Re: [syslog-ng] Changing a value after a match with patterndb

Hi Mark, You can use template functions in patterndb [1]. The idea is to add a value to the matched message, which contains the result of a template function. You could for instance use the "if" function: <values> <value name="svc">$(if ("${port}" == "22") "ssh" "telnet")</value> </values> If you need anything more complex, and if you are using the 3.7.x series, you could even use a python script using the "python" template function. Cheers [1] https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-g...