syslog-ng documentation

Your main source of knowledge

The syslog-ng product family has an extensive documentation, covering everything from how to install a product to the most complex configuration and settings descriptions. If you cannot find an answer to your question, try the mailing list - our community is always eager to help.

syslog-ng Premium Edition

Contents

11.2.6.1. Procedure – How conditional rewriting works The syslog-ng Premium Edition 7 Administrator Guide

Purpose: 

The following procedure summarizes how conditional rewrite rules (rewrite rules that have the condition() parameter set) work. The following configuration snippet is used to illustrate the procedure:

rewrite r_rewrite_set{set("myhost", value("HOST") condition(program("myapplication")));};
log {
    source(s1);
    rewrite(r_rewrite_set);
    destination(d1);};

Steps: 

  1. The log path receives a message from the source (s1).

  2. The rewrite rule (r_rewrite_set) evaluates the condition. If the message matches the condition (the PROGRAM field of the message is "myapplication"), syslog-ng PE rewrites the log message (sets the value of the HOST field to "myhost"), otherwise it is not modified.

  3. The next element of the log path processes the message (d1).