[rsyslog-notify] Forum Thread: Sending to file based on last field - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Fri Aug 22 00:49:27 CEST 2014
User: treesloth
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24858#p24858
Message:
----------
Please let me know if I've overlooked something in my forum searches. So
far, no luck.
We have several servers that are sending logs to a log server called, very
creatively, logserver01. The log stream is forwarded to another server
with lots and lots of storage. The last field is an IP address of the
originating server. I'd like to break the log stream into separate files
based on the last field of each log line. Something along these lines:
[code:lobnxy8j]if $NF == '1.2.3.257' then
/var/log/log_file_1.2.3.257[/code:lobnxy8j]
The $NF, of course, is awk syntax, but how can this be done with rsyslog?
Thank you in advance.
More information about the rsyslog-notify
mailing list