[syslog-ng]Macro Substitution
Balazs Scheidler
bazsi@balabit.hu
Thu, 11 Oct 2001 09:40:57 +0200
On Wed, Oct 10, 2001 at 03:26:39PM -0500, Jeremy Shaffner wrote:
>
> Howdy,
>
> I'm currently using a template to output logs to a pipe for importing
> into a DB. Is it possible to isolate a portion of the $MSG macro using
> regexps? Such that it equates to:
>
> echo $MSG | sed 's/denied ip \(1.1.1.1\) -> \(2.2.2.2\)/\1 \2/'
>
> I'm trying to put the IPs in their own column in the table.
you might try to do it in the script reading the messages from the pipe.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1