Hello All, This is my first post to this group, apologize if the question seems naive.
I am trying to change strings within the syslog message before forwarding it to an external log server. For example, if my regular expression matches an mac or an IP address present within the message, I want to replace it with a string like this "<hidden ip>" Another requirement is before forwarding the log to the external server, I have to change the facility to a different number (say from local0 to local7) The approach I was taking is defining a template with the regular expression in it, checking for the pattern and then replacing the mac/ip address. However, I think this kind of pattern replacement is not supported with the property replacer. Is that correct? I am using rsyslog version 3.21 to try this out and here is an example of what I am trying to do A sample log message May 25 08:41:13. 00145e178cc8[12703]: 4|172|CORE|All elements Connected I need to change it to May 25 08:41:13. [Hidden MAC][12703]: 4|172|CORE|All elements Connected Before it gets forwarded to the external machine. Regards, Sayan _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
