Thanks for the log_info() tip, that showed me exactly what I was missing. -----Original Message----- From: Botond Botyanszki [mailto:b...@nxlog.org] Sent: Monday, August 04, 2014 2:12 PM To: nxlog-ce-users@lists.sourceforge.net Subject: Re: [nxlog-ce-users] Pattern issue
Hi Paul, You should first make sure the Message field contains the data you expect since the log entry is not fully compliant bsd syslog, i.e. Hostname is missing and there is a severity (INFO). log_info(to_json()) or log_info($Message) could help. It's likely that the parse_syslog_bsd() cannot grok this, I suggest doing manual extraction as done in this example: http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html#sources_app_tomcat Regards, Botond On Mon, 4 Aug 2014 16:20:59 +0000 <ward.p.fonte...@wellsfargo.com> wrote: > I’m fairly familiar with regular expressions so that’s not an issue – > admittedly my question was poorly written. I was actually hoping an > answer would come across telling me that based on the breakdown of the > log entry > > > > <13>Jul 31 14:32:01 INFO [org.apache.commons.logging.impl.Log4JLogger] > [QueryBeansDataAccessManager.getConnection()] Getting a connection from DS. > > > > that my *assumption* that this was the Message field was incorrect. > > > > <matchfield> > <name>Message</name> > <type>REGEXP</type> > <value>[QueryBeansDataAccessManager.getConnection()] Getting a > connection from DS</value> </matchfield> > > > > I was in a hurry when I sent the original email and left out the > backslashes here > > > > <matchfield> > <name>Message</name> > <type>REGEXP</type> > <value>\[QueryBeansDataAccessManager.getConnection\(\)\] Getting a > connection from DS</value> </matchfield> > > > > From: Cameron Kerr [mailto:cameron.kerr...@gmail.com] > Sent: Sunday, August 03, 2014 2:51 AM > To: Fontenot, Ward P. > Cc: nxlog-ce-users@lists.sourceforge.net > Subject: Re: [nxlog-ce-users] Pattern issue > > > > My guess is that you've included a [...] construct in your regular expression > without realising what it does. > > > > Replace it with \[...\] > > > > You may also benefit from learning about regular expressions, as there are a > number of characters that have special meaning. I'm guessing you haven't used > them much before, in which case it's best to learn them reasonably well > before you end up getting very frustrated by them. > > > > Cheers, > > Cameron > > On Friday, 1 August 2014, <ward.p.fonte...@wellsfargo.com> wrote: > > I'm stumped and need a little push in the right direction > > I'm using this input > ---------------------------------------------------------------------- > ------ > ------------- > <Input cdvra00a0100_in> > Module im_tcp > Host 192.168.0.10 > Port 5300 > Exec parse_syslog_bsd(); > </Input> > > This pattern > ---------------------------------------------------------------------- > ------ > ------------- > <Processor jboss_patterns> > Module pm_pattern > PatternFile /etc/nxlog.d/jboss-patterndb.xml > </Processor> > > This output > ---------------------------------------------------------------------- > ------ > ------------- > <Output cdvra00a0100_all_out> > Module om_file > File '%CDVRA00A0100_ALL%' > </Output> > > This route > ---------------------------------------------------------------------- > ------ > ------------- > <Route cdvra00a0100_route> > Path cdvra00a0100_in => jboss_patterns => > cdvra00a0100_out > </Route> > > I'm trying to match this log entry > ---------------------------------------------------------------------- > ------ > ------------- > <13>Jul 31 14:32:01 INFO [org.apache.commons.logging.impl.Log4JLogger] > [QueryBeansDataAccessManager.getConnection()] Getting a connection from DS. > > Using this pattern in my jboss-patterndb.xml file > ---------------------------------------------------------------------- > ------ > ------------- > <matchfield> > <name>Message</name> > <type>REGEXP</type> > <value>[QueryBeansDataAccessManager.getConnection()] Getting a > connection from DS</value> </matchfield> > > > > Paul Fontenot > Enterprise Key Management & Public Key Infrastructure | EIST&O | ETS | > TOG | Wells Fargo > > 2600 S. Price Rd. 2nd Floor | Chandler, AZ 85286 MAC S3939-022 Cell > (480) 253-2908 > > ward.p.fonte...@wellsfargo.com <javascript:;> > > This message may contain confidential and/or privileged information. > If you are not the addressee or authorized to receive this for the > addressee, you must not use, copy, disclose, or take any action based > on this message or any information herein. If you have received this > message in error, please advise the sender immediately by reply e-mail > and delete this message. Thank you for your cooperation. > > > > -- > > -- > Cameron Kerr <cameron.kerr...@gmail.com> > > See my blog at http://distracted-it.blogspot.co.nz/ (previously > http://humbledown.org/) > > Skype me on cameron.kerr.nz > > > > >
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
