Issue

• In RHDS we have the audit log, /var/log/dirsrv/slapd-<instance>/audit, which is has multiline output and basically contains timed ldif files of modify operations
• I'm looking for a method to send this audit log to rsyslog and then remotely send it to an auditing server that will do auditing and reporting
• However, the department administering that auditing server requests that all modify operations to be folded into single line outputs (say, from time: directive to time: directive) to have their tooling work with it
• The fact that it's an ldif format doesn't matter for the auditing server, just putting any modify operation into a single line is good for auditing
• I've tried working with rsylog and imfile and at least we're able to send data to the auditing server, but now I'm unsure how to accomplish this

• To clarify in an example. A simple audit excerpt like this:

  time: 20130924135537
  dn: uid=someuser,ou=People,o=example,c=com
  changetype: modify
  replace: passwordRetryCount
  passwordRetryCount: 0
  -
  

• Should become something like this

  time: 20130924135537#dn: uid=someuser,ou=People,o=example,c=com#changetype: modify#replace: passwordRetryCount#passwordRetryCount: 0#-#
  

• Where the hash (#) can be replaced with any kind of delimiter which is either more logical or desirable

• Is this at all possible with a rsyslog plugin or a named pipe? Also if it's impossible we'd like to know