0

I would like to filter the content of my logs generated by Syslog, I'm applying a filter based on $msg but it is not containing the beggining of the line:

2022-09-29T16:39:39Z SYS_SERVER_2 - - - - - A Web interface has been accessed

when I try to capture 'SYS_SERVER', the $msg contains only 'A Web interface has been accessed', hence how can I access the beginning of the line ?

tiamat
  • 103
  • 1
  • 4

1 Answers1

0

I finally found the answer....we can use $rawmsg to get the entire content line.

tiamat
  • 103
  • 1
  • 4