MonitorWare Knowledge Base

by **bluto** » Fri Feb 05, 2010 4:58 pm

Hi, after some troubles with syslog-ng, I've installed rsyslog+mysql with phplogcon to collect event logs from my windows 2003 server via Snare Agent, and actually phplogcon 2.8.0 is working fine.
My question: if I want to discard the first 10 characters in the column of the messages, I use this template:

$template bluto1, "%timegenerated% %HOSTNAME% %msg:10:$%\n"

this works fine if the logs are stored in a text file, but by using mysql and by appending the template bluto1, the following string doesn't store any log in the database:
:hostname, contains, "windows"

mmysql:127.0.0.1,Syslog,rsyslog,secretpwd;bluto1
Whitout the template bluto1, all is working normal.

Maybe am I doing the wrong thing?
Thanks as always for your support and sorry for my poor english :oops:

bluto

Learn more about rsyslog professional services.

Custom written rsyslog.conf?
Maintenance Contract?
Installation support?

by **bluto** » Mon Feb 08, 2010 10:47 pm

well, I think my previous post was not so clear, anyway I'd like to know how to customize the StdDBFmt template, in order to change the property %msg% to something like: %msg:20:$%

best regards
bluto

by **Burn** » Tue Feb 09, 2010 11:28 am

here are the sources http://git.adiscon.com/?p=rsyslog.git;a ... /syslogd.c
Search for template_StdDBFmt

by **bluto** » Tue Feb 09, 2010 2:48 pm

Burn wrote:here are the sources http://git.adiscon.com/?p=rsyslog.git;a ... /syslogd.c
Search for template_StdDBFmt

wow, thanks a lot, I solved my problem!

MonitorWare Knowledge Base

templates and database

templates and database

Professional Services Information

Learn more about rsyslog professional services.

Re: templates and database

Re: templates and database

Re: templates and database

Google Ads

Who is online