Not at the moment, I am currently looking into the scripting engine (for stringlength-based evaluations)
I highly suggest http://twitter.com/rgerhards to keep track of what I am looking at. You do NOT need to be subscribed to twitter to use this service. Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of [email protected] > Sent: Tuesday, March 10, 2009 4:22 PM > To: rsyslog-users > Subject: Re: [rsyslog] properties not getting filled in correctly > > On Sat, 7 Mar 2009, Rainer Gerhards wrote: > > > The messages indeed look ok. I'll feed them into my parser and will > see what happens. > > any idea what's happening here yet? > > David Lang > > > rainer > > > > ----- Urspr?ngliche Nachricht ----- > > Von: "[email protected]" <[email protected]> > > An: "rsyslog-users" <[email protected]> > > Gesendet: 07.03.09 02:20 > > Betreff: Re: [rsyslog] properties not getting filled in correctly > > > > On Fri, 6 Mar 2009, Rainer Gerhards wrote: > > > >> That's why I am after the log samples :) I just termed a new acronym > >> this afternoon: > >> YAMSF - yet another malformed syslog format ;) > >> > >> http://blog.gerhards.net/2009/02/calling-for-log-samples.html > >> > >> I try hard to get the fields right, but often this is impossible, > >> resulting in the issues you see. > > > > these logs come from several different servers, including different > OSs, > > but all are misparsed by rsyslog. > > > > I am not seeing anything obviously wrong with them > > > > <167>Mar 6 16:57:54 172.20.245.8 %PIX-7-710005: UDP request > discarded from SERVER1/2741 to test_app:255.255.255.255/61601 > > <29>Mar 6 16:57:54 methane1d-b plug-gw[25213]: connect host= > /192.168.243.37 destination=179.50.100.130/60029 > > <29>Mar 6 16:57:54 methane1a-b plug-gw[29368]: disconnect host= > /192.168.242.119 destination=179.50.100.52/14733 in=357 out=71 > duration=1 > > <29>Mar 6 16:57:54 happy1-b plug-gw[30259]: connect host= > /192.168.22.8 destination=192.168.104.31/5667 > > <22>Mar 6 16:57:54 192.168.242.66 sendmail[13328]: n270vrSH013326: > to=<[email protected]>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, > pri=37052, relay=mx1.hotmail.com. [65.54.244.8], dsn=2.0.0, stat=Sent ( > <[email protected]> Queued mail for > delivery) > > <29>Mar 6 16:57:54 corpmail1-p netacl[3839]: permit host= > /10.201.7.120 service=telnetd execute=/usr/local/etc/tn-gw > > > > David Lang > > > >> Rainer > >> > >>> -----Original Message----- > >>> From: [email protected] [mailto:rsyslog- > >>> [email protected]] On Behalf Of [email protected] > >>> Sent: Friday, March 06, 2009 7:54 PM > >>> To: rsyslog-users > >>> Subject: Re: [rsyslog] properties not getting filled in correctly > >>> > >>> On Fri, 6 Mar 2009, [email protected] wrote: > >>> > >>>> I'm running into problems trying to do filtering. it looks as if > the > >>> log > >>>> parsing is not properly filling in the properties. > >>>> > >>>> what I've run into so far > >>>> > >>>> when I use the property 'programname' the content that I see is > what > >>> I would > >>>> expect in 'hostname' > >>>> > >>>> when I use the property 'hostname' the content that I see is what > I > >>> would > >>>> expect in 'fromhost' > >>>> > >>>> I haven't checked all the other properties, but my guess is that > >>> somehow > >>>> rsyslog is off-by-one in filling them in. > >>> > >>> having said this, date, fromhost, and from-ip appear to be filled > in > >>> correctly. > >>> > >>> David Lang > >>> _______________________________________________ > >>> rsyslog mailing list > >>> http://lists.adiscon.net/mailman/listinfo/rsyslog > >>> http://www.rsyslog.com > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com > >> > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
