6 Jan
2011
6 Jan
'11
11:01 p.m.
Greetings, I'm new to syslog-ng, and I'm trying to key off of a custom field in a log entry, and put the message in a particular directory named for the field. a sample log entry would look like this: Dec 16 14:08:51 u910-05 testapp: \ 00000000000000a7:00007f62d170a910:DEBUG :part.cpp : 183: \ | PartitionInfo [0x275f720] '\' denotes line continuation. The field I want to key off in this line is: 00000000000000a7 I created a filter to only get stuff from 'testapp', but now I want to make the destination be tied to the field. The field is positional, but can have any value, and cannot be known a priori. Not sure how to go about it. Any links to examples or where to start would be very much appreciated. -- Thanks, -Christopher