On Fri, 23 Sep 2011, Jonathan Sabo wrote:
Does anyone have any rsyslog config to match apache server status and error codes? I'm trying to find a way to log error codes 500's and 400's to different logs. Would just like some advice on how to go about doing that...
it gets a little ugly to do this with the default log format because you don't have a really good way of matching only at a specific position (the fields are space separated and earlier fields can contain embedded spaces)
if you can change your format to put the result code in a more predictable place it becomes much easier to match.
for example, if you were to put the result code first, you could then match for %msg starting with '4' or '5'.
without changing the format, you can do a regex match for " 4[0-9][0-9] " and probably get pretty good results (you may get some false positives, but by including the spaces before and after the value it hopefully won't be too bad)
David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
