How to pull a variable from a syslog-ng log line?

Z

zdravnik2019-06-18 10:19:29

linux

zdravnik, 2019-06-18 10:19:29

How to make a message:

Jun 17 17:38:02 server2.test nginx: test.ru 192.168.1.121 - [17/Jun/2019:17:38:02 +0300] UNIX-TIME-1560782282.938 "GET / HTTP/1.1" 200

fell into the file along the path /var/log/test.ru/nginx_ac.log ?
Those. the meaning is that, depending on the domain name (in this case, it is test.ru), the log is added to a folder with the name of the domain name ?
There are a lot of domains, so listing them is not an option, you just need to cut them out of the message

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexander, 2019-06-18
@shabelski89

For some reason, it seems to me that I need to look in the direction of rsyslog)
I didn’t really understand how the syslog-ng source file is filled.
But for one-time parsing, you can make such a construction

#!/bin/bash
while read domain; do echo "$domain" | mkdir ~/var/log/`grep -Po '(?<=nginx:\s).+(\.\D\S{1,3})'` 2>/dev/null; done < syslog
while read string; do echo "$string" | echo "$string" >> ~/var/log/`grep -Po '(?<=nginx:\s).+(\.\D\S{1,3})'`/nginx_ac.log  ; done < syslog

Reads the syslog file line by line (replace with the one you need), rips out the domain with a regular expression, creates a folder for it and puts in it a line corresponding to this domain.
For myself, I have not decided what to do, so that the source syslog file is apparently constantly updated, how to make it read from the place of a new entry, can delete a line after reading ...
I'm waiting for them to throw sticks at me.