[rsyslog-notify] Forum Thread: Rsyslog 5.8.10 Dynamic Filename Regex Capabilities - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Tue Jan 28 20:27:24 CET 2014
User: rjar
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24140#p24140
Message:
----------
I'm new to rsyslog and I'm currently working with v5.8.10. I was wondering
if this version has the capabilities to pull a substring from a log message
and then use that information to generate a new logfile. I want to use
this to behaviour to locally and dynamically create a log file so that I
can have a separate logs based on a tag. For instance given then following
logs:
[admin] has logged in
[admin] has searched for user X
[user1] has logged in
[admin] has updated information for user Y
[user1] has gone to their configured dashboard
So based on logs similar to these, I would want to do a regex that takes
the user name between square brackets and logs to a separate file that only
pertains to that user. So in this example we would have:
admin.log
[admin] has logged in
[admin] has searched for user X
[admin] has updated information for user Y
user1.log
[user1] has logged in
[user1] has gone to their configured dashboard
Since I don't know in the user names that may pop up in these logs I want
to use a regex to pull that username out and then either create a new
logfile or append to the existing one. Is this something that is possible?
Thank you!
More information about the rsyslog-notify
mailing list