On Mon, Aug 20, 2012 at 10:53:04AM +0000, Rainer Gerhards wrote:
This should do the trick:"INSERT INTO SystemEvents (Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag, ProcessID) values ('%msg%', %syslogfacility%, '%HOSTNAME%', %syslogpriority%, '%timereported:::date-pgsql%', '%timegenerated:::date-pgsql%', %iut%, '%syslogtag%', '%procid:R,ERE,0,ZERO:[0-9]+--end%')",STDSQL All fields can be found at: http://www.rsyslog.com/doc/property_replacer.html
Thank you, it seems, I didn’t explain well enough, sorry.I know I can replace %programname% with %syslogtag%, but then I have again the complete message „postfix/postscreen[31699]”. I was looking for a regular expression to only get „postfix/postscreen”. A similiar thing is done for procid.
Using the online checker I have the expression \[[0-9]+]$ which matches „[31699]”. What I don’t find is how to negate this expression to get „postfix/postscreen”. Can you help me? Thanks!
Stephan
--
| Stephan Seitz E-Mail: [email protected] |
| Public Keys: http://fsing.rootsland.net/~stse/keys.html |
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards
