I have a logstash.conf file where i'm defining two distinct path for two different type of logs one is for system logs and another is for network logs. However, these logs are being collected on the same directory location as /scratch/rsyslog where its creating an individual folder for each host before dumping the logs, for example ..
-
/scratch/rsyslog/server01/messages.log
/scratch/rsyslog/server02/messages.logand so on for the system logs -
For network logs its like:
/scratch/rsyslog/Sep/messages.log
Below is the input Filter and path for both type of logs. now the problem is that i'm using wildcard to match to get all the names with * here path => [ "/scratch/rsyslog/*/messages.log" ] which gets everything.
input {
file {
path => [ "/scratch/rsyslog/*/messages.log" ]
type => "syslog"
}
file {
path => [ "/scratch/rsyslog/Sep/messages.log" ]
type => "apic_logs"
}
}
So, in the First path which is system logs i need that starts with lowercase letters which may include some numbers though like server01.
Maybe i'm thinking
^[a-z0-9]
Whereas in second path which is network logs i need to get where first letter startswith uppercase letter following lowercase (these are month names usually like i mentioned Sep , it gets changed itself on the month end).
maybe [1].* for second one
i'm looking to get a regex which can fit into this situation.
any help will be much appreciated.
A-Z ↩︎