[syslog-ng] Completing an empty field with specific value
C. L. Martinez
carlopmart at gmail.com
Tue May 29 08:52:47 CEST 2012
Hi all,
I am trying to complete an empty field with a specific value when I
need to correlate postfix logs. Sometimes From filed comes empty:
May 29 08:18:04 testsrv postfix/smtp[1569]: E2B653F2: from=<> ...
I have tried to do this using "value" options in my patterndb.xml:
a) <value name="nosender">$(if ("${from_address}" == "")
"no-sender at no-domain.com" "${from_address}@7")</value>
b) <value name="nosender">$(grep "${from_address}" == "")
"no-sender at no-domain.com"</value>
... but it doesn't works ... Any help??
More information about the syslog-ng
mailing list