[syslog-ng] need help with a match filter
Rory Toma
rory at ooma.com
Tue Jan 26 01:37:30 CET 2010
OK, after looking at about a hundred web pages, and having my office
mate do the same, here's what works:
filter foo_filter {
match("\(foo_[0-9A-F]\{9\}\)[0-9A-F]\{3\}" value("HOST")
flags("store-matches"));
};
# foo destinations
destination foo_dest {
file("/logs/${1}/$R_YEAR$R_MONTH$R_DAY/$HOST-$R_YEAR$R_MONTH$R_DAY.log"
owner(root) group(root) perm(0444)
template("$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC $MSG\n")
template_escape(no));
};
log {source(telo); filter(foo_filter); destination(foo_dest); };
More information about the syslog-ng
mailing list