Hello
I'm trying to use such .rb file to parse logs:
version=2
rule=:%Server:char-to:\t%\t%stamp:char-to:\t%\t%ip:ipv4%\t%Site:char-to:\t%\t%BID:char-to:\t%\t%SID:char-to:\t%\t%LD:char-to:\t%\t%UserID:char-to:\t%\t%logged:char-to:\t%\t%event:char-to:\t%\t%User_Agent:char-to:\t%\t%Parameters:rest%
Problem is such for strings is working only "char-to" any other like
"string-to" or "rest" don't want to work. I figure out most of the things with
"char-to" but still need to take everything till end of line from one point.
How can i do it?
Second thing is that in rsyslog 8.17 bellow settings are not working working:
Here is my example log where my \t characters are changed:
Mar 10 10:57:35 servername log_tag
servername.at.google.com#01120160310105735#01144.44.44.443#011app#011162040-1441908796007#011918408-1457625732031#0110#0110#011N#011pageview#011Mozilla/5.0
(X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75
Safari/537.36#011deviceClass=desktop#011pageName=login#011referrer=#011clickId=#011mseg=
I set up in main configuration file such option to let known rsyslog i don't
want such change:
global (
parser.escapeControlCharactersCStyle="off"
)
But rsyslog is still changing \t characters to #011 like you can see in log
example and cos of that lognoromalizer not doing its job. How to force him to
not to do it?
Regards
Robert
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
