Komplex rsyslog filter szabály - lehetséges?

 ( ambipur | 2017. szeptember 13., szerda - 22:33 )

Jelenleg cron segítségével 1 percenként futtatott bash scriptet használok lighttpd access.log illetve vsftpd.log szűrésére, feldolgozására. Így néz et ki:


#!/bin/bash
# Filtering web server's access.log

# Get the beginning of the computer IP's connected to the LAN
LANADRESS="$( cat /etc/network/interfaces | grep gateway | awk '{print $2}' | cut -c1-8 )"

# Initialising variable COMMAND with the path of the web server's access.log
COMMAND="cat /var/log/lighttpd/access.log"

# Filtering out rows containing IP addresses from the LAN
COMMAND="$COMMAND | grep -v $LANADRESS"

HTTP_CODE='" 200 "'

# Filtering out rows containing http status message 200, redirect command output to custom log file
COMMAND1="$COMMAND | grep $HTTP_CODE > /var/log/lighttpd/external_access.log"

# Filtering out suspicious rows, redirect command output to custom log file
COMMAND2="$COMMAND | grep -v $HTTP_CODE > /var/log/lighttpd/suspicious_access.log"

eval $COMMAND1
eval $COMMAND2

# Filtering and converting ftp server's traffic log

COMMAND="cat /var/log/vsftpd.log | grep 'DOWNLOAD\|UPLOAD' |"
COMMAND="$COMMAND awk '{print (\$2 \" \" \$3 \" \" \$4 \" \" substr(\$12, 2, length(\$12)-3) \" \" substr(\$8, 2, length(\$8)-2) \"[\"
substr(\$10, 1, length(\$10)-1) \"]: \" \$13 \" \" \$14 \" \" \$15 \" \" \$16 \" \" \$17 \" \" \$18 \" \" \$19 \" \" \$20)}'"
COMMAND="$COMMAND > /var/log/filtered_vsftpd.log"

eval $COMMAND

Meg lehet - e ezt oldani rsyslog filter szabály segítségével?