A specific parser module is the best and a quite simple solution. Parser modules were actually introduced for the use case you mention.
Raine Sent from phone, thus brief. Am 18.01.2017 09:58 schrieb "Benoit DOLEZ" <[email protected]>: > Hi, > > I don't find how to properly parse a log from tcp/udp input that do not > respect standard protocol. > > The line received has the format : > YYYY-MM-DD HH:MM:SS HOSTNAME SEVERITY ID MESSAGE > > sample: > 2016-11-12 10:54:24 TEST.company.corp INFO 2346 This is the message > > I want this log format be processed (by my big conf) like others BSD/IETF > logs : > - timereported : 2016-11-12 10:54:24 > - hostname (and others) : TEST.company.corp > - severity : info > - programname (and others) : ID2346 > > I tried mmexternal (that give the best result), mmnormalize, ... but it > seem that I need to write a specific parser module. > > Do you know a simplest&better solution ? > > Regards > > Benoit > > -- > Benoit DOLEZ, POM Monitoring, http://www.pom-monitoring.com/ > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
