Hi,
that was a stupid error , the real error was that module exec can't parse the
date
I also tried this
Exec if $raw_event =~ /^(\w\w\w\s\w\w\w\s\d\d\s\d\d:\d\d:\d\d\s\d\d\d\d/)\{\
$EventTime = strptime($1, '%a%s%h%s%d%a%T%a%Y');\}
but i still have an error such as
2013-08-28 12:59:20 ERROR Couldn't parse Exec block at C:\Program Files
(x86)\nxlog\conf\nxlog.conf:32; couldn't parse statement at line 32, character
72 in C:\Program Files (x86)\nxlog\conf\nxlog.conf; failed to compile regular
expression '^(\w\w\w\s\w\w\w\s\d\d\s\d\d:\d\d:\d\d\s\d\d\d\d', error at
position 48: missing )2013-08-28 12:59:20 ERROR module 'in' has configuration
errors, not adding to route '1' at C:\Program Files
(x86)\nxlog\conf\nxlog.conf:442013-08-28 12:59:20 ERROR route 1 is not
functional without input modules, ignored at C:\Program Files
(x86)\nxlog\conf\nxlog.conf:442013-08-28 12:59:20 WARNING no routes
defined!2013-08-28 12:59:20 WARNING not starting unused module in2013-08-28
12:59:20 WARNING not starting unused module out2013-08-28 12:59:20 INFO
nxlog-ce-2.5.1089 started
It seems it does not recongnize my variable "%s" for escape character... for
the other i think it's good
when i try to replace %s with %t but same error occured...
i use this unix doc to see whati can do
http://en.wikipedia.org/wiki/Date_(Unix) and also documentation.
Regards,
> Date: Wed, 28 Aug 2013 12:21:01 +0200
> From: [email protected]
> To: [email protected]
> Subject: Re: [nxlog-ce-users] Extract (and convert?) date and store it in
> "EventTime" Field
>
> you have an extra \ at the end which makes it a single line, thus an
> invalid config:
>
> }\
> </Input>
>
>
> On Wed, 28 Aug 2013 12:09:43 +0200
> Aurélien BOUVARD <[email protected]> wrote:
>
> > Hi,
> >
> > i have now this conf :
> > _____________________________________________________________________
> > ## This is a sample configuration file. See the nxlog reference manual
> > about the## configuration options. It should be installed locally and is
> > also available## online at
> > http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html
> > ## Please set the ROOT to the folder your nxlog was installed into,##
> > otherwise it will not start.
> > #define ROOT C:\Program Files\nxlogdefine ROOT C:\Program Files (x86)\nxlog
> > Moduledir %ROOT%\modulesCacheDir %ROOT%\dataPidfile
> > %ROOT%\data\nxlog.pidSpoolDir %ROOT%\dataLogFile %ROOT%\data\nxlog.log
> > <Extension multiline>Module xm_multilineHeaderLine
> > /^\w\w\w\s\w\w\w\s\d\d\s\d\d:\d\d:\d\d\s\d\d\d\d/</Extension><Extension
> > syslog>Module xm_syslog</Extension><Input in>Module im_fileInputType
> > multilineFile
> > 'C:\oraclexe\app\oracle\diag\rdbms\xe\xe\trace\alert_xe.log'Exec $Message =
> > $raw_event; $Sourcename = 'BaseOracle';Exec if $raw_event =~
> > /^(\w\w\w\s\w\w\w\s\d\d\s\d\d:\d\d:\d\d\s\d\d\d\d/)\{\ $EventTime =
> > strptime($1, '%c');\}\</Input>
> > <Output out> Module om_tcp Host 192.168.152.203 Port
> > 514 Exec to_syslog_ietf();</Output>
> >
> > <Route 1>Path in => out</Route>
> >
> > ______________________________________________________________________
> >
> >
> > with my condition commands
> > Exec if $raw_event =~
> > /^(\w\w\w\s\w\w\w\s\d\d\s\d\d:\d\d:\d\d\s\d\d\d\d/)\{\ $EventTime =
> > strptime($1, '%c');\}\
> >
> > but when i restart my nxlog i have this error :
> > 2013-08-28 11:48:07 WARNING stopping nxlog service2013-08-28 11:48:07
> > WARNING nxlog-ce received a termination request signal,
> > exiting...2013-08-28 11:48:09 ERROR invalid keyword: Output at C:\Program
> > Files (x86)\nxlog\conf\nxlog.conf:352013-08-28 11:48:09 WARNING no routes
> > defined!2013-08-28 11:48:09 WARNING not starting unused module in2013-08-28
> > 11:48:09 INFO nxlog-ce-2.5.1089 started
> > What's wrong here?
