cef_ext_escape()¶
Purpose¶
Escapes a string for safe use as a CEF extension field value.
Syntax¶
cef_ext_escape(value)
Parameters¶
- value
The string to escape.
Return Value¶
Returns the escaped string with the following substitutions applied per the CEF spec:
Backslash
\becomes\\Equals sign
=becomes\=Newline becomes
\nCarriage return becomes
\r
Use this function when embedding dynamic rsyslog property values inside
the extensions argument of tocef(). The extensions
argument itself is appended verbatim by tocef(), so any = or
\ in a value must be escaped before concatenation.
Examples¶
# Escape a file path containing backslashes
set $!ext = cef_ext_escape("C:\\dir\\file.txt");
# Result: C:\\dir\\file.txt
# Escape a value containing an equals sign
set $!ext = cef_ext_escape("status=ok");
# Result: status\=ok
# Use inside tocef()
set $!cef = tocef("0", "MyVendor", "rsyslog", "1.0",
$syslogtag, $msg, "5",
"filePath=" & cef_ext_escape($!path) &
" msg=" & cef_ext_escape($msg));
See Also¶
tocef() - Build a complete CEF header string
Support: rsyslog Assistant | GitHub Discussions | GitHub Issues: rsyslog source project
Contributing: Source & docs: rsyslog source project
© 2008–2026 Rainer Gerhards and others. Licensed under the Apache License 2.0.