# ----------------------------------------------------------------------------------------------- # This module is designed to write to an output file to demonstrate # ----------------------------------------------------------------------------------------------- [testfile=z] type=file id=1 description = A test-and-debug file that is also useful for purposes of demonstration and illustration of DBD2 capabilities. file=/opt2/build/dbd/file_z, uid=ed, gid=staff, mode=666 template = 1 insert into rawsyslog (facility, priority, oldfac, oldpri, time, host, msgstring, d1, d2) values ('$237', '$236', '$337', '$336', '$248', '$261', '$205', '$3000', '$3001'); ###################################################################################################################### # Note1: There is a section at the end of this file that can be cut-and-pasted to a shell script to demonstrate the variety of DBD2 format conversions and source-selection. # # Note2: Tabs in the following templates have been adjusted to produce nice looking output on my machine with my test values. # Your machine & actual values may vary resulting in mis-aligned columns. # # Time-format lengths vary and force aligned templates like the ones below to be tabbed differently based their individual format lengths. # Though this is not a problem for database insertion, it makes the creation of 'pretty' demonstration output a bit tricky. # The tabbing below may look strange in its 'raw' format, but it produces nicely-aligned output columns when compensated for by the varying lengths of different time formats. ###################################################################################################################### # [User/Group demo] template 1100 Var-Name User1 User2 Group1 Group2 template 1101 Raw [$1100] [$1105] [$1110] [$1115] template 1102 String [$1101] [$1106] [$1111] [$1116] template 1103 Numeric [$1102] [$1107] [$1112] [$1117] template 1104 Raw User Input: "$1100": [$1101] [$1102] template 1105 Raw Group Input: "$1110": [$1111] [$1112] # [Time-Module demo] template 2000 Var-Name Var1 Var2 var3 template 2001 Raw [$2010] [$2030] [$2050] template 2002 TimeUTCInt [$2011] [$2031] [$2051] template 2003 TimeUTCDb [$2012] [$2032] [$2052] template 2004 TimeUTCRfc [$2013] [$2033] [$2053] template 2005 TimeUTCSyslog [$2014] [$2034] [$2054] template 2006 TimeUTCString1000 [$2015] [$2035] [$2055] template 2007 TimeLocalInt [$2016] [$2036] [$2056] template 2008 TimeLocalDb [$2017] [$2037] [$2057] template 2009 TimeLocalRfc [$2018] [$2038] [$2058] template 2010 TimeLocalSyslog [$2019] [$2039] [$2059] template 2011 TimeLocalString1001 [$2020] [$2040] [$2060] template 2020 Var-Name ServerHost EventHost RelayHost template 2021 Raw [$2080] [$2090] [$2070] template 2022 TimeUTCInt [$2081] [$2091] [$2071] template 2023 TimeUTCDb [$2082] [$2092] [$2072] template 2024 TimeUTCRfc [$2083] [$2093] [$2073] template 2025 TimeUTCSyslog [$2084] [$2094] [$2074] template 2026 TimeUTCString1000 [$2085] [$2095] [$2075] template 2027 TimeLocalInt [$2096] [$2096] [$2076] template 2028 TimeLocalDb [$2087] [$2097] [$2077] template 2029 TimeLocalRfc [$2088] [$2098] [$2078] template 2030 TimeLocalSyslog [$2089] [$2099] [$2079] # [Host-Module demo] template 1000 Var-Name Var1 Var2 var3 template 1001 Raw [$1010] [$1020] [$1030] template 1002 PHostName [$1011] [$1021] [$1031] template 1003 PHostDomain [$1012] [$1022] [$1032] template 1004 PFQDN [$1013] [$1023] [$1033] template 1005 PIPv4 [$1014] [$1024] [$1034] template 1006 PIPv6 [$1015] [$1025] [$1035] template 1010 Var-Name RelayHost ServerHost EventHost template 1011 Raw [$1050] [$1060] [$1040] template 1012 PHostName [$1051] [$1061] [$1041] template 1013 PHostDomain [$1052] [$1062] [$1042] template 1014 PFQDN [$1053] [$1063] [$1043] template 1015 PIPv4 [$1054] [$1064] [$1044] template 1016 PIPv6 [$1055] [$1065] [$1045] template 1007 Raw Input: "$1010": [$1011] [$1012] [$1013] [$1014] [$1015] #-------------------- End-of-Output-Section -------------------- [global] #-------------------------------------------------- # Here is a selection of