Re: [rsyslog] Replacing newlines in incoming messages

Wed, 11 Mar 2015 16:27:01 -0700 

Hello Rainer,

You wrote:
> Pls read my previous message carefully: I think the LF *is* the message
> delimiter.

I've read it again, but I probably just don't understand your point.

I should an example from /var/log/messages:

==================================================================
2015-03-09T11:16:18.569746+01:00 2015-03-09T11:16:18.569746+01:00 monsrv 
127.0.0.1 snmptrapd[2446]: 2015-03-09 11:16:18 <UNKNOWN> [UDP: 
[192.168.x.x]:58378->[192.168.y.y]:162] (via 192.168.x.x [192.168.x.x]): 
VMWARE-PRODUCTS-MIB::vmwVC Enterprise Specific Trap (6.203) Uptime: 24 
days, 19:15:06.43   VMWARE-PRODUCTS-MIB::vmwVC.308.0 = INTEGER: 2   
VMWARE-PRODUCTS-MIB::vmwVC.304.0 = STRING: "Yellow" VMWARE-PRODUCTS-
MIB::vmwVC.305.0 = STRING: "Red"    VMWARE-PRODUCTS-MIB::vmwVC.306.0 = 
STRING: "alarm.StorageConnectivityAlarm - Event: Lost Storage 
Connectivity (38454177)
Summary: Lost connectivity to storage device 
naa.60060e80104d77f004f3468700000002. Path vmhba3:C0:T5:L2 is down. 
Affected datastores: Unknown.
Date: 06-03-2015 08:55:39
Host: vm1.somedomain.dk
Resource pool: myclus
Data center: myclus
Arguments:
    eventTypeId = esx.problem.storage.connectivity.lost
    objectId = host-102863
    objectName = vm1.somedomain.dk
    1 = naa.60060e80104d77f004f3468700000002
    2 = vmhba3:C0:T5:L2
    3 = Unknown
 OR Event: Lost Storage Connectivity (38454177)
Summary: Lost connectivity to storage device 
naa.60060e80104d77f004f3468700000002. Path vmhba3:C0:T5:L2 is down. 
Affected datastores: Unknown.
Date: 06-03-2015 08:55:39
Host: vm1.somedomain.dk
Resource pool: myclus
Data center: myclus
Arguments:
    eventTypeId = esx.problem.storage.connectivity.lost
    objectId = host-102863
    objectName = vm1.somedomain.dk
    1 = naa.60060e80104d77f004f3468700000002
    2 = vmhba3:C0:T5:L2
    3 = Unknown
 OR Event: Lost Storage Connectivity (38454177)
Summary: Lost connectivity to storage device 
naa.60060e80104d77f004f3468700000002. Path vmhba3:C0:T5:L2 is down. 
Affected datastores: Unknown.
Date: 06-03-2015 08:55:39
Host: vm1.somedomain.dk
Resource pool: myclus
Data center: myclus
Arguments:
    eventTypeId = esx.problem.storage.connectivity.lost
    objectId = host-102863
    objectName = vm1.somedomain.dk
    1 = naa.60060e80104d77f004f3468700000002
    2 = vmhba3:C0:T5:L2
    3 = Unknown
"   VMWARE-PRODUCTS-MIB::vmwVC.307.0 = STRING: "vm1.somedomain.dk"
==================================================================

The reason that there are two timestamps in the beginning of the message 
is that I've configured rsyslog record both the timestamp received from 
the logger and the timestamp on the syslog server itself (sometimes, we 
receive messages from equipment where the clock is way off).

-- 
Regards,
Troels Arvin <[email protected]>
http://troels.arvin.dk/

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to