You don't as much "remove" parts from the original message but rather
create your own message using parts from the original ones. Template
system is meant for this.
https://www.rsyslog.com/doc/v8-stable/configuration/templates.html
On 05.03.2021 05:53, Milad Rezaei via rsyslog wrote:
Hi Dears
How can i remove extra part of received log by rsyslog??
Or change logs and save it to new log?
For example i receive this log and some part of log is extra :
Mar 5 08:20:15 test snort[6414]: [122:3:1] (portscan) TCP Portsweep
[Classification: Attempted Information Leak] [Priority: 2] {PROTO:255}
11.141.38.164 -> 5.13.19.12
I just need Timestamp, IP, classification
Regards
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
