On Thu, Feb 2, 2012 at 11:11 AM, kumaig <[email protected]> wrote: > it does not work with T either :( >
Have you tried feeding it through ossec-logtest? The date may be getting decoded out. > On 2 феб, 14:07, "dan (ddp)" <[email protected]> wrote: >> On Wed, Feb 1, 2012 at 7:59 AM, kumaig <[email protected]> wrote: >> > I have tried for a few weeks to decode one magento log with no luck. I >> > have searched more then 2 weeks for solution for this problem. If >> > anyone can help i appreciate it. >> > the log is : >> > 2011-12-28T08:30:59+00:00 CRIT Not valid template file:frontend/base/ >> > default/template/exacttarget/top_sub.phtml >> >> > i have made several decoders but none worked for this log. >> >> > <decoder name="magentoCRIT"> >> > #<prematch>^\d\d\d\d-\d\d-\d\d\w\d\d:\d\d:\d\d\p\d\d:\d\d\.*</ >> > prematch> >> > #<prematch>^\d+-\d+-\d+\w\d+:\d+:\d+\p\d+:\d+ CRIT</prematch> >> > #<prematch>CRIT</prematch> >> > <prematch>\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\.\. CRIT</ >> > prematch> >> > </decoder> >> >> > My gues is that date format is making some sort of error.. because if >> > i try format like this >> >> > 2011-12-28 08:30:59+00:00 CRIT Not valid template file:frontend/base/ >> > default/template/exacttarget/top_sub.phtml >> >> > it finds modified decoder without \w. >> >> > Thank you all! >> >> Why use the \w? Isn't it always a "T"?
