[rsyslog-notify] Forum Thread: Re: Property Replacer %fromhost-ip% - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Fri Aug 5 15:35:59 CEST 2016
User: Thijn
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26866#p26866
Message:
----------
Dlang,
Ahh that make sense then if that property is RO, why nothing happened.
So thanks for the for debug pointer.. So the result is now.
Debug line with all properties:
FROMHOST: '10.3.201.114', fromhost-ip: '10.3.201.114', HOSTNAME: 'CPU5',
PRI: 190,
syslogtag '[08/05/16', programname: '', APP-NAME: '', PROCID: '-', MSGID:
'-',
TIMESTAMP: 'Aug 5 15:30:24', STRUCTURED-DATA: '-',
msg: ' 15:30:21] SSH INFO kex:chosen algorithms for client->server:
encryption:aes256-cbc mac:hmac-sha1 compression:none'
escaped msg: ' 15:30:21] SSH INFO kex:chosen algorithms for client->server:
encryption:aes256-cbc mac:hmac-sha1 compression:none'
inputname: imudp rawmsg: '<190>CPU5 [08/05/16 15:30:21] SSH INFO kex:chosen
algorithms for client->server: encryption:aes256-cbc mac:hmac-sha1
compression:none'
I am now using the property %FROMHOST:::% in order to try to replace the
IP.
$template TESTFORMAT, "%fromhost:R:10.3.201.114:1.2.3.4--end%, %msg%\n"
Yields:
**NO MATCH**, 15:32:49] SSH INFO kex:chosen algorithms for server->client:
encryption:aes256-cbc mac:hmac-sha1 compression:none
Im on the right track.. i am now able to isolate the field.. now i just
need to find the right expression to get it mached.
More information about the rsyslog-notify
mailing list