[syslog-ng] issue with rewrite. Please help.

Thomas Wollner tw at wollner-net.de
Fri Jun 15 14:07:36 CEST 2012


I dont know your Message format, but for me it seems that the  
auth.info is the PRE (facility + priority) part and not the message  
part. how does your log template look like? if you havent defined one  
its maybe the default one which is
timestamp, msghdr, msg.

so you may succeed whith your rewrite if you apply it to MSGHDR macro  
instead of MESSAGE?

hope it helps,



Zitat von "Balla,	Hithendra (EXT-Other - IN/Bangalore)"  
<hithendra.balla.ext at nsn.com>:

> Can somebody help here on this issue?
> _____________________________________________
> From: Balla, Hithendra (EXT-Other - IN/Bangalore)
> Sent: Friday, June 15, 2012 9:09 AM
> To: 'Syslog-ng users' and developers' mailing list'
> Subject: issue with rewrite. Please help.
> Hi all,
> We have the following log
> 2012-06-15T09:00:26+05:30 kddi-cm-1-sb 4/6 [ID 800047 auth.info]
> Accepted publickey for xyz
> We wanted to replace [ID 800047 auth.info] with empty string (i.e. "")
> and print the following
> 2012-06-15T09:00:26+05:30 kddi-cm-1-sb 4/6 Accepted publickey for xyz
> So we have used the below re-write with subst. But this is not working
> in syslog-ng 3.4.0alpha2.
> rewrite rw_msg{subst("\\[.*\\]", "", value("MESSAGE"));};
> Can somebody help out here?
> Thanks
> Hithendra

This message was sent using IMP, the Internet Messaging Program.

More information about the syslog-ng mailing list