TimeString formats (only the first 2 are actually used by this module). #-------------------------------------------------- timestring 1000 %a, %b %e %H:%M:%S %Y (%P) timestring 1001 %Y-%b-%d %H:%M:%S (%!2% / dst:%!2b%) timestring 1002 %Y-%b-%d %H:%M:%S%#+02!1<<%:%#02!1<|% (%!1% %!2% %!2b% %!2n% %#02!2n<<%) timestring 1003 %Y-%b-%dT%H:%M:%S%z timestring 1004 %Y%m%d%H%M%S #-------------------------------------------------- # These are the system-variable definitions that use the timestrings above #-------------------------------------------------- $ time parms, gmt, string:1000 PTimeUTC1000 $ time parms, local, string:1000 PTimeLocal1000 $ time parms, gmt, string:1001 PTimeUTC1001 $ time parms, local, string:1001 PTimeLocal1001 $ time parms, gmt, string:1002 PTimeUTC1002 $ time parms, local, string:1002 PTimeLocal1002 $ time parms, gmt, string:1003 PTimeUTC1003 $ time parms, local, string:1003 PTimeLocal1003 $ time parms, gmt, string:1004 PTimeUTC1004 $ time parms, local, string:1004 PTimeLocal1004 #-------------------------------------------------- # These are the variable declarations that link the various database-templates to system-variables and user-variables. # The use of distinct names ('time1' vs 'time2' vs 'time3', etc) in the name-list allows distinct command-line values to be associated with different variables. # The use of distinct sql-indices (2010 vs 2030 vs 2050, etc) for each distinct name allows the database template to specify which variable it wants to use for a particular 'database-field'. #-------------------------------------------------- var 2015 $PTimeUTC1000, time1 var 1100 $PUserRaw, user1 var 1101 $PUserStr, user1 var 1102 $PUserInt, user1 var 1105 $PUserRaw, user2 var 1106 $PUserStr, user2 var 1107 $PUserInt, user2 var 1110 $PGroupRaw, group1 var 1111 $PGroupStr, group1 var 1112 $PGroupInt, group1 var 1115 $PGroupRaw, group2 var 1116 $PGroupStr, group2 var 1117 $PGroupInt, group2 var 2010 $PTimeRaw, time1 var 2011 $PTimeUTCInt, time1 var 2012 $PTimeUTCDb, time1 var 2013 $PTimeUTCRfc, time1 var 2014 $PTimeUTCSyslog, time1 var 2015 $PTimeUTC1000, time1 var 2016 $PTimeLocalInt, time1 var 2017 $PTimeLocalDb, time1 var 2018 $PTimeLocalRfc, time1 var 2019 $PTimeLocalSyslog, time1 var 2020 $PTimeLocal1001, time1 var 2030 $PTimeRaw, time2 var 2031 $PTimeUTCInt, time2 var 2032 $PTimeUTCDb, time2 var 2033 $PTimeUTCRfc, time2 var 2034 $PTimeUTCSyslog, time2 var 2035 $PTimeUTC1000, time2 var 2036 $PTimeLocalInt, time2 var 2037 $PTimeLocalDb, time2 var 2038 $PTimeLocalRfc, time2 var 2039 $PTimeLocalSyslog, time2 var 2040 $PTimeLocal1001, time2 var 2050 $PTimeRaw, time3 var 2051 $PTimeUTCInt, time3 var 2052 $PTimeUTCDb, time3 var 2053 $PTimeUTCRfc, time3 var 2054 $PTimeUTCSyslog, time3 var 2055 $PTimeUTC1000, time3 var 2056 $PTimeLocalInt, time3 var 2057 $PTimeLocalDb, time3 var 2058 $PTimeLocalRfc, time3 var 2059 $PTimeLocalSyslog, time3 var 2060 $PTimeLocal1001, time3 var 2070 $RTimeRaw, time3 var 2071 $RTimeUTCInt, time3 var 2072 $RTimeUTCDb, time3 var 2073 $RTimeUTCRfc, time3 var 2074 $RTimeUTCSyslog, time3 var 2075 $RTimeUTC1000, time3 var 2076 $RTimeLocalInt, time3 var 2077 $RTimeLocalDb, time3 var 2078 $RTimeLocalRfc, time3 var 2079 $RTimeLocalSyslog, time3 var 2080 $STimeRaw, time3 var 2081 $STimeUTCInt, time3 var 2082 $STimeUTCDb, time3 var 2083 $STimeUTCRfc, time3 var 2084 $STimeUTCSyslog, time3 var 2085 $STimeUTC1000, time3 var 2086 $STimeLocalInt, time3 var 2087 $STimeLocalDb, time3 var 2088 $STimeLocalRfc, time3 var 2089 $STimeLocalSyslog, time3 var 2090 $TimeRaw, time3 var 2091 $TimeUTCInt, time3 var 2092 $TimeUTCDb, time3 var 2093 $TimeUTCRfc, time3 var 2094 $TimeUTCSyslog, time3 var 2095 $TimeUTC1000, time3 var 2096 $TimeLocalInt, time3 var 2097 $TimeLocalDb, time3 var 2098 $TimeLocalRfc, time3 var 2099 $TimeLocalSyslog, time3 var 1010 $PHostRaw, host1 var 1011 $PHostNameOnly, host1 var 1012 $PHostDomain, host1 var 1013 $PFQDN, host1 var 1014 $PIPv4, host1 var 1015 $PIPv6, host1 var 1020 $PHostRaw, host2 var 1021 $PHostNameOnly, host2 var 1022 $PHostDomain, host2 var 1023 $PFQDN, host2 var 1024 $PIPv4, host2 var 1025 $PIPv6, host2 var 1060 $SHostRaw var 1061 $SHostNameOnly var 1062 $SHostDomain var 1063 $SFQDN var 1064 $SIPv4 var 1065 $SIPv6 var 1050 $RHostRaw var 1051 $RHostNameOnly var 1052 $RHostDomain var 1053 $RFQDN var 1054 $RIPv4 var 1055 $RIPv6 var 1040 $HostRaw var 1041 $HostNameOnly var 1042 $HostDomain var 1043 $FQDN var 1044 $IPv4 var 1045 $IPv6 var 1030 $PHostRaw, host3 var 1031 $PHostNameOnly, host3 var 1032 $PHostDomain, host3 var 1033 $PFQDN, host3 var 1034 $PIPv4, host3 var 1035 $PIPv6, host3 #-------------------------------------------------- # The following definitions are the syslog-specific variables and key-string for this output-file. #-------------------------------------------------- The syslogKey entry to specify what syslog traffic we want to see. This will be combined with other modules to produce a final list of templates at run-time. syslogkey = kern.*;extra9.*;extra14.*;user.*;daemon.* = z1 # A copy of the template that will be used to log incoming syslog data. # template = 1 insert into rawsyslog (facility, priority, oldfac, oldpri, time, host, msgstring, d1, d2) values ('$237', '$236', '$337', '$336', '$248', '$261', '$205', '$3000', '$3001'); # The variable definitions that support the above template. var 237 $FacpriNoPriStr var 236 $FacpriNoFacStr var 337 $PFacpriNoPriStr var 336 $PFacpriNoFacStr var 248 $TimeLocalRfc var 261 $HostNameOnly var 205 $RawMsg var 3000 $MsgTag var 3001 $MsgNoTag #-------------------- End-of-Configuration -------------------- #-------------------- Start-of-shell-script ------------------- #-------------------------------------------------- # Insure the main configuration file opens a TCP input port on 127.0.0.1, port 1026 for the dbcl client to use. #-------------------------------------------------- # You can copy these lines into a shell script to get a nice demonstration display of different formats for different data-types. # You will need to do a global change to the filepath to match whatever filename you set in the 'file' keyword of the module declaration. # The echo statements are intended to provide 'spacers' in the output-file. The 'sleep' commands allow one template to complete before the next is issued. # Failure to provide a small delay results in the multi-threaded DBD2 processing all templates concurrently, resulting a jumbled mess of an output file... # The lines are commented out to prevent DBD2 from trying to parse the shell script content as configuration lines. #-------------------------------------------------- ##!/bin/bash #echo "" >> /opt2/build/dbd/file_z #echo "" >> /opt2/build/dbd/file_z #./dbcl localhost 1026 template=z1000z1001z1002z1003z1004z1005z1006 host1=`hostname` host2=host63 host3=192.168.2.50 #echo "" >> /opt2/build/dbd/file_z #echo "" >> /opt2/build/dbd/file_z #sleep 2 #./dbcl localhost 1026 template=z1010z1011z1012z1013z1014z1015z1016 #echo "" >> /opt2/build/dbd/file_z #echo "" >> /opt2/build/dbd/file_z #sleep 2 #./dbcl localhost 1026 template=z1007 host1=`hostname` #echo "" >> /opt2/build/dbd/file_z #echo "" >> /opt2/build/dbd/file_z #sleep 2 #./dbcl localhost 1026 template=z2000z2001z2002z2003z2004z2005z2006z2007z2008z2009z2010z2011 time1=`date +%s` time2="Mar 31 15:33:22 2021" time3="2023-05-14 18:30:40-06:30" #echo "" >> /opt2/build/dbd/file_z #echo "" >> /opt2/build/dbd/file_z #sleep 2 #./dbcl localhost 1026 template=z2020z2021z2022z2023z2024z2025z2026z2027z2028z2029z2030 #echo "" >> /opt2/build/dbd/file_z #echo "" >> /opt2/build/dbd/file_z #sleep 2 #echo "" >> /opt2/build/dbd/file_z #echo "" >> /opt2/build/dbd/file_z #sleep 2 #./dbcl localhost 1026 template=z1100z1101z1102z1103 user1=`whoami` user2=librenms group1=`id -g` group2=`id -g librenms` #echo "" >> /opt2/build/dbd/file_z #echo "" >> /opt2/build/dbd/file_z #sleep 2 #./dbcl localhost 1026 template=z1104 user1=1000 #echo "" >> /opt2/build/dbd/file_z #echo "" >> /opt2/build/dbd/file_z #sleep 2 #./dbcl localhost 1026 template=z1105 group1=1000 #echo "" >> /opt2/build/dbd/file_z #echo "" >> /opt2/build/dbd/file_z #-------------------- End-of-File --------------------