Set the facility field
It is possible to set the facility field with the set-facility() rewrite function. When set, the set-facility() rewrite function will only rewrite the ${PRIORITY} field in the message to the first parameter value specified in the function.
Note
If the parameter value is not a valid parameter value, the function ignores it and sends a debug message, but the application still sends the message.
Declaration
log {
source { system(); };
if (program("postfix")) {
rewrite { set-facility("mail"); };
};
destination { file("/var/log/mail.log"); };
flags(flow-control);
};
Parameters
The set-facility() rewrite function has a single, mandatory parameter that can be defined as follows:
set-facility( "parameter1" );
Accepted values
The set-facility() rewrite function accepts the following numeric strings and named values:
| Numerical Code | Facility name | Facility |
|---|---|---|
| 0 | kern | kernel messages |
| 1 | user | user-level messages |
| 2 | mail system | |
| 3 | daemon | system daemons |
| 4 | auth | security/authorization messages |
| 5 | syslog | messages generated internally by syslogd |
| 6 | lpr | line printer subsystem |
| 7 | news | network news subsystem |
| 8 | uucp | UUCP subsystem |
| 9 | cron | clock daemon |
| 10 | authpriv | security/authorization messages |
| 11 | ftp | FTP daemon |
| 12 | ntp | NTP subsystem |
| 13 | security | log audit |
| 14 | console | log alert |
| 15 | solaris-cron | clock daemon |
| 16-23 | local0..local7 | locally used facilities (local0-local7) |
Example usage for the set-facility() rewrite function
The following two set-facility() examples are equivalent:
rewrite {
set-facility("security");
set-facility("13");
};
Last modified April 9, 2025: Fix available values for set-facility (e93965f)