[syslog-ng] variable host filter in events
Balazs Scheidler
bazsi77 at gmail.com
Tue Mar 24 06:18:37 UTC 2020
Hi,
You can extract values from $MSG by using regexps (by using a regexp based
filter with the flags(store-matches) option), or by using csv-parser() with
a custom separator (this should be faster) or even db-parser. In any case,
once you extracted the server name just make sure to store it in $HOST and
then you can use $HOST in your destination filename.
On Mon, Mar 23, 2020 at 7:16 PM Syslogng <syslogng at master666.com> wrote:
> Hi,
>
> We receive aggregated syslog from a server (all logs are send from 1 IP).
> Also all the events are mixed.
> The name of the host sending the initial traffic is in each event.
>
> ex:
> 2020/03/23 [notice] [user] New original_source=SERV1.example.com Task=0
> ....
>
> How to recover SER1 which is always preceded by "original_source=" and
> followed by "example.com" to save it in a file for example /data/serv1.log
> I don't want a static filter (I know how to do it) but a dynamic one. If a
> new event arrives at original_source=SERV2.example.com
> I would like it to automatically create a /data/serv2.log
>
> Could you help me please ?
>
> thank you in advance
>
> Pit
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
--
Bazsi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200324/76ebbe0c/attachment-0001.html>
More information about the syslog-ng
mailing list