[syslog-ng] Changing message priority
Evan Rempel
erempel at uvic.ca
Fri Jun 9 21:59:24 UTC 2017
according to the syslog-ng administrators guide, the section "Hard vs. soft macros" the hard macros that can not be rewritten/changed are
BSDTAG, CONTEXT_ID, DATE, DAY, FACILITY_NUM, FACILITY, FULLDATE, HOUR, ISODATE, LEVEL_NUM, LEVEL, MIN, MONTH_ABBREV, MONTH_NAME, MONTH, MONTH_WEEK, , PRIORITY, PRI, RCPTID, SDATA, SEC, SEQNUM, SOURCEIP, STAMP, TAG, TAGS, TZOFFSET, TZ, UNIXTIME, WEEK_DAY_ABBREV, WEEK_DAY_NAME, WEEK_DAY, WEEK, YEAR_DAY, YEAR
and that includes the priority of a message.
On 06/09/2017 12:10 PM, To Mitz wrote:
> Hi,
>
> I am trying to use rewrite to change a message's PRIORITY. I am able to change the HOST to "info" using:
>
> rewrite r_rewrite_set{set("info", value("HOST") condition(filter(f_logstash)));};
>
> But, when I try setting the PRIORITY to "info", using this:
>
> rewrite r_rewrite_set{set("info", value("PRIORITY") condition(filter(f_logstash)));};
>
> But, when I try setting the PRIORITY to "info", using this:
>
> Error parsing rewrite expression, syntax error, unexpected LL_NUMBER, expecting LL_IDENTIFIER or LL_STRING in /etc/syslog-ng/f_messages.conf at line 8, column 27:
> included from /etc/syslog-ng.conf line 18, column 34
> rewrite r_rewrite_set{set(3, value("PRIORITY") condition(filter(f_logstash)));};
> ^
>
>
> Please advise on how I can fix this.
>
> Thanks.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170609/6bec25df/attachment.html>
More information about the syslog-ng
mailing list