[syslog-ng] Macro question
Michael J. Bauer
mjbauer at eecs.tufts.edu
Fri Nov 6 22:56:40 CET 2009
Thanks for the pointer, I've rewritten my match() statements.
MJB
Balazs Scheidler wrote:
> On Wed, 2009-10-28 at 17:18 -0400, Michael J. Bauer wrote:
>
>> I am running syslog-ng 3.0.4 on RHEL 5.4.
>>
>> I have a log message that appears in my logfiles as
>>
>> Oct 28 16:41:22 juniper-router {wan-service-set}[FWNAT]:
>> ASP_NAT_RULE_MATCH: proto 6 (TCP) application: any,
>> ge-0/0/3.2:10.3.13.153:49818 -> 66.249.80.148:80, Match NAT rule-set: ,
>> rule: nat-outgoing, term: dynamic-nat
>>
>> There are no carriage returns in that entry; any that appear are
>> artifacts of some mail server or client along the way.
>>
>> I want any log entry containing the string FWNAT to go into a separate
>> file. match(FWNAT) on the filter does just that, but syslog-ng
>> complains that I'm not using value() for efficiency. However, it's not
>> at all clear which macro, if any, actually contains the string FWNAT. I
>> can tell you five that don't:
>>
>> APPLICATION
>> EVENT_SOURCE
>> MESSAGE
>> MSG
>> PROGRAM
>>
>> What macro contains FWNAT? And where can I get a definitive list of
>> macros and specifics on how the value in each is set for each line? The
>> documentation is insufficiently detailed on this subject.
>>
>
> $PROGRAM will contain {wan-service-set}
> $PID will contain FWNAT
>
>
More information about the syslog-ng
mailing list