<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Hello,</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
following the:</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
- config</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
- input</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
- outputs</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Config:</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span> @version: 3.26<br>
</span>
<div><br>
</div>
<div> source s_net1 {<br>
</div>
<div> udp(<br>
</div>
<div> port(8001)<br>
</div>
<div> flags(no-parse)<br>
</div>
<div> );<br>
</div>
<div> };<br>
</div>
<div><br>
</div>
<div> destination d_file1 {<br>
</div>
<div> file("/tmp/prefix-first-second-suffix.log"<br>
</div>
<div> template("$1 - $2 - $3 - $4\n")<br>
</div>
<div> );<br>
</div>
<div> };<br>
</div>
<div><br>
</div>
<div> destination d_file2 {<br>
</div>
<div> file("/tmp/prefix-second-first-suffix.log"<br>
</div>
<div> template("$1 - $3 - $2 - $4\n")<br>
</div>
<div> );<br>
</div>
<div> };<br>
</div>
<div><br>
</div>
<div> rewrite r_rule {<br>
</div>
<div> subst("([a-z]+)-([a-z]+)-([a-z]+)-([a-z]+)", "", value("MSG"), flags(store-matches));<br>
</div>
<div> };<br>
</div>
<div><br>
</div>
<div> log {<br>
</div>
<div> source(s_net1);<br>
</div>
<div> rewrite(r_rule);<br>
</div>
<div> destination(d_file1);<br>
</div>
<div> destination(d_file2);<br>
</div>
<div> };<br>
</div>
<span></span></div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Message:</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
echo "hello-foo-bar-world" > /dev/udp/127.0.0.1/8001</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
echo hello-i-j-world > /dev/udp/127.0.0.1/8001</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Output:</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span> szemere@tp:/tmp$ cat prefix-first-second-suffix.log <br>
</span>
<div> hello - foo - bar - world<br>
</div>
<span></span> hello - i - j - world</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span> szemere@tp:/tmp$ cat prefix-second-first-suffix.log <br>
</span>
<div> hello - bar - foo - world<br>
</div>
<span></span> hello - j - i - world<br>
</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Best regards,</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
László Szemere</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of William Luiz Ribeiro Vasconcelos Da Silva <wsilva_ericsson@timbrasil.com.br><br>
<b>Sent:</b> Thursday, March 26, 2020 21:36<br>
<b>To:</b> Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu><br>
<b>Subject:</b> [syslog-ng] RES: Change Position Information inside Messasge</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.<br>
<br>
<br>
Hi,<br>
<br>
Do you have any example to share?<br>
<br>
Atenciosamente,<br>
<br>
WILLIAM LUIZ R V SILVA<br>
Mediation<br>
<br>
Ericsson<br>
Rua Maria Preste Maia, 300<br>
02879-130, Brazil<br>
Phone +55 11 2760-3785<br>
Mobile +55 11 97979-9886<br>
wsilva_ericsson@timbrasil.com.br<br>
<a href="https://nam05.safelinks.protection.outlook.com/?url=www.ericsson.com&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7Cfba08320ff2d45ad333e08d7d1c557e6%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637208517827005664&sdata=2dZY0kDSq9UWK32%2F7hGwHujw2bqfYhPy7Kce7WCpHtk%3D&reserved=0">https://nam05.safelinks.protection.outlook.com/?url=www.ericsson.com&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7Cfba08320ff2d45ad333e08d7d1c557e6%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637208517827005664&sdata=2dZY0kDSq9UWK32%2F7hGwHujw2bqfYhPy7Kce7WCpHtk%3D&reserved=0</a><br>
<br>
<br>
<br>
-----Mensagem original-----<br>
De: syslog-ng <syslog-ng-bounces@lists.balabit.hu> Em nome de Laszlo Szemere (lszemere)<br>
Enviada em: quinta-feira, 26 de março de 2020 17:01<br>
Para: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu><br>
Assunto: Re: [syslog-ng] Change Position Information inside Messasge<br>
<br>
Hello William,<br>
What you are looking for is the "store-matches" flag of the regular expressions.
