Change the facility or the priority of a syslog message ?

Hello,

I'm using the syslog-ng application version 3.1.0. I would like to change the severity and/or the facility of an event.

Here is the configuration for this test :

template t_format {

template ("$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC;$HOST;$FACILITY;$PRIORITY;$PROGRAM;$MSG\n");

};

source s_local_test {

unix-stream("/dev/log");

};

destination d_test {

file ( "/tmp/test"

template (t_format)

);

};

rewrite r_rewrite_set {

set (

"my_program"

value("PROGRAM")

);

};

log {

source (s_local_test);

rewrite (r_rewrite_set);

destination (d_test);

};

I generated a message by using "logger" :

# logger -i -p local0.info "Test Message : ABCDEFGHIJKLMNOPQRST ## $(date) ##"

=> /tmp/test:

2010-04-01 15:12:14;pc-dev.dom;local0;info;MY_PROGRAM;Test Message : ABCDEFGHIJKLMNOPQRST ## jeu avr 1 15:12:14 CEST 2010 ##

Ok, I can change the PROGRAM name... :-)

...So I changed the rule "r_rewrite_set" to modify the value to "facility" :

rewrite r_rewrite_set {

set (

"local4"

value("FACILITY")

);

};

And when I restarted the syslog-ng, I had the following errors :

# /etc/init.d/syslog-ng restart

Macros are read-only, they cannot be changed in rewrite rules, falling back to MESSAGE instead; macro='FACILITY'

Restarting syslog-ng: Stopping syslog-ng: [ OK ]

Starting syslog-ng: Macros are read-only, they cannot be changed in rewrite rules, falling back to MESSAGE instead; macro='FACILITY'

[ OK ]

I have the same error when I changed the "PRIORITY" of the rule "r_rewrite_set" :

> Macros are read-only, they cannot be changed in rewrite rules, falling back to MESSAGE instead; macro='PRIORITY'

I tried to send a message by using "logger" but as it written in the above error, the MESSAGE was changed... :-(

My questions are :

1. Which macros are read-only ? PRIORITY, FACILITY, another ?

2. Is there a way to change the facility or the priority of an event ?

3. If not, why can't I change the facility or the priority ?

Regards,

Yann