Re: [rsyslog] template to parse file and save to database

Thu, 30 Aug 2018 09:12:26 -0700 

On Thu, 30 Aug 2018, Jason Prouty wrote:


would the normalize process allow me to break the message apart to insert 
fields from the message into a table?



Yes, and when you go to insert individual fields, you will want to adjust the 
template that you use to insert into the database to put the fields where you 
want them in the database.


David Lang



________________________________
From: rsyslog <rsyslog-boun...@lists.adiscon.com> on behalf of David Lang 
<da...@lang.hm>
Sent: Wednesday, August 29, 2018 6:16:07 PM
To: rsyslog-users
Subject: Re: [rsyslog] template to parse file and save to database

On Wed, 29 Aug 2018, Jason Prouty wrote:


I am trying to use the msg contains:

 directive to log a specific firewall policy  message to a database

would this be best to do in a template


no, all a template does is format the message.


currently I have it going to a flat file but I cannot seem to get it to log to 
a mysql database

:msg, contains, "policy_id=xxxx" /var/log/policyidxxx.log


so what you need to do is to look up the output module to put logs into your
database and replace the file output with the database insertion.

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.






















					Reply via email to