Someone else on the list may correct me but I think you'll find that the destination is evaluated at the time syslog is started (or restarted) not when a log message is processed. I'm pretty sure there was a discussion on the list about something similar a while back (although I couldn't find it in my emails) So short answer is that you can't use a file desination. You may however get some mileage out of writing a custom program destination and do the last bit of processing in your program.
Rory Toma <rory@ooma.com> 01/25/10 5:12 PM >>> Looking more at the docs, it looks likes I also need a value for 3.0 syntax. So I am trying something like below. However, the value of $foo_hostdir is not being set correctly. It is being set to "foo_hostdir". How do I get the value to be the value of the match?
filter foo_filter { match('host("foo_[0-9A-F]\{9\}$")' value("foo_hostdir") type("string") ); }; # foo destinations destination foo_dest { file("/logs/$foo_hostdir/$R_YEAR$R_MONTH$R_DAY/$HOST-$R_YEAR$R_MONTH$R_DAY.log" owner(root) group(root) perm(0444) template("$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC $MSG\n") template_escape(no)); }; On 1/25/10 12:02 PM, Rory Toma wrote:
I'm trying to dynamically create lognames and directories form the host name that is sent. My hosts' names are of the form
foo_<mac address>
I want to create a destination that would be
/logs/foo_<first 9 digits of mac address>//foo_.log
Here is what I tried so far, and it does not work, but is close. Can someone suggest a config that might work? Thx.
I can do this individually, but having 100+ filters and 100+ log lines in the config really slows things down.
#filter for foo filter foo_filter { match('host("foo_[0-9A-F]\{9\}$")' flags("store-matches")); };
# foo destinations destination foo_dest {
file("/logs/$0/$R_YEAR$R_MONTH$R_DAY/$HOST-$R_YEAR$R_MONTH$R_DAY.log" owner(root) group(root) perm(0444) template("$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC $MSG\n") template_escape(no)); };
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html