Answer the question
In order to leave comments, you need to log in
D
D
Dmitry2019-03-18 09:37:50
Dmitry, 2019-03-18 09:37:50
How to replace part of text in rsyslog msg?
The rsyslogd server on CentOS was raised, logs are collected, incl. with ViPNet HW1000 coordinator, such messages come:
Message [03-18 16:54:19] CConfig.UpdateIpsForId: natsettings for NNNN002A: firewallip=192.168.1.101, forwardip=192.168.1.101, port=55777, timeout=0, virtualip=A000019, proxyid=NNNN000A, flags:BROADCAST ELAPSE
I want to replace NNNN002A with my own text on the fly, for example "AP Node 10". Did it like this:
template(name="logline" type="string" string="%HOSTNAME% %syslogtag% %$!msg%\n")
if (re_match($msg,"NNNN002A")) then {
set $!msg = replace($msg, "NNNN002A", "АП Узел 10");
} else {
set $!msg = $msg;
}
if ( $programname startswith "iplircfg" and $!msg contains "CConfig" ) then {
action(type="ommysql" server="127.0.0.1" db="Syslog" uid="syslog" pwd="syslog")
stop
}
if ( $programname startswith "iplircfg" ) then {
action(type="omfile" file="/dev/null" flushOnTXEnd="off")
stop
}But the old "...NNNN000A..." falls into the database. Something must have been forgotten. Has anyone done similar?
Similar questions
M
mixlink2015-03-12 18:49:51
What might cause two Rsyslog modules not to work at the same time?
1Reply
M
D
D
N
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question