Hello, Is there a way to get the message headers like what debug provides, without also getting the whole message? I'm currently using: -- *.* /var/splunk-syslog/msgdebug.log;RSYSLOG_DebugFormat -- to see the message headers in order to understand them better to create different filters. However, by getting the whole message too, my debug file size is exploding.
This is the only part I really want to save - FROMHOST: 'cdcubpe02.mycompany.com', fromhost-ip: '100.200.20.112', HOSTNAME: 'cdcubpe02.mycompany.com', PRI: 167, syslogtag 'Vpxa:', programname: 'Vpxa', APP-NAME: 'Vpxa', PROCID: '-', MSGID: '-', TIMESTAMP: 'Dec 12 14:14:59', STRUCTURED-DATA: '-', Is what I'm seeking even possible? Many thanks, Patrick ---------------------------------------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the addressee. If you are not the intended addressee, then you have received this email in error and any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please notify us immediately of your unintended receipt by reply and then delete this email and your reply. Tyson Foods, Inc. and its subsidiaries and affiliates will not be held liable to any person resulting from the unintended or unauthorized use of any information contained in this email or as a result of any additions or deletions of information originally contained in this email. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
