[rsyslog-notify] Forum Thread: Re: How to group MySQL Slow Query logs? - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Mon Aug 18 01:52:06 CEST 2014
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24832#p24832
Message:
----------
how are the logs being delivered to rsyslog?
If you have them in a file with rsyslog reading the file via imfile, the
answer is that it doesn't have the ability to do that at this time
imfile has three modes to read files
> each line is s different log message
> all lines that start with space or tab are really part of a prior log
message
> there is a blank line between messages (looks for \n\n)
This case is significantly more complex and I don't know how you would tell
for sure that somethng is the beginning of a message or not (what if you
have 6 lines that start with #, is that one, two, or three messages)
If you are having the logs delivered to rsyslog via some other mechansims,
then there may be other options to figure out what defines a log message
More information about the rsyslog-notify
mailing list