| Setting severity with the [[set-severity() | adm-temp-severity]] rewrite function |
It is possible to configure the severity field with the set-severity() rewrite function. When configured, the set-severity() rewrite function will only rewrite the ${SEVERITY} field in the message to the first parameter value specified in the function.
NOTE: If the specified parameter value is not a valid value, the function ignores it and sends a debug message. However, the (syslog-ng OSE application will still send the message.
Declaration
rewrite <name_of_the_rule> {
set-severity("severity string or number");
};
Parameters
The set-severity() rewrite function has a single, mandatory parameter that can be defined as follows:
set-severity( "parameter1" );
Accepted values
The set-severity() rewrite function accepts the following values:
| Numerical Value | Equivalent Named Values |
|---|---|
| 0 | emergency, emerg, panic |
| 1 | alert |
| 2 | critical, crit |
| 3 | error, err |
| 4 | warning, warn |
| 5 | notice |
| 6 | informational, info |
| 7 | debug |
Both numerical and named values are equally valid
Example usage for the set-severity() rewrite function
The following examples can be used in production for the set-severity() rewrite function.
Example using string:
rewrite {
set-severity("info");
};
Example using numeric string:
rewrite {
set-severity(6);
};
Example using template:
rewrite {
set-severity("${.json.severity}");
};
CAUTION:
The .. notation can only be used with named values. Using it with numerical values is not supported.