[rsyslog] Need help in extracting and transforming the message to some other format

Thu, 14 Apr 2011 05:13:43 -0700 

Hello,

    My rsyslog version is 5.6.5. I am working on parsing the string and 
transforming the string to the database query. The setup and integration of 
postgresql database module is working fine and has been tested.


I wish to transform a string of sort say 
"stagename=antivirus,tid=12345,status=success" and i have to create a query of 
type "insert into rsyslog(stage,tid,status) 
values('antivirus','12345','success')".


I achieved this by adding a template


$template tpl_rsyslog,"insert into rsyslog(stage,tid,status)  
values('%msg:R,ERE,3,FIELD:(([[:space:]]*[a-z0-9]*)=([a-z0-9]+),[[:space:]]*)(([a-z0-9]*)=([a-z0-9]+),[[:space:]]*)(([a-z0-9]*)=([a-z0-9]+),[[:space:]]*)(([a-z0-9]*)=([a-z0-9]+)[[:space:]]*)--end%','%msg:R,ERE,6,FIELD:(([[:space:]]*[a-z0-9]*)=([a-z0-9]+),[[:space:]]*)(([a-z0-9]*)=([a-z0-9]+),[[:space:]]*)(([a-z0-9]*)=([a-z0-9]+),[[:space:]]*)(([a-z0-9]*)=([a-z0-9]+)[[:space:]]*)--end%','%msg:R,ERE,9,FIELD:(([[:space:]]*[a-z0-9]*)=([a-z0-9]+),[[:space:]]*)(([a-z0-9]*)=([a-z0-9]+),[[:space:]]*)(([a-z0-9]*)=([a-z0-9]+),[[:space:]]*)(([a-z0-9]*)=([a-z0-9]+)[[:space:]]*)--end%')",SQL


which works fine in this case where,

input :  stagename=antivirus,tid=12345,status=success

output : insert into syslog(stage,tid,status) 
values('antivirus','12345','success')


but, the regular expression provides the support for getting only the fields 
from range 0 to 9 in %msg:R,ERE,3,FIELD:<expression>%. If the field is at the 
12th position, i am unable to get that string.


Is there a workaround to get this thing done or i have missed something?


Also i would like to know, whether we can pipe the output of 1 property 
replacer to another?


Example, if that was possible, then i would have first used the field separator 
to get the first token stagename=antivirus and then using the regular 
expression or field separator again would have got the value of the stagename.


Can u pls provide the suggestion regarding the method i am trying to apply or a 
workaround to get this.


Thankyou,

Sandeep Sukhija,

Mithi Software Technologies Pvt. Ltd., Pune.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com

Reply via email to