<a href="https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.syslog-ng.com%2Ftechnical-documents%2Fdoc%2Fsyslog-ng-open-source-edition%2F3.25%2Fadministration-guide%2F68%23TOPIC-1374104&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7Cfba08320ff2d45ad333e08d7d1c557e6%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637208517827005664&sdata=TvYjtacvhyn%2F1HVUopa7zmS98DoD065LvnerpRZGrtg%3D&reserved=0">
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.syslog-ng.com%2Ftechnical-documents%2Fdoc%2Fsyslog-ng-open-source-edition%2F3.25%2Fadministration-guide%2F68%23TOPIC-1374104&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7Cfba08320ff2d45ad333e08d7d1c557e6%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637208517827005664&sdata=TvYjtacvhyn%2F1HVUopa7zmS98DoD065LvnerpRZGrtg%3D&reserved=0</a><br>
<br>
You can "store" the matching part of a subst rewrite rule. Which can be later used in a template function, on the destination site. So you can "reassemble" your log message in any form you want.<br>
<br>
Br,<br>
Laci<br>
<br>
________________________________________<br>
From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of William Luiz Ribeiro Vasconcelos Da Silva <wsilva_ericsson@timbrasil.com.br><br>
Sent: Thursday, March 26, 2020 19:10<br>
To: Syslog-ng users' and developers' mailing list<br>
Subject: [syslog-ng] Change Position Information inside Messasge<br>
<br>
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.<br>
<br>
Hello everyone,<br>
<br>
Is it possible to change a position of an information within the message?<br>
<br>
From: 2020-03-26; 17: 55: 22; RTCGNMGA0101: RT_SRC_NAT_PBA_ALLOC :; 100.64.1.114:38784-38847; 177.51.112.218;<br>
<br>
TO:<br>
2020-03-26; 17: 55: 22; RTCGNMGA0101: RT_SRC_NAT_PBA_ALLOC:; 100.64.1.114; 177.51.112.218:38784-38847;<br>
<br>
Basically, I would like to change the position of the connection port within the message.<br>
<br>
How to do this?<br>
<br>
TKS<br>
<br>
Atenciosamente,<br>
<br>
WILLIAM LUIZ R V SILVA<br>
Mediation<br>
<br>
Ericsson<br>
Mobile +55 11 97979-9886<br>
<a href="https://nam05.safelinks.protection.outlook.com/?url=www.ericsson.com&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7Cfba08320ff2d45ad333e08d7d1c557e6%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637208517827005664&sdata=2dZY0kDSq9UWK32%2F7hGwHujw2bqfYhPy7Kce7WCpHtk%3D&reserved=0<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ericsson.com%2F&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7Cfba08320ff2d45ad333e08d7d1c557e6%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637208517827005664&sdata=BRPrwmu3c1k%2BQDk7JQJttwX3g9Shrx6r%2BGd6llYJqpk%3D&reserved=0">https://nam05.safelinks.protection.outlook.com/?url=www.ericsson.com&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7Cfba08320ff2d45ad333e08d7d1c557e6%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637208517827005664&sdata=2dZY0kDSq9UWK32%2F7hGwHujw2bqfYhPy7Kce7WCpHtk%3D&reserved=0<https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ericsson.com%2F&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7Cfba08320ff2d45ad333e08d7d1c557e6%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637208517827005664&sdata=BRPrwmu3c1k%2BQDk7JQJttwX3g9Shrx6r%2BGd6llYJqpk%3D&reserved=0</a>><br>
<br>
[Descrição: Descrição: Ericsson]<<a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ericsson.com%2F&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7Cfba08320ff2d45ad333e08d7d1c557e6%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637208517827005664&sdata=BRPrwmu3c1k%2BQDk7JQJttwX3g9Shrx6r%2BGd6llYJqpk%3D&reserved=0">https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ericsson.com%2F&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7Cfba08320ff2d45ad333e08d7d1c557e6%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637208517827005664&sdata=BRPrwmu3c1k%2BQDk7JQJttwX3g9Shrx6r%2BGd6llYJqpk%3D&reserved=0</a>><br>
<br>
<br>
Esta mensagem, incluindo seus anexos, pode conter informações privilegiadas e/ou de caráter confidencial, não podendo ser retransmitida sem autorização do remetente. Se você não é o destinatário ou pessoa autorizada para recebê-la, informamos que o seu uso,
divulgação, cópia ou arquivamento são proibidos. Portanto, se você recebeu esta mensagem por engano, por favor nos informe respondendo imediatamente a este e-mail e delete o seu conteúdo.<br>
<br>
This message, including its attachments, may contain privileged or confidential information, and it must not be fowarded without the express authorization of the sender. If you are not the intended recipient, we hereby inform you that the use, disclosure, copy
or filing are forbidden. So, if you received this message as a mistake, please inform us by answering this e-mail and deleting its contents<br>
<br>
Questo messaggio, inclusi gli allegati, potrebbe contenere informazioni privilegiate e/o riservate, e non deve essere ritrasmesse senza l'autorizzazione del mittente. Se non siete il destinatario o la persona autorizzata a riceverlo, informiamo che il suo utilizzo,
diffusione, copia o archiviazione sono proibite. Quindi, se avete ricevuto questo messaggio per errore, per cortesia ci informi rispondendo immediatamente a questa email e cancelli il suo contenuto<br>
______________________________________________________________________________<br>
Member info: <a href="https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7Cfba08320ff2d45ad333e08d7d1c557e6%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637208517827005664&sdata=6HOVn0d5QrU3J9npEHbeyNtCuOT1un9ifxG%2BMlrIUDM%3D&reserved=0">
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7Cfba08320ff2d45ad333e08d7d1c557e6%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637208517827005664&sdata=6HOVn0d5QrU3J9npEHbeyNtCuOT1un9ifxG%2BMlrIUDM%3D&reserved=0</a><br>
Documentation: <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7Cfba08320ff2d45ad333e08d7d1c557e6%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637208517827005664&sdata=ra%2FXK9VZ1X%2FqOxY%2FzztPsmQDhhJzFFuhiS%2Fl15wBfV8%3D&reserved=0">
https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7Cfba08320ff2d45ad333e08d7d1c557e6%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637208517827005664&sdata=ra%2FXK9VZ1X%2FqOxY%2FzztPsmQDhhJzFFuhiS%2Fl15wBfV8%3D&reserved=0</a><br>
FAQ: <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7Cfba08320ff2d45ad333e08d7d1c557e6%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637208517827005664&sdata=kC%2B5oIy7WnkneMvrhYVmeqBIcdhI01aMLzND5qK%2BSeA%3D&reserved=0">
https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Claszlo.szemere%40oneidentity.com%7Cfba08320ff2d45ad333e08d7d1c557e6%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637208517827005664&sdata=kC%2B5oIy7WnkneMvrhYVmeqBIcdhI01aMLzND5qK%2BSeA%3D&reserved=0</a><br>
<br>
</div>
</span></font></div>
</body>
</html>