[syslog-ng] syslog-ng feature request - parser templates
Evan Rempel
erempel at uvic.ca
Thu Feb 2 17:36:35 CET 2012
I would like the ability to specify a template that a parser database can
take. In my particular case, I want to apply tags to messages that match
a combination of $HOST, $PROGRAM, $INSTANCE where $INSTANCE is something
parsed out of the message from a previous parser.
To do this right now, I have to use the "rewrite" functionality to
rewrite "SAVEMESSAGE" to the current $MESSAGE,
then rewrite the MESSAGE to "$HOST $PROGRAM $INSTANCE", run the parser on this
to add the tags and then rewrite MESSAGE back to $SAVEMESSAGE ....
or at least I think that would work and is the only way to do this right now.
By specifying a template for the parser, I can leverage the patterndb for
any data, including previously parsed fields from a previous parser.
Comments?
Evan.
More information about the syslog-ng
mailing list