> >
> > Thanks for your help :)
> > Regards,
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > > Date: Wed, 28 Aug 2013 11:28:06 +0200
> > > From: [email protected]
> > > To: [email protected]
> > > Subject: Re: [nxlog-ce-users] Extract (and convert?) date and store it in
> > > "EventTime" Field
> > >
> > > Hi,
> > >
> > > There is a parsedate() function, but that probably won't be able to parse
> > > this format. On the other hand it should be possible to do it with
> > > strptime() as in this example:
> > > http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html#idp9012752
> > >
> > > Note that you should use a captured reference in your regular expression
> > > using ().
> > >
> > > Regards,
> > > Botond
> > >
> > >
> > > On Wed, 28 Aug 2013 11:07:48 +0200
> > > Aurélien BOUVARD <[email protected]> wrote:
> > >
> > > > Hi,
> > > > On my syslog server , i saw that i can't receive "timereported" value
> > > > (date in syslog message header) so my syslog server replace it by a
> > > > "timegenerated" , which is the date i'm receiving the logs.
> > > > So i'm trying to extract the syslog header date, store it in
> > > > "EventTime" Field , and after send it on my server.
> > > > I also try to use " Exec EeventTime = now (); but of course it give me
> > > > the date of receiving on the client , not the syslog header date.
> > > > I have this kind of multiline message
> > > >
> > > > Tue Aug 20 13:13:36 2013[1952] Successfully onlined Undo Tablespace
> > > > 2.Undo initialization finished serial:0 start:161008 end:163988
> > > > diff:2980 (29 seconds)Verifying file header compatibility for 11g
> > > > tablespace encryption..Verifying 11g file header compatibility for
> > > > tablespace encryption completedSMON: enabling tx recoveryDatabase
> > > > Characterset is AL32UTF8Opening with Resource Manager plan:
> > > > INTERNAL_PLAN_XE
> > > >
> > > > so , i try to do this :
> > > >
> > > >
> > > >
> > > > Exec if ( $Message =~ /^\w\w\w\s\w\w\w\s\d\d\s\d\d:\d\d:\d\d\s\d\d\d\d/
> > > > ) \{ \$EventTime = ??????}
> > > > i don't know what i can write there to take something corresponding to
> > > > my regex I also thank to "extract all characters from the first line
> > > > and put it in $EventTime" but it dosen't work ( i used split, trim...)
> > > >
> > > > of course , after that , i use "Exec to_syslog_ietf();" to receive good
> > > > logs.
> > > > Any idea or suggestion?
> > > >
> > > >
> > > > ------------------------------------------------------------------------------------------------------------------------------------------
> > > >
> > > >
> > >
> > > ------------------------------------------------------------------------------
> > > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> > > Discover the easy way to master current and previous Microsoft
> > > technologies
> > > and advance your career. Get an incredible 1,500+ hours of step-by-step
> > > tutorial videos with LearnDevNow. Subscribe today and save!
> > > http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> > > _______________________________________________
> > > nxlog-ce-users mailing list
> > > [email protected]
> > > https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
> >
>
> ------------------------------------------------------------------------------
> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies
> and advance your career. Get an incredible 1,500+ hours of step-by-step
> tutorial videos with LearnDevNow. Subscribe today and save!
> http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
> _______________________________________________
> nxlog-ce-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
