[syslog-ng]syslog-ng macro

Michael Earls syslog-ng@lists.balabit.hu
Thu, 05 Jun 2003 09:42:46 -0400


What is the best way to apply filters to this macro.  Let say I want to
log messages to a different file for a given IP address.  Should I add
this type of statement before the destination d_mysql.  

#
# This is the default behavior of sysklogd package
# Logs may come from unix stream, but not from another machine.
#
source src { unix-dgram("/dev/log"); internal(); };
source net { udp(); };

#
# If you wish to get logs from remote machine you should uncomment
# this and comment the above source line.
#
# source src { unix-dgram("/dev/log"); internal(); udp(); };

## Log syslog-ng to mysql database
##
  destination d_mysql {
     file("/syslog/data/fulllog.$YEAR.$MONTH.$DAY.$HOUR.$MIN.$SEC"
       template("INSERT INTO logs (host, facility, priority, level,
tag, date,
       time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY',
'$LEVEL', '$TAG',
       '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG'
);\n") template-escape(yes));
       };
     log { source(net); destination(d_mysql);
  };




Thanks,

michael

Michael Earls
Systems Analyst, Information Services
Cincinnati Children's Hospital Medical Center
Phone: 513-636-5882
Pager: Michael.Earls@skytel.com

PGP Info: KeyID 0x5EB59708 Fingerprint 108B A1D8 76F5 08A8 501A F28C
86F4 4BC5 5EB5 9708