I have xm_multiline working from the stand point of lumping the complete
multiline message between the "----------------------" but I have not
figured out how to format the message the way I want in the log. I am
currently using the following configuration - minus the inclusion of the
definition for %JBOSS% and the contents of the patterns xml.
*** BEGIN CURRENT CONFIGURATION ***
<Extension jboss-multi>
Module xm_multiline
HeaderLine
/^\w+\s+\d{2}\s+\d{2}:\d{2}:\d{2}\s+\w+\s+\[\d{2}:\s+\d{2}:\d{2},\d{3}\]\s+\
w+\s+\[[a-zA-Z0-9.]+\]\s+\w+/
</Extension>
<Input jbossUAT-in>
Module im_file
File
"/var/app-serverlogs/uat/[a-zA-Z0-9]*-jboss.log"
InputType jboss-multi
SavePos TRUE
Exec parse_syslog_bsd();
</Input>
<Processor pattern-jbossUAT>
Module pm_pattern
PatternFile /etc/nxlog.d/jboss-patterns.xml
</Processor>
<Output jbossUAT>
Module om_file
CreateDir true
Exec to_syslog_bsd();
Exec $raw_event =
"---------------------------------------------------------------------------
----\n" + $raw_event;
File "%JBOSS%/" + "jboss-uat.log"
</Output>
<Route jbossUAT-route>
Path jbossUAT-in => pattern-jbossUAT =>
jbossUAT
</Route>
*** END CURRENT CONFIGURATION ***
I've tried various things including adding an 'Exec parse_syslog_bsd{};
raw_event = $Message+ "\n";' to the Input module but when I do that I get
nothing in the logs.
I am getting this in my logs (this is a one line run on)
----------------------------------------------------------------------------
-------------
Jan 30 14:04:03 cuvra00a0072 [15: 04:03,991] ERROR [STDERR] Caused by:
java.util.concurrent.ExecutionException: java.lang.Exception: Revoked by
QA-ENT\scat-pki_enrollment Ja
n 30 14:04:03 cuvra00a0072 [15: 04:03,991] ERROR [STDERR] #011at
java.util.concurrent.FutureTask$Sync.innerGet(FutureTask.java:222) Jan 30
14:04:03 cuvra00a0072 [15: 04:03,991]
ERROR [STDERR] #011at
java.util.concurrent.FutureTask.get(FutureTask.java:83) Jan 30 14:04:03
cuvra00a0072 [15: 04:03,991] ERROR [STDERR] #011at
com.wfsc.pki.cms.common.ms.servi
ce.MSServiceFullfillmentImpl.getCertFromThreadList(MSServiceFullfillmentImpl
.java:119) Jan 30 14:04:03 cuvra00a0072 [15: 04:03,991] ERROR [STDERR]
#011... 11 more
----------------------------------------------------------------------------
-------------
And I am trying to format it like this (this is one line each starting with
the date)
----------------------------------------------------------------------------
-------------
Jan 30 14:04:03 cuvra00a0072 [15: 04:03,991] ERROR [STDERR] Caused by:
java.util.concurrent.ExecutionException: java.lang.Exception: Revoked by
QA-ENT\scat-pki_enrollment
Jan 30 14:04:03 cuvra00a0072 [15: 04:03,991] ERROR [STDERR] #011at
java.util.concurrent.FutureTask$Sync.innerGet(FutureTask.java:222)
Jan 30 14:04:03 cuvra00a0072 [15: 04:03,991] ERROR [STDERR] #011at
java.util.concurrent.FutureTask.get(FutureTask.java:83)
Jan 30 14:04:03 cuvra00a0072 [15: 04:03,991] ERROR [STDERR] #011at
com.wfsc.pki.cms.common.ms.service.MSServiceFullfillmentImpl.getCertFromThre
adList(MSServiceFullfillmentImpl.java:119)
Jan 30 14:04:03 cuvra00a0072 [15: 04:03,991] ERROR [STDERR] #011... 11 more
----------------------------------------------------------------------------
-------------
Hopefully this was clear enough.
------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable
security intelligence. It gives you real-time visual feedback on key
security issues and trends. Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
