[syslog-ng]creation of filter
A.L.Lambert
max@xjack.org
Thu, 22 Mar 2001 11:24:46 -0600 (CST)
> I will wish to write a script to filter the event of my equipment by
> address IP. But I cannot program in Shell. If anyone has any ideas,
> please forward them to me also.
If you want to pre-process things this way, you can use a
destination {}; in syslog-ng, something like the following:
options {
# put all your other options here;
create_dirs(on);
};
destination by_host { file("/var/log/$HOST/$FACILITY.$PRIORITY"); };
log { source(src); destination(by_host); };
This will create you a directory tree, in which you have a
sub-directory for each host, with a facility.priority file in each host's
directory containing all the relevant log info. You could also do it like
file("/var/log/$HOST"); if you just wanted all logs for each host in a
single file, and other variations on the theme that you may preferr.
If you want to post-process the messages, use the following shell
script (this script works on Linux boxes for sure; I don't know about
other Un*xes, but probably).
#---begin of file---
#!/bin/sh
# The files to parse (season to suit your system)
files="/var/log/messages /var/log/secure /var/log/maillog"
# Make sure our sorted directory exists, create it if it doesn't
if [ ! -d /var/log/sorted ] ; then
mkdir /var/log/sorted
chmod 0750 /var/log/sorted
fi
# parse the input files by host.
cat $files |
while read line ; do
hostname="`echo $line | cut -d"@" -f2 | cut -d" " -f1`"
echo $line >> /var/log/sorted/$hostname
done
#---end of file---
Cheers!
--
A.L.Lambert
------------------------------------------------------------------------
The problems that exist in the world today cannot be solved by the level
of thinking that created them...
-Einstein
------------------------------------------------------------------------