Re: [nxlog-ce-users] multiline+regex and file path bug

[Aurélien BOUVARD]

Hi,
My problem has been resolved , i just use "om_udp" instad of "om_tcp". There 
was a problem with TCP behavior with my syslog format
i found some solutions in this french article 
http://ram-0000.developpez.com/tutoriels/reseau/Syslog/#L4.1  and this guide 
(RFC) http://www.faqs.org/rfcs/rfc3195.html 
Regards,

From: prog-a...@hotmail.fr
To: b...@nxlog.org; nxlog-ce-users@lists.sourceforge.net
Date: Fri, 23 Aug 2013 11:13:11 +0200
Subject: Re: [nxlog-ce-users] multiline+regex and file path bug




hi 
Thanks for your answer , it works well when i put it in "file" but it still 
doesn't work when i want to read it in Loganalyser (each line is separated..) 
so maybe it's a problem with loganalyser..if someone already did this kind of 
thing , even if with an other rsyslog server solution , i would be glad to know 
more about that :)Regards,

Date: Wed, 21 Aug 2013 14:16:37 +0200
From: b...@nxlog.org
To: nxlog-ce-users@lists.sourceforge.net
Subject: Re: [nxlog-ce-users] multiline+regex and file path bug

Hi,

Probably loganalyzer (and its rsyslog backend?) will treat all lines as a 
separate event.
You need to add "InputType multiline" to the im_file instance, otherwise the 
extension module will not be used.

Then you can either replace all line breaks with a space or tab, or forward it 
in a format which is suitable for sending messages containing line breaks. See 
Example 6.24. Forwarding IETF syslog over TCP in the reference manual for a 
possible solution.


The "bug" you are referring to in the second part is actually a feature, since 
"\t" is a tab character and that's why the file path becomes invalid. You 
should enclose the file path in single quotes, i.e. 'C:\....' or use double 
backslash to escape it.


Regards,
Botond


On Wed, Aug 21, 2013 at 11:27 AM, Aurélien BOUVARD <prog-a...@hotmail.fr> wrote:




hi all,
i actually use a solution based on nxlog (client side) and loganalizer (server 
side) to send my oracle logs (Windows)  to loganalyser (On CenOS)
My Oracle logs (from alert_xe.log) looks like this :

Tue Aug 20 16:34:19 2013OER 6666 in Load Indicator : Error Code = OSD-04500: 
illegal option specifiedO/S-Error: (OS 2) Fonction incorrecte. !Tue Aug 20 
16:40:05 2013
OER 6666 in Load Indicator : Error Code = OSD-04500: illegal option 
specifiedO/S-Error: (OS 2) Fonction incorrecte. !

i would like to send each block separated. To do this , i thank to build a 
regex to found the header "Tue Aug 20 16:34:19 2013" and so send this block:

Tue Aug 20 16:34:19 2013OER 6666 in Load Indicator : Error Code = OSD-04500: 
illegal option specifiedO/S-Error: (OS 2) Fonction incorrecte. !


and , when my regex find an other occurence of this header , it will send
Tue Aug 20 16:40:05 2013OER 6666 in Load Indicator : Error Code = OSD-04500: 
illegal option specified
O/S-Error: (OS 2) Fonction incorrecte. !

i try to do this configuration:


## This is a sample configuration file. See the nxlog reference manual about the
## configuration options. It should be installed locally and is also 
available## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html

## Please set the ROOT to the folder your nxlog was installed into,## otherwise 
it will not start.
#define ROOT C:\Program Files\nxlogdefine ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modulesCacheDir %ROOT%\dataPidfile 
%ROOT%\data\nxlog.pidSpoolDir %ROOT%\dataLogFile %ROOT%\data\nxlog.log
<Extension multiline>
Module xm_multilineHeaderLine 
/^\w\w\w\s\w\w\w\s\d\d\s\d\d:\d\d:\d\d\s\d\d\d\d/</Extension><Input in>Module 
im_fileFile "C:\alert_xe.log"
</Input>
<Output out>    Module      om_tcp    Host        /*IP_OF_SERVER*/    Port      
  514</Output>


<Route 1>Path in => out</Route>

But when i do this , i receive each line separated in loganalyser..even if i 
have my regex and the multiline module...

So i would like know how to resolve this problem :( 
PS: I put a copy (for testing) of alert_xe.log in "C:\" directory , because i 
found a bug.

 When i try to put the real path for alert_xe.log (File 
"C:\oraclexe\app\oracle\diag\rdbms\xe\xe\trace\alert_xe.log") , i see this in 
the log:
2013-08-21 11:22:55 ERROR failed to open C:\oraclexe\app\oracle\diag;dbms\xe\xe 
race\alert_xxe.log; La syntaxe du nom de fichier, de répertoire ou de volume 
est incorrecte.  
2013-08-21 11:22:55 INFO connecting to 192.168.152.203:5142013-08-21 11:22:55 
INFO nxlog-ce-2.5.1089 started2013-08-21 11:22:56 ERROR apr_stat failed on file 
C:\oraclexe\app\oracle\diag;dbms\xe\xe    race\alert_xxe.log; La syntaxe du nom 
de fichier, de répertoire ou de volume est incorrect


of course my path is incorrect..because something change the path i wrote as 
you see...and i can't find why and how to resolve it.
I really hope someone have a solution for this 2 problems...or any idea

Regards,




                                          

------------------------------------------------------------------------------

Introducing Performance Central, a new site from SourceForge and

AppDynamics. Performance Central is your source for news, insights,

analysis and resources for efficient Application Performance Management.

Visit us today!

http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________


nxlog-ce-users mailing list

nxlog-ce-users@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users





------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users                     
                  

------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users                     
                  
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users