[syslog-ng]recording name filters II
Balazs Scheidler
syslog-ng@lists.balabit.hu
Sun, 22 Feb 2004 12:08:36 +0100
2004-02-20, p keltezéssel 08:54-kor Luigi Augello ezt írta:
> Hi at all and tanks to “Bazsi” for considering my suggestion “interesting”
> I think to create some different filter as some as:
> ...
> filter green { level(debug..notice); };
> filter yellow { level(warning..error); };
> filter red { level(alert..panic); };
> ...
> filter auth_red{facility(auth), and filter(red) ; };(I don’t have try but I
> think that the this syntax is right)
>
> ...
> I would register the name of the filter to have the immediacy of the level of
> thedanger
>
>
> I register the logs on a centralized Mysql database. Is more clear my target?
Ok, but how do you think this would be implemented in this case:
source s_net {udp(); };
destination d_msg { file("/var/log/messages/messages.$FILTER"); };
filter red { level(alert..panic); };
filter auth { facility(auth); };
log { source(s_net); filter(red); filter(auth); destination(d_msg); };
So what should $FILTER expand to? When you have more than a single
filter applied to a log path, expanding $FILTER is not that simple.
A limited approach by expanding to the first/last filter is possible,
but I don't really like this.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1