Hi Dears
How can i remove extra part of received log by rsyslog??
Or change logs and save it to new log?
For example i receive this log and some part of log is extra :
Mar 5 08:20:15 test snort[6414]: [122:3:1] (portscan) TCP Portsweep
[Classification: Attempted Information Leak] [Priority: 2] {PROTO:255}
11.141.38.164 -> 5.13.19.12
I just need Timestamp, IP, classification
Regards
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
How can i remove extra part of received log by rsyslog??
Or change logs and save it to new log?
For example i receive this log and some part of log is extra :
Mar 5 08:20:15 test snort[6414]: [122:3:1] (portscan) TCP Portsweep
[Classification: Attempted Information Leak] [Priority: 2] {PROTO:255}
11.141.38.164 -> 5.13.19.12
I just need Timestamp, IP, classification
Regards
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.