I am new to kiwi syslog server. Configured kiwi syslog server with default fields to log messages to MYSQL DB and working fine.
But I wish to parse the message and log to MYSQL DB using custom fields. I dont have any knowledge about scripting.
Sample log is shown below. Each field is separated by a single space character. The message content is highlighted in red.
2012-09-01 10:37:14 Local6.Warning HQ-IPS-01 DefensePro: 01-04-2012 19:49:25 WARNING 300000 Intrusions "BO-WINXP" TCP ACCTS-C-PC1 1607 ACCTS-C-PC2 80 3 Regular "DMZ-Policy" occur 1 0 N/A 0 N/A low drop FFFFFFFF-FFFF-FFFF-0001-00004F7B1BE5
Only the following things needs to be extracted and logged to DB.
MsgDate: 2012-09-01
MsgTime: 10:37:14
MsgHostname: HQ-IPS-01
AttackId: 300000
AttackType: Intrusions
AttackDesc: BO-WINXP
AttackSrc: ACCTS-C-PC1
AttackDst: ACCTS-C-PC2
The number of such logs that needs parsing by the script will be more.
Request provide me guidance in configuring this.
Any help on this would be greatly appreciated!
Thanks all...