Hi, The om_udp module will send the contents of the $raw_event field.
I doubt that oracle's alert_xe.log file is in IETF syslog format, so using parse_syslog_ietf() doesn't make much sense. Example 6.18 is about collecting syslog, which probably doesn't apply here. You should use to_syslog_ietf() or to_syslog_bsd() depending on how rsyslog is configured. These procedures will automatically set the hostname, overriding $Hostname manually is only needed if you want to see something else than the system's hostname. Regards, Botond On Tue, 27 Aug 2013 09:52:52 +0200 Aurélien BOUVARD <[email protected]> wrote: > Hi all, > I come back with my "famous" Oracle file alert.log. > Now , i'm able to send to my syslog server (loganalyser) nearly the full > error log message (multiline) so that's good.But of course , logs in this > file are not "complete" > > > Tue Aug 20 16:34:19 2013OER 6666 in Load Indicator : Error Code = OSD-04500: > illegal option specifiedO/S-Error: (OS 2) Fonction incorrecte. ! > > > As you see , there is no values such as severity, facility , and hostname , > so that's a bit problematic to monitor :) > I would like (at least) modify the message i send by adding hostname value > (with a system variable or a handmade hostname) > In the documentation , i saw that "xm_syslog" module and use a parser would > allow me to "rewrite" what i send. > my conf looks like this : > ------------------------------------------------------------------------------------------------------------------------------ > ## This is a sample configuration file. See the nxlog reference manual about > the## configuration options. It should be installed locally and is also > available## online at > http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html > ## Please set the ROOT to the folder your nxlog was installed into,## > otherwise it will not start. > #define ROOT C:\Program Files\nxlogdefine ROOT C:\Program Files (x86)\nxlog > Moduledir %ROOT%\modulesCacheDir %ROOT%\dataPidfile > %ROOT%\data\nxlog.pidSpoolDir %ROOT%\dataLogFile %ROOT%\data\nxlog.log > <Extension multiline>Module xm_multilineHeaderLine > /^\w\w\w\s\w\w\w\s\d\d\s\d\d:\d\d:\d\d\s\d\d\d\d/</Extension><Extension > syslog>Module xm_syslog</Extension><Input in>Module im_fileInputType > multilineFile > 'C:\oraclexe\app\oracle\diag\rdbms\xe\xe\trace\alert_xe.log'Exec > parse_syslog_ietf();Exec $Hostname = "OracleServer";</Input> > <Output out> Module om_udp Host 192.168.152.203 Port > 514</Output> > > <Route 1>Path in => > out</Route>-------------------------------------------------------------------------------------------------------------------- > > i 've used example 6.18 and 6.22 to see what's possible.I understand that , > to "use" $Hostname i must use procedure "parse_syslog_ietf" or > "parse_syslog_bsd" but it doesn't work , so i'm not sure about my conf. > If someone have idea... :) > Regards, > > > > ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ nxlog-ce-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
