Simple Examples

A good example for this is the email subject line, which has severe length constraints. If you would like to have only the first 40 characters of the actual message text in the subject, you could use the replacer: "%msg:1:40%".

If you know the first 10 characters of the message are meaningless for you but you would like to see the full rest of the message (no matter how long it may be), you can use a sequence like "%msg:11%".

If you would just like to see the plain message from beginning to end, you can simply omit FromPos and ToPos: "%msg". Of course, all of these sample not only work with the “msg” property, but also with all others like “facility”, or “priority”, or W3C-log header extracted property names.

More complex Examples

If you would like to extract the 50 characters from the message after the word DROP, you would use the following replacer string:


If you would like to have the first 40 characters in front of the string “- aborted” (including that string):

%msg:/- aborted/$:-40%

If you would like to receive everything starting from (and including) “Log:”:


If you would like to have everything between the string “FROM” and “TO” including NONE of the both searchstrings:


If you would just like to log lowercase letters in your log messages:


And if you would just like to have the first 50 characters (and these in lower case):


If you need to change a timestamp to a UNIX-like timestamp, you could use this:


Please see also the focussed sample in the ToPos description.

A real world Sample We use the following template to generate output suitable as input for MoniLog:

%timegenerated:1:10%,%timegenerated:12:19%,%source%,%syslogfacility%,%syslogprio rity%,EvntSlog: %severity% %timereported:::uxTimeStamp%: %source%/%sourceproc% (%id%) - "%msg%"%$CRLF%

Please note: everything is on one line with no line breaks in between. This example is from the “write to file” action (with custom file format).