11 Mar
2015
11 Mar
'15
11:42 a.m.
"Thomas" == Thomas Straubinger <thomas.straubinger@nic.at> writes:
Thomas> Hello, Thomas> is there a way to process more than the $MSG macro with a Thomas> syslog-ng parse filter? You can use the template() setting within the parser... Thomas> We are forwarding our syslogs via rsyslog in this format (client config): Thomas> $template tmpl_forward,"%hostname% %syslogtag% \"%msg%\"\n" Thomas> *.* @@syslog:514;tmpl_forward ...though in this case, I would recommend using flags(no-parse) in the source that consumes these messages. Then $MSG will contain the whole line, and you are free to parse it in whatever way you wish. (Though, to parse the date part, properly, you may need a very recent syslog-ng) -- |8]