>> Subject: [rsyslog] how to rewrite/delete part of message
>>
>> Hi all,
>>
>> could someone help with creating rsyslog configuration for
>> rewriting/deleting part of message.
>> Position of this part is dynamic (it can be on different position in
>> syslog message).
>>
>> I have looked The Property Replacer documentation, but looks like it
>> can't be achieved with it.
>>
>> OS: Debian Stable (Squeeze)
>> Rsyslog version: 5.8.11-1~bpo60+2
>>
>> PS. In syslog-ng it is possible with creating rewrite rule.
>>
>> rewrite test_rule {
>> subst("SOME_TEXT_FOR_REPLACE", "NEW_TEXT", value("MSG"));
>> };
>
> I have no idea of what this does ;) It looks like search and replace. But
> what exactly is searched (especially which field), what is replaced? Does it
> modify the message itself? Or just the output?
>
> Please elaborate.
This example replaces SOME_TEXT_FOR_REPLACE with NEW_TEXT in MESSAGE part.
But in general it can be used for modifying part of HOST, MESSAGE,
PROGRAM, or any user-defined macros.
The only exceptions are the FACILITY, SEVERITY, TAGS, and the
date-related fields, which cannot be rewritten.
Rewrite rules can be applied in syslog-ng before sending to
destination (file, another log server, etc..)
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
