Thanks Dan On Aug 10, 4:45 am, "dan (ddp)" <[email protected]> wrote: > <decoder name="cartwright"> > <prematch>^\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d.\d\d\d\d DEBUG </prematch> > <regex>P_Username=(\S+) \.+P_PassWord=(\S+) \.+P_IPAddress=(\S+) > \.+P_ComputerName=(\S+) \.+ DBCall \p(\d+)\p </regex> > <order>dstuser, extra_data, srcip, url, status</order> > </decoder> > > Hopefully this application logs to its own file, because you'll need > to use the multi-line localfile option.
By default it doesn't, so what I will need to do is to extract just the relevant lines into another log file and run the decoder on the filtered log file. Will advise results next week. cheers .. .david The documentation is a bit > lacking at the moment, so here is what I used: > <localfile> > <log_format>multi-line: 7</log_format> > <location>/var/log/testing</location> > </localfile> > > The 7 is the number of lines in each log message. > > > > > > > > On Tue, Aug 9, 2011 at 7:12 AM, David Cartwright <[email protected]> > wrote: > > Got to admit that my efforts on decoders haven't been too successful. > > > Yes, the lines wrapped, so each line starts with the date in format > > 2011-08-09 .... > > > cheers .. .david > > > On Aug 9, 8:52 pm, "dan (ddp)" <[email protected]> wrote: > >> What do you have so far? > >> Are those single line logs? > >> On Aug 9, 2011 6:50 AM, "David Cartwright" <[email protected]> wrote: > > >> > I have the following log4j output fromTomcat6 for which I am hoping > >> > I can get help on a decoder. > > >> > Goal is to extract the username, password, IP address, Computer Name, > >> > and the final DBCall [x] reference that is 0 for failed login or 1 for > >> > successful login. > > >> > 2011-08-09 15:47:24.0196 DEBUG http-8443-4 gwt-log - DBCall > >> > [PARAM]P_Username=dummy > >> > 2011-08-09 15:47:24.0196 DEBUG http-8443-4 gwt-log - DBCall > >> > [PARAM]P_PassWord=dummypassword > >> > 2011-08-09 15:47:24.0196 DEBUG http-8443-4 gwt-log - DBCall > >> > [PARAM]P_IPAddress=222.333.444.555 > >> > 2011-08-09 15:47:24.0702 DEBUG http-8443-4 gwt-log - DBCall > >> > [PARAM]P_ComputerName=dummy.domain.com > >> > 2011-08-09 15:47:24.0702 DEBUG http-8443-4 gwt-log - DBCall [PARAM] > >> > [OUT]P_ErrorCode > >> > 2011-08-09 15:47:24.0702 DEBUG http-8443-4 gwt-log - DBCall [PARAM] > >> > [OUT]P_ErrorDescription > >> > 2011-08-09 15:47:24.0746 DEBUG http-8443-4 gwt-log - DBCall [0] > >> > Finish : Proc_Session_Create(?,?,?,?,?,?) : Took 1425 ms > > >> > many thanks .. david
