Hello, I'm trying to use this Apache Logs pattern in 8.13 on Ubuntu: https://github.com/rsyslog/liblognorm-rulebases/blob/master/rules/v2/apache_combined.rb
And I remember testing that exact rule on a hand-compiled master of 8.13 before it was released. Now it doesn't seem to work both rsyslog and the lognormalizer binaries complain: liblognorm error: invalid field type ' "word", "name"' Translating the rule to its compact equivalent works like a charm (with version=2 still there): rule=:%clientip:word% %ident:word% %auth:word% [%timestamp:char-to:]%] "%verb:word% %request:word% HTTP/%httpversion:float%" %response:number% %bytes:number% "%referrer:char-to:"%" "%agent:char-to:"%"%blob:rest% Is this a bug in the latest liblognorm release or in packaging or am I missing something? I don't know how to check the liblognorm version included in the package :( Best regards, Radu -- Performance Monitoring * Log Analytics * Search Analytics Solr & Elasticsearch Support * http://sematext.com/ _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
