[syslog-ng] syslog-ng 3.3.3 rewrite question regarding cisco IOS Messages
Gergely Nagy
algernon at balabit.hu
Thu Dec 1 18:47:31 CET 2011
Gergely Nagy <algernon at balabit.hu> writes:
> Thomas Wollner <tw at wollner-net.de> writes:
>
>> can you reproduce the error? or do you have a working example for
>> conditional rewrites?
>
> Didn't get that far yet, will see in about half an hour or so.
Yep, reproduced. filter in itself catches it nicely, rewrite fails:
Incoming log entry; line='217122: Nov 30 17:23:49: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down'
# conditional rewrite rules
Filter node evaluation result; filter_result='not-match', filter_type='filter(f_rewrite_cisco_program)'
Rewrite condition unmatched, skipping rewrite; value='PROGRAM'
Rewrite expression evaluation result; value='PROGRAM', new_value=''
Filter node evaluation result; filter_result='not-match', filter_type='filter(f_rewrite_cisco_program)'
Rewrite condition unmatched, skipping rewrite; value='MESSAGE'
Rewrite expression evaluation result; value='MESSAGE', new_value='217122: Nov 30 17:23:49: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down'
# filter in itself
Filter rule evaluation begins; filter_rule='f_rewrite_cisco_program'
Filter node evaluation result; filter_result='match'
Filter rule evaluation result; filter_result='match', filter_rule='f_rewrite_cisco_program'
--
|8]
More information about the syslog-ng
mailing list