source s_largetest { network(ip(0.0.0.0) port (8888) transport("tcp") ); }; filter f_largefilter { "$(length ${MESSAGE})" >= "90" }; rewrite r_rewrite { subst('large', 'audit', value("MESSAGE") condition(filter(f_largefilter))); }; destination d_largelocalfile {file("/var/log/test_messages.txt"); }; log { source(s_largetest); rewrite(r_rewrite); destination(d_largelocalfile); };
<34>1 2023-08-08T12:34:56.123Z mymachine myapp 1234 mymsgid - This is an example log message, the word at the end will be changed: large <34>1 2023-08-08T13:14:15:167Z short myapp 1234 mymsgid - Short - 88
cat /var/log/test_messages.txt Aug 9 14:15:33 localhost 1 2023-08-08T12:34:56.123Z mymachine myapp 1234 mymsgid - This is an example log message, the word at the end will be changed: audit Aug 9 14:15:33 localhost 1 2023-08-08T13:14:15:167Z short myapp 1234 mymsgid - Short – 88
log { source(s_largetest); filter(f_largefilter); destination(d_largelocalfile); flags(final); }; log { source(s_largetest); destination(d_shortlocalfile);In the above example, a long message would be evaluated by the filter, and if it matches the criteria it will be written into d_largelocalfile. The flags(final) will ensure it is not processed further.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center