The syslog-ng 3.0 Administrator Guide

Procedure 5.6.1. Customizing messages using templates

1. Start the configuration interface of the syslog-ng Agent for Windows application.

2. Select syslog-ng Agent Settings > Destinations > Network, and double-click on IPv4. Select your logserver, and click Edit.

3. Type the message format you want to use into the Template field. Do not forget to add the $ character before macros. See Section 5.6.5, “Macros available in the syslog-ng Agent” for a complete list of the available macros.

   For example, to send the messages in the DATE HOSTNAME MESSAGE format, type Date:$DATE Hostname:$HOST Logmessage:$MESSAGE.

   Note that the $MESSAGE macro contains not only the text of the log message, but also additional information received from the message source, such as the name of the eventlog container, or the file, as set in the eventlog-specific and file-specific templates. See Procedure 5.6.2, “Customizing eventlog messages” and Procedure 5.6.2, “Customizing eventlog messages” for details on modifying the eventlog-specific and file-specific templates.

   	Note
   	Templates are assigned to a single destination server, so it is possible to use different templates for different servers. However, a server and its failover servers always receive the same message.

   	Warning
   	If you have more than one destination servers configured (separate servers, not in failover mode), and you want to use the same template for every server, you must manually copy the template into the configuration of each server. Template modifications are not applied automatically to every server.

4. Click OK.

5. To activate the changes, restart the syslog-ng Agent service.

Procedure 5.6.2. Customizing eventlog messages

1. Start the configuration interface of the syslog-ng Agent for Windows application.

2. Select syslog-ng Agent Settings, right-click on Eventlog Sources and select Properties.

3. Type the message format into the Message Template field. You can use date- and eventlog-related macros (see Section 5.6.5, “Macros available in the syslog-ng Agent” for a list of macros).The message customized here is included in the server-specific templates using the MESSAGE macro.

   By default, the following is sent about file messages: ${EVENT_USERNAME}: ${EVENT_NAME} ${EVENT_SOURCE}: [${EVENT_TYPE}] ${EVENT_MSG} (EventID ${EVENT_ID}).

4. Select Apply, then OK. To activate the changes, restart the syslog-ng Agent service.

Procedure 5.6.3. Customizing file messages

1. Start the configuration interface of the syslog-ng Agent for Windows application.

2. Select syslog-ng Agent Settings, right-click on File Sources and select Properties.

3. Type the message format into the Message Template field. You can use date- and file-related macros (see Section 5.6.5, “Macros available in the syslog-ng Agent” for a list of macros). The message customized here is included in the server-specific templates using the MESSAGE macro.

   By default, the following is sent about file messages: $FILE_NAME: $FILE_MESSAGE.

4. Select Apply, then OK. To activate the changes, restart the syslog-ng Agent service.