Re: [rsyslog] Modify Logs with different word in a log string

Patrick Peter via rsyslog Mon, 27 Jan 2020 04:54:25 -0800

Hello David,

I am using below configuration in a separate conf file under /etc/rsyslog.d.
I am expecting it to replace the text on the logserver while sending the
logs and not locally on /var/log/test.log.
Not sure what i am doing wrong, please correct me.



$template test_template,"%PRI% %timestamp%
%programname%%msg:R,ERE,1,FIELD:(.*)text_to_replace/.*--end%
text_to_replace_with %msg:R,ERE,1,FIELD:.*text_to_replace(.*)--end%\n"


ruleset(name="sendToLogserver1") {
    action(type="omfwd" target="logserver" port="<port>" protocol="tcp"
Template="test_template" StreamDriver="gtls" StreamDriverMode="1"
StreamDriverAuthMode="anon")
}

input(type="imfile"
      File="/var/log/test.log"
      maxSubmitAtOnce="2048"
      escapelf="on"
      Tag="APP_Name"
      startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}
[[:digit:]]{2}:[[:digit:]]{2}:[[:digit:]]{2},[[:digit:]]{3} "
      Severity="info"
      Ruleset="sendToLogserver1


Thanks,
Pat



--
Sent from: http://rsyslog-users.1305293.n2.nabble.com/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Modify Logs with different word in a log string

Reply via email to