[rsyslog] Right regex format for property based filters
Janis
janisg at latnetdc.lv
Wed Mar 4 16:20:21 CET 2009
Hello list.
I have a question regarding to rsyslog configuration. What is the
correct syntax of property based
filter with regex.
I'm using this configuration right now, and would like to create date
based logfiles for each host - hostA, hostB, hostC.
But it doesn't work this way.
$template TplFile,"/var/log/hosts/%HOSTNAME%-%$YEAR%-%$MONTH%-%$DAY%.log"
:HOSTNAME, regex, "hostA|hostB|hostC" -?TplFile
And when running rsyslog with -d, I got only false matches on this
regex. I seems that it tries to match all the text
inside quotes instead of regexp. As I have red in man page, and html
docs, then regexp should be in POSIX RE format
(tryed also everything enclosed in braces). For example, if I change
regex like this:
:HOSTNAME, regex, "host" -?TplFile
Then it works and matches all the hosts (A,B,C), and creates the files
for each (well it's the same as using contains).
But that doesn't solve the problem, when there isn't equal start
prefixes for all hosts.
For example if I want to match hosts - dog,cat,cow.
Best regards
--janis
More information about the rsyslog
mailing list