[syslog-ng] in-list filter for substrings
Clayton Dukes
cdukes at logzilla.net
Tue May 16 03:40:07 UTC 2017
Question:
Is there are way to read in a file to match for substrings?
Example:
filter f_malware {
in-list("/etc/syslog-ng/conf.d/malware.list",
value("MSG"));
};
rewrite rw_malware {
set("Malware", value("PROGRAM") condition(filter(f_malware)));
};
Then, given a string like:
Dec 15 17:57:02 230.16.190.121 %ASA-5-304001: 67.16.126.205 Accessed URL 114.4.201.244:http://wvqwdhimen.jaqwejggvwxyangoqepw.tk/storageframe.html
It would look at malware.list and see a line containing:
wvqwdhimen.jaqwejggvwxyangoqepw.tk
and set the Program name as "Malware"
I see in the docs, it says ' Only exact matches are supported, partial and substring matches are not' so I don't think this will work.
Is there a way to do anything like this?
- Clayton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170516/d86870d5/attachment.html>
More information about the syslog-ng
mailing list