On Tue, 29 May 2012, Alfred Rapozo wrote:
I don't think I need the data that's after that part on the messages.
Besides I could make sure the original message is preserved and have
the truncated one on another file.
I just want to know if it's possible to make the cut on rsyslog before
it writes the message to file.
yes, you would create a custom format string. In this case you would
probably want to do a field cut that cut it off at the number of fields
you care about (with the field split being the tab or #011 escape string)
David Lang
On Tue, May 29, 2012 at 1:58 PM, <[email protected]> wrote:
On Tue, 29 May 2012, Alfred Rapozo wrote:
I'm receiving messages on a rsyslog machine, coming from a Windows
2008 machine using Snare.
The problem with 2008 is that at the end of the message comes a
meaningless string explaining what the event is about. The string is
really big and is the same for every event of the same type.
Is there any way to make rsyslog discard this part of the message,
most of the time it starts with "This event is generated".
Unfortunantly, that's not the end of the message from Snare, there is data
in the message after that that you care about (it may be getting truncated
in your setup)
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
