The syslog-ng 3.0 Administrator Guide

The syslog-ng application can rewrite parts of the messages using rewrite rules. Rewrite rules are global objects similar to parsers and filters and can be used in log paths. The syslog-ng application has two methods to rewrite parts of the log messages: replacing (setting) a part of the message to a fix value, and a general search-and-replace mode.

Substitution completely replaces a specific part of the message that is referenced using a built-in or user-defined macro.

General rewriting searches for a string in the entire message (or only a part of the message specified by a macro) and replaces it with another string Optionally, this replacement string can be a template that contains macros.

For details on using rewrite rules, see Section 3.10, “Rewriting messages” and Section 8.7, “Rewriting messages”.