[syslog-ng] Dynamic setting value out of message?

Tue Jun 29 08:42:23 UTC 2021

Hi!

I hope it is simple and my thoughts and seeks about it were to complicated 
:-), simply I didnt know how to do that, perhaps someone has a clue for me

I am getting e.g. messages like
"MESSAGE": "UIMUC4Maintenance.py: \"== deactivate_uc4_monitoring = ENDE 
==\"",
(thats out of an JSON-formatted syslog-ng output),

What I would like to do is, to extract the 'UIMUC4Maintenance.py:' and put 
it into a SDATA-Custom-Variable or PROG but based on a regex

so some sort of rewrite-rule like (no not a correct syntax, only to 
describe it)
rewrite r_fill_program {
  set(match("^\w*\.py:" value("MESSAGE")) value("PROG"));
};

As far as I understand it, set requires a "string" as first parameter, I 
could use a lots of rewrites with a condition, but I am in "lack of a 
static string", this should be some sort of variable :-)
or I could do that static with a filter for every "^\w*\.py:"-Text, but I 
hope I could do that dynamic, every time a match of my regex syslog-ng 
inserts that part into a variable and so on...

Is that possible?

cheers
Matthias

------------------------------------------------------------------------------------
METZLER 
Informationstechnologie

Matthias Gruber 
IT-Infrastruktur & -Betrieb

B. Metzler seel. Sohn & Co.
Aktiengesellschaft
Untermainanlage 1
60329 Frankfurt am Main
Telefon (0 69) 21 04 - 43 30
Telefax (0 69) 21 04 - 40 40
MGruber at metzler.com
www.metzler.com

Vorstand: Harald Illy, Emmerich Müller, Gerhard Wiesheu
Vorsitzender des Aufsichtsrats: Dr. Christoph Schücking
Sitz der Gesellschaft: Frankfurt am Main, Handelsregister-Nr. HRB 123 365

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfänger sein, so bitten wir Sie höflich, dies unverzüglich dem Absender mitzuteilen und die Nachricht zu löschen. Es ist unzulässig, die Nachricht unbefugt weiterzuleiten oder zu kopieren. Da wir nicht die Echtheit oder Vollständigkeit der in dieser Nachricht enthaltenen Informationen garantieren oder zusichern können, sind die vorstehenden Ausführungen rechtlich nicht bindend. Eine Haftung hierfür wird ausgeschlossen.
This message is confidential. If you are not the intended recipient, we kindly ask you to inform the sender and delete the information. Any unauthorised dissemination or copying hereof is prohibited. As we cannot guarantee or assure the genuineness or completeness of the information contained in this message, the statements set forth above are not legally binding. Accordingly we cannot accept any liability for their contents.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20210629/cc9474b8/attachment.html>