I'm trying to remove special character with syslog-ng 3.35 before sending log to log collector but without any luck. The test log I'm trying to send is shown below ( it's just a simple example to simplify):
(Classification cve:2019-12345)
I'm trying to rewrite it to get result shown below and get rid of '(', 'Classification' and ')':
cve:2019-12345
What I was trying to do is but without success:
rewrite r_test {
subst("^(Classification"," ", type("string"),flags("substring"));
subst("^)"," ", type("string"),flags("substring"));
};
After syslog-ng restart there is no error and no wrong syntax is shown. Any ideas how to fix rule ?
Thanks in advance