On Tue, 13 Dec 2011, Risto Vaarandi wrote: > ...to add another idea -- if you want to run a very fast normalization > on logs with multi-line events, you could also take advantage of the > LogPP (Log PreProcessor) utility at http://logpp.sourceforge.net. > I wrote it some years ago for fast processing and flatfile -> syslog > conversion. Although syslog-ng also allows for converting flatfile logs > to syslog, they don't support couple of things that logpp can do for you > -- multi-line to single-line conversion, and the ability to extract > input file names from input events.
does this tool handle a wildcard list of files? or just a single file? by the way, the rsyslog imfile module has the ability to handle multi-line logs (either by a blank line between the log entries, or with all parts of the log after the first being indented). David Lang ------------------------------------------------------------------------------ Systems Optimization Self Assessment Improve efficiency and utilization of IT resources. Drive out cost and improve service delivery. Take 5 minutes to use this Systems Optimization Self Assessment. http://www.accelacomm.com/jaw/sdnl/114/51450054/ _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
