On Tue, Jan 31, 2006 at 04:11:24PM -0200, Gustavo Mendes de Carvalho wrote:
Dear All,
Does anybody knows how to insert some string in a message that will be apended in log files ? I mean, imagine that syslog-ng receives this message to insert in /var/log/auth.log.
Jan 31 13:18:01 host sshd[6278]: Accepted keyboard-interactive/pam for user from 10.10.0.29 port 49105 ssh2
And I would like to insert some text together, resulting in some like this
Jan 31 13:18:01 host sshd[6278]: Accepted keyboard-interactive/pam for root from 10.10.0.29 port 49105 ssh2 - service xyz for user root
How can I include this string " - service xyz for user root" ?
I know that it's possible, but I didn't find how to.
I don't know if it's pretty, but I've used this kind of thing: destination d_insert_txt { tcp("10.0.0.8" port(5140) template("$DATE $SOURCEIP $MESSAGE - service xyz for user root\n") template-escape(no) ); }; filter f_ssh_root_login { program("sshd") and match("Accepted keyboard-interactive/pam for root"); }; log { source(local); filter(f_ssh_root_login); destination(d_insert_txt); }; This sends it over a TCP stream, but you can modify it to use a file pretty easily. HTH. -- Nate "When I was a boy of 14 my father was so ignorant I could hardly stand to have the old man around. But when I got to be twenty-one, I was astonished at how much the old man had learnt in seven years." - Samuel Clemens