2
responses

Currently we can route based off of MessageSourceAddress. But we are interested in routing messages to a folder based off of particular octets.

For example...(this doesn't work...just used to show what we would like to try to do on a conceptual basis).

if ($MessageSourceAddress == "192.*.*.100" ) { reroute("1"); }

We've tried escaping the wildcards, using 0s...I don't think that regex would work there...so what is the prescribed solution? Does anybody have something similar in place? Even just to get a host that ends in a specific octet would be helpful.

Regards,

-Tony

AskedFebruary 14, 2018 - 6:59pm

Answer (1)

I don't think that regex would work there.

Why not?

Haven't tested but the following should work IMO:

if ($MessageSourceAddress =~ "^192\.\d+\.\d+\.100" ) { reroute("1"); }

Comments (1)

  • tlay's picture

    Thanks for your response. I had some time to work through it today, and we will see how it shakes out elsewhere. Currently getting a message that "Scheduled execution failed; procedure 'reopen' failed"...but this is so close. It was working...but when I went full scale something changed.

    It doesn't get filtered to the right directory on start, but the rotation part seems to get it (which is why I think I am getting that error).

    ### TOP OF CONF ###
    define DEVICE1 /192+\.+\d++\.+\d++\.1/
    define DEVICE2 /192+\.+\d++\.+\d++\.2/
    
    <Processor disk_buffer>
         Module      pm_buffer
         MaxSize     131072
         Type          Disk
    #DEVICE 1
         Exec          if ($MessageSourceAddress =~ %DEVICE1%) { reroute("2");} \
    #DEVICE 2
         Exec          if ($MessageSourceAddress =~ %DEVICE2%) { reroute("3");}
    </Processor>
    
    <output_DEVICE1>
         Module          om_file
         File                  "C:/syslog/DEVICE1" + $MessageSourceAddress + "/" + $MessageSourceAddress + "-" Severity + ".log"
         <Schedule>
              When        59 * * * *
              <Exec>
                        log_info("attempting to rotate DEVICE1 logs");
                        file_cycle(file_name(), 24);
                        out_DEVICE1->reopen();
              </Exec>
          </Schedule>
    </Output>
    
    <output_DEVICE2>
         Module          om_file
         File                  "C:/syslog/DEVICE2" + $MessageSourceAddress + "/" + $MessageSourceAddress + "-" $Severity + ".log"
         <Schedule>
              When        59 * * * *
              <Exec>
                        log_info("attempting to rotate DEVICE2 logs");
                        file_cycle(file_name(), 24);
                        out_DEVICE2->reopen();
              </Exec>
          </Schedule>
    </Output>
    
    <Route 1>
         Path          in_tcp1234 => mem_buffer => disk_buffer => out_1234
    </Route 1>
    
    <Route 2>
         Path          im_null => out_DEVICE1
    </Route 2>
    
    <Route 3>
         Path          im_null => out_DEVICE2
    </Route 3>