Hi Bazsi, Thanks for your quick response. In this case how to remove the $FILE_NAME value from the received message on the syslog-ng server? Because now the received message = Original mesg + File Name. -V -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Balazs Scheidler Sent: Wednesday, August 12, 2009 1:10 PM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Syslog-ng open source version -- program_override option On Mon, 2009-08-10 at 11:41 +0530, Jain, Vaibhav (GE Healthcare) wrote:
Hi,
I want to pass the source file name with each syslog-ng message. I am using program_override option for this. But program_override option overrides the program name field value present in the syslog-ng messages.
source source_sys_log { file("/root/log/syslog.log" program_override("syslog.log")); }
Let me know how to pass source file name in the syslog-ng message? I am using open source version of syslog-ng.
Well by default syslog-ng uses each line in the source file as a separate log message, but makes the name of the file available in the $FILE_NAME macro. So you could either use a custom template to include this information, or rather a rewrite rule, such as: rewrite r_add_filename { set("$FILE_NAME: $MESSAGE" value("MESSAGE")); }; -- Bazsi ________________________________________________________________________ ______ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html