[syslog-ng] Severity/Pri/Level
Gergely Nagy
algernon at balabit.hu
Tue Jul 5 11:03:30 CEST 2011
Hi!
Paul Muther <dalamars at gmail.com> writes:
> Just joined the list. I was wondering if there was a method to
> rewrite the severity of an event based on the text of the entry? I
> know I can use regex to read the message but from what I have seen I
> can't set the severity level of an event. In reading posts it would
> appear it was a feature under consideration in the past.
Sorry for the late reply, hope it's still relevant!
According to the documentation[0], the FACILITY, SEVERITY, TAGS and the
date related fields cannot be rewritten.
However, there might be a workaround: catch the messages you want to
rewrite, pipe them to a program that calls logger (with the appropriate
facility & severity), and bingo. The only thing you need to pay
attention is to avoid a loop: that's best done with using logger -u, and
using a separate source for these rewritten logs.
0: http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guide-admin-en.html/modifying-messages.html
--
|8]
More information about the syslog-ng
mailing list