[syslog-ng]syslog-ng and regex

Hamilton, Andrew syslog-ng@lists.balabit.hu
Mon, 24 Feb 2003 14:13:02 -0500 

To match a program name you use the program function in the filter.

filter f_antivir { program("antivir"); };

Regards,

Drew

-----Original Message-----
From: Micha Holzmann [mailto:holzmann@mhnet.de]
Sent: Monday, February 24, 2003 12:42 PM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]syslog-ng and regex


Hello,

i am very new at syslog-ng and at its list. I am running two Debian
GNU/Linux boxes. One as a DSL Router and the other as my workstation.

Today i have installed syslog-ng via apt-get (1.5.15-1.1).

I tried to setup remote logging. I want my router/firewall logging
additional to my workstation. On the router i have the following entries
in syslog-ng.conf


Hostname of router = xenia

>---  cut here  ----
destination loghost {udp("192.168.1.1" port(514));};
log { source(src); destination(loghost); };
>---  cut here  ----


Hostname of workstation = kaliba
On my workstation i have in syslog-ng.conf:

>---  cut here  ----
destination rlogging { file("/var/log/syslog-ng/$HOST/syslog.log"
            sync(0) log_fifo_size(10) create_dirs(yes) owner(root)
            group(system) perm(0660) dir_perm(0770)); };

filter f_xenia { match("xenia"); };

log { source(src); filter(f_xenia); destination(rlogging); };
>---  cut here  ----


I am not sure if this setup is correct. May you can give me some
advices. If it is necessary to have my configs, please tell me, i will
post them afterwards.

Now i have a seceond question, on my workstation runs a cron job which
looks for new antivir definition file or new program version (binary
file). I tried to put the syslog entries in a separate file.

Can i use regex in the match()? May like this:
match("antivir\[[0-9]+\]") to catch antivir[19129]


>---  cut here  ----
destination antivir { file("/var/log/antivir.log"); };
filter f_antivir { match("kaliba antivir"); };
log { source(src); filter(f_antivir); destination(antivir); };
>---  cut here  ----

But the logfile entries does not arrive in /var/log/antivir.log.
Did i anything wrong?

Best regards,
Micha Holzmann

-- 
My software never has bugs. It just develops random features.