[syslog-ng] Logging only if phrase found
Sebastian Deißner
sebastian at debianfan.de
Tue May 17 23:48:52 CEST 2011
Hi @all,
i am using syslog-ng for logging into mysql.
****************************
options {
chain_hostnames(off);
sync(0);
stats(43200);
};
source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };
destination d_mysql {
program("/usr/bin/mysql --user=syslogfeeder
--password=SuperPassWord syslog" template("INSERT INTO logs (host,
facility, priority, level, tag, datetime, program, msg) VALUES (
'$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY
$HOUR:$MIN:$SEC','$PROGRAM', '$MSG' );\n")
template-escape(yes)); };
destination messages { file("/var/log/messages"); };
log {
source(src);destination(messages); destination(d_mysql);
};
****************************
I want to have only the entries in my log database, that contain a
specific phrase, for example all the entries with "...connect..."
Is this possible with syslog-ng?
tnx
Sebastian
More information about the syslog-ng
mailing list