[rsyslog-notify] Forum Thread: Re: Rsyslog Message Property Contains Quotes - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Fri Sep 11 14:48:20 CEST 2015
User: rhaney
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25903#p25903
Message:
----------
I have it going out on local2.info and I test with shooting it to a file in
/tmp and nothing is sent. Tested with a logger message that worked fine,
placing a message in the /tmp log and sent to my apache flume. I ran
/sbin/rsyslogd -c 5 -dn and there weren't any errors that came up but I'm
no expert in reading the debugging logs. Is there a way to increase the
logging further?
Things I've tried:
- Set the template with the sql option hoping that would escape the quote
with no success
- Property Replacer on %msg% finding regex on anything inbetween the quotes
and concatenating them together. Sorta worked but was really hacky.
- Run rsyslogd -N1 each time looking for errors and it comes back clean.
Really what I'm trying to do is escape or replace characters within a
property. The property in question is %msg%. I haven't had much luck
finding posts on others running imfiles on ldap/middleware logs where
messages can contain quotes in dns or http access logs.
Written to log file: ValidateAccept xxxxxxxxx [10/Sep/2015:16:49:16 -0600]
" cn=xxxx,ou=xxxx,o=xxx" "xxxx-validate GET /xxxxx/xxxxx"
[idletime=xxxxxx;maxtime=xxxxx;authlevel=xxx;] [0] [] []
I was expecting a SYSLOG message like:
"<150>1 2015-09-11T04:00:00.821047-05:00 xxxxxx xxxxxx 111 222
[token at companycode environment="development" priority="INFO"']
ValidateAccept xxxxxxxxx [10/Sep/2015:16:49:16 -060[b:2zkjm1xe]0] "
cn[/b:2zkjm1xe]=xxxx,ou=xxxx,o=xxx" "xxxx-validate GET /xxxxx/xxxxx"
[idletime=xxxxxx;maxtime=xxxxx;authlevel=xxx;] [0] [] []'"
I think it gets to the quote in bold and ends the template because it's not
escaped like the ones in the structured data.
More information about the rsyslog-notify
mailing list