syslog-ng-users April 2011 archive
Main Archive Page > Month Archives  > syslog-ng-users archives
syslog-ng-users: Re: [syslog-ng] Formatting syslogs using syslog

Re: [syslog-ng] Formatting syslogs using syslog-ng

From: Balazs Scheidler <bazsi_at_nospam>
Date: Sat Apr 30 2011 - 21:01:01 GMT
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>

On Wed, 2011-04-13 at 17:14 +0530, Pramod Pillai wrote:
> Hi
>
> I need to format the below syslog message.
>
> Apr 13 07:37:28 host-mgr dhcpd: [ID 702911 local7.error] DHCPDISCOVER
> to
> Apr 13 03:37:15 host-mgr 23 3 DHCPDISCOVER
>
> My destination config looks like this.
> destination sol_dest { file("/var/log/sol_syslog" perm(0644)
> template("$S_DATE $HOST $FACILITY_NUM $LEVEL_NUM $MSGONLY\n")
> template_escape(no) ); };
>
> With the template mentioned above I am getting output as shown below.
> I need to remove " [ID 702911 local7.error] " . How to do it.
> Apr 13 03:37:15 mgr-t 23 3 [ID 702911 local7.error] DHCPDISCOVER
>
> I am running this on Solaris machine with syslong-ng 3.1.2

how about

rewrite rrr { subst('^\[.*\]', '', value('MESSAGE')); };

-- Bazsi ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html