forked from simple-evcorr/rulesets
-
Notifications
You must be signed in to change notification settings - Fork 0
/
syslog-custom.sec
22 lines (20 loc) · 1.05 KB
/
syslog-custom.sec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
#############################################################################
# Sample SEC ruleset for syslog logging with non-constant program name
# (the ruleset works with SEC-2.7.9 or higher on Linux with /dev/log socket
# in datagram mode)
#
# Copyright (C) 2013-2016 Risto Vaarandi
# This is free software. You may redistribute copies of it under the terms of
# the GNU General Public License version 2.
# There is NO WARRANTY, to the extent permitted by law.
#############################################################################
# the following rule implements syslog logging for test messages with
# variable program names -- in order to change program names on the fly,
# the rule communicates with syslog daemon through /dev/log socket
# (since daemon=3 and info=6, and the priority value is calculated as
# 8*facility+level, the priority value for "daemon.info" is 8*3+6=30)
type=Single
ptype=RegExp
pattern=test: (\S+): (.+)
desc=log message '$2' for program $1 with priority daemon.info
action=udgram /dev/log <30>%.monstr %.mdaystr %.hmsstr $1: $2