Hi,
I have logs from fortigate with many variantes of 20 to 40
key[=("value"|value|)] fields separated with spaces .
It seems "iptables" is the only (old) rsyslog normalizer to parse kv
strings and, probably, it don't parse quoting values like
"lognorm/string" do it.
Is there a simple method to build a $! tree from key/value string like
mmparsejson do it for json ?
If none, I can make it. I think it's better to write a message
modification module than a new lognorm format. Do you agree ?
Regards,
Benoit
--
Benoit DOLEZ, POM Monitoring, http://www.pom-monitoring.com/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
