23 Mar
2020
23 Mar
'20
6:16 p.m.
Hi, We receive aggregated syslog from a server (all logs are send from 1 IP). Also all the events are mixed. The name of the host sending the initial traffic is in each event. ex: 2020/03/23 [notice] [user] New original_source=SERV1.example.com Task=0 .... How to recover SER1 which is always preceded by "original_source=" and followed by "example.com" to save it in a file for example /data/serv1.log I don't want a static filter (I know how to do it) but a dynamic one. If a new event arrives at original_source=SERV2.example.com I would like it to automatically create a /data/serv2.log Could you help me please ? thank you in advance Pit