You can override the system default syslog templates.

1. To use a new template, add one of the following entries to /etc/cb/cb.conf :

   BinaryInfoSyslogTemplateGroupObserved=/etc/cb/my_bininfo_group_observed_template.txt
   BinaryInfoSyslogTemplateHostObserved=/etc/cb/my_bininfo_host_observed_template.txt
   BinaryInfoSyslogTemplateObserved=/etc/cb/my_bininfo_observed_template.txt
   FeedIngressSyslogTemplateBinary=/etc/cb/my_feed_ingress_binary_template.txtx
   FeedIngressSyslogTemplateProcess=/etc/cb/my_feed_ingress_process_template.txt
   FeedStorageSyslogTemplateBinary=/etc/cb/my_feed_storage_binary_template.txt
   FeedStorageSyslogTemplateProcess=/etc/cb/my_feed_storage_process_template.txt
   WatchlistSyslogTemplateBinary=/etc/cb/my_wathlist_process_template.txt
   WatchlistSyslogTemplateProcess=/etc/cb/my_watchlist_binary_template.txt
   FeedQuerySyslogTemplateBinary=/etc/cb/my_feed_query_binary_template.txt
   FeedQuerySyslogTemplateProcess=/etc/cb/my_feed_query_process_template.txt

2. The watchlist search process will automatically pick up the new template when the next watchlist hit occurs.