Menu
▾
▴
[Echelog-devel] Rewriting rules
|
From: Benoit D. <bd...@an...> - 2003-02-18 23:54:19
|
Hello again,
I'm looking for doing stat on logged data like iptables log and maillog.
I want to execute these actions:
RemoteHost : getlog(/var/log/messages) -> Sender(Hub)
Hub : receiver(RemoteHost) -> Filter -l001->
-> Rewriter(MailMessages) -> binstor/rrdtool
The Rewrite module can transform a messagetype in an other messagetype
after doing some conversions on VARCHAR.
sample:
--------------------------------------------------------------------
Filter is:
LINE~"^(... [0-9]+ [0-9:]{8}) .*: ([^:]+): from=<?([^,])>?,
size=([0-9]+), relay=(.*)$",DATE=\1,SPOOL=\2,MAILFROM=\3,SIZE=\4,RELAY=\5
--------------------------------------------------------------------
For log as:
Feb 17 12:22:18 local@server1 sendmail[15624]: h1HBMIVd015624:
from=<bd...@so...>, size=945, class=0, nrcpts=1,
msgid=<3E5...@so...>, proto=ESMTP, daemon=MTA,
relay=relay1.societe.local [172.16.0.2]
--------------------------------------------------------------------
The result is ....
Do you have some ideas about the best method to use?
Benoit
--
Benoit DOLEZ
GSM: +33 6 21 05 91 69 mailto:bd...@an...
|
