[syslog-ng] issue with rewrite. Please help.
Balla, Hithendra (EXT-Other - IN/Bangalore)
hithendra.balla.ext at nsn.com
Fri Jun 15 05:39:11 CEST 2012
Hi all,
We have the following log
2012-06-15T09:00:26+05:30 kddi-cm-1-sb 4/6 [ID 800047 auth.info]
Accepted publickey for xyz
We wanted to replace [ID 800047 auth.info] with empty string (i.e. "")
and print the following
2012-06-15T09:00:26+05:30 kddi-cm-1-sb 4/6 Accepted publickey for xyz
So we have used the below re-write with subst. But this is not working
in syslog-ng 3.4.0alpha2.
rewrite rw_msg{subst("\\[.*\\]", "", value("MESSAGE"));};
Can somebody help out here?
Thanks
Hithendra
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20120615/903372c4/attachment.htm
More information about the syslog-ng
mailing list