0

I configured syslog-ng (version 3.21.1) on a CentOS7 server and found that logs are in following format.

Aug 26 12:59:28 xyz74hd.com radiusd[20142]: 92djvd4654654164nadskj795234dc Reason: pldap: Forind credentials incorrect: Invalid credentials possible

I do not require Process-ID (in above log [20142]) in my logs. Thus required syslog-format should be as follows:

Aug 26 12:59:28 xyz74hd.com radiusd: 92djvd4654654164nadskj795234dc Reason: pldap: Forind credentials incorrect: Invalid credentials possible

Before, I was using CentOS6 with older syslog-ng version (3.2.5). But as I deployed CentOS7 with one of latest syslog-ng verion(3.21.1) the error occurs. (syslog-ng configurations are almost same)

On my new deployment I am getting the additional field of Process-ID in logs due to which log-parser are behaving absurd. I can not change code.

Is there any solution on syslog-ng level so that I can get rid off these process IDs in my logs?

Aghori
  • 5
  • 6

1 Answers1

0

You have multiple options to get rid of the process ID:

  • you can create a template for your destination to use a custom output format, for example:

    file("/var/log/messages" template("$DATE $HOST $PROGRAM: $MESSAGE\n"))

  • you can add a rewrite rule before your destination, where you unset PID:

    rewrite { unset(value("PID")); };

    or

    rewrite { set("" value("PID")); };

MrAnno
  • 210
  • 1
  • 7
  • If you want to use a rewrite rule, please choose the second one until `unset` is fixed (v3.24.1): https://github.com/balabit/syslog-ng/pull/2896 – MrAnno Aug 29 '19 at 18:25