very easy, you just need to define a template with what you want. Doc here:
http://www.rsyslog.com/doc/v8-stable/configuration/templates.html Rainer 2016-12-12 15:17 GMT+01:00 Swartz, Patrick <[email protected]>: > Hello, > Is there a way to get the message headers like what debug provides, without > also getting the whole message? > I'm currently using: -- *.* > /var/splunk-syslog/msgdebug.log;RSYSLOG_DebugFormat -- to see the message > headers in order to understand them better to create different filters. > However, by getting the whole message too, my debug file size is exploding. > > This is the only part I really want to save - > FROMHOST: 'cdcubpe02.mycompany.com', fromhost-ip: '100.200.20.112', HOSTNAME: > 'cdcubpe02.mycompany.com', PRI: 167, > syslogtag 'Vpxa:', programname: 'Vpxa', APP-NAME: 'Vpxa', PROCID: '-', MSGID: > '-', > TIMESTAMP: 'Dec 12 14:14:59', STRUCTURED-DATA: '-', > > Is what I'm seeking even possible? > > Many thanks, > Patrick > > ---------------------------------------------------------------------- > This email and any files transmitted with it are confidential and intended > solely for the use of the addressee. If you are not the intended addressee, > then you have received this email in error and any use, dissemination, > forwarding, printing, or copying of this email is strictly prohibited. Please > notify us immediately of your unintended receipt by reply and then delete > this email and your reply. Tyson Foods, Inc. and its subsidiaries and > affiliates will not be held liable to any person resulting from the > unintended or unauthorized use of any information contained in this email or > as a result of any additions or deletions of information originally contained > in this email. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
