[syslog-ng] Filtering Howto's
Paul Krizak
paul.krizak at amd.com
Wed May 2 17:00:28 CEST 2007
When I was working with splunk, I found it was easiest to use a FIFO.
Set up a log path in syslog-ng with an appropriate set of filter
statements, with the destination set to a FIFO.
Splunk has a method built-in to read from a FIFO, which I found to be
much tidier and more efficient than having splunk tail files.
Paul Krizak 5900 E. Ben White Blvd. MS 625
Advanced Micro Devices Austin, TX 78741
Linux/Unix Systems Engineering Phone: (512) 602-8775
Silicon Design Division Cell: (512) 791-0686
Corey Bobb wrote:
> I am looking for some detailed howto's on writing my own filters. I am
> trying to dump syslog-ng logs / date into splunk, but want to filter
> that which only I need to index into splunk. If anyone has any good
> howto's or have worked with splunk before I would certainly be open to
> any ideas or input they might have on the topic.
>
>
>
> Thanks
>
>
>
> cb
>
>
> ------------------------------------------------------------------------
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
More information about the syslog-ng
mailing list