[syslog-ng] Changing a value after a match with patterndb
Fabien Wernli
wernli at in2p3.fr
Tue Jan 12 16:47:39 CET 2016
Hi Mark,
You can use template functions in patterndb [1].
The idea is to add a value to the matched message, which contains the result
of a template function. You could for instance use the "if" function:
<values>
<value name="svc">$(if ("${port}" == "22") "ssh" "telnet")</value>
</values>
If you need anything more complex, and if you are using the 3.7.x series,
you could even use a python script using the "python" template function.
Cheers
[1] https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html-single/index.html#reference-template-functions
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2801 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160112/033df1d3/attachment.bin
More information about the syslog-ng
mailing list