[syslog-ng] Regular expressions in rewrite
Fabien Wernli
wernli at in2p3.fr
Mon Aug 5 08:12:08 UTC 2019
On Fri, Aug 02, 2019 at 01:40:13PM +0000, Faine, Mark R. (MSFC-IS40)[NICS] wrote:
> Is there a way to use regular expressions when setting a value in a rewrite rule?
[...]
> But without changing the actual log message. The goal is to create a variable from a regular expression of the host field in the message that I can then use in a destination path.
You could copy the content of HOST into another macro, then use subst on the
copy:
rewrite r_rewrite_set_host{
set("$HOST", value("copy_of_host"));
subst("^[a-z]+\-([a-z]+).*$", "$1", value("copy_of_host"));
set("$copy_of_host" value("location")
condition(
filter(f_filter_hostnames)
)
);
unset('copy_of_host');
}
Note that you could also use named matches in subst:
subst("^[a-z]+\-(?<location>[a-z]+).*$", "$1", value("copy_of_host"));
More information about the syslog-ng
mailing list