I was looking into sending logs that hit certain IP-addresses to another server, but not containg the whole log message.
It goes smoothly with creating a new stream (using stream rules) and an output for it, BUT
the message field contains too much information for the recipient to see.
I’ve tried pipelining functions clone_message (combinig with remove_field()) and create_message, but haven’t found the way to get rid of the message-field, which contains EVERYTHING. Can’t write it empty either.
Any ideas how my goal can be achieved?
EDIT: My best workaround is to run a cron job which uses REST API, but it’s not “real-time”. and involves more recipient end actions.
EDIT2: DAA, I can, however, overwrite the message field with eg. “message”