Extract date from a message

You need additional help with phplogcon, then write into this forum.

Google Ads


Extract date from a message

Postby kerig » Wed Aug 28, 2013 10:32 am

Hi all,

I actually have a problem with syslog date.

As in understand , there is two date , timegenerated and timereported (as explain here http://www.rsyslog.com/what-is-the-difference-between-timereported-and-timegenerated/ )

In loganalyzer , i see that "date field" is "timereported" so normally it's okay , but because my syslog message date can't be read , date field use "timegenerated" .

Log i'm receiving are actually in syslog ietf format (it's a conversion because originally it's Oracle log , from alert_xe.log)

I know that i could write my own parser for it in php but i don't have actually time to it , and i don't want to do it just for the "date problem" , because all is okay with other field.

my multiline logs looks like this :

Tue Aug 20 13:13:38 2013
VKRM started with pid=23, OS id=2112
replication_dependency_tracking turned off (no async multimaster replication found)
Starting background process QMNC


So , I would like to extract with a regex , the date and force it to replace "date" field in loganalyzer . Maybe i must do it in rsyslog.conf but because i see the problem in loganalyzer, i decide to post here.


Any idea?

Regards,
kerig
New
 
Posts: 5
Joined: Wed Aug 28, 2013 10:13 am

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Re: Extract date from a message

Postby kerig » Wed Aug 28, 2013 12:57 pm

Problem resolved with a regex in rsyslog.conf (and also in the other solution nxlog)

if someone need to dothe same , just parse your message and put what you extract on "^$EventTime" parameter and it should work

Regards,
kerig
New
 
Posts: 5
Joined: Wed Aug 28, 2013 10:13 am

Google Ads



Return to Help

Who is online

Users browsing this forum: No registered users and 0 guests

cron