rsyslog - combining multiple property-based filters

Question

I'm trying to write rsyslog messages received from a specific host to a log file based on the message content. Let's say I'd like to send messages received from "myserver" that contains the pattern "supertext\d{1,4}" to /var/log/myserver-supertext.log, I'd go with:

if $fromhost=='myserver' AND $msg contains 'supertext\d{1,4}' then /var/log/myserver-supertext.log
& stop

Unfortunately, expression-based filters in rsyslog do not seem to support regexp, and I was trying to figure out how to do the same thing with property based filters, which support regexp. I was thinking about something like:

:fromhost, isequal, "myserver" AND :msg, regex, "supertext\d{1,4}" /var/log/myserver-supertext.log
& stop

I know it doesn't work that way and I'll appreciate it if you have an idea on how to do it.

score 0 · Answer 1 · edited Jun 01 '23 at 20:34

0

Not positive but it seems you need to use $msg contains 'supertext[0-9]{1,4}'

This passes syntax.

edited Jun 01 '23 at 20:34

miken32

942
1
13
35

answered Jul 28 '21 at 14:24

ATP

26
3

As I don't know what you are trying to post, try with the formatting help to get your text posted – djdomi Jul 28 '21 at 19:21
1

What does "Why is this cutting off my answer?" mean? It doesn't make any sense here. – Michael Hampton Jul 28 '21 at 22:00

rsyslog - combining multiple property-based filters

1 Answers1