I guess csv parser. If you are lucky, you can rewrite the PROGRAM and MSG fields from the csv parser (not sure if it actually works, but wouldn't be surprised if it did), like: csv_parser .... columns($PROGRAM,$MESSAGE) Robert On Wednesday, October 5, 2011 20:00 CEST, Martin Holste <mcholste@gmail.com> wrote:
So I have a customer who has enabled the device-id configuration directive on his FWSM, and that means that instead of this from a normal FWSM: <174>%FWSM-6-302013: Built inbound TCP... it sends this: <174>FWSMHostName %FWSM-6-30203: Built inbound TCP...
This means that the program name does not get properly parsed as syslog-ng pushes it into the msg field. If I can't convince the customer to remove the device-id setting, what's the least CPU-intensive way of coping with this so that program and msg are set correctly? ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq