Need help pulling out message info before sending on to loghost from syslog-ng proxy
Hi, Need help with removing some information before message is sent to the loghost server. I am trying to remove what looks like a priority or facility code date and time....is there any way to remove this out of the message before fowarding on to loghost Thanks Steven -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.10.4/396 - Release Date: 7/24/2006
On Wed, 2006-07-26 at 13:26 -0500, Steven Meacham wrote:
Hi, Need help with removing some information before message is sent to the loghost server. I am trying to remove what looks like a priority or facility code date and time....is there any way to remove this out of the message before fowarding on to loghost
what about something like (requires syslog-ng 2.0): filter f_mark_interesting_part_in_message { match("^(interesting part)not interesting part(interesting again)$"); }; destination d_stripped { file("/var/log/messages" template("$DATE $HOST $1 $2\n")); }; log { source(s_source); filter(f_mark_interesting_part_in_message); destination(d_stripped); }; The trick is that you can use regexp's match function to get a handle on various parts of the message (enclosed by parenthesis) and then reference the match in output templates as $1 .. $9 -- Bazsi
participants (2)
-
Balazs Scheidler
-
Steven Meacham