Hi Rainer,
On 2 April 2014 11:50, Rainer Gerhards <[email protected]> wrote:
> can you provide a sample of a message that you generate and tell us where
> the to-be-filtered field is?
>
>
Not really - my question is this abstract because I simply don't know how
this would be possible in rsyslog and if it is possible at all ... As I
don't know how this should be done I try not to assume anything and only
try to tell you what I need. It does not even have to be a specific field
(my understanding of those are a bit fuzzy still anyway) but it could
filter for a message part in brackets or some similar marker.
Example log messages with a brackets marker:
<group_a> Message that will end up only in "group_a.log"
<group_a> Another Message for "group_a.log"
<group_b> Some interesting message for "group_b.log"
<group_c> Message for "group_c.log"
These messages based on the matched name will then end up in the
corresponding log file. For the above example, the logfiles with their
contents would be:
/var/log/group_logs/group_a.log
<group_a> Message that will end up only in "group_a.log"
<group_a> Another Message for "group_a.log"
/var/log/group_logs/group_b.log
<group_b> Some interesting message for "group_b.log"
/var/log/group_logs/group_c.log
<group_c> Message for "group_c.log"
So it would work like a regex that saves the matched name in a group and
uses it as the name of the file.
[If possible it would be nice to massage the contents to leave out the
<...> parts, but I guess that's a different question].
Sorry if that was a bit verbose ... hope that clarifies it.
Cheers
Oliver
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
