It was thus said that the Great Rainer Gerhards once stated: > On Tue, 2013-02-26 at 11:02 +0000, C. L. Martinez wrote: > > Hi all, > > > > Is it possible to do log correlation with rsyslog like syslog-ng > > does?? Example: > > > > http://lwn.net/Articles/424492/ > > > > I guess the short answer is "no". I need to look at a bit more detail, > but this beast seems to need to carry over a lot of state. I always > wanted to avoid this. > > Can you tell me some samples of what you would like to do? Getting a use > case in plain words is probably more useful than in XML ;)
Okay, here's something I'm doing. Postfix logs five lines per email. I collect each line in turn, the log a one-line summary to be forwarded to a remote logging host. I first check to make sure the program is 'postfix', the facility is 'mail' and level is 'info', then I check for the five specific lines in question, saving critical information from each line. Once I get all five (and they always occure in order and given that I'm reading from '/dev/log' there's no issue of out of order or missing entries), a one-line summary is prepared and then returned as the message to be logged. The code to do this is in Lua, and can be read here: https://github.com/spc476/syslogintr/blob/master/modules/postfix-mailsummary.lua -spc (At least it's not in XML 8-) _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
