I have no idea on omoracle, but I can comment on the "normal" rsyslog stuff...
> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Damjan Žiberna > Sent: Wednesday, July 28, 2010 3:36 PM > To: rsyslog-users > Subject: [rsyslog] OmoracleStatement format > > I'm trying to get as much valuable info into our oracledb as possible > for > further analysis. This is what I came up with so far: > > > $template OmoracleStatement,"INSERT INTO > SYSLOG(ts,hostname,hostip,facility,severity,message) VALUES > (to_timestamp_tz(substr(:ts, 1, 10) || ' ' || substr(:ts, 12), 'YYYY- > MM-DD > HH24:MI:SS.FF6TZH:TZM'),:hostname,:hostip,:facility,:severity,:message) > " > $template > TestStmt,"%timereported:::date-rfc3339%%hostname%%fromhost- > ip%%syslogfacility%%syslogseverity%%msg%" > *.* :omoracle:;TestStmt > > These statements don't really work well: > 1. timestamp ~ timereported - there's no reference on the web site > about how > different options format the output. I'd love to have the full-form > date&time format, but without the letter "T" in the middle, since > Oracle > doesn't know how to handle it. The above values string is a workaround, > but > I'm afraid it's too slow to process great amounts of entries. I think it would be best to split the RFC3339 date via the property replacer (using start and end position) and then feed this to omoracle. The full doc on property replacer is here: http://www.rsyslog.com/doc/property_replacer.html > > 2. hostname doesn't get written - I only get 127.0.0.1 It would be useful to write a quick debug file *.* /var/log/debug.log;RSYSLOG_DebugFormat This shows what exactly is stored in which property and can probably used to solve the question what exactly happens. > > 3. hostip - only gets written when messages arrive from localhost: > 127.0.0.1 > > 4. facility - gets written correctly > > 5. severity - the %msg% value gets written into this column > > 6. message - always empty see 2. > I'm trying to centralize syslog from all surrounding servers. Only the > central server uses rsyslog, all the rest use the plain syslog daemon. > Should I replace syslog with rsyslog on the surrounding servers to get > this > to work? That's probably not necessary, but let's see the result of 2. > Is there some place to get some better reference for the rsyslog > strings and > it's results? see link above > > Is it possible to log the exact values that omoracle tries to commit to > the > database? you can write to a file with the same template you use for omoracle. But 2. should be sufficient. Rainer > > > -- > Best regards! > Damien > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
