Thanks David, works great... CR
>the first thing to do is to test your ruleset > >create a template: >$template raw,"%rawmsg%\n" > >/var/log/testing;raw > >then you can do >head -1 raw |/usr/lib/lognorm/lognormalizer -r /etc/rsyslog.rb -v -e json -T > >and look at the output that you receive. > >one obvious problem that I see is that the rawmsg is going to contain the >priority info (facility/severity), so before the timestamp there is going to >be ><number> so your rules aren't going to match > >but by logging the rawmsg to a file, you will see exactly what is being passed >to the parser, and can test the parser from the command line. > >David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
