[syslog-ng] need help with a match filter
Rory Toma
rory at ooma.com
Mon Jan 25 21:02:11 CET 2010
I'm trying to dynamically create lognames and directories form the host
name that is sent. My hosts' names are of the form
foo_<mac address>
I want to create a destination that would be
/logs/foo_<first 9 digits of mac address>/<date>/foo_<mac_address>.log
Here is what I tried so far, and it does not work, but is close. Can
someone suggest a config that might work? Thx.
I can do this individually, but having 100+ filters and 100+ log lines
in the config really slows things down.
#filter for foo
filter foo_filter { match('host("foo_[0-9A-F]\{9\}$")'
flags("store-matches")); };
# foo destinations
destination foo_dest {
file("/logs/$0/$R_YEAR$R_MONTH$R_DAY/$HOST-$R_YEAR$R_MONTH$R_DAY.log"
owner(root) group(root) perm(0444)
template("$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC $MSG\n")
template_escape(no));
};
More information about the syslog-ng
mailing list