Formatting syslogs using syslog-ng
Hi I need to format the below syslog message. Apr 13 07:37:28 host-mgr dhcpd: [ID 702911 local7.error] DHCPDISCOVER to Apr 13 03:37:15 host-mgr 23 3 DHCPDISCOVER My destination config looks like this. destination sol_dest { file("/var/log/sol_syslog" perm(0644) template("$S_DATE $HOST $FACILITY_NUM $LEVEL_NUM $MSGONLY\n") template_escape(no) ); }; With the template mentioned above I am getting output as shown below. I need to remove " [ID 702911 local7.error] " . How to do it. Apr 13 03:37:15 mgr-t 23 3 [ID 702911 local7.error] DHCPDISCOVER I am running this on Solaris machine with syslong-ng 3.1.2 Regards Pramod
On Wed, 2011-04-13 at 17:14 +0530, Pramod Pillai wrote:
Hi
I need to format the below syslog message.
Apr 13 07:37:28 host-mgr dhcpd: [ID 702911 local7.error] DHCPDISCOVER to Apr 13 03:37:15 host-mgr 23 3 DHCPDISCOVER
My destination config looks like this. destination sol_dest { file("/var/log/sol_syslog" perm(0644) template("$S_DATE $HOST $FACILITY_NUM $LEVEL_NUM $MSGONLY\n") template_escape(no) ); };
With the template mentioned above I am getting output as shown below. I need to remove " [ID 702911 local7.error] " . How to do it. Apr 13 03:37:15 mgr-t 23 3 [ID 702911 local7.error] DHCPDISCOVER
I am running this on Solaris machine with syslong-ng 3.1.2
how about rewrite rrr { subst('^\[.*\]', '', value('MESSAGE')); }; -- Bazsi
participants (2)
-
Balazs Scheidler
-
Pramod Pillai