[syslog-ng] Stripping numerals in the destination
Evan Rempel
erempel at uvic.ca
Fri Aug 1 03:29:03 CEST 2008
filter f_host { host(^([^0-9]+)[0-9]+); };
destination d_host {file("/log1/syslog/$1/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
template("$ISODATE <$FACILITY.$PRIORITY> $1 $MSG\n")
template_escape(no)
);
};
log { source(your_source); filter(f_host); destination(d_host); };
This will log anything that is non-numeric followed by numbers to the non-numeric path, and
"spoof" the hostname as if it were the non-numeric host. You may with to put the $host macro
in place of the $1 in the template.
Alternatively, if you have a limited number of server types, you could do
filter f_web { host(^web[0-9]+); };
destination d_web { file("/log1/syslog/web/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
template("$ISODATE <$FACILITY.$PRIORITY> web $MSG\n")
template_escape(no)
);
};
log { source(your_source); filter f_web; destination(d_web); };
for each server type.
Evan Rempel
Cliff Fogle wrote:
> I have several server types, like web001-web100 and thumb001-thumb010 or db001-db004
>
> I want each server type to log to the same file and I can't for the life of me figure out a regex for $HOST in the destination statement to strip numerals.
>
> Where the first $HOST is below I want to do something like a sed "s/[0-9]*$//"
>
> destination d_host {
> file("/log1/syslog/$HOST/$R_YEAR/$R_MONTH/$R_YEAR-$R_MONTH-$R_DAY"
> template("$ISODATE <$FACILITY.$PRIORITY> $HOST $MSG\n")
> template_escape(no)
> );
> };
>
> Thanks for any help you can provide. I've been banging my head against google for hours now...
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
More information about the syslog-ng
mailing list