> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of GUERIN Mathieu > Sent: Thursday, November 29, 2012 10:03 AM > To: [email protected] > Subject: [rsyslog] Templates sub matching regex > > Hello everybody, > > Actually, I am using rsyslog to collect windows events and I would like > to know if is it possible to capture and reuse the sub matching regular > expression ? > > I have wrote some templates to record the events in a data base. But, I > am forced to use expressions likes : %msg:F,58:2%. That not enough to > split the field. > My aim is to use regular expression to explode the "msg" field in N > fields and use them.
The rsyslog windows agent can emit data in CEE format. You can than simply use mmjsonparse to get hold of the individual fields. > > In this way, I will be able to write a template like : > > $template EVT,"insert into table (field1, field2, field3) > values (%msg <Submatch 1>%,%msg <Submatch 2>%,%msg <Submatch 3>%),SQL > This is not possible. Rainer > Maybe someone faced this trouble ? > > Thanks a lot for your help. > Mathieu. > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST > if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
