match/program granularity
Hi, I'm using an older version of syslog-ng for now, until I can upgrade to post-3.0, but for the time-being I'd like to be able to use the match() and program() qualifiers to redirect output from bind to a specific file, from the local host as well as from remote hosts using local3.info. Where can I find the documentation that describes the differences in usage for match() and program()? In the following line, what is considered "program" and what is considered "match"? How does this change if the line is from a remote host? Apr 10 17:16:15 smtp01 postfix/cleanup[23834]: 1F3BBE74004: message-id=<20103410231614.1F3BBE74004@smtp01.myhost.com> Can I match on hostname? Are there other parameters that might be helpful in classifying this information? Thanks, Alex
On Sat, 2010-04-10 at 17:22 -0400, Alex wrote:
Hi,
I'm using an older version of syslog-ng for now, until I can upgrade to post-3.0, but for the time-being I'd like to be able to use the match() and program() qualifiers to redirect output from bind to a specific file, from the local host as well as from remote hosts using local3.info.
Where can I find the documentation that describes the differences in usage for match() and program()? In the following line, what is considered "program" and what is considered "match"? How does this change if the line is from a remote host?
Apr 10 17:16:15 smtp01 postfix/cleanup[23834]: 1F3BBE74004: message-id=<20103410231614.1F3BBE74004@smtp01.myhost.com>
Can I match on hostname? Are there other parameters that might be helpful in classifying this information?
in syslog-ng 2.1 and below: $MSG contains everything starting from 'postfix/cleanup[23834] ..' $PROGRAM contains "postfix/cleanup" $PID contains 23834 in syslog-ng 3.0 (when not using the 2.1 compatibility mode) $MSG contains everything starting from '1F3BBE74 ...' $MSGHDR contains 'postfix/cleanup[23834]: ' $PROGRAM contains postfix/cleanup $PID contains 23834 -- Bazsi
Can I match on hostname? Are there other parameters that might be helpful in classifying this information?
in syslog-ng 2.1 and below:
$MSG contains everything starting from 'postfix/cleanup[23834] ..' $PROGRAM contains "postfix/cleanup" $PID contains 23834
How do these variables relate to syslog-ng.conf? IOW, I have been using: filter f_myhost { match("smtp02"); }; filter f_myprogram { program("postfix") }; filter f_named { program("named") and facility(local3); }; Is this the right way to do it? Thanks, Alex
On Sun, 2010-04-11 at 17:27 -0400, Alex wrote:
Can I match on hostname? Are there other parameters that might be helpful in classifying this information?
in syslog-ng 2.1 and below:
$MSG contains everything starting from 'postfix/cleanup[23834] ..' $PROGRAM contains "postfix/cleanup" $PID contains 23834
How do these variables relate to syslog-ng.conf? IOW, I have been using:
filter f_myhost { match("smtp02"); }; filter f_myprogram { program("postfix") }; filter f_named { program("named") and facility(local3); };
Is this the right way to do it?
program() matches $PROGRAM match() matches $MESSAGE (or $MSG which is an alias) Don't forget that the argument for these filters is a regular expression though. So if you only want to match the beginning of the string, you should use "^postfix" -- Bazsi
participants (2)
-
Alex
-
Balazs Scheidler