> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Champ Clark III [Softwink] > Sent: Friday, December 10, 2010 7:29 PM > To: rsyslog-users > Subject: Re: [rsyslog] liblognorm, libee and libestr has been released > > On Fri, Dec 10, 2010 at 01:16:45PM +0100, Tom Bergfeld wrote: > > Hi all, > > > > we have just released liblognorm, libee and libestr. > > > > liblognorm 0.1.0 has been released > > Thursday, December 9th, 2010 > > First off, congrat's on the release. I know it's still far > from done, but it's a great stepping stone. > > I had the chance to play with liblognorm a bit today. It's > pretty dang straight forward. I have one question (code snip it): > > es_emptyStr(str); > ee_fmtEventToRFC5424(event, &str); > cstr = es_str2cstr(str, NULL); > printf("Normalize: '%s'\n", cstr); > > .. And everything normalizes as expected .. > > [...@115 port="48973" ip="192.168.0.1" tag="sshd[4416\]" host="myhost" > date="Dec 10 12:13:50"] > > How do I pull just the "ip" field? That is, how to I pull > seperated > fields (ip, tag, host, date, etc)? This is probably a simple > question, > but figured I might ask. I'll continue looking around.
I updated the online doc. It is this function: http://doc.libee.org/structee__event.html#a4e3ae5e5ba094572a9d7b5368b63b279 A practical use sample of this function can be found in rsyslog's git: http://git.adiscon.com/?p=rsyslog.git;a=blob;f=runtime/msg.c;h=65ea101f3a95c3 cd1852d8a790c04246ff0840c4;hb=master#l2240 HTH Rainer PS: I plan to release an experimental rsyslog version with normalization support today or tomorrow (a bit more probable) _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
