Hello,
I am currently attempting to make use of the field type "iptables" within
liblognorm which should parse out key-value pairs, where the key becomes the
name of the field and the value the value. However the field type is
apparently not recognized when using with lognomrailzer or rsyslog. Has it
been deprecated or am i misunderstanding the documentation/usage of the
field type?
For context:
liblognorm5-2.0.1-1.el7.x86_64
liblognorm-0.3.7-3.el7.x86_64
liblognorm5-utils-2.0.1-1.el7.x86_64
rsyslog-8.22.0-1.el7.x86_64
rsyslog-mmnormalize-8.22.0-1.el7.x86_64
Test log:
key0=value key1=value key3=value
Test Rules:
version=2
rule=:%iptables:iptables%
rule=:%iptables%
rule=:%:iptables%
Results:
head test2.log | lognormalizer -r test2.rb -e json
liblognorm error: rulebase file test2.rb[2]: invalid field type 'iptables'
{ "originalmsg": "key0=value key1=value key3=value", "unparsed-data":
"key0=value key1=value key3=value" }
rsyslogd -N1
rsyslogd: version 8.22.0, config validation run (level 1), master config
/etc/rsyslog.conf
rsyslogd: liblognorm error: rulebase file /etc/rsyslog.r/sourceTypes.rb[73]:
field definition wrong in: iptables% [v8.22.0 try
http://www.rsyslog.com/e/2427 ]
Thank you.
~Regards
Matthew Gaetano
--
View this message in context:
http://rsyslog-users.1305293.n2.nabble.com/Liblognorm-Usage-of-field-type-iptables-tp7591441.html
Sent from the rsyslog-users mailing list archive at Nabble.com.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
