Hi all,
Sorry for the off-topic, but I have not found how to do this. I have installed a centos6 server to act as a syslog receiver. I need to rewrite all messages that comes from one server. For example a part of the message is:
"27April2012 10:33:44 172.1.2.2 data >". Sometimes between 27April2012 and 10:33:44 comes with one white space, sometimes with two, etc. I need to normalize this log to use only one white space between all fileds until ">" character.
Somebody knows how can I do this??
Use AWK:
{ print $1, $2, $3, $4, substr($0, index( $0, ">") }
Explanation: AWK will split the line up on white space, so printing $1, $2, $3, $4 will give you "27April2012 10:33:44 172.1.2.2 data" single spaced. The substr expression will return the rest of the input line ($0) unchanged from the right arrow.
Martin Rushton HPC System Manager, Weapons Technologies Tel: 01959 514777, Mobile: 07939 219057 email: jmrushton@QinetiQ.com www.QinetiQ.com QinetiQ - Delivering customer-focused solutions
Please consider the environment before printing this email. -----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of C. L. Martinez Sent: 27 April 2012 11:39 To: CentOS mailing list Subject: [CentOS] OT: Rewrite part of a message with rsyslog
Hi all,
Sorry for the off-topic, but I have not found how to do this. I have installed a centos6 server to act as a syslog receiver. I need to rewrite all messages that comes from one server. For example a part of the message is:
"27April2012 10:33:44 172.1.2.2 data >". Sometimes between 27April2012 and 10:33:44 comes with one white space, sometimes with two, etc. I need to normalize this log to use only one white space between all fileds until ">" character.
Somebody knows how can I do this?? _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. QinetiQ may monitor email traffic data and also the content of email for the purposes of security. QinetiQ Limited (Registered in England & Wales: Company Number: 3796233) Registered office: Cody Technology Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com.
Thanks Rushton, but where I put this sentence?? I need to do this action before rsyslog sends message to another syslog server ...
On Fri, Apr 27, 2012 at 12:54 PM, Rushton Martin JMRUSHTON@qinetiq.com wrote:
Use AWK:
{ print $1, $2, $3, $4, substr($0, index( $0, ">") }
Explanation: AWK will split the line up on white space, so printing $1, $2, $3, $4 will give you "27April2012 10:33:44 172.1.2.2 data" single spaced. The substr expression will return the rest of the input line ($0) unchanged from the right arrow.
Martin Rushton HPC System Manager, Weapons Technologies Tel: 01959 514777, Mobile: 07939 219057 email: jmrushton@QinetiQ.com www.QinetiQ.com QinetiQ - Delivering customer-focused solutions
Please consider the environment before printing this email. -----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of C. L. Martinez Sent: 27 April 2012 11:39 To: CentOS mailing list Subject: [CentOS] OT: Rewrite part of a message with rsyslog
Hi all,
Sorry for the off-topic, but I have not found how to do this. I have installed a centos6 server to act as a syslog receiver. I need to rewrite all messages that comes from one server. For example a part of the message is:
"27April2012 10:33:44 172.1.2.2 data >". Sometimes between 27April2012 and 10:33:44 comes with one white space, sometimes with two, etc. I need to normalize this log to use only one white space between all fileds until ">" character.
Somebody knows how can I do this?? _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. QinetiQ may monitor email traffic data and also the content of email for the purposes of security. QinetiQ Limited (Registered in England & Wales: Company Number: 3796233) Registered office: Cody Technology Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
You need to set up the AWK script as part of a pipeline:
... | awk '{ print $1, $2, $3, $4, substr($0, index( $0, ">")) }' | ...
By the way, if you are not familiar with AWK: 1) The outer brackets are curly brackets 2) The inner two sets are parenthesis 3) There should be no space between "substr" and the left parenthesis or between "index" and its parenthesis.
man awk will give you lots of information!
Martin Rushton HPC System Manager, Weapons Technologies Tel: 01959 514777, Mobile: 07939 219057 email: jmrushton@QinetiQ.com www.QinetiQ.com QinetiQ - Delivering customer-focused solutions
Please consider the environment before printing this email. -----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of C. L. Martinez Sent: 27 April 2012 11:55 To: CentOS mailing list Subject: Re: [CentOS] UC OT: Rewrite part of a message with rsyslog
Thanks Rushton, but where I put this sentence?? I need to do this action before rsyslog sends message to another syslog server ...
