Hi All,

Needed help with parsing/modify. Would greatly appreciate some direction. At the moment, I am parsing a plain-test log-file and sending to a remote server:

Jun 19 16:29:28 server12345 [...] 
Jun 19 16:29:28 server12345 --- 
Jun 19 16:29:27 server12345 [program.state :3371]

The above is what I get with parsing. I was hoping to make every line transform like this

Jun 19 16:29:28 server12345 **programName1** [...] 
Jun 19 16:29:28 server12345 **programName1** --- 
Jun 19 16:29:27 server12345 **programName1** [program.state :3371]

Can someone help me understand, how I can get programName1 appended to each file, after the server hostname?

Also, is it possible to parse the server-name, and replace it as follows:

Jun 19 16:29:28 **server12345--NA** programName1 [...] 
Jun 19 16:29:28 **server12345--NA** programName1 --- 
Jun 19 16:29:27 **server12345--NA** programName1 [program.state :3371]

Would appreciate some guidance on how to change this via config. I currently, am reading in a textfile via the om_file method.

Update: Relevant snippets of config:

<Input log_file>
    Module      im_file
    File        'C:\program\var\log\file.log'
    #InputType   multiline_parser
    Exec    parse_syslog();
</Input>

<Processor norepeat>
    Module      pm_norepeat
    CheckFields Hostname, Message, SourceName
    OutputFormat syslog_rfc3164
</Processor>


<Route log_output>
  Path log_file   => norepeat => log_output
</Route>

<Output log_output>
  Module om_udp
  Host x.x.x.x
  Port 514
</Output>