0

I would like to filter the content of my logs generated by Syslog, I'm applying a filter based on $msg but it is not containing the beggining of the line:

2022-09-29T16:39:39Z SYS_SERVER_2 - - - - - A Web interface has been accessed

when I try to capture 'SYS_SERVER', the $msg contains only 'A Web interface has been accessed', hence how can I access the beginning of the line ?

Improve this question

1 Answer 1

Reset to default
0

I finally found the answer....we can use $rawmsg to get the entire content line.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.