[syslog-ng] need help with a match filter
Rory Toma
rory at ooma.com
Mon Feb 8 20:20:59 CET 2010
Honestly, I no longer remember. However, having something like an
"examples" section with several working examples and explanations would
be helpful, and if there are subtle differences, pointing out the
difference and why it makes a difference.
On 2/6/10 7:54 AM, Balazs Scheidler wrote:
> On Mon, 2010-01-25 at 16:37 -0800, Rory Toma wrote:
>
>> OK, after looking at about a hundred web pages, and having my office
>> mate do the same, here's what works:
>>
>> filter foo_filter {
>> match("\(foo_[0-9A-F]\{9\}\)[0-9A-F]\{3\}" value("HOST")
>> flags("store-matches"));
>> };
>>
>> # foo destinations
>> destination foo_dest {
>>
>> file("/logs/${1}/$R_YEAR$R_MONTH$R_DAY/$HOST-$R_YEAR$R_MONTH$R_DAY.log"
>> owner(root) group(root) perm(0444)
>> template("$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC $MSG\n")
>> template_escape(no));
>> };
>>
>> log {source(telo); filter(foo_filter); destination(foo_dest); };
>>
> Great work. Can you perhaps have a suggestion on the documentation
> whether we could clear up something to make this easier?
>
> I know it is difficult to tell after the fact what was missing from the
> docs, but perhaps we could improve it this way.
>
> Thanks.
>
>
>
More information about the syslog-ng
mailing list