|
Ag3NT01
|
 |
« on: June 23, 2009, 02:31:37 pm » |
|
I have a script to export the w3svc log files to a syslog-ng server. I have a problem with this in that some of my logs from 2008 are being changed to 2009 when being exported. I do not see this behavior when exporting to a csv. Can anyone tell me why this is happening?
Script to syslog:
LogParser" "SELECT TO_TIMESTAMP(date,time), CASE QNTFLOOR_TO_DIGIT(sc-status, 1) WHEN 500 THEN 'emerg' WHEN 400 THEN 'err' ELSE 'info' END AS MySeverity, s-computername AS MyHostname, s-ip, cs-method, cs-uri-stem, c-ip, cs(User-Agent), sc-status, sc-substatus INTO @xxx.xxx.xxx.xxx FROM <1> WHERE sc-status >= 400" -o:SYSLOG -severity:$MySeverity -hostName:$MyHostname -iCheckpoint:MyCheckpoint.lpc
Script to csv:
LogParser" "SELECT TO_TIMESTAMP(date,time), CASE QNTFLOOR_TO_DIGIT(sc-status, 1) WHEN 500 THEN 'emerg' WHEN 400 THEN 'err' ELSE 'info' END AS MySeverity, s-computername, s-ip, cs-method, cs-uri-stem, c-ip, cs(User-Agent), sc-status, sc-substatus INTO c:\test.csv FROM <1> WHERE sc-status >= 400" -o:CSV -iCheckpoint:test.lpc
|
