Skip to content

Commit

Permalink
Add file destination for raw message collection
Browse files Browse the repository at this point in the history 
* Add file destination to capture RAWMSG.  Useful for pre-production raw message capture
  • Loading branch information
Mark Bonsack committed Apr 18, 2020
1 parent b154ebc commit 8298f0f
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions package/etc/conf.d/destinations/rawmsg_file.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
destination d_rawmsg {
file("/opt/syslog-ng/var/archive/rawmsg/${.splunk.sourcetype}/${HOST}/$YEAR-$MONTH-$DAY-message.log"
template("${RAWMSG}\n")
);
};

0 comments on commit 8298f0f

Please sign in to comment.