[rsyslog-notify] Forum Thread: Re: Rsyslog 5.8.10 Dynamic Filename Regex Capabilities - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Wed Jan 29 20:57:05 CET 2014
User: rjar
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24152#p24152
Message:
----------
I want those logs to be potentially pushed to another log but named
something different so that it does not end up being an unreadable filename
like "userlog_**NO MATCH**?" For instance if I were to have logs coming in
like the following
[admin] has logged in
[admin] has searched for user X
System: CPU usage has spiked abnormally
[user1] has logged in
System: Hope you're having a nice day
[admin] has updated information for user Y
HealthMonitor: Everything is still ok
[user1] has gone to their configured dashboard
Using the strategy previously mentioned in the thread I would end up with
userlog_admin:
[admin] has logged in
[admin] has searched for user X
[admin] has updated information for user Y
userlog_user1:
[user1] has logged in
[user1] has gone to their configured dashboard
userlog_**NO MATCH**?:
System: CPU usage has spiked abnormally
System: Hope you're having a nice day
HealthMonitor: Everything is still ok
But now suppose I want to be able to split out those "System" logs into
another file. It seems that I need to use a conditional IF structure but
unfortunately it seems from your comment that I would have to run the regex
twice. Unfortunately I don't have the ability to upgrade at this time nor
do I have the ability to modify the pre-existing format of the log
messages. I suppose this means that I have no other options except to run
the regex twice?
More information about the rsyslog-notify
mailing list