Hello! I'd say you should try with mmnormalize module for message parsing to the fields which are good for you. You will need to write the liblognorm parsing rule(s) for your message format. Then you can write a template for the output you'd like to have.
Links: 1. mmnormalize module docs: https://www.rsyslog.com/doc/v8-stable/configuration/modules/mmnormalize.html 2. liblognorm docs: https://github.com/rsyslog/liblognorm/blob/master/doc/configuration.rst 3. templates: https://www.rsyslog.com/doc/v8-stable/configuration/templates.html On Tue, 2 Mar 2021 at 17:29, Milad Rezaei via rsyslog < [email protected]> wrote: > Hi dears > > I want to filter and manipulate received log by rsyslog and save them > For example in line blewe i don't need some parameter and it should delete > from saved log: > Mar 2 12:57:41 test snort[24571]: [122:20:1] (portscan) UDP Distributed > Portscan [Classification: Attempted Information Leak] [Priority: 2] > {PROTO:255} 158.225.224.79 -> 88.18.67.20 > > thank you > _______________________________________________ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > -- Yury Bushmelev _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
