[rsyslog] Use part of incoming syslog message in an output file name?
bbradleyuk at gmail.com
Mon Jan 28 12:30:23 CET 2013
On Mon, 28 Jan 2013 10:44:31 +0000
Rainer Gerhards <rgerhards at hq.adiscon.com> wrote:
I've got my regular expression and tested it using the regex tester...
$template tpl, "%msg:R,ERE,1,BLANK:([a-z0-9\-\.]+) [0-9]+$--end%\n"
How do I modify this bit of config to use it?
$template ApacheAccessLogFile, "/var/log/httpd/%procid%_access.log"
$template ApacheAccessLogFormat, "%msg:2:$:drop-last-lf%\r\n"
if $app-name == 'apache-access' and $syslogfacility-text == 'local0' and $syslogseverity-text == 'info' then -?ApacheAccessLogFile;ApacheAccessLogFormat
In my ApacheAccessLogFile template I'd like to use the sub-match returned by the regex in place of the %procid% variable in the output file path.
How do I do that?
This would be a great example and would really help me figure out how to build more complex configurations.
More information about the rsyslog