In message
<CAHkPr1EvbEF3LRZWhB7zyRTxVYBnQGWD=9yvvkhx99wupcj...@mail.gmail.com> ,
Orangepeel Beef writes:
>Hi guys, i'm using syslog-ng with SEC using the program stream. I have 2
>issues.
>
>1: Write to file w/ date in the name..
>
>trying to do something like this, but haven't gotten it working..
>
>type=single
>desc=Set log file and addressee list
>ptype=substr
>pattern=SEC_STARTUP
>context=SEC_INTERNAL_EVENT
>action=eval %d ( $date = strftime "%Y-%m-%d", localtime;);\
> assign %f /opt/log/remote-bytype/comware-%d.log;
>
>type=single
>desc=Log messages to file
>ptype=regexp
>pattern=(.+)
>action=write %f $1
>
Try:
action= eval %r (use POSIX qw(strftime);); \
eval %d ( $date = strftime "%%Y-%%m-%%d", localtime; return $date;); \
assign %f /opt/log/remote-bytype/comware-%d.log;
You need to load the POSIX lib so strftime was defined. Then the
original %Y %m %d need to be escaped, they were being replaced by
nothing.
To test, put the rules (with my modified action) in the file called
s.sr and run:
sec -input - -conf s.sr -intevent
and you will see:
SEC (Simple Event Correlator) 2.7.2
Reading configuration from s
2 rules loaded from s
Opening input file -
Stdin connected to terminal, SIGINT can't be used for changing the logging
level
Creating SEC internal context 'SEC_INTERNAL_EVENT'
Creating SEC internal event 'SEC_STARTUP'
Evaluating code 'use POSIX qw(strftime);' and setting variable '%r'
No value received for variable '%r', set to undef
Evaluating code '$date = strftime "%Y-%m-%d", localtime; return $date;' and
setting variable '%d'
Variable '%d' set to '2013-06-24'
Assigning '/opt/log/remote-bytype/comware-2013-06-24.log' to variable '%f'
Deleting SEC internal context 'SEC_INTERNAL_EVENT'
With your action I saw:
Evaluating code '$date = strftime "--", localtime; return $date;' and setting
variable '%d'
note the missing %Y... as they got expanded/replaced. Then you see
Perl errors like:
Unquoted string "strftime" may clash with future reserved word at (eval 3)
line 1
Error evaluating code '$date = strftime "--", localtime; return $date;':
syntax error at (eval 3) line 1, near "strftime "--""
because of the missing 'use POSIX ...'. You can test your eval actions
by putting them in a perl script and trying to run it. If you had put
your actions in a file and run perl on the file they would have failed
in a similar manner but in a more easily debugged form.
--
-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
