Hi all,

We have the following log

2012-06-15T09:00:26+05:30 kddi-cm-1-sb 4/6 [ID 800047 auth.info] Accepted publickey for xyz

We wanted to replace [ID 800047 auth.info] with empty string (i.e. “”) and print the following

2012-06-15T09:00:26+05:30 kddi-cm-1-sb 4/6 Accepted publickey for xyz

So we have used the below re-write with subst. But this is not working in syslog-ng 3.4.0alpha2.

rewrite rw_msg{subst("\\[.*\\]", "", value("MESSAGE"));};

Can somebody help out here?

Thanks

Hithendra