[syslog-ng] filtering based on text?
Dan Egli
dan at newideatest.site
Thu Feb 4 04:48:13 UTC 2021
Hey folks, I've looked for a way to do this, and I guess my google-foo
is weak today. I've got a situation where on one of my machines, an
automated process FREQUENTLY calls sudo so it can gain the permissions
it needs to do certain tasks. But that means my /var/log/messages is
getting FILLED with sudo messages. I was hoping I could insert some kind
of text filter that would allow me to shunt messages where one user (the
automated process) calls sudo into another log file. It would basically
need to be a nested filter, i.e.:
If message_source = sudo then
if user = X then
log to auto_sudo.log
If someone knows how this can be done, I'd appreciate it.
Thanks!
--- Dan
More information about the syslog-ng
mailing list