[syslog-ng]recording name filters II

Balazs Scheidler syslog-ng@lists.balabit.hu
Sun, 22 Feb 2004 12:08:36 +0100

2004-02-20, p keltezéssel 08:54-kor Luigi Augello ezt írta:
> Hi at all and tanks to “Bazsi” for considering my suggestion “interesting”
> I think to create some different filter as some as:
> ...
> filter green { level(debug..notice); };
> filter yellow { level(warning..error); };
> filter red { level(alert..panic); };
> ...
> filter auth_red{facility(auth), and filter(red) ; };(I don’t have try but I 
> think that the this syntax is right)
> ...
> I would register the name of the filter to have the immediacy of the level of 
> thedanger
> I register the logs on a centralized Mysql database. Is more clear my target?

Ok, but how do you think this would be implemented in this case:

source s_net {udp(); };

destination d_msg { file("/var/log/messages/messages.$FILTER"); };

filter red { level(alert..panic); };
filter auth { facility(auth); };

log { source(s_net); filter(red); filter(auth); destination(d_msg); };

So what should $FILTER expand to? When you have more than a single
filter applied to a log path, expanding $FILTER is not that simple.

A limited approach by expanding to the first/last filter is possible,
but I don't really like this.

PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1