I am trying to dynamically set the destination of syslog messages and I can't figure out how to do it. I'd like to have the messages logged to certain folders based on the content of the message.
For example, my fictional program will log messages about objects in the system based on their ID. So each CRUD operation on an object is logged with it's ID. I'd like to have a separate log file for each object based on it's ID.
If there were a way to parse out the ID via a regex, store the ID, and then use it in the destination, I'd be able to satisfy my requirement.
Something like this (which is obviously pseudo-code and doesn't work), where each log message has the object ID as the log file name, which is in each log message stored in brackets and is 4 digits:
# somehow parse out value that matches the regex \[\s\d][\s\d][\s\d][\s\d]\] and store it in $id
destination df_dest { file("/v/logs/${YEAR}${MONTH}${DAY}/$id.log"); };
filter f_program { program("program"); };
log { source(s_all); filter (f_program); destination (df_dest); flags(final); };
In this case there would be 2 log files...
1234.log
6789.log
...each with 2 messages in it.
[1234] Updated.
[1234] Deleted.
[6789] Created.
[6789] Fetched.
Any help is greatly appreciated.
Syslog per se does not allow what you have in mind. syslog facilities allow logging to separate files, using the localx facilities. But they are limited to 8.
To achieve what you want using syslog, i.e. logging to different files base on the content of the log message, you will have to write a custom syslog output plugin