[rsyslog-notify] Forum Thread: Split logs by matched string in 5.8.10 - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Thu Mar 19 19:58:10 CET 2015
User: dkoych
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25334#p25334
Message:
----------
I searched rsyslog documentation, but could not find the answer. I am
logging multiple devices to rsyslog (v 5.8.10) and currenty I split them in
differnet files besed on source IP:
[code:3ihlsw1u]$template
PerHostLog,"/var/log/remote-hosts/%FROMHOST%.log"[/code:3ihlsw1u]
I need to split it even further, by matching messages based also on a
string in each message (if possible regex) and saving it to a differnet
file, something like:
[code:3ihlsw1u]mattching pattern1 ->
"/var/log/remote-hosts/pattern1-%FROMHOST%.log"
mattching pattern2 -> "/var/log/remote-hosts/pattern2-%FROMHOST%.log"
mattching pattern3 -> not saved to any loged file
Everything else ->
"/var/log/remote-hosts/else-%FROMHOST%.log"[/code:3ihlsw1u]
More information about the rsyslog-notify
mailing list