On 5/22/2013 7:20 PM, Jacob Steinberger wrote:
On 5/22/2013 6:17 PM, David Lang wrote:
On Wed, 22 May 2013, Jacob Steinberger wrote:
RH6, and their provided v5 rsyslog.
I noticed there is a built in method for CSV parsing, but I'm not
finding examples of how to use it. Basic idea is that I'm receiving a
syslog message with a bunch of values in a CSV format ...
1,2,3,4,,A,B,,,10
Using the CSV feature, I figured it would be easy to get each of those
values out for parsing / redirection / logging.
Is there an example that I'm just missing? I'm pretty sure I could use
the regular expression engine to pull each one out, but that seems
excessive if rsyslog can do it for me.
I believe that this is something you would need mmlogparse for, and I'm
not sure if that is available in V5 or if it was added later.
Bummer! Guess I get to find out how rsyslog hands large amounts of data
while performing a lot of regular expressions on each row ;)
On this train of thought, what I'm looking at doing seems rather
inefficient. In order to setup an SQL statement, for example, I'm
looking at an expression like ...
%msg:R,ERE,0,DFLT:([^,]*),([^,]*),([^,]*),([^,]*),([^,]*),([^,]*),([^,]*),([^,]*),([^,]*),([^,]*),([^,]*),([^,]*),([^,]*),([^,]*),([^,]*),([^,]*)--end%
So in order to put the SQL template together, I'd be looking at doing
this 17 times, each with a different #/number/placement in
%msg:R,ERE,#,DFLT%
Is there a better way? Only other thing that comes to mind is to have
rsyslog send the data to a mysql procedure that does this, instead of
having rsyslog handle it. Performance wise, I'd just have to test, test
and test.
Jacob
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
