How to Append (concatenate) additional data on the end of syslog messages?

#1 bluelotus 7 years ago

Current config:

Module om_udp

Host 192.168.1.10

Port 514

</Output>

Would I do this?

Module om_udp

Host 192.168.1.10

Port 514

Exec $raw_event = $raw_event + "Project X";

</Output>

OR is it more like this...?

Module om_udp

Host 192.168.1.10

Port 514

$Message = $Message + "Project X"

Exec to_syslog_bsd();

</Output out>

Permalink

#2 bourazaniss 7 years ago

#1 bluelotus

How would I change the syslog event message on an output module so that every message gets an additional field? I want to add another value called "Project X" after the message portion of all syslogs events/messages as they are forwarded to another server? Would I use $raw_event as I show in my example? Current config: <Output out> Module om_udp Host 192.168.1.10 Port 514 </Output> Would I do this? <Output out> Module om_udp Host 192.168.1.10 Port 514 Exec $raw_event = $raw_event + "Project X"; </Output> OR is it more like this...? <Output Out> Module om_udp Host 192.168.1.10 Port 514 $Message = $Message + "Project X" Exec to_syslog_bsd(); </Output out>

I think it is a matter of personal choise.

I usuallly add fields in input modules.

Exec $new_field = 'new field value';

and select the output format with Exec to_* command in output modules.