Hi I want to get string from regular log before insert log into table .
My rsyslog template:
$template fw,"insert into fw(Message, Facility, FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag, EventID) values ('%msg%', %syslogfacility%,'%fromhost%', %syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%', '123')",SQL
I try with regex like this but I get string only "src-mac" in mysql table
%msg:R,ERE,0,FIELD:src-mac--end%
log text msg is like this :
Pay: srcnat: in:(none) out:wan, src-mac 22:22:22:22:22:22,
proto TCP (SYN), 10.5.50.100:1111->111.11.111.11:443, len 52
Aucun commentaire:
Enregistrer un commentaire