Syslog-ng removing special character with rewrite rule

61 Views Asked by At

I'm trying to remove special character with syslog-ng 3.35 before sending log to log collector but without any luck. The test log I'm trying to send is shown below ( it's just a simple example to simplify):

(Classification cve:2019-12345)

I'm trying to rewrite it to get result shown below and get rid of '(', 'Classification' and ')':

cve:2019-12345

What I was trying to do is but without success:

rewrite r_test {
subst("^(Classification"," ", type("string"),flags("substring"));
subst("^)"," ", type("string"),flags("substring"));
};

After syslog-ng restart there is no error and no wrong syntax is shown. Any ideas how to fix rule ?

Thanks in advance

0

There are 0 best solutions below