[syslog-ng] match/program granularity
Balazs Scheidler
bazsi at balabit.hu
Mon Apr 12 15:34:22 CEST 2010
On Sun, 2010-04-11 at 17:27 -0400, Alex wrote:
> >> Can I match on hostname? Are there other parameters that might be
> >> helpful in classifying this information?
> >
> > in syslog-ng 2.1 and below:
> >
> > $MSG contains everything starting from 'postfix/cleanup[23834] ..'
> > $PROGRAM contains "postfix/cleanup"
> > $PID contains 23834
>
> How do these variables relate to syslog-ng.conf? IOW, I have been using:
>
> filter f_myhost { match("smtp02"); };
> filter f_myprogram { program("postfix") };
> filter f_named { program("named") and facility(local3); };
>
> Is this the right way to do it?
program() matches $PROGRAM
match() matches $MESSAGE (or $MSG which is an alias)
Don't forget that the argument for these filters is a regular expression
though. So if you only want to match the beginning of the string, you
should use "^postfix"
--
Bazsi
More information about the syslog-ng
mailing list