On Fri, Jul 23, 2010 at 11:06 AM, lecalcot <lecalcot@cisco.com> wrote:
Hi,
I’m wondering if syslog-ng is capable of rewriting the hostname field in the header of syslogs as they are forwarded to a remote loghost. Is this possible?
Thanks, Lee
There are a couple ways to do this. If you want all messages in a certain log statement to be replaced with specific text, you can just use a rewrite rule on the HOST macro: rewrite r_replacename { set("whatever-you-want", value("HOST")); }; You can also use subst() rather than set() to match/replace only certain parts & use regex. Check out page 88 of the 3.1 OSE syslog-ng admin guide. If you need help replacing hostname on the fly, with perhaps something else that exists in the message body, using the parser {} function (paired with patterndb, what all the cool kids are using now) to generate your own macros, then use rewrite{} with that is your best bet. -- Lance Laursen Demonware Systems Engineer