[syslog-ng] Macro question
Michael J. Bauer
mjbauer at eecs.tufts.edu
Wed Oct 28 22:18:27 CET 2009
I am running syslog-ng 3.0.4 on RHEL 5.4.
I have a log message that appears in my logfiles as
Oct 28 16:41:22 juniper-router {wan-service-set}[FWNAT]:
ASP_NAT_RULE_MATCH: proto 6 (TCP) application: any,
ge-0/0/3.2:10.3.13.153:49818 -> 66.249.80.148:80, Match NAT rule-set: ,
rule: nat-outgoing, term: dynamic-nat
There are no carriage returns in that entry; any that appear are
artifacts of some mail server or client along the way.
I want any log entry containing the string FWNAT to go into a separate
file. match(FWNAT) on the filter does just that, but syslog-ng
complains that I'm not using value() for efficiency. However, it's not
at all clear which macro, if any, actually contains the string FWNAT. I
can tell you five that don't:
APPLICATION
EVENT_SOURCE
MESSAGE
MSG
PROGRAM
What macro contains FWNAT? And where can I get a definitive list of
macros and specifics on how the value in each is set for each line? The
documentation is insufficiently detailed on this subject.
Thanks,
MJB
More information about the syslog-ng
mailing list