[syslog-ng]filtering question
Iulian Topliceanu
syslog-ng@lists.balabit.hu
Wed, 08 Sep 2004 12:03:06 +0200
This is a multi-part message in MIME format.
--------------000509030900070309020908
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Hi,
I have to following task.
I have some messages coming from a host from local5.
The messages look like:
"Sep 6 17:07:21 herakles local5:meimlo.std.me herakles.tomcat8310
2004-09-06 17:07:21,157 [WARN] [main] [] []
voicemail.mboxp.MboxpServlet: MboxpServlet not initialized"
The thing I have to is to make a filter that matches the things between
'local5:' and the first ' '. In this case the filter is 'meimlo.std.me'
but this 'meimlo.std.me' could be anything like: 'blah.blu.admin'.
Is there a possibility to create a filter that if that string is
different, syslog-ng will automate create a new file? Like it does when
a new host is logging and it creates the dirs/files.
Does syslog-ng support such a function?
Regards,
Iulian Topliceanu
--------------000509030900070309020908
Content-Type: text/x-vcard; charset=utf8;
name="iulian.topliceanu.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="iulian.topliceanu.vcf"
begin:vcard
fn:Iulian Topliceanu
n:Topliceanu;Iulian
org:;Operations
adr:;;Moersenbroicher Weg 200;Duesseldorf;NRW;D-40470;net mobile AG
email;internet:iulian.topliceanu@net-m.de
title:Unix & Network Administrator
tel;work:+49 (0) 211 687706 31
tel;home:+49 (0) 203 6001423
tel;cell:+49 (0) 175 89 12 414
url:http://www.net-m.de
version:2.1
end:vcard
--------------000509030900070309020908--