have you tried mmnormalize?
El 18/01/17 a las 09:58, Benoit DOLEZ escribió:
Hi,
I don't find how to properly parse a log from tcp/udp input that do
not respect standard protocol.
The line received has the format :
YYYY-MM-DD HH:MM:SS HOSTNAME SEVERITY ID MESSAGE
sample:
2016-11-12 10:54:24 TEST.company.corp INFO 2346 This is the message
I want this log format be processed (by my big conf) like others
BSD/IETF logs :
- timereported : 2016-11-12 10:54:24
- hostname (and others) : TEST.company.corp
- severity : info
- programname (and others) : ID2346
I tried mmexternal (that give the best result), mmnormalize, ... but
it seem that I need to write a specific parser module.
Do you know a simplest&better solution ?
Regards
Benoit
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.