Text Formatting
Syntax
A formatted text can include any number of fields enclosed in braces ({...}). A field name can be followed by one or more modifiers separated by vertical pipes (|).
Message Fields
General Fields
RECEIVED
The timestamp the message was received by the Syslog Watcher server. There are 6 options available.
| Field | Description |
|---|---|
RECEIVED | timestamp in microseconds, the storage timezone |
RECEIVED_UTC | timestamp in microseconds, UTC |
RECEIVED_MS | timestamp rounded to milliseconds, the storage timezone |
RECEIVED_MS_UTC | timestamp rounded to milliseconds, UTC |
RECEIVED_S | timestamp rounded to seconds, the storage timezone |
RECEIVED_S_UTC | timestamp rounded to seconds, UTC |
RECEIVED- timestamp in microseconds, the storage timezone;RECEIVED_UTC- timestamp in microseconds, UTC;RECEIVED_MS- timestamp rounded to milliseconds, the storage timezone;RECEIVED_MS_UTC- timestamp rounded to milliseconds, UTC;RECEIVED_S- timestamp rounded to seconds, the storage timezone;RECEIVED_S_UTC- timestamp rounded to seconds, UTC.
ORIGINATOR
There are two fields associated with the message originator.
ORIGINATOR_ID | the originator's identification (ID) Example: 123 |
ORIGINATOR_NAME | the originator's name |
ORIGINATOR_ID- the originator's identification (ID)ORIGINATOR_NAME- the originator's name
SEVERITY
SEVERITY- the message severity level in text form, e.g., EmergencySEVERITY_NUM- the message severity level in numeric form (0-7)
FACILITY
FACILITY- the message severity level in text form, e.g., EmergencyFACILITY_NUM- the message severity level in numeric form (0-7)
PRIORITY
The priority prefix is a number that equals (FACILITY_NUM * 8 + SEVERITY_NUM).
It is usually necessary to form the correct syslog messages for forwarding.
RAW_MESSAGE
The entire message, as received, except for the priority prefix.
example
To forward a syslog message in the same form as it was received without modification, use <{PRIORITY}>{RAW_MESSAGE}.
MESSAGE
The message body without any headers extracted by a parser.