On Fri, Apr 27, 2012 at 12:54 PM, Rushton Martin JMRUSHTON@qinetiq.com wrote:
Use AWK:
{ print $1, $2, $3, $4, substr($0, index( $0, ">") }
Explanation: AWK will split the line up on white space, so printing $1, $2, $3, $4 will give you "27April2012 10:33:44 172.1.2.2 data" single spaced. The substr expression will return the rest of the input line ($0) unchanged from the right arrow.
Martin Rushton HPC System Manager, Weapons Technologies Tel: 01959 514777, Mobile: 07939 219057 email: jmrushton@QinetiQ.com www.QinetiQ.com QinetiQ - Delivering customer-focused solutions
Please consider the environment before printing this email. -----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of C. L. Martinez Sent: 27 April 2012 11:39 To: CentOS mailing list Subject: [CentOS] OT: Rewrite part of a message with rsyslog
Hi all,
Sorry for the off-topic, but I have not found how to do this. I have installed a centos6 server to act as a syslog receiver. I need to rewrite all messages that comes from one server. For example a part of the message is:
"27April2012 10:33:44 172.1.2.2 data >". Sometimes between 27April2012 and 10:33:44 comes with one white space, sometimes with two, etc. I need to normalize this log to use only one white space between all fileds until ">" character.
Somebody knows how can I do this?? _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. QinetiQ may monitor email traffic data and also the content of email for the purposes of security. QinetiQ Limited (Registered in England & Wales: Company Number: 3796233) Registered office: Cody Technology Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos The QinetiQ e-mail privacy policy and company information is detailed elsewhere in the body of this email.
Thanks Rushton. But I am not asking about how to use awk. Awk can not be used inside rsyslog configuration, afaik.
On Fri, Apr 27, 2012 at 1:05 PM, Rushton Martin JMRUSHTON@qinetiq.com wrote:
You need to set up the AWK script as part of a pipeline:
... | awk '{ print $1, $2, $3, $4, substr($0, index( $0, ">")) }' | ...
By the way, if you are not familiar with AWK: 1) The outer brackets are curly brackets 2) The inner two sets are parenthesis 3) There should be no space between "substr" and the left parenthesis or between "index" and its parenthesis.
man awk will give you lots of information!
Martin Rushton HPC System Manager, Weapons Technologies Tel: 01959 514777, Mobile: 07939 219057 email: jmrushton@QinetiQ.com www.QinetiQ.com QinetiQ - Delivering customer-focused solutions
Please consider the environment before printing this email. -----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of C. L. Martinez Sent: 27 April 2012 11:55 To: CentOS mailing list Subject: Re: [CentOS] UC OT: Rewrite part of a message with rsyslog
Thanks Rushton, but where I put this sentence?? I need to do this action before rsyslog sends message to another syslog server ...
On Fri, Apr 27, 2012 at 12:54 PM, Rushton Martin JMRUSHTON@qinetiq.com wrote:
Use AWK:
{ print $1, $2, $3, $4, substr($0, index( $0, ">") }
Explanation: AWK will split the line up on white space, so printing $1, $2, $3, $4 will give you "27April2012 10:33:44 172.1.2.2 data" single spaced. The substr expression will return the rest of the input line ($0) unchanged from the right arrow.
Martin Rushton HPC System Manager, Weapons Technologies Tel: 01959 514777, Mobile: 07939 219057 email: jmrushton@QinetiQ.com www.QinetiQ.com QinetiQ - Delivering customer-focused solutions
Please consider the environment before printing this email. -----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of C. L. Martinez Sent: 27 April 2012 11:39 To: CentOS mailing list Subject: [CentOS] OT: Rewrite part of a message with rsyslog
Hi all,
Sorry for the off-topic, but I have not found how to do this. I have installed a centos6 server to act as a syslog receiver. I need to rewrite all messages that comes from one server. For example a part of the message is:
"27April2012 10:33:44 172.1.2.2 data >". Sometimes between 27April2012 and 10:33:44 comes with one white space, sometimes with two, etc. I need to normalize this log to use only one white space between all fileds until ">" character.
Somebody knows how can I do this?? _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. QinetiQ may monitor email traffic data and also the content of email for the purposes of security. QinetiQ Limited (Registered in England & Wales: Company Number: 3796233) Registered office: Cody Technology Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos The QinetiQ e-mail privacy policy and company information is detailed elsewhere in the body of this email. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Fri, 2012-04-27 at 12:39 +0200, C. L. Martinez wrote:
Somebody knows how can I do this??
This is a really late reply: you should join the rsyslog mail list - you'll get lots of help there.
Regards,
Ranbir
-
C. L. Martinez -
Kanwar Ranbir Sandhu -
Rushton Martin