Hi Peter, Both SyslogSeverity and Severity are picked up if available, the latter uses nxlog's severity levels. Since you are setting these fields, I think the issue here is that the value assigned is a string instead of an integer. The following should help: $SyslogSeverity = integer($2);
Regards,
Botond
On Thu, 2 Oct 2014 11:18:41 -0700
Peter Loron <pet...@standingwave.org> wrote:
> I’m running nxlog on an Ubuntu 14.04 system which is parsing the log from an
> Atlassian Confluence instance. Nxlog is then sending the data to a Graylog2
> server via GELF UDP.
>
> The log messages are often multiline. I’m catching the messages properly, but
> I’m having issues in getting the parsed bits of data out to Graylog in the
> right format. Specifically, I want to explicitly set the value of some of the
> fields that are sent to Graylog. For example, there is a field which is
> displayed in Graylog as “level”. In nxlog.conf, I have statements in an exec
> clause which goes like this:
>
> <Input confluence>
> Module im_file
> File
> "/opt/atlassian/application-data/confluence/logs/atlassian-confluence.log"
> InputType multiline
> SavePos false
> ReadFromLast false
> Exec if $raw_event =~ /^(\d{4}\-\d{2}\-\d{2}
> \d{2}\:\d{2}\:\d{2}),\d{3} (\S+) \[(.+?)\] \[(.+?)\] (.+?) (.+)/s \
> { \
> $EventTime = parsedate($1); \
> $SyslogSeverity = $2; \
> $Severity = $2; \
> $Level = $2; \
> $level = $2; \
> $Thread = $3; \
> $Class = $4; \
> $Operation = $5; \
> $Message = $6; \
> }
> </Input>
>
> In Graylog, when I look at a parsed message, I can see “Level” and “Severity”
> fields set properly, but “level” is always “Info [6]”. Is there a map if
> those field names and how to set them explicitly?
>
> Thanks!
>
> -Pete
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
