Hopefully this makes sense. Barracuda has published a script in Perl that demonstrates how to parse the log. The items in the message field are separated by spaces. Barracuda shows the following in their script (the message field has been placed in the $info variable earlier in their scrip):
if( $info =~ /([^\s]+)\s([^\s]+)\s([^\s]+)\s([-\.\d+]+)\s(\d+)\s(\d+)\s(.*)\sSUBJ:(.*)$/ )
{
($enc, $sender, $recip, $score, $action, $reason, $reason_extra, $subject) =
($1, $2, $3, $4, $5, $6, $7, $8);
}
What I would like to do is place these in the Custom variable 1-8. Going through the kiwi example that comes with the syslog server, that part seems relatively easy.
I am brand new to Perl and trying to get this accomplished in the Evaluation window of the Kiwi server to show proof of concept. Is Perl the best way to separate the message based on spaces? Is there a better way to do this? Or does someone have an example of how to do this in Perl or any other language that kiwi supports?
Cheers