[syslog-ng] Using Regex information for destination
Balazs Scheidler
bazsi at balabit.hu
Mon Jan 28 21:16:32 CET 2008
On Mon, 2008-01-28 at 14:55 -0500, James Whitt wrote:
> I had asked this question about a year ago, but was told to wait for
> the new 2.0 version. I'm currently running the latest syslog-ng
> 2.0.7.
>
> What I would like to do is put the line in a specific file based on
> part of the hostname. For example:
>
> Hostname: subdomain.domain.tld
>
> destination customer_firewall_logs
> { file("/logs/$TLD/$DOMAIN/$SUBDOMAIN/$R_YEAR-$R_MONTH-$R_DAY.log"); };
>
> WHERE $TLD is the tld of the hostname, $DOMAIN is the domain from the
> hostname, and $SUBDOMAIN is teh subdomain from the hostname. I would
> like to be able to regex this information out of the hostname to use
> in the destination. Is this possible and any tips on getting it to
> work correctly would be greatly appreciated.
You can do something like this:
filter f_tld { hostname("^[a-zA-Z0-9]+\.\(.$\)$"); };
Then your TLD is in the $1 macro, e.g. you can do something like:
destination d_file { file("/logs/$1/$DOMAIN/$SUBDOMAIN/$R_YEAR-$R_MONTH-$R_DAY.log"); };
^^^
You can use up to 256 different $NNN macros, but only one regexp.
--
Bazsi
More information about the syslog-ng
mailing list