[syslog-ng] matching by unknown field
Dorian
imgrey at gmail.com
Sat May 24 03:51:09 CEST 2008
Balazs Scheidler wrote:
> On Thu, 2008-05-22 at 21:39 -0500, Dorian wrote:
>
>> Good Day
>>
>> Could someone tell how to match message by 'blah', the word before '@' ?
>>
>> """
>> May 22 21:28:29 blah at localhost/dns syslog-ng starting up;
>> """
>>
>>
>
> host("^blah")
>
no shit ?
P.S.
not working. I've tried everything before asking
source blah {
file("/var/log/blah.log" );
};
destination remote_host {
tcp("10.1.0.1");
};
log {
source(blah);
destination(remote_host);
}
on remote_host:
source everyone
{
tcp(max_connections(100));
};
filter blah {
host("^blah");
};
log
{
source(everyone);
filter(blah);
destination(somewhere);
};
More information about the syslog-ng
mailing list