[syslog-ng] need help with a match filter
Balazs Scheidler
bazsi at balabit.hu
Sat Feb 6 16:54:20 CET 2010
On Mon, 2010-01-25 at 16:37 -0800, Rory Toma wrote:
> OK, after looking at about a hundred web pages, and having my office
> mate do the same, here's what works:
>
> filter foo_filter {
> match("\(foo_[0-9A-F]\{9\}\)[0-9A-F]\{3\}" value("HOST")
> flags("store-matches"));
> };
>
> # foo destinations
> destination foo_dest {
>
> file("/logs/${1}/$R_YEAR$R_MONTH$R_DAY/$HOST-$R_YEAR$R_MONTH$R_DAY.log"
> owner(root) group(root) perm(0444)
> template("$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC $MSG\n")
> template_escape(no));
> };
>
> log {source(telo); filter(foo_filter); destination(foo_dest); };
Great work. Can you perhaps have a suggestion on the documentation
whether we could clear up something to make this easier?
I know it is difficult to tell after the fact what was missing from the
docs, but perhaps we could improve it this way.
Thanks.
--
Bazsi
More information about the syslog-ng
mailing list