[syslog-ng] Logging every email into a separate log file
Fekete Robert
frobert at balabit.hu
Wed Nov 23 15:36:18 CET 2011
On 11/23/2011 02:50 PM, Jakub Jankowski wrote:
> Wednesday 23 of November 2011 14:44:17 Dragan Zubac wrote:
>> Is it possible to configure syslog-ng to log email logs in separate file
>> for every email ?
>>
>> So an email is being processed,all lines in /var/log/mail.log for that
>> particular email has a unique identifier,there might be some 5-15 lines
>> for each email,is syslog-ng capable to log those lines per unique email
>> ID into a separate log file,where a filename is generated on-the-file
>> with some unique filename ?
>
> If this unique ID is present in every line related to a particular mail, you
> can parse it (either with patterndb, or plain CSV parser - depends on your
> log lines format), extract the ID and use it as a macron in the destination
> filename.
> So, under certain conditions, yes - it is possible.
>
> HTH
>
It might be possible even if the ID is not present in every log message. You can
use patterndb and message correlation to identify every message, and also to
group related messages (in your case, messages belonging to the same email).
Check Chapter 13 of the syslog-ng administrator guide:
http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.3-guides/syslog-ng-ose-v3.3-guide-admin-en.html/chapter-patterndb.html
Regards,
Robert
More information about the syslog-ng
mailing list