Hi, The purpose of xm_multiline is for the case I wrote. If you need to do the reverse, you can use a regexp something like this: if $Message =~ /(line1)\s+(line2)/ $Message = $1 + "\n" + $2; But this will work for a fixed number of lines (captured substrings) known beforehand.
You should be aware that line breaks are stripped from the message if the result is converted to syslog, i.e. if you do this: $Message = $field1 + "\n" + $field2; to_syslog_bsd(); then the "\n" is internally replaced by to_syslog_bsd() with a space to be conforming with rfc3164. You should rewrite $raw_event manually in this case. Regards, Botond On Fri, 31 Jan 2014 06:34:36 -0700 Paul Fontenot <ssdv6...@gmail.com> wrote: > No, it is currently this > > Jan 30 14:04:03 cuvra00a0072 ... evt1 msg evt1 msg line2 evt1 msg line3 > evt1 msg line4 > > And I want it to be this > > Jan 30 14:04:03 cuvra00a0072 ... evt1 msg > evt1 msg line2 > evt1 msg line3 > evt1 msg line4 > Jan 30 14:04:03 cuvra00a0072 ... evt2 msg > evt2 msg line2 > > It's like I missed a newline at the end of the log entry when I use > xm_multiline but when I try to add one "Exec $raw_event = $Message + "\n";" > I didn't get anything in my logs. > > > On Fri, Jan 31, 2014 at 6:22 AM, Botond Botyanszki <b...@nxlog.org> wrote: > > > Hi, > > > > I'm still trying to understand the question. > > This is your input: > > > > Jan 30 14:04:03 cuvra00a0072 ... evt1 msg > > evt1 msg line2 > > evt1 msg line3 > > evt1 msg line4 > > Jan 30 14:04:03 cuvra00a0072 ... evt2 msg > > evt2 msg line2 > > > > And this is what you want it to reformat to: > > > > Jan 30 14:04:03 cuvra00a0072 ... evt1 msg evt1 msg line2 evt1 msg line3 > > evt1 msg line4 > > Jan 30 14:04:03 cuvra00a0072 ... evt2 msg evt2 msg line2 > > > > I.e. flattening the multi-line stack trace into a single line? > > > > Regards, > > Botond > > > > > > On Fri, 31 Jan 2014 06:01:10 -0700 > > Paul Fontenot <ssdv6...@gmail.com> wrote: > > > > > That is my mailer, the multiline comes as one long run on entry > > > > > > > > > On Fri, Jan 31, 2014 at 5:30 AM, Botond Botyanszki <b...@nxlog.org> > > wrote: > > > > > > > Hi, > > > > > > > > On Thu, 30 Jan 2014 14:32:27 -0700 > > > > "Paul Fontenot" <ssdv6...@gmail.com> wrote: > > > > > > > > > > > > > > I am getting this in my logs (this is a one line run on) > > > > > > > > > > > > > > > > ---------------------------------------------------------------------------- > > > > > ------------- > > > > > Jan 30 14:04:03 cuvra00a0072 [15: 04:03,991] ERROR [STDERR] Caused > > by: > > > > > java.util.concurrent.ExecutionException: java.lang.Exception: > > Revoked by > > > > > QA-ENT\scat-pki_enrollment Ja > > > > > n 30 14:04:03 cuvra00a0072 [15: 04:03,991] ERROR [STDERR] #011at > > > > > > > > Are your logs really in the above format? There is a line break in the > > > > middle of "Jan". Or it's just your mailer? > > > > > > > > Regards, > > > > Botond > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > > WatchGuard Dimension instantly turns raw network data into actionable > > > > security intelligence. It gives you real-time visual feedback on key > > > > security issues and trends. Skip the complicated setup - simply import > > > > a virtual appliance and go from zero to informed in seconds. > > > > > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk > > > > _______________________________________________ > > > > nxlog-ce-users mailing list > > > > nxlog-ce-users@lists.sourceforge.net > > > > https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users > > > > > > > > > > ------------------------------------------------------------------------------ > > WatchGuard Dimension instantly turns raw network data into actionable > > security intelligence. It gives you real-time visual feedback on key > > security issues and trends. Skip the complicated setup - simply import > > a virtual appliance and go from zero to informed in seconds. > > > > http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk > > _______________________________________________ > > nxlog-ce-users mailing list > > nxlog-ce-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users > > ------------------------------------------------------------------------------ WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk _______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
