[syslog-ng] Using patterndb to rewrite any and all macros

[Balazs Scheidler]

----- Original message -----
>   I am considering using the patterndb to rewrite messages that do not
> conform to syslog standards. 
> 
> Can the patterndb change all normally defined macros?   I need to be able
> to change MSGHDR MESSAGE PROGRAM PID MSG MSGONLY and I think that is
> all. I know that macros such as MSGHDR can not be changed by the rewrite
> command but can it be changed by the patterndb?
> 

there are two kinds of 'macros' within syslog-ng (and I'm considering a name change because of that). some of them are like registers, contain a given value, can be changed at will. I plan to name these properties in the future.

others are basically derived values, where syslog-ng programmatically creates the value when needed. these cannot be changed. these would be called read-only properties.

having this naming scheme, here's an explanation

MSGHDR - this is read only, its contents are affected by PROGRAM, PID. If any of those is changed, MSGHDR will automatically change. (there was a bug in this a couple of years ago, but 3.3 should be ok)
MESSAGE - read write
PROGRAM - read write 
PID - read write
MSG - alias to MESSAGE
MSGONLY - read only, but is the same as MESSAGE in recent versions.

patterndb is able to change read write proprties, but cannot change read only ones, similar to how rewrite rules behave.

> Thanks for your expertise. 
> --
> Evan Rempel
> Senior Systems Administrator, Data Centre Services
> University of Victoria
> 250.721.7691
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng FAQ:
> http://www.balabit.com/wiki/syslog-ng-faq
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130110/4b8c6a80/attachment.htm