I am trying to determine the best way to filter logs from rsyslog. Currently, given the nature of my environment, I am receiving various types of logs from various hosts, via a single feed from ONE host. As such, I need to filter these logs out into various devices types and host names. For example, I would like to have a folder structure that ends with /rsyslog/windows/host1/firstlog.log, /rsyslog/windows_sysmon/host1/firstlog.log, /rsyslog/centrify/host2/firstlog.log, etc.
What is the best way to accomplish this? I am thinking something along the lines of running a regex to determine the type of log, extract the hostname, and write the logs to the corresponding folders.
Comments
Post a Comment