It is for the first time I am working with liblognorm. Read the documentation for lognorm1, but still not sure how to write mmnormalize rules for optional parts of syslog message. The base is RFC5424 message with modified structured-data.
Special SD-ELEMENT [syslogTimes@123456 relay-ip="timestamp-rfc3339" ...] added to the end of structured-data. Every relay add it's own relay-ip with timestamp to this element. On some relay's this SD-ELEMENT needs to be removed. Will this rule work as expected? prefix=<%-:number%>%-:number% %-:date-rfc5424% %-:word% %-:word% %-:number% %-:word% rule=%orig-sd:string-to:[syslogTimes@123456 % %time-sd:string-to: ]% %-:rest% How to reference the 'orig-sd' value in template afterwards? Is lognorm2 making this easier to implement? Peter _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
