Information: Forum is in read-only mode
For details and other support options see

How to manipulate the msg

This is the place for you, if you got rsyslog up and running but wonder how to make it do what you want.

Moderator: alorbach

Google Ads

How to manipulate the msg

Postby Suomi » Thu Aug 03, 2017 7:40 pm

I want to filter this kind kernel.log string do a string manipulation and store it in another log file

this is the source string
Jul 31 19:53:10 echo576 kernel: [94146.753825] SSH_brute_force IN=eth0 OUT= MAC=00:19:99:a4:46:9d:b0:c6:9a:d7:f8:41:08:00 SRC= DST= LEN=60 TOS=0x08 PREC=0x40 TTL=51 ID=21276 DF PROTO=TCP SPT=60912 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0

and it should look like this:
03.08.2017 - 20:26:40 : SSH_brute_force :

The msg should belogged in /var/log/SSH_brute_force.log and it should not be logged in /var/log/kernel.log

I think i'm less then half way done. I edit the file /etc/rsyslog.d/50-default.conf
Code: Select all
:msg,contains,"SSH_brute_force " /var/log/SSH_brute_force.log
& ~

So my message is written to /var/log/SSH_brute_force.log and not to /var/log/kernel.log exactly as i wanted.

But i have no idea how to manipulate the string the way i described. Can anyone help here?
Posts: 1
Joined: Thu Aug 03, 2017 7:19 pm

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Google Ads

Return to Configuration

Who is online

Users browsing this forum: No registered users and 0 guests