On Tue, Feb 26, 2013 at 5:20 PM, Sean Conner <[email protected]> wrote: > It was thus said that the Great Rainer Gerhards once stated: >> On Tue, 2013-02-26 at 11:02 +0000, C. L. Martinez wrote: >> > Hi all, >> > >> > Is it possible to do log correlation with rsyslog like syslog-ng >> > does?? Example: >> > >> > http://lwn.net/Articles/424492/ >> > >> >> I guess the short answer is "no". I need to look at a bit more detail, >> but this beast seems to need to carry over a lot of state. I always >> wanted to avoid this. >> >> Can you tell me some samples of what you would like to do? Getting a use >> case in plain words is probably more useful than in XML ;) > > Okay, here's something I'm doing. Postfix logs five lines per email. I > collect each line in turn, the log a one-line summary to be forwarded to a > remote logging host. I first check to make sure the program is 'postfix', the > facility is 'mail' and level is 'info', then I check for the five specific > lines in question, saving critical information from each line. Once I get > all five (and they always occure in order and given that I'm reading from > '/dev/log' there's no issue of out of order or missing entries), a one-line > summary is prepared and then returned as the message to be logged. > > The code to do this is in Lua, and can be read here: > > https://github.com/spc476/syslogintr/blob/master/modules/postfix-mailsummary.lua > > -spc (At least it's not in XML 8-) >
Perfect Sean. Your solution is really close to what I am searching ... I don't know LUA scripting but I'll look. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
