以下是本地 Syslog-NG 日志记录的当前配置,
source s_network {
udp(
flags(syslog_protocol)
keep_hostname(yes)
keep_timestamp(yes)
use_dns(no)
use_fqdn(no)
);
};
destination d_all_logs {
file("/app/syslog-ng/custom/output/all_devices.log");
};
log {
source(s_network);
destination(d_all_logs);
};
要转发某些消息...下面是要添加的配置。
filter message_filter_string_1{
match("01CONFIGURATION\/6\/hwCfgChgNotify\(t\)", value("MESSAGE"));
}
filter message_filter_string_2{
match("01SHELL\/5\/CMDRECORD", value("MESSAGE"));
}
filter message_filter_string_3{
match("10SHELL", value("MESSAGE"));
}
filter message_filter_string_4{
match("ACE-1-111008:", value("MESSAGE"));
}
destination remote_log_server {
udp("192.168.0.20" port(25214));
};
log { source(s_network); filter(message_filter_string_1); destination(remote_log_server); };
log { source(s_network); filter(message_filter_string_2); destination(remote_log_server); };
log { source(s_network); filter(message_filter_string_3); destination(remote_log_server); };
log { source(s_network); filter(message_filter_string_4); destination(remote_log_server); };
实际上这样的过滤器有80多个
Syslog-NG 配置是否允许使用具有or或filter匹配的单个语句编写语法?regex1regex2regex3
(或者)
logSyslog-NG 配置是否允许使用具有多个过滤器的单个语句编写语法?
答案1
如果要组合多个匹配语句,请使用or:
filter send_remote {
match("01CONFIGURATION\/6\/hwCfgChgNotify\(t\)", value("MESSAGE"))
or
match("01SHELL\/5\/CMDRECORD", value("MESSAGE"))
or
match("10SHELL", value("MESSAGE"))
or
match("ACE-1-111008:", value("MESSAGE"));
}
...然后使用该过滤器名称一次:
log { source(s_network); filter(send_remote); destination(remote_log_server); };