Hi, thanks for your help. I will look into these resources.
Cheers Oliver On 2 April 2014 18:25, David Lang <[email protected]> wrote: > On Wed, 2 Apr 2014, Oliver Bestwalter wrote: > > Hi Rainer, >> >> On 2 April 2014 11:50, Rainer Gerhards <[email protected]> wrote: >> >> can you provide a sample of a message that you generate and tell us >>> where >>> the to-be-filtered field is? >>> >>> >>> Not really - my question is this abstract because I simply don't know >> how >> this would be possible in rsyslog and if it is possible at all ... As I >> don't know how this should be done I try not to assume anything and only >> try to tell you what I need. It does not even have to be a specific field >> (my understanding of those are a bit fuzzy still anyway) but it could >> filter for a message part in brackets or some similar marker. >> > > As an abstract answer, Yes, rsyslog can filter on anything you can define, > and can write to dynamically named files, you just need to define where you > want it to write. > > For filtering > http://www.rsyslog.com/doc/rsyslog_conf_filter.html > > for crafting the filename to write to you need to define a template for > the filename > http://www.rsyslog.com/doc/rsyslog_conf_templates.html > > there are predefined variables > http://www.rsyslog.com/doc/property_replacer.html > > in v6+ you can define your own variables. > > in v8.2 (and possibly in v7.6), you can assign the result of a template > operation to a variable. > > exactly how you would do this depends on the format of your logs and what > it takes to parse them. > > David Lang > > Example log messages with a brackets marker: >> >> <group_a> Message that will end up only in "group_a.log" >> <group_a> Another Message for "group_a.log" >> <group_b> Some interesting message for "group_b.log" >> <group_c> Message for "group_c.log" >> >> These messages based on the matched name will then end up in the >> corresponding log file. For the above example, the logfiles with their >> contents would be: >> >> /var/log/group_logs/group_a.log >> <group_a> Message that will end up only in "group_a.log" >> <group_a> Another Message for "group_a.log" >> >> /var/log/group_logs/group_b.log >> <group_b> Some interesting message for "group_b.log" >> >> /var/log/group_logs/group_c.log >> <group_c> Message for "group_c.log" >> >> So it would work like a regex that saves the matched name in a group and >> uses it as the name of the file. >> >> [If possible it would be nice to massage the contents to leave out the >> <...> parts, but I guess that's a different question]. >> >> Sorry if that was a bit verbose ... hope that clarifies it. >> >> Cheers >> Oliver >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> >> _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
