[syslog-ng] variable host filter in events
Syslogng
syslogng at master666.com
Mon Mar 23 18:16:22 UTC 2020
Hi,
We receive aggregated syslog from a server (all logs are send from 1 IP). Also all the events are mixed.
The name of the host sending the initial traffic is in each event.
ex:
2020/03/23 [notice] [user] New original_source=SERV1.example.com Task=0 ....
How to recover SER1 which is always preceded by "original_source=" and followed by "example.com" to save it in a file for example /data/serv1.log
I don't want a static filter (I know how to do it) but a dynamic one. If a new event arrives at original_source=SERV2.example.com
I would like it to automatically create a /data/serv2.log
Could you help me please ?
thank you in advance
Pit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200323/ec99ffd2/attachment.html>
More information about the syslog-ng
mailing list