[syslog-ng] syslog-ng 3.4.0 parserdb on other than MESSAGE
Balazs Scheidler
bazsi77 at gmail.com
Tue Jan 15 07:24:00 CET 2013
----- Original message -----
> OK, from what Balazs writes below I guess it is not possible to
> use the parserdb functionality on the "$HOST $PROGRAM" contents.
>
> Can someone confirm this is the case? If it can be done, a quick pointer
> please.
>
> If it can not be done, but I want to, how can I do it?
>
> rewrite {
> set("$MSG" value("orig.message"));
> set("$HOST($PROGRAM)" value("MESSAGE"));
> }
> parser(pattern_host_program);
> rewrite {
> set("$orig.message" value("MESSAGE"));
> set("" value("orig.message"));
> }
> parser(pattern_message);
this one should work, except for one thing. Values with dots in their name has to be enclosed by braces.
eg. ${orig.message}
but I'd really add the template option, that's much easier.
> ...
> all of my filters, log statements etc.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130115/8d3c1957/attachment.htm
More information about the syslog-ng
mailing list