[syslog-ng] Syslog-ng open source version -- program_override option
Jain, Vaibhav (GE Healthcare)
Vaibhav.Jain at ge.com
Wed Aug 12 09:45:51 CEST 2009
Hi Bazsi,
Thanks for your quick response.
In this case how to remove the $FILE_NAME value from the received
message on the syslog-ng server? Because now the received message =
Original mesg + File Name.
-V
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Balazs
Scheidler
Sent: Wednesday, August 12, 2009 1:10 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Syslog-ng open source version --
program_override option
On Mon, 2009-08-10 at 11:41 +0530, Jain, Vaibhav (GE Healthcare) wrote:
> Hi,
>
> I want to pass the source file name with each syslog-ng message. I am
> using program_override option for this. But program_override option
> overrides the program name field value present in the syslog-ng
> messages.
>
> source source_sys_log
> {
> file("/root/log/syslog.log" program_override("syslog.log")); }
>
> Let me know how to pass source file name in the syslog-ng message? I
> am using open source version of syslog-ng.
>
Well by default syslog-ng uses each line in the source file as a
separate log message, but makes the name of the file available in the
$FILE_NAME macro.
So you could either use a custom template to include this information,
or rather a rewrite rule, such as:
rewrite r_add_filename { set("$FILE_NAME: $MESSAGE" value("MESSAGE"));
};
--
Bazsi
________________________________________________________________________
______
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list