Cool that it is 1.9.4. Is 1.9.4 production ready by any chance? I am currently using 1.6.5. If not, is there any other way you can suggest to solve this "problem"? I am not averse to writing some scripts etc.. Thanks! -----Original Message----- From: syslog-ng-admin@lists.balabit.hu [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Balazs Scheidler Sent: April 14, 2005 2:43 AM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]Match macro in filename? On Wed, 2005-04-13 at 21:48 -0700, Nate Campi wrote:

On Wed, Apr 13, 2005 at 09:38:11AM -0700, Vaibhav Goel wrote:

...

Is there any way to get a match filter in an output filename?

For example:

filter f_xyz { match("xyz"); };

should output to

xyz.log

There is no way to have syslog-ng remember the contents of a match and use it later in another statement.

In fact, this is possible in 1.9.4 (the future 2.0.x branch) where you can use regex's selection features in macro expansion. For example: filter f_xyz { match("(xyz)"); }; destination l_xyz { file("/var/log/$1"); }; However trusting the contents of the logs for something like filenames might not be the best solution. (although syslog-ng filters spurious filenames by checking '../' and '../' strings in filenames just before handing those over to open(). -- Bazsi _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html