It is possible to configure the severity field with the set-severity() rewrite function. When configured, the set-severity() rewrite function will only rewrite the ${SEVERITY} field in the message to the first parameter value specified in the function.

NOTE: If the specified parameter value is not a valid value, the function ignores it and sends a debug message. However, the (syslog-ng OSE application will still send the message.

Declaration

rewrite <name_of_the_rule> {
    set-severity("severity string or number");
};

Parameters

The set-severity() rewrite function has a single, mandatory parameter that can be defined as follows:

set-severity( "parameter1" );

Accepted values

The set-severity() rewrite function accepts the following values:

  • numeric strings: [0-7]

  • named values: emerg, emergency, panic, alert, crit, critical, err, error, warning, warn, notice, info, informational, debug

Example usage for the set-severity() rewrite function

The following examples can be used in production for the set-severity() rewrite function.

Example using string:

rewrite {
    set-severity("info");
};

Example using numeric string:

rewrite {
    set-severity("6");
};

Example using template:

rewrite {
    set-severity("${.json.severity}");
};

Updated: