I'm trying to get as much valuable info into our oracledb as possible for further analysis. This is what I came up with so far:
$template OmoracleStatement,"INSERT INTO SYSLOG(ts,hostname,hostip,facility,severity,message) VALUES (to_timestamp_tz(substr(:ts, 1, 10) || ' ' || substr(:ts, 12), 'YYYY-MM-DD HH24:MI:SS.FF6TZH:TZM'),:hostname,:hostip,:facility,:severity,:message)" $template TestStmt,"%timereported:::date-rfc3339%%hostname%%fromhost-ip%%syslogfacility%%syslogseverity%%msg%" *.* :omoracle:;TestStmt These statements don't really work well: 1. timestamp ~ timereported - there's no reference on the web site about how different options format the output. I'd love to have the full-form date&time format, but without the letter "T" in the middle, since Oracle doesn't know how to handle it. The above values string is a workaround, but I'm afraid it's too slow to process great amounts of entries. 2. hostname doesn't get written - I only get 127.0.0.1 3. hostip - only gets written when messages arrive from localhost: 127.0.0.1 4. facility - gets written correctly 5. severity - the %msg% value gets written into this column 6. message - always empty I'm trying to centralize syslog from all surrounding servers. Only the central server uses rsyslog, all the rest use the plain syslog daemon. Should I replace syslog with rsyslog on the surrounding servers to get this to work? Is there some place to get some better reference for the rsyslog strings and it's results? Is it possible to log the exact values that omoracle tries to commit to the database? -- Best regards! Damien _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
