Brand new KIWI 9.1 eval user... succeeded in getting my SYSLOG fed to a SQL table, but need to parse the msgtext field. I'm not a script writer, but hope there is a way to do this without scripting??? I've attached an exerpt from what ends up in the SQL table. The delimiter for the MSGText field is Binary 09 which I believe is a tab? Also, a screen shot of how my rules are currently set up (and feeding but not parsing...)
The actual log entry would look like this with the underlined bold part being the msgtext to be parsed.......
2010-11-05 13:22:11 Local4.Info 10.0.1.11 Nov 5 13:22:11 iprism: WEB<009>http<009>1288988531<009>P<009>10.31.40.248<009>CKHS_Students<009>cksduser\vollmer3861m<009>287<009>http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference<009>internet services<009>0<009>HTTPGET<009>200<009>image/gif
Any thoughts would be greatly appreciated!
Thanks all...