Submission: Config for checking rsyslog (protocol 23 format) syslog files.
First off, congrats on an outstanding piece of software!
I thought I'd submit this in case anyone else found it useful. I can't take credit for the regex; I borrowed it from another piece of open source software.
Here is an excerpt from my config.user.json file which allows my to check the syslog file on my Debian server:
"syslog1": { "display" : "Syslog", "path" : "/var/log/syslog", "refresh" : 20, "max" : 20, "notify" : false, "format" : { "regex": "|<([0-9]{1,3})>([0-9]) ([0-9]{4,4}-[0-9]{1,2}-[0-9]{1,2}T[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}\.[0-9]{1,6}.[0-9]{1,2}:[0-9]{1,2}) (.*?) (.*?) (.*?) (.*?) (.*?) (.*?)$|", "match": { "Date" : 3, "Time" : 3, "Source" : 5, "PID" : 6, "Message" : 9 }, "types": { "Date" : "date:d:M:Y", "Time" : "date:H:i:s", "Source" : "txt", "PID" : "numeral", "Message" : "txt" } } }
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by potsky on Jan 10, 2014 @ 01:28 PM
Hi Walter!
thank you for sharing!
Here is the formatted version for interested people :
Support Staff 2 Posted by potsky on Jan 12, 2014 @ 07:19 PM
Hi Walter,
could you provide us a sample of a matched log line please?
3 Posted by walter.brock on Jan 13, 2014 @ 01:17 AM
Certainly,
my rsyslog.conf file contains this line to tell it to use protocol 23:
$ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format
The sample is attached.
Have A Great Day!
Support Staff 4 Posted by potsky on Jan 13, 2014 @ 06:23 AM
Thank you Walter!
potsky closed this discussion on Jul 15, 2014 @ 11:13 AM.