I have a rsyslog server and several hundred Linux, Windows, ESX and F5 hosts that will be sending syslog messages to it. Is there any way to capture a specific character in the hostname from each message and based on what that character is forward the message to the appropriate directory?
For example, for messages from adm01lt, I want to capture the fifth character. The L is for Linux and I have a directory named /var/log/linux where I want subdirectories for each host created dynamically as the logs come in.
Another example, for messages from adm21wp, I want to capture the fifth character. The W is for Windows and I have a directory named /var/log/windows where I want subdirectories for each host created dynamically as the logs come in.
Any help would be greatly appreciated.
