mostolog
mostolog
Screw others! Change the world! Power to the people! DNS schema! ;)
Hmm...I'm wondering why version=2 rule=:%[ {"type":"literal", "text":"a"}, {"type":"alternative", "parser":[ {"type":"literal", "text":"b"}, {"type":"literal", "text":"c"} ] }, {"type":"literal", "text":"d"} ]% results in: echo "a" | /usr/lib/lognorm/lognormalizer -r /etc/rsyslog.d/apps/rb/_a.rb liblognorm error: rulebase file...
Any ideas?
After some more testing, this is what I have observed so far - Some logs come from app1, which is rfc3164 compliant + bunch of fields I would like to...
Another segfault reproducer: ``` version=2 type=@syslog_pri: #> highlight type=@rfc3164_header:%date:date-rfc3164% %hostname:word% type=@rfc3164_msg:%syslogtag:char-to{"extradata":":"}%: %message:rest% type=@rfc3164:%.:@syslog_pri%%.:@rfc3164_header% %.:@rfc3164_msg% #. hightlight type=@rfc3164:%.:@rfc3164_header% %.:@rfc3164_msg% #. hightlight # Uncomment these to get a segfault #type=@rfc5424_header:%date:char-to{"extradata":" "}% %hostname:word%...
@rgerhards Did you notice this issue? Running: > echo "2017-02-09T09:31:48.403058+01:00 computer appname[1234]: REDACTED" | /usr/lib/lognorm/lognormalizer -r /my.rb This works (header is defined with multiple date formats): ``` type=@syslog_pri: type=@syslog_header:%date:date-rfc3164% %hostname:word%...
@rgerhards Any plan to adopt this as a type? Same thing could be done with **date-rfc3339** ?
Do you really live on a 6-week basis? Just starting to play with liblognorm and seems really fast!
Hi David. Didn't have time to look at this, but I'm wondering if something like rule=:%date:yyyy-MM-dd hh:mm:ss,SSS ZZ% wouldn't suit for all uses cases. Did you noticed how it looks...
I now understood what you mean. Would something like: > %my-2-digit-year-field-name:word:YY%, %year4:word:YYYY% and then using them to compose a date work? > %day%-%month%-%year4:word% PS: I'll go for: Z = +0100...