Re: UC UC OT: Rewrite part of a message with rsyslog

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



You need to set up the AWK script as part of a pipeline:

... | awk '{ print $1, $2, $3, $4, substr($0, index( $0, ">")) }' | ...

By the way, if you are not familiar with AWK:
	1) The outer brackets are curly brackets
	2) The inner two sets are parenthesis
	3) There should be no space between "substr" and the left parenthesis
		or between "index" and its parenthesis.

man awk will give you lots of information!


Martin Rushton
HPC System Manager, Weapons Technologies
Tel: 01959 514777, Mobile: 07939 219057
email: jmrushton@xxxxxxxxxxx
www.QinetiQ.com
QinetiQ - Delivering customer-focused solutions

Please consider the environment before printing this email.
-----Original Message-----
From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of C. L. Martinez
Sent: 27 April 2012 11:55
To: CentOS mailing list
Subject: Re:  UC OT: Rewrite part of a message with rsyslog

Thanks Rushton, but where I put this sentence?? I need to do this action before rsyslog sends message to another syslog server ...


On Fri, Apr 27, 2012 at 12:54 PM, Rushton Martin <JMRUSHTON@xxxxxxxxxxx> wrote:
> Use AWK:
>
> { print $1, $2, $3, $4, substr($0, index( $0, ">") }
>
> Explanation:
> AWK will split the line up on white space, so printing $1, $2, $3, $4 
> will give you
> "27April2012 10:33:44 172.1.2.2 data" single spaced.  The substr 
> expression will return the rest of the input line ($0) unchanged from 
> the right arrow.
>
> Martin Rushton
> HPC System Manager, Weapons Technologies
> Tel: 01959 514777, Mobile: 07939 219057
> email: jmrushton@xxxxxxxxxxx
> www.QinetiQ.com
> QinetiQ - Delivering customer-focused solutions
>
> Please consider the environment before printing this email.
> -----Original Message-----
> From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On 
> Behalf Of C. L. Martinez
> Sent: 27 April 2012 11:39
> To: CentOS mailing list
> Subject:  OT: Rewrite part of a message with rsyslog
>
> Hi all,
>
>  Sorry for the off-topic, but I have not found how to do this. I have 
> installed a centos6 server to act as a syslog receiver. I need to 
> rewrite all messages that comes from one server. For example a part of 
> the message is:
>
> "27April2012 10:33:44 172.1.2.2 data >". Sometimes between 27April2012 
> and 10:33:44 comes with one white space, sometimes with two, etc. I 
> need to normalize this log to use only one white space between all 
> fileds until ">" character.
>
>  Somebody knows how can I do this??
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
> This email and any attachments to it may be confidential and are 
> intended solely for the use of the individual to whom it is addressed. 
> If you are not the intended recipient of this email, you must neither 
> take any action based upon its contents, nor copy or show it to 
> anyone. Please contact the sender if you believe you have received 
> this email in error. QinetiQ may monitor email traffic data and also 
> the content of email for the purposes of security. QinetiQ Limited 
> (Registered in England & Wales: Company Number: 3796233) Registered 
> office: Cody Technology Park, Ively Road, Farnborough, Hampshire, GU14 
> 0LX  http://www.qinetiq.com.
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
The QinetiQ e-mail privacy policy and company information is detailed elsewhere in the body of this email.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux