I don't think I need the data that's after that part on the messages. Besides I could make sure the original message is preserved and have the truncated one on another file. I just want to know if it's possible to make the cut on rsyslog before it writes the message to file.
On Tue, May 29, 2012 at 1:58 PM, <[email protected]> wrote: > On Tue, 29 May 2012, Alfred Rapozo wrote: > >> I'm receiving messages on a rsyslog machine, coming from a Windows >> 2008 machine using Snare. >> >> The problem with 2008 is that at the end of the message comes a >> meaningless string explaining what the event is about. The string is >> really big and is the same for every event of the same type. >> >> Is there any way to make rsyslog discard this part of the message, >> most of the time it starts with "This event is generated". > > > Unfortunantly, that's not the end of the message from Snare, there is data > in the message after that that you care about (it may be getting truncated > in your setup) > > David Lang > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards
