> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of [email protected] > Sent: Friday, July 16, 2010 7:44 AM > To: rsyslog-users > Subject: Re: [rsyslog] MySQL custom filters? > > On Thu, 15 Jul 2010, Joel Merrick wrote: > > > Hi list, > > > > I'm trying to build a service to enable the quick searching of mail > > logs, for our support team to use. We get quite a lot of log > > generation (about 2G of mysql data a day) > > > > Searching these becomes really inefficient after a while, even though > > there's extra keys and indexes in the db. > > > > I'd like to try and parse the syslog event using rsyslog and get the > > message ID out of the payload and add it as an indexed field, which > > should speed up queries (so we can stitch together a full email > > transaction) > > this shouldn't be _too_ hard, depending on where the message ID is in > the > messages you are logging > > just create your own template that writes the message ID as a separate > field.
If that's fast enough, you probably use regular expressions inside templates. Depending on the message content, you can possibly use field-based extraction (which is faster). If all that is too slow, you can write (or have written) a custom message formatter, where you have full control and power over what is done. So in short: ample of possibilities. :) Rainer _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
