[syslog-ng] Inserting text in syslog messages
Nate Campi
nate at campin.net
Tue Jan 31 23:58:40 CET 2006
On Tue, Jan 31, 2006 at 04:11:24PM -0200, Gustavo Mendes de Carvalho wrote:
> Dear All,
>
> Does anybody knows how to insert some string in a message that will be
> apended in log files ? I mean, imagine that syslog-ng receives this
> message to insert in /var/log/auth.log.
>
> Jan 31 13:18:01 host sshd[6278]: Accepted keyboard-interactive/pam for
> user from 10.10.0.29 port 49105 ssh2
>
> And I would like to insert some text together, resulting in some like this
>
> Jan 31 13:18:01 host sshd[6278]: Accepted keyboard-interactive/pam for
> root from 10.10.0.29 port 49105 ssh2 - service xyz for user root
>
> How can I include this string " - service xyz for user root" ?
>
> I know that it's possible, but I didn't find how to.
I don't know if it's pretty, but I've used this kind of thing:
destination d_insert_txt {
tcp("10.0.0.8" port(5140)
template("$DATE $SOURCEIP $MESSAGE - service xyz for user root\n")
template-escape(no)
);
};
filter f_ssh_root_login {
program("sshd") and
match("Accepted keyboard-interactive/pam for root");
};
log {
source(local);
filter(f_ssh_root_login);
destination(d_insert_txt);
};
This sends it over a TCP stream, but you can modify it to use a file
pretty easily.
HTH.
--
Nate
"When I was a boy of 14 my father was so ignorant I could hardly stand
to have the old man around. But when I got to be twenty-one, I was
astonished at how much the old man had learnt in seven years." - Samuel Clemens
More information about the syslog-ng
mailing list