I had that for the most part, but it didn&#39;t work.&nbsp; I was using host in&nbsp; my filter (hostname throws a syntax error).&nbsp; Here is what I have for the most part for that section:<br><br>filter f_filter { host(&quot;^[0-9a-zA-Z\-]+\.domain\.[0-9a-zA-Z\-]+$&quot;); };<br>
destination f_logs { file(&quot;/logs/$1/$2/$HOST/$YEAR-$MONTH-$DAY.log&quot;); };<br>log { source(external);<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; filter(f_filter);<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; destination(f_logs);<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; flags(final);<br>};<br><br>When I start this, it does filter correctly, but it doesn&#39;t place them in the correct directories.&nbsp; Another example of what it does.<br>
<br>Hostname: abc.domain.xyz<br>It saves the log information in: /logs/abc.domain.xyz/2008-01-28.log<br><br>It completely ignores the $1/$2.&nbsp; I had restarted it and even changed the path to verify that it is reading the new configuration file.<br>
<br><br><div class="gmail_quote">On Jan 28, 2008 3:16 PM, Balazs Scheidler &lt;<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>&gt; wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div></div><div class="Wj3C7c"><br>On Mon, 2008-01-28 at 14:55 -0500, James Whitt wrote:<br>&gt; I had asked this question about a year ago, but was told to wait for<br>&gt; the new 2.0 version. &nbsp;I&#39;m currently running the latest syslog-ng<br>
&gt; 2.0.7.<br>&gt;<br>&gt; What I would like to do is put the line in a specific file based on<br>&gt; part of the hostname. &nbsp;For example:<br>&gt;<br>&gt; Hostname: subdomain.domain.tld<br>&gt;<br>&gt; destination customer_firewall_logs<br>
&gt; { file(&quot;/logs/$TLD/$DOMAIN/$SUBDOMAIN/$R_YEAR-$R_MONTH-$R_DAY.log&quot;); };<br>&gt;<br>&gt; WHERE $TLD is the tld of the hostname, $DOMAIN is the domain from the<br>&gt; hostname, and $SUBDOMAIN is teh subdomain from the hostname. &nbsp;I would<br>
&gt; like to be able to regex this information out of the hostname to use<br>&gt; in the destination. &nbsp;Is this possible and any tips on getting it to<br>&gt; work correctly would be greatly appreciated.<br><br></div></div>
You can do something like this:<br><br>filter f_tld { hostname(&quot;^[a-zA-Z0-9]+\.\(.$\)$&quot;); };<br><br>Then your TLD is in the $1 macro, e.g. you can do something like:<br><br>destination d_file { file(&quot;/logs/$1/$DOMAIN/$SUBDOMAIN/$R_YEAR-$R_MONTH-$R_DAY.log&quot;); };<br>
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ^^^<br><br>You can use up to 256 different $NNN macros, but only one regexp.<br><font color="#888888"><br>--<br>Bazsi<br><br>_______________________________________________<br>syslog-ng maillist &nbsp;- &nbsp;<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br>
<a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>Frequently asked questions at <a href="http://www.campin.net/syslog-ng/faq.html" target="_blank">http://www.campin.net/syslog-ng/faq.html</a><br>
<br></font></blockquote></div><br>