Unsolved
This post is more than 5 years old
2 Posts
0
1017
ASL parsing syslog messages
Hi,
I'm trying to create an asl rule that checks incoming syslog messages.
What I want to achieve is to have a check for '%' in the message and
cut all characters prior to this one and then continue until eol is reached.
Has anyone a suggestion on how to achieve this?
nbruce
53 Posts
0
December 22nd, 2016 14:00
Martin,
Here are a few KB's on ASL parsing.
Smarts Syslog Adapter: How do you enable debug logging for the Smarts Syslog adapter?
http://support.emc.com/kb/325120 Another option may be to enable debug logging, which this kb will show.
Ionix/Smarts ASL: How to I Parse based on delimiters using the Adapter Scripting Language
http://support.emc.com/kb/319327
Smarts ASL: How to test that my Smarts ASL script has the correct syntax?
http://support.emc.com/kb/318553
I'll see if I can find a better example for your question above.
Cheers,
martinboqvist
2 Posts
0
December 29th, 2016 07:00
Thanks Nate,
I managed to resolve this by using the following code;
PARSE_MESSAGE {
input = MESSAGE;
delim = "%";
unusedPrefix : word
slice : rep(word) eol
} do {
return slice;
}
Might not be the preferred way to do it but it works for now.