[rsyslog-notify] Forum Thread: Re: Rsyslog 5.8.10 Dynamic Filename Regex Capabilities - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Wed Jan 29 04:53:58 CET 2014
User: rjar
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24145#p24145
Message:
----------
I'm sorry I don't quite understand what you mean by this. Can you perhaps
provide me with a concrete example of how I can use regex in a template?
In the documentation I see the following:
$template FileFormat,"%TIMESTAMP:::date-rfc3339% %HOSTNAME%
%syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"
But I would want a template like this
$template userBasedFileTemplate, "/var/log/users/<usernamehere>.log"
Based on the logs that I provided at the start of the thread ie: [admin]
has logged in
How can I parse %msg to get [admin] out and used in the filename?
If not can you please point me to where I could find a good tutorial on how
to do this because it seems that the documentation is rather thin.
Thank you!
More information about the rsyslog-notify
mailing list