We have incoming logs from two edge firewalls, we want to filter individual lines of logs... with the following within our syslog-ng.conf
##logging
filter f_sendpage {
message("%ASA-5-722033") or message("%ASA-6-722022"); };
from there the captured logs should be sent to a perl script which emails it to
joeblogs@google.com for example..
##logging
destination d_sendpage { program ("/usr/local/bin/sendmessage.pl"); };
Now unfortunately, this is not picking up the ASA id number. but it can pick up any other word within the line.
This is what the start of a line would look like:
Sep 26 00:04:44 10.200.101.253 %ASA-5-722033: Deny udp src INSIDE
Am I doing something wrong?
Let me know,
Thanks.