[syslog-ng] Question on custom log writer message output
Dylan Kulesza
dylan.kulesza at gmail.com
Thu May 9 00:38:40 CEST 2013
I'm working on a custom module to integrate with a third parties native log
format. My intent is to have messages come into syslog-ng and processed as
usual and then sent out a custom destination driver.
Right now I've hacked together different code to make it work (tcp socket
connection per log source) and now I'm at the point of actually sending a
custom message. I've tried to stay as "true" to the syslog-ng as possible
and have leveraged the log_forward_msg method to send my LogMessage. I was
hoping I could just prepend data to the LogMessage but realized after doing
all the other leg work that it wasn't a simple string :)
So, my question is - what would the easiest way to leverage the existing
queue->log_forward_msg (doesn't require the socket to be open vs examples
such as spoof_source in afsocket) to write a custom message? I see that
LogTemplate may have what I need, but after submerging myself in syslog-ng
for the past week I'm not seeing clearly... Can anyone lend a hint/helping
hand?
What I'm trying to do:
Open Socket
Send Magic/StartPacket
Prepend all log messages with a byte message - for example:
040404040400010MESSAGE (Of course Message would be in bytes/hex).
It seems I would create an NVENTRY for my prepend message and then override
log_writer_format_log? to do this? Not 100% clear how I would accomplish
this. I also don't want to change any of the core/lib syslog-ng to
accomplish this. Should be implemented purely as a module.
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130508/9a55e9f8/attachment.htm
More information about the syslog-ng
mailing list