[syslog-ng] grouping of sources

Joe Shaw joe at joeshaw.org
Sun Feb 15 20:40:02 CET 2009


Hi,

On Sun, Feb 15, 2009 at 4:31 AM, Balazs Scheidler <bazsi at balabit.hu> wrote:
> I'll see what I can do about this. What about the following idea:
>  * make it possible to mark sources with tags
>  * create a filter that matches tags
>
> Then you could do something like:
>
> source s_udp { udp(); tags(net); };
> source s_tcp { tcp(); tags(net); };
>
> filter f_net_messages { tags(net); };
>
> log { flags(catch-all); filter(f_net_messages); destination(...); };
>
> I'd have to work on the syntax a bit more, but I hope the general idea
> is visible.

Ah, interesting.  Yes, I think this would work just fine.

Joe


More information about the syslog-ng mailing list