[syslog-ng]Match macro in filename?
Vaibhav Goel
syslog-ng@lists.balabit.hu
Thu, 14 Apr 2005 07:55:24 -0700
Cool that it is 1.9.4. Is 1.9.4 production ready by any chance? I am
currently using 1.6.5. If not, is there any other way you can suggest
to solve this "problem"? I am not averse to writing some scripts etc..
Thanks!
-----Original Message-----
From: syslog-ng-admin@lists.balabit.hu
[mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Balazs Scheidler
Sent: April 14, 2005 2:43 AM
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]Match macro in filename?
On Wed, 2005-04-13 at 21:48 -0700, Nate Campi wrote:
> On Wed, Apr 13, 2005 at 09:38:11AM -0700, Vaibhav Goel wrote:
> >=20
> > Is there any way to get a match filter in an output filename?
> >=20
> > For example:
> >=20
> > filter f_xyz { match("xyz"); };
> >=20
> > should output to
> >=20
> > xyz.log
>=20
> There is no way to have syslog-ng remember the contents of a match and
> use it later in another statement.
In fact, this is possible in 1.9.4 (the future 2.0.x branch) where you
can use regex's selection features in macro expansion.
For example:
filter f_xyz { match("(xyz)"); };
destination l_xyz { file("/var/log/$1"); };
However trusting the contents of the logs for something like filenames
might not be the best solution. (although syslog-ng filters spurious
filenames by checking '../' and '../' strings in filenames just before
handing those over to open().=20
--=20
Bazsi
_______________________________________________
syslog-ng maillist - syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html