[syslog-ng] Formatting syslogs using syslog-ng
Balazs Scheidler
bazsi at balabit.hu
Sat Apr 30 23:01:01 CEST 2011
On Wed, 2011-04-13 at 17:14 +0530, Pramod Pillai wrote:
> Hi
>
> I need to format the below syslog message.
>
> Apr 13 07:37:28 host-mgr dhcpd: [ID 702911 local7.error] DHCPDISCOVER
> to
> Apr 13 03:37:15 host-mgr 23 3 DHCPDISCOVER
>
> My destination config looks like this.
> destination sol_dest { file("/var/log/sol_syslog" perm(0644)
> template("$S_DATE $HOST $FACILITY_NUM $LEVEL_NUM $MSGONLY\n")
> template_escape(no) ); };
>
> With the template mentioned above I am getting output as shown below.
> I need to remove " [ID 702911 local7.error] " . How to do it.
> Apr 13 03:37:15 mgr-t 23 3 [ID 702911 local7.error] DHCPDISCOVER
>
> I am running this on Solaris machine with syslong-ng 3.1.2
how about
rewrite rrr { subst('^\[.*\]', '', value('MESSAGE')); };
--
Bazsi
More information about the syslog-ng
mailing list