Hello,
For the following example message:
2019-03-11T14:13:10-07:00 xxxx-xxxx-xxxx-3 audit_protocol[9605]:
S-1-22-1-11111|11111|System|1|11.111.111.11|NFS|CLOSE|SUCCESS|FILE|0:0|0:0|7528411024|/path/to/file
Are the pipes field delimiters?
How can I replace the pipes (|s) with commas?
I have tried the following template and many others, but haven't been able to
get the pipe replacement to work yet.
template(name="isilon_tmpl" type="list") {
replace("$msg", "|", ",")
}
ruleset(name="isilon_rset") {
if ($msg contains "/ifs/cda/userdata/ctshared") then {
action(type="omfile" FileCreateMode="0644"
File="/var/log/remote/msg/eric-test" template="isilon_tmpl")
}
}
Thanks,
Eric Secrist
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
