[rsyslog] Arbitrary string replacements

Ori Bani oribani at gmail.com
Sat Aug 22 03:45:45 CEST 2009

On 8/21/09, Rainer Gerhards <rgerhards at hq.adiscon.com> wrote:
> can you elaborate a little of how you would like to use it? It still would
> be
> a good idea to create its own feature request inside the bug tracker - I
> look
> there if I have time to do new things, not so often in the mailing list
> archive ;)

>From my understanding it would basically be an extension to the regex
functionality in the property replacer.  You already have submatch
numbers and all that, but you only allow the string that's used to be
a sub-string (submatch), and what I need is the ability to provide a
custom pattern replacement.  If you did that, you could eliminate the
really confusing list of submatch number and match number (and
"nomatch"?), because those would be specified in the replacement
pattern (hopefully as $1, $2, etc.) -- just like any other regular
expression pattern replacement operation in many tools and languages.


>> I understand that arbitrary replacements on log messages is not
>> supported by rsyslog.  I found a thread that explains it here:
>> http://lists.adiscon.net/pipermail/rsyslog/2009-June/002317.html
>> I'd like to give my vote for adding this feature.  I have the same
>> requirement (or similar) to the OP of that thread.  For now, I have to
>> use syslog-ng, which I understand has recently already implemented
>> this feature, or if I want to use rsyslog, I have to drop (discard)
>> the messages that have information that I am not allowed to keep in my
>> logs (that with IP addreses):
>> # This discards any message with an IP (ver. 4) address in it
>> :msg, regex, "[0-9]\.[0-9]\.[0-9]\.[0-9]"              ~

More information about the rsyslog mailing list