On 11/23/2011 02:50 PM, Jakub Jankowski wrote:
Wednesday 23 of November 2011 14:44:17 Dragan Zubac wrote:
Is it possible to configure syslog-ng to log email logs in separate file for every email ?
So an email is being processed,all lines in /var/log/mail.log for that particular email has a unique identifier,there might be some 5-15 lines for each email,is syslog-ng capable to log those lines per unique email ID into a separate log file,where a filename is generated on-the-file with some unique filename ?
If this unique ID is present in every line related to a particular mail, you can parse it (either with patterndb, or plain CSV parser - depends on your log lines format), extract the ID and use it as a macron in the destination filename. So, under certain conditions, yes - it is possible.
HTH
It might be possible even if the ID is not present in every log message. You can use patterndb and message correlation to identify every message, and also to group related messages (in your case, messages belonging to the same email). Check Chapter 13 of the syslog-ng administrator guide: http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guide... Regards, Robert