AAA ......... ================================================ Apparently,field "Host" should be AAA, while "2017" should be the first column. So what's the probable reason causing problem? Thanks a lot. _______________________________________________ phpLogCon mailing list http://lists.adiscon.net/mailman/listinfo/phplogcon http://www.phplogcon.org