On 2/27/2018 12:36 AM, David Lang wrote:
On Mon, 26 Feb 2018, deoren wrote:
you are better using mmnormalize, with your example you would have a
rule
rule=: %ip:ipv4% - %host:word% [%timestamp:char-to:]%]%-:rest%
this would create $!ip, $!host and $!timestamp (note I did this from
memory, I may have a subtle bug here)
I finally looped back around to this and tested the provided rule. I'm
not sure how significant it normally is, but the space between the
colon and the first % sign seemed to throw off the rule, otherwise
with that space removed the provided rule worked well.
correct, my mistake. The rule is very literal, it was looking for a
space before the IP address.
Not a problem, thank you for taking the time to provide it.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
