Hi,
i have now this conf :
_____________________________________________________________________
## This is a sample configuration file. See the nxlog reference manual about
the## configuration options. It should be installed locally and is also
available## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html
## Please set the ROOT to the folder your nxlog was installed into,## otherwise
it will not start.
#define ROOT C:\Program Files\nxlogdefine ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modulesCacheDir %ROOT%\dataPidfile
%ROOT%\data\nxlog.pidSpoolDir %ROOT%\dataLogFile %ROOT%\data\nxlog.log
<Extension multiline>Module xm_multilineHeaderLine
/^\w\w\w\s\w\w\w\s\d\d\s\d\d:\d\d:\d\d\s\d\d\d\d/</Extension><Extension
syslog>Module xm_syslog</Extension><Input in>Module im_fileInputType
multilineFile 'C:\oraclexe\app\oracle\diag\rdbms\xe\xe\trace\alert_xe.log'Exec
$Message = $raw_event; $Sourcename = 'BaseOracle';Exec if $raw_event =~
/^(\w\w\w\s\w\w\w\s\d\d\s\d\d:\d\d:\d\d\s\d\d\d\d/)\{\ $EventTime =
strptime($1, '%c');\}\</Input>
<Output out> Module om_tcp Host 192.168.152.203 Port
514 Exec to_syslog_ietf();</Output>
<Route 1>Path in => out</Route>
______________________________________________________________________
with my condition commands
Exec if $raw_event =~ /^(\w\w\w\s\w\w\w\s\d\d\s\d\d:\d\d:\d\d\s\d\d\d\d/)\{\
$EventTime = strptime($1, '%c');\}\
but when i restart my nxlog i have this error :
2013-08-28 11:48:07 WARNING stopping nxlog service2013-08-28 11:48:07 WARNING
nxlog-ce received a termination request signal, exiting...2013-08-28 11:48:09
ERROR invalid keyword: Output at C:\Program Files
(x86)\nxlog\conf\nxlog.conf:352013-08-28 11:48:09 WARNING no routes
defined!2013-08-28 11:48:09 WARNING not starting unused module in2013-08-28
11:48:09 INFO nxlog-ce-2.5.1089 started
What's wrong here?
Thanks for your help :)
Regards,
> Date: Wed, 28 Aug 2013 11:28:06 +0200
> From: [email protected]
> To: [email protected]
> Subject: Re: [nxlog-ce-users] Extract (and convert?) date and store it in
> "EventTime" Field
>
> Hi,
>
> There is a parsedate() function, but that probably won't be able to parse
> this format. On the other hand it should be possible to do it with
> strptime() as in this example:
> http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html#idp9012752
>
> Note that you should use a captured reference in your regular expression
> using ().
>
> Regards,
> Botond
>
>
> On Wed, 28 Aug 2013 11:07:48 +0200
> Aurélien BOUVARD <[email protected]> wrote:
>
> > Hi,
> > On my syslog server , i saw that i can't receive "timereported" value (date
> > in syslog message header) so my syslog server replace it by a
> > "timegenerated" , which is the date i'm receiving the logs.
> > So i'm trying to extract the syslog header date, store it in "EventTime"
> > Field , and after send it on my server.
> > I also try to use " Exec EeventTime = now (); but of course it give me the
> > date of receiving on the client , not the syslog header date.
> > I have this kind of multiline message
> >
> > Tue Aug 20 13:13:36 2013[1952] Successfully onlined Undo Tablespace 2.Undo
> > initialization finished serial:0 start:161008 end:163988 diff:2980 (29
> > seconds)Verifying file header compatibility for 11g tablespace
> > encryption..Verifying 11g file header compatibility for tablespace
> > encryption completedSMON: enabling tx recoveryDatabase Characterset is
> > AL32UTF8Opening with Resource Manager plan: INTERNAL_PLAN_XE
> >
> > so , i try to do this :
> >
> >
> >
> > Exec if ( $Message =~ /^\w\w\w\s\w\w\w\s\d\d\s\d\d:\d\d:\d\d\s\d\d\d\d/ )
> > \{ \$EventTime = ??????}
> > i don't know what i can write there to take something corresponding to my
> > regex I also thank to "extract all characters from the first line and put
> > it in $EventTime" but it dosen't work ( i used split, trim...)
> >
> > of course , after that , i use "Exec to_syslog_ietf();" to receive good
> > logs.
> > Any idea or suggestion?
> >
> >
> > ------------------------------------------------------------------------------------------------------------------------------------------
> >
> >
>
> ------------------------------------------------------------------------------
> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies
> and advance your career. Get an incredible 1,500+ hours of step-by-step
> tutorial videos with LearnDevNow. Subscribe today and save!
> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> _______________________________________________
> nxlog-ce-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
