[syslog-ng]Match macro in filename?
Balazs Scheidler
syslog-ng@lists.balabit.hu
Thu, 14 Apr 2005 11:42:49 +0200
On Wed, 2005-04-13 at 21:48 -0700, Nate Campi wrote:
> On Wed, Apr 13, 2005 at 09:38:11AM -0700, Vaibhav Goel wrote:
> >
> > Is there any way to get a match filter in an output filename?
> >
> > For example:
> >
> > filter f_xyz { match("xyz"); };
> >
> > should output to
> >
> > xyz.log
>
> There is no way to have syslog-ng remember the contents of a match and
> use it later in another statement.
In fact, this is possible in 1.9.4 (the future 2.0.x branch) where you
can use regex's selection features in macro expansion.
For example:
filter f_xyz { match("(xyz)"); };
destination l_xyz { file("/var/log/$1"); };
However trusting the contents of the logs for something like filenames
might not be the best solution. (although syslog-ng filters spurious
filenames by checking '../' and '../' strings in filenames just before
handing those over to open().
--
Bazsi