On Sun, 2010-04-11 at 17:27 -0400, Alex wrote:
Can I match on hostname? Are there other parameters that might be helpful in classifying this information?
in syslog-ng 2.1 and below:
$MSG contains everything starting from 'postfix/cleanup[23834] ..' $PROGRAM contains "postfix/cleanup" $PID contains 23834
How do these variables relate to syslog-ng.conf? IOW, I have been using:
filter f_myhost { match("smtp02"); }; filter f_myprogram { program("postfix") }; filter f_named { program("named") and facility(local3); };
Is this the right way to do it?
program() matches $PROGRAM match() matches $MESSAGE (or $MSG which is an alias) Don't forget that the argument for these filters is a regular expression though. So if you only want to match the beginning of the string, you should use "^postfix" -- Bazsi