How can I store only the raw message to a file?
E.g.:
I received a message via rsyslog:
May 4 13:18:47 xxxx apache-error: [Wed May 04 13:18:41.256596 2016] [:error] [pid 54583] [client 192.168.30.200:52638] script '/var/www/aaa.php' not found or unable to stat
I need a rsyslog config to extract raw message from input, without syslog header (highlighted bellow):
May 4 13:18:47 xxxx apache-error: [Wed May 04 13:18:41.256596 2016] [:error] [pid 54583] [client 192.168.30.200:52638] script '/var/www/aaa.php' not found or unable to stat
[Wed May 04 13:18:41.256596 2016] [:error] [pid 54583] [client 192.168.30.200:52638] script '/var/www/aaa.php' not found or unable to stat
tnx!
You can add a custom template in a rsyslog config file. So in /etc/rsyslog.d, find the config file that configures the log file in question. If you're talking about syslog, then you can add a custom template and change the config line to something like:
$template myFormat,"%msg%\n"
*.* -/var/log/syslog; myFormat
Also, if you want that template for all your log files, you can add this to your rsyslog config file, and thus you wouldn't have to add the template specifically to your log file line:
$template myFormat,"%msg%\n"
$ActionFileDefaultTemplate myFormat