21 May
2007
21 May
'07
8:07 p.m.
On Mon, 2007-05-21 at 09:23 -0500, Ivey, Chris wrote:
As I was discussing this issue with a colleague this AM, the question arose as to whether or not the restamping of messages from syslog-ng can be turned on and off for selected destinations, or if that was a global option. Anyone know?
If these are syslog messages, then you can use templates to solve this issue: destination d_arcsight { udp("1.2.3.4" template("<$PRI>$S_DATE $HOST $MSG\n")); }; destination d_other { udp("1.2.3.4" template("<$PRI>$R_ISODATE $HOST $MSG\n"); }; For a list of macros see: http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/ch08s05.html -- Bazsi