I think the : on the end of [Root]system-notification-00257(traffic): is
messing me up
Aug 30 15:58:28 dencfw01.contournetworks.net dencfw01: NetScreen
device_id=dencfw01 [Root]system-notification-00257(traffic):
start_time="2018-08-30 13:58:26" duration=2 policy_id=1623 service=https
On Thu, 30 Aug 2018, Jason Prouty wrote:
I am trying to normalize my firewall log
example
[Root]system-notification-00257(traffic): start_time="2018-08-30 13:58:26"
duration=2 policy_id=1623 service=https proto=6 src zone=private_atm dst zone=Untrust
action=Permit sent=136 rcvd=68
I am trying to normalize my firewall log
example
[Root]system-notification-00257(traffic): start_time="2018-08-30 13:58:26"
duration=2 policy_id=1623 service=https proto=6 src zone=private_atm dst
zone=Untrust action=Permit sent=136 rcvd=68 src=10.82.8.20
when I run the rule I am getting
On Thu, 30 Aug 2018, Jason Prouty wrote:
would the normalize process allow me to break the message apart to insert
fields from the message into a table?
Yes, and when you go to insert individual fields, you will want to adjust the
template that you use to insert into the database to put the
would the normalize process allow me to break the message apart to insert
fields from the message into a table?
From: rsyslog on behalf of David Lang
Sent: Wednesday, August 29, 2018 6:16:07 PM
To: rsyslog-users
Subject: Re: [rsyslog] template to parse file
On Wed, 29 Aug 2018, Jason Prouty wrote:
I am trying to use the msg contains:
directive to log a specific firewall policy message to a database
would this be best to do in a template
no, all a template does is format the message.
currently I have it going to a flat file but I cannot
6 matches
Mail list logo