[syslog-ng] destination based on custom field question
Christopher Barry
christopher.barry at rackwareinc.com
Fri Jan 7 00:01:13 CET 2011
Greetings,
I'm new to syslog-ng, and I'm trying to key off of a custom field in a
log entry, and put the message in a particular directory named for the
field.
a sample log entry would look like this:
Dec 16 14:08:51 u910-05 testapp: \
00000000000000a7:00007f62d170a910:DEBUG :part.cpp : 183: \ |
PartitionInfo [0x275f720]
'\' denotes line continuation.
The field I want to key off in this line is:
00000000000000a7
I created a filter to only get stuff from 'testapp', but now I want to
make the destination be tied to the field. The field is positional, but
can have any value, and cannot be known a priori.
Not sure how to go about it. Any links to examples or where to start
would be very much appreciated.
--
Thanks,
-Christopher
More information about the syslog-ng
mailing list