Mailing List Archive

change received log
Hi Dears

How can i remove extra part of received log by rsyslog??
Or change logs and save it to new log?
For example i receive this log and some part of log is extra :
Mar 5 08:20:15 test snort[6414]: [122:3:1] (portscan) TCP Portsweep
[Classification: Attempted Information Leak] [Priority: 2] {PROTO:255}
11.141.38.164 -> 5.13.19.12

I just need Timestamp, IP, classification

Regards
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: change received log [ In reply to ]
You don't as much "remove" parts from the original message but rather
create your own message using parts from the original ones. Template
system is meant for this.

https://www.rsyslog.com/doc/v8-stable/configuration/templates.html

On 05.03.2021 05:53, Milad Rezaei via rsyslog wrote:
> Hi Dears
>
> How can i remove extra part of received log by rsyslog??
> Or change logs and save it to new log?
> For example i receive this log and some part of log is extra :
> Mar 5 08:20:15 test snort[6414]: [122:3:1] (portscan) TCP Portsweep
> [Classification: Attempted Information Leak] [Priority: 2] {PROTO:255}
> 11.141.38.164 -> 5.13.19.12
>
> I just need Timestamp, IP, classification
>
> Regards
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.