So I am attempting to perform some data hygiene maintenance on our environment, and one of the things I am doing is cleaning up Coldfusion logs. I have given the Coldfusion logs a sourcetype of log4j, which works mostly, but I found an odd issue in one of our application.log files. The log4j does not correctly format Oracle logs, so I end up with all the lines mixed into a mess, but it works for other errors.

Examples:

"Error","jrpp-328","11/10/17","16:54:48",,"File not found: /path/index.cfm The specific sequence of files included or processed is: D:\inetpub\wwwroot\path\path\index.cfm'' "

"Error","jrpp-328","11/10/17","16:51:30",,"Type: Database, Detail: [Macromedia][Oracle JDBC Driver][Oracle]ORA-00980: synonym translation is no longer valid , SQL: SELECT [redacted] FROM [redacted] JOIN [redacted] ON pe.strm = pc.strm AND pe.session_code = [redacted] AND pe.class_nbr = pc.class_nbr WHERE pc.location <> 'WEB' AND [redacted] = (param 1) AND [redacted] = 'E' AND pe.strm = (param 2) , Stack trace: coldfusion.tagext.sql.QueryTag$DatabaseQueryException: Error Executing Database Query. at coldfusion.tagext.sql.QueryTag.doEndTag(QueryTag.java:641) at cf[redacted]2ecfc628081670$func[redacted].runFunction(D:\inetpub\wwwroot\path\path\cfc[redacted].cfc:69) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:472) at coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:368) at coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:55) at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:321) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:220) at coldfusion.runtime.CfJspPage._invokeUDF(CfJspPage.java:2582) ...

Is there a way to fix this in the props.conf or the transform.conf or inputs.conf, or it is just going to be a mess?

Thanks