[syslog-ng] Rewrite Hostname Field of Syslog Header
Lance Laursen
lance at demonware.net
Fri Jul 23 20:59:45 CEST 2010
On Fri, Jul 23, 2010 at 11:06 AM, lecalcot <lecalcot at cisco.com> wrote:
> Hi,
>
> I’m wondering if syslog-ng is capable of rewriting the hostname field in
> the header of syslogs as they are forwarded to a remote loghost. Is this
> possible?
>
> Thanks,
> Lee
>
>
There are a couple ways to do this. If you want all messages in a certain
log statement to be replaced with specific text, you can just use a rewrite
rule on the HOST macro:
rewrite r_replacename { set("whatever-you-want", value("HOST")); };
You can also use subst() rather than set() to match/replace only certain
parts & use regex. Check out page 88 of the 3.1 OSE syslog-ng admin guide.
If you need help replacing hostname on the fly, with perhaps something else
that exists in the message body, using the parser {} function (paired with
patterndb, what all the cool kids are using now) to generate your own
macros, then use rewrite{} with that is your best bet.
--
Lance Laursen
Demonware Systems Engineer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100723/7e82a000/attachment.htm
More information about the syslog-ng
mailing list