[syslog-ng] Auto routing to specific relay based on hostname

sagar naravane sagar.naravane at gmail.com
Wed Aug 22 14:01:05 CEST 2012 

Script worked like a charm... Thanks Gergely :)

Sagar

On Wed, Aug 22, 2012 at 3:40 PM, Gergely Nagy <algernon at balabit.hu> wrote:

> sagar naravane <sagar.naravane at gmail.com> writes:
>
> > Gergely,
> >
> > Here all three log {} gets executed. What i am basically looking for is a
> > "if..else" or "case" sort of condition where only one of client-relay
> > communication happens based on hostname of client system.
>
> That's what flags(final) is for. It will connect nevertheless, but will
> only send data when the filter matches.
>
> syslog-ng 3.4 might be a tiny bit better in this regard, you can more
> closely model your requirement there, but as far as I understand, even
> that would try to connect to all three relays.
>
> On the other hand, there may be another way, which works slightly
> differently: it basically makes syslog-ng call out to a shell script
> when it starts up, to determine the host name, and set up the
> configuration according to that.
>
> Something like:
>
> @module confgen context(destination) name(relay) exec("/path/to/script.sh")
> destination d_relay { relay(); };
> log { source(s_local); destination(d_relay); };
>
> Where the script would look something along these lines:
>
> ,----
> | #! /bin/sh
> | set -e
> |
> | h=$(hostname)
> | case h in
> |      sj1*)
> |         relay="sj1-relay.localnet"
> |         ;;
> |      *)
> |         echo "Unknown host: $h!" >&2
> |         exit 1
> |         ;;
> | esac
> |
> | cat <<EOF
> | tcp("${relay}");
> | EOF
> `----
>
> This has the advantage of not requiring a filter, and that all
> conditional stuff is performed at config load time, not for each and
> every message. Also, it will only ever connect to one single
> destination.
>
> The disadvantage is that the config isn't entirely contained in
> syslog-ng.conf, but you use an external script to generate parts of it.
>
> Also, the above solution requires syslog-ng 3.3+, while filters work
> with older versions too. Mind you, upgrading to 3.3 would be strongly
> recommended anyway :)
>
> --
> |8]
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>


-- 
Regards,

Sagar Naravane
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20120822/3dd45d68/attachment.htm

More information about the syslog-ng mailing list