I have syslog-ng logging some Cisco equipment, specifically ISDN q931 debugs. These log files are created and labeled by hostname.dailydate for daily files.
I want to be able to keep syslog-ng logging these files, but Splunk to monitor the data in this folder and or new files for that day. While monitoring, I want to be able to trigger an email with the line details that match a specific number in this debug IE telco ANI. Each time the specific number is seen, trigger a new email with log time and debug details etc.
Is this something that can be done?
... View more