[syslog-ng] Need help pulling out message info before sending
on to loghost from syslog-ng proxy
Balazs Scheidler
bazsi at balabit.hu
Thu Jul 27 10:15:18 CEST 2006
On Wed, 2006-07-26 at 13:26 -0500, Steven Meacham wrote:
> Hi,
> Need help with removing some information before message is sent to the
> loghost server. I am trying to remove what looks like a priority or
> facility code date and time....is there any way to remove this out of
> the message before fowarding on to loghost
what about something like (requires syslog-ng 2.0):
filter f_mark_interesting_part_in_message { match("^(interesting part)not interesting part(interesting again)$"); };
destination d_stripped { file("/var/log/messages" template("$DATE $HOST $1 $2\n")); };
log { source(s_source); filter(f_mark_interesting_part_in_message); destination(d_stripped); };
The trick is that you can use regexp's match function to get a handle
on various parts of the message (enclosed by parenthesis) and then
reference the match in output templates as $1 .. $9
--
Bazsi
More information about the syslog-ng
mailing list