Thanks for your help Botond :)
Documentation is really good , and maybe just need some others examples ( in a
dedicated part maybe? :) )
Regards,
> Date: Tue, 27 Aug 2013 12:19:01 +0200
> From: [email protected]
> To: [email protected]
> Subject: Re: [nxlog-ce-users] Modify Fields with modules
>
> Hi,
>
> The TAG in syslog rfc3154 terminology is the $SourceName field in nxlog.
> This should do it for you:
> $SourceName = 'oracle'; to_syslog_bsd();
>
> These are the fields that the to_syslog_*() procedures will use to
> construct the $raw_event:
> $EventTime
> $Hostname
> $SourceName
> $ProcessID
> $Message
> $SyslogSeverity or $SyslogSeverityValue or $Severity or $SeverityValue
> $SyslogFacility or $SyslogFacilityValue
>
> Sorry, the documentation is not very clear about this.
>
> Regards,
> Botond
>
> On Tue, 27 Aug 2013 11:46:36 +0200
> Aurélien BOUVARD <[email protected]> wrote:
>
> >
> > Thanks Botond, it works well :) i 've already done this kind of
> > configuration before but some others problems didn't allow me to see good
> > results , i understand well now.
> > Now i must set manually the "syslogtag" because my column is still empty on
> > server side (and i don't see "syslogtag" field in the documentation). i
> > still don't know if it's easier to do it on clientside with nxlog or with a
> > filter in rsyslog.conf (server side)
> >
> >
> > And on my rsyslog.conf i will try to extract the timestamp of syslog
> > message and find a way to put it instead of the "receive date " of syslog
> > message.
> > After , all we be perfect even if now i'm already very happy to see how
> > powerfull nxlog is :)
> > Regards,
> >
> > > Date: Tue, 27 Aug 2013 10:22:33 +0200
> > > From: [email protected]
> > > To: [email protected]
> > > Subject: Re: [nxlog-ce-users] Modify Fields with modules
> > >
> > > Hi,
> > >
> > > The om_udp module will send the contents of the $raw_event field.
> > >
> > > I doubt that oracle's alert_xe.log file is in IETF syslog format, so
> > > using parse_syslog_ietf() doesn't make much sense. Example 6.18 is about
> > > collecting syslog, which probably doesn't apply here.
> > >
> > > You should use to_syslog_ietf() or to_syslog_bsd() depending on how
> > > rsyslog is configured. These procedures will automatically set the
> > > hostname, overriding $Hostname manually is only needed if you want to
> > > see something else than the system's hostname.
> > >
> > > Regards,
> > > Botond
> > >
> > >
> > >
> > > On Tue, 27 Aug 2013 09:52:52 +0200
> > > Aurélien BOUVARD <[email protected]> wrote:
> > >
> > > > Hi all,
> > > > I come back with my "famous" Oracle file alert.log.
> > > > Now , i'm able to send to my syslog server (loganalyser) nearly the
> > > > full error log message (multiline) so that's good.But of course , logs
> > > > in this file are not "complete"
> > > >
> > > >
> > > > Tue Aug 20 16:34:19 2013OER 6666 in Load Indicator : Error Code =
> > > > OSD-04500: illegal option specifiedO/S-Error: (OS 2) Fonction
> > > > incorrecte. !
> > > >
> > > >
> > > > As you see , there is no values such as severity, facility , and
> > > > hostname , so that's a bit problematic to monitor :)
> > > > I would like (at least) modify the message i send by adding hostname
> > > > value (with a system variable or a handmade hostname)
> > > > In the documentation , i saw that "xm_syslog" module and use a parser
> > > > would allow me to "rewrite" what i send.
> > > > my conf looks like this :
> > > > ------------------------------------------------------------------------------------------------------------------------------
> > > > ## This is a sample configuration file. See the nxlog reference manual
> > > > about the## configuration options. It should be installed locally and
> > > > is also available## online at
> > > > http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html
> > > > ## Please set the ROOT to the folder your nxlog was installed into,##
> > > > otherwise it will not start.
> > > > #define ROOT C:\Program Files\nxlogdefine ROOT C:\Program Files
> > > > (x86)\nxlog
> > > > Moduledir %ROOT%\modulesCacheDir %ROOT%\dataPidfile
> > > > %ROOT%\data\nxlog.pidSpoolDir %ROOT%\dataLogFile %ROOT%\data\nxlog.log
> > > > <Extension multiline>Module xm_multilineHeaderLine
> > > > /^\w\w\w\s\w\w\w\s\d\d\s\d\d:\d\d:\d\d\s\d\d\d\d/</Extension><Extension
> > > > syslog>Module xm_syslog</Extension><Input in>Module im_fileInputType
> > > > multilineFile
> > > > 'C:\oraclexe\app\oracle\diag\rdbms\xe\xe\trace\alert_xe.log'Exec
> > > > parse_syslog_ietf();Exec $Hostname = "OracleServer";</Input>
> > > > <Output out> Module om_udp Host 192.168.152.203
> > > > Port 514</Output>
> > > >
> > > > <Route 1>Path in =>
> > > > out</Route>--------------------------------------------------------------------------------------------------------------------
> > > >
> > > > i 've used example 6.18 and 6.22 to see what's possible.I understand
> > > > that , to "use" $Hostname i must use procedure "parse_syslog_ietf" or
> > > > "parse_syslog_bsd" but it doesn't work , so i'm not sure about my conf.
> > > > If someone have idea... :)
> > > > Regards,
> > > >
> > > >
> > > >
> > > >
> > >
> > > ------------------------------------------------------------------------------
> > > Introducing Performance Central, a new site from SourceForge and
> > > AppDynamics. Performance Central is your source for news, insights,
> > > analysis and resources for efficient Application Performance Management.
> > > Visit us today!
> > > http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
> > > _______________________________________________
> > > nxlog-ce-users mailing list
> > > [email protected]
> > > https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
> >
>
> ------------------------------------------------------------------------------
> Introducing Performance Central, a new site from SourceForge and
> AppDynamics. Performance Central is your source for news, insights,
> analysis and resources for efficient Application Performance Management.
> Visit us today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
> _______________________________________________
> nxlog-ce-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
