Very old post, I know, but in case someone gets linked to it ...
On 6/3/2013 10:45 AM, Jacob Steinberger wrote:
On 5/26/2013 7:51 AM, Rainer Gerhards wrote:
as far as I followed the discussion (aka "not very far" ;)), this
could be
done with field-based extraction. I suggest to have a look at this
presentation:
http://de.slideshare.net/rainergerhards1/rsyslog-log-normalization
Especially slide 23+, but I'd go through all so that you have the
necessary
context. It contains actual config samples as well. Note that this is for
v7, so outdated versions require either different syntax (but field
extraction is supported in legacy templates) or do not support some
features at all.
HTH
Rainer
http://loganalyzer.adiscon.com/articles/using-rsyslog-mmnormalize-module-effectively-with-adiscon-loganalyzer/
Completely stumbled upon that post which shows log normalization with 5.8.0.
Jacob
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
