Simply use the sample script below. It shows you how to parse a single syslog message generated by EventReporter. You can cut it from the textbox below.
use CGI qw (:standard);
# Just the TestMessage
$szEventReporterMessage = “EvntSLog: [ERR] Thu Feb 15 14:00:58 2001: FMSRV/Wins (4102) – \”The connection was aborted by the remote WINS. Remote WINS may not be configured to replicate with the server.\””;
#Call the Splitterfunction
&SplitEventLogMessage($szEventReporterMessage);
#——————————————————-
sub SplitEventLogMessage {
my $szMessage = $_[0];
my $szSeverityCode;
my $szDate;
my $szServer;
my $szNTEventSource;
my $szEventID;
print “——————————\n”;
print “DEBUG: $szMessage\n”;
print “——————————\n”;
$szMessage =~ s/EvntSLog: //gi; # Filter out the “EvntSLog: ”
($szSeverityCode,$szMessage) = split(/ /,$szMessage,2); # Split the Severity Code out
($szDate,$szMessage) = split(/: /,$szMessage,2); # Split the Date out
($szServer,$szMessage) = split(/\//,$szMessage,2); # Split the Server out
($szNTEventSource,$szMessage) = split(/ /,$szMessage,2); # Split the NTEventSource
$szMessage =~ s/\(//i; # Filter out the “(”
($szEventID,$szMessage) = split(/\)/,$szMessage,2); # Split the Message out
$szMessage =~ s/ – \”//i; # Filter out the ” – “”
chop($szMessage); # Remove the last ”
#Print out all splitted fields
print “\n\nSplitted Message\n”;
print “================\n\n”;
print “Severity Code: $szSeverityCode \n”;
print “Date: $szDate \n”;
print “Server: $szServer \n”;
print “NT Event Source: $szNTEventSource \n”;
print “EventID: $szEventID \n”;
print “Actual Message: $szMessage \n”;
}