[syslog-ng] match/program granularity
Balazs Scheidler
bazsi at balabit.hu
Sun Apr 11 18:55:03 CEST 2010
On Sat, 2010-04-10 at 17:22 -0400, Alex wrote:
> Hi,
>
> I'm using an older version of syslog-ng for now, until I can upgrade
> to post-3.0, but for the time-being I'd like to be able to use the
> match() and program() qualifiers to redirect output from bind to a
> specific file, from the local host as well as from remote hosts using
> local3.info.
>
> Where can I find the documentation that describes the differences in
> usage for match() and program()? In the following line, what is
> considered "program" and what is considered "match"? How does this
> change if the line is from a remote host?
>
> Apr 10 17:16:15 smtp01 postfix/cleanup[23834]: 1F3BBE74004:
> message-id=<20103410231614.1F3BBE74004 at smtp01.myhost.com>
>
> Can I match on hostname? Are there other parameters that might be
> helpful in classifying this information?
in syslog-ng 2.1 and below:
$MSG contains everything starting from 'postfix/cleanup[23834] ..'
$PROGRAM contains "postfix/cleanup"
$PID contains 23834
in syslog-ng 3.0 (when not using the 2.1 compatibility mode)
$MSG contains everything starting from '1F3BBE74 ...'
$MSGHDR contains 'postfix/cleanup[23834]: '
$PROGRAM contains postfix/cleanup
$PID contains 23834
--
Bazsi
More information about the syslog-ng
mailing list