[rsyslog-notify] Forum Thread: Removing specific regexp content match from messages - (Mode 'edit_topic')
noreply at adiscon.com
noreply at adiscon.com
Mon Dec 7 15:22:54 CET 2015
User: johnwigley
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26224#p26224
Message:
----------
Hi,
I've been struggling to work out how best to filter the message content for
specific syslog messages to remove or blank out a specific part of the
message content which could be identified via a regexp match
The message contains a line such as:
a=crypto:2 AES_CM_128_HMAC_SHA1_32
inline:MeIYAmvbrvTboIG6f4QxsHspVfqjRw4ji+kP3eXS|2^32
and I need to process the message to translate the content to remove the
sensitive key content to something like:
a=crypto:2 AES_CM_128_HMAC_SHA1_32
inline:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx|2^32
Would the right way to do this be to create a new output template, which
has two regexp's in it, one to pull out all of the message content up to
the part I need to remove, and then a second to pull out the message
content following the part to be removed, and then concatenate the output
from the two together, or is there a simpler way of deleting/removing
specific content from a message?
Thanks a lot
More information about the rsyslog-notify
mailing list