https://bugzilla.balabit.com/show_bug.cgi?id=156 Summary: rewrite rule not working on Linux Product: syslog-ng Version: 3.3.x Platform: Other OS/Version: Linux Status: NEW Severity: major Priority: unspecified Component: syslog-ng AssignedTo: bazsi@balabit.hu ReportedBy: ne24@georgetown.edu Type of the Report: bug Estimated Hours: 0.0 Hi, I have syslog-ng 3.3.3 running Red Hat Enterprise Linux Server release 6.2 (Santiago). I compiled with the following flags. ./configure --prefix=/usr/local --enable-spoof-source --enable-pcre --enable-ssl \ --enable-debug I have the following rewrite rule: rewrite n_dst_router { subst("^(%(?:ASA|PIX|FWSM)\-\d\-\d{6}):", "", value("MESSAGE"), type("pcre"), flags("global")); }; But it is not working. The line below minus the IP addresses shows that it is not replacing the %FWSM-6-305011 with a blank. Jan 7 15:59:06 HOSTNAME-REMOVED %FWSM-6-305011: Built dynamic tcp translation from GRT:IP-ADDRESS-REMOVED/53328 to BACKBONE-VRF:IP-ADDRESS-REMOVED/29361 I will also attach my whole syslog-ng.conf file so that you would see the whole setup. Here is the output of the debug output and as you can see, it looks like it is doing what it is supposed to, but it does not write it to the file with the change. Incoming log entry; line='<163>%FWSM-3-710003: udp access denied by ACL from IP-ADDRESS-REMOVED/35390 to BACKBONE-VRF:IP-ADDRESS-REMOVED/46897\x0a' Rewrite expression evaluation result; value='MESSAGE', new_value='udp access denied by ACL from IP-ADDRESS-REMOVED/35390 to BACKBONE-VRF:IP-ADDRESS-REMOVED/46897' I searched the bug reports but could not find anything related to this issue. I would appreciate it your help on this. Thank you Nadim El-Khoury -- Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.