[syslog-ng] [Bug 156] New: rewrite rule not working on Linux
bugzilla at bugzilla.balabit.com
bugzilla at bugzilla.balabit.com
Sat Jan 7 14:18:31 CET 2012
https://bugzilla.balabit.com/show_bug.cgi?id=156
Summary: rewrite rule not working on Linux
Product: syslog-ng
Version: 3.3.x
Platform: Other
OS/Version: Linux
Status: NEW
Severity: major
Priority: unspecified
Component: syslog-ng
AssignedTo: bazsi at balabit.hu
ReportedBy: ne24 at georgetown.edu
Type of the Report: bug
Estimated Hours: 0.0
Hi,
I have syslog-ng 3.3.3 running Red Hat Enterprise Linux Server release 6.2 (Santiago). I compiled with the following flags. ./configure --prefix=/usr/local
--enable-spoof-source --enable-pcre --enable-ssl \
--enable-debug
I have the following rewrite rule:
rewrite n_dst_router {
subst("^(%(?:ASA|PIX|FWSM)\-\d\-\d{6}):", "", value("MESSAGE"), type("pcre"), flags("global"));
};
But it is not working. The line below minus the IP addresses shows that it is not replacing the %FWSM-6-305011 with a blank.
Jan 7 15:59:06 HOSTNAME-REMOVED %FWSM-6-305011: Built dynamic tcp translation from GRT:IP-ADDRESS-REMOVED/53328 to BACKBONE-VRF:IP-ADDRESS-REMOVED/29361
I will also attach my whole syslog-ng.conf file so that you would see the whole setup.
Here is the output of the debug output and as you can see, it looks like it is doing what it is supposed to, but it does not write it to the file with the
change.
Incoming log entry; line='<163>%FWSM-3-710003: udp access denied by ACL from IP-ADDRESS-REMOVED/35390 to BACKBONE-VRF:IP-ADDRESS-REMOVED/46897\x0a'
Rewrite expression evaluation result; value='MESSAGE', new_value='udp access denied by ACL from IP-ADDRESS-REMOVED/35390 to
BACKBONE-VRF:IP-ADDRESS-REMOVED/46897'
I searched the bug reports but could not find anything related to this issue.
I would appreciate it your help on this.
Thank you
Nadim El-Khoury
--
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the syslog-ng
mailing list