Hi, The TAG in syslog rfc3154 terminology is the $SourceName field in nxlog. This should do it for you: $SourceName = 'oracle'; to_syslog_bsd();
These are the fields that the to_syslog_*() procedures will use to construct the $raw_event: $EventTime $Hostname $SourceName $ProcessID $Message $SyslogSeverity or $SyslogSeverityValue or $Severity or $SeverityValue $SyslogFacility or $SyslogFacilityValue Sorry, the documentation is not very clear about this. Regards, Botond On Tue, 27 Aug 2013 11:46:36 +0200 Aurélien BOUVARD <[email protected]> wrote: > > Thanks Botond, it works well :) i 've already done this kind of configuration > before but some others problems didn't allow me to see good results , i > understand well now. > Now i must set manually the "syslogtag" because my column is still empty on > server side (and i don't see "syslogtag" field in the documentation). i still > don't know if it's easier to do it on clientside with nxlog or with a filter > in rsyslog.conf (server side) > > > And on my rsyslog.conf i will try to extract the timestamp of syslog message > and find a way to put it instead of the "receive date " of syslog message. > After , all we be perfect even if now i'm already very happy to see how > powerfull nxlog is :) > Regards, > > > Date: Tue, 27 Aug 2013 10:22:33 +0200 > > From: [email protected] > > To: [email protected] > > Subject: Re: [nxlog-ce-users] Modify Fields with modules > > > > Hi, > > > > The om_udp module will send the contents of the $raw_event field. > > > > I doubt that oracle's alert_xe.log file is in IETF syslog format, so > > using parse_syslog_ietf() doesn't make much sense. Example 6.18 is about > > collecting syslog, which probably doesn't apply here. > > > > You should use to_syslog_ietf() or to_syslog_bsd() depending on how > > rsyslog is configured. These procedures will automatically set the > > hostname, overriding $Hostname manually is only needed if you want to > > see something else than the system's hostname. > > > > Regards, > > Botond > > > > > > > > On Tue, 27 Aug 2013 09:52:52 +0200 > > Aurélien BOUVARD <[email protected]> wrote: > > > > > Hi all, > > > I come back with my "famous" Oracle file alert.log. > > > Now , i'm able to send to my syslog server (loganalyser) nearly the full > > > error log message (multiline) so that's good.But of course , logs in this > > > file are not "complete" > > > > > > > > > Tue Aug 20 16:34:19 2013OER 6666 in Load Indicator : Error Code = > > > OSD-04500: illegal option specifiedO/S-Error: (OS 2) Fonction incorrecte. > > > ! > > > > > > > > > As you see , there is no values such as severity, facility , and hostname > > > , so that's a bit problematic to monitor :) > > > I would like (at least) modify the message i send by adding hostname > > > value (with a system variable or a handmade hostname) > > > In the documentation , i saw that "xm_syslog" module and use a parser > > > would allow me to "rewrite" what i send. > > > my conf looks like this : > > > ------------------------------------------------------------------------------------------------------------------------------ > > > ## This is a sample configuration file. See the nxlog reference manual > > > about the## configuration options. It should be installed locally and is > > > also available## online at > > > http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html > > > ## Please set the ROOT to the folder your nxlog was installed into,## > > > otherwise it will not start. > > > #define ROOT C:\Program Files\nxlogdefine ROOT C:\Program Files > > > (x86)\nxlog > > > Moduledir %ROOT%\modulesCacheDir %ROOT%\dataPidfile > > > %ROOT%\data\nxlog.pidSpoolDir %ROOT%\dataLogFile %ROOT%\data\nxlog.log > > > <Extension multiline>Module xm_multilineHeaderLine > > > /^\w\w\w\s\w\w\w\s\d\d\s\d\d:\d\d:\d\d\s\d\d\d\d/</Extension><Extension > > > syslog>Module xm_syslog</Extension><Input in>Module im_fileInputType > > > multilineFile > > > 'C:\oraclexe\app\oracle\diag\rdbms\xe\xe\trace\alert_xe.log'Exec > > > parse_syslog_ietf();Exec $Hostname = "OracleServer";</Input> > > > <Output out> Module om_udp Host 192.168.152.203 Port > > > 514</Output> > > > > > > <Route 1>Path in => > > > out</Route>-------------------------------------------------------------------------------------------------------------------- > > > > > > i 've used example 6.18 and 6.22 to see what's possible.I understand that > > > , to "use" $Hostname i must use procedure "parse_syslog_ietf" or > > > "parse_syslog_bsd" but it doesn't work , so i'm not sure about my conf. > > > If someone have idea... :) > > > Regards, > > > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > Introducing Performance Central, a new site from SourceForge and > > AppDynamics. Performance Central is your source for news, insights, > > analysis and resources for efficient Application Performance Management. > > Visit us today! > > http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk > > _______________________________________________ > > nxlog-ce-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users > ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ nxlog-ce-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
