I want to use regex to filter IP address and trigger template name 'DynFile', else trigger template name 'HostnameDynFile'. Can anyone please advise?
Template
template (name="DynFile" type="string" string="/opt/log/%FROMHOST-IP%/syslog.log")
template (name="HostnameDynFile" type="string" string="/opt/log/%HOSTNAME%/syslog.log")
if $fromhost-ip regex '\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(.|$)){4}\b' then {action(type="omfile" dynaFile="DynFile" } else {action(type="omfile" dynaFile="HostnameDynFile" }
Aucun commentaire:
Enregistrer un commentaire