Dear all, I am writing a syslog-ng configuration able to rewrite (or templating) the MESSAGE macro of a syslog entry in such way that it includes its own hash. Consider for example the line: Mar 15 08:23:15 void systemd[1]: Started System Logger Daemon. i would like to rewrite the message obtaining this output: Mar 15 08:23:15 void systemd[1]: Started System Logger Daemon. hash: 87602bdc780a764ae26f30ddc3f09176 where "8ba7a67ce6ac67b9facb6a14b3095960" is the hash of the line (md5, sha1 or other hash funcition). I evaluate both the use of the template function as well as the use of the rewrite module. Unfortunatelly, once i got the line with the hash i can't understand how to verify if the hash is correct. In contrast, when I evalute the hash using the command line, the hash values mismatch. $ echo "Mar 15 08:23:15 void systemd[1]: Started System Logger Daemon." | md5sum - 8ba7a67ce6ac67b9facb6a14b3095960 - In order to perform my test I'm using this configuration: --------------------------------------------------------------------------- source sourcetest { file("/var/log/md5/input.log" flags(no-parse)); }; rewrite msghashing { set("$(md5 $MESSAGE)", value("MYMESS")); set ("-$MESSAGE- hash: $MYMESS", value("MESSAGE"), on-error("fallback-to-string")); }; destination testdestination { file("/var/log/md5/output.log"); }; log { source( sourcetest ); rewrite( msghashing ); # rewrite( r_rewrite_host ); destination( testdestination ); }; --------------------------------------------------------------------------- i can't find any hint in the documentation files, does anybody knows how can i correctly verify the hash ? Is the syslog-ng software using a salt by default ? thanks a lot, -- Domenico