[rsyslog-notify] Forum Thread: Split msg= from specific host - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Tue Jul 5 12:06:02 CEST 2016
User: chrismartin
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26697#p26697
Message:
----------
Hi,
I'm completely new to syslog but i've managed to set up a rsyslog server
which recieves messages from our Dell Sonicwall.
What i need to do is the following:
Within rsyslog identifiy the sender and apply a function to split the
contents of the msg= field.
the msg field looks like this: msg="TCP connection dropped"
src=XX.XX.XX.XX dst=XX.XX.XX.XX proto=tcp/8080
In our log analyzer we need to build queries containing src, dst etc.
Any help would be greatly appreciated.
Br,
Chris
More information about the rsyslog-notify
mailing list