[syslog-ng] facility override
Attila Szakacs (aszakacs)
Attila.Szakacs at oneidentity.com
Mon Jan 20 07:49:03 UTC 2020
Hi Alex,
I think ${PRI} does exactly that.
PRI
Description: The priority and facility encoded as a 2 or 3 digit decimal number as it is present in syslog messages.
Regards,
Attila
________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Alexandre Santos <alexandre.rosas.santos at gmail.com>
Sent: Friday, January 17, 2020 7:56 PM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: [syslog-ng] facility override
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi,
Is there a way of overriding the facility of the messages on the destination, besides using a template like:
{ template("$(if ('${LEVEL_NUM}' == '2') '<186>1' $(if ('${LEVEL_NUM}' == '3') '<187>1' $(if ('${LEVEL_NUM}' == '4') '<188>1' ${HOST}\\@`HOSTIPV4` ${PROGRAM} ${PID} ${SDATA} ${MESSAGE}\n"); };
Thanks in advance,
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200120/7576c3cb/attachment.html>
More information about the syslog-ng
mailing list