11 May
2013
11 May
'13
3:29 a.m.
Apologies to those of you who have already seen this on the ELSA list. I want to get rid of the explanatory essay that accompanies some eventlog messages from windows. I tried this: rewrite r_snarex { subst("\s+This event is generated when[^|]+\|", "|", value("MSGONLY") type("pcre")); }; and added it to log section, but it did not work. I have tried various variations on the theme too. Russell