[syslog-ng] can syslog-ng extract part of the hostname and make directory on the fly?
Jakub Jankowski
shasta at toxcorp.com
Fri Jul 22 19:55:38 CEST 2011
On Fri, 22 Jul 2011 09:28:35 -0500, fedora fedora wrote:
> I have few hundreds of hosts, and say
>
> hosta has dns name groupa-hosta
> hostb has dns name groupbhostb
> hostc has dns name groupc.hostc
>
> ..etc..etc (note the first 6 characters defines the group)
>
> When a log comes in, can syslog-ng extracts the first 6 character from dns
> name, and drop the log file to the corresponding group? (So log from hostb
> will go under /log/groupb/groupahostb )
>
> I cannot predefine the groups though, since i don't know how many groups
> will be there, the only thing i know is the first 6 character of the
> hostname will be the group name
If there was a distinct separator between the group name and the rest, this
would be trivial, see similar example in 3.2 OSE administrator guide:
http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-v3.2-guide-admin-en.html/index.html-single.html#example_parser
Without such separator, I think you'd have to use something I asked for: a
substring function. This isn't included in 3.2 yet, but you can backport it
quite easily (I'm using it without problems). See those threads:
https://lists.balabit.hu/pipermail/syslog-ng/2011-April/016329.html
https://lists.balabit.hu/pipermail/syslog-ng/2011-April/016359.html
https://lists.balabit.hu/pipermail/syslog-ng/2011-May/016502.html
HTH
--
Jakub Jankowski|shasta at toxcorp.com|http://toxcorp.com/
GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D
More information about the syslog-ng
mailing list