[syslog-ng] Problems with syslog-ng 3.7.3 + mod_confgen

Fekete, Róbert robert.fekete at balabit.com
Tue Aug 30 09:28:49 CEST 2016


Hi,

Can you try to put the @module... declaration outside the log statement,
and use the name of the source (s_nginx...) in the log statement?

Robert

On Fri, Aug 12, 2016 at 8:15 AM, Jorge Pereira <jpereiran at gmail.com> wrote:

> Hi guys!
>
> Following the sample described in https://www.balabit.com/
> documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/
> generating-configuration-blocks.html
>
> 1) I have my 'confgen' script that prints the below *file()* entries.
> (p.s: these files has content.)
>
> # /etc/syslog-ng/scripts/confgen-modsec-skeleton.sh
> file("/opt/nginx/logs/waf/www.cocada.com" program_override("ng_modsec")
> flags(no-parse));
> file("/opt/nginx/logs/waf/www.caipirinha.com"
> program_override("ng_modsec") flags(no-parse));
> #
>
> 2) My config set:
>
> # cat /etc/syslog-ng/conf.d/nginx_modsec.conf
> options {
>     threaded(yes);
>     flush_lines(0);
>     use-dns(no);
>     normalize-hostnames(yes);
>     keep-hostname(yes);
> };
>
> destination d_collector {
>     tcp("192.168.1.248" port(514)  keep-alive(on)  );
> };
>
> log {
> @module confgen context(source) name(s_nginx_modsec_log)
> exec("/etc/syslog-ng/scripts/confgen-modsec-skeleton.sh")
>     destination(d_collector);
> };
>
> #
>
> Conclusion: The syslog-ng doesn't call the script at any time.
>
> # strace -fff /usr/sbin/syslog-ng -dvte 2>&1 | grep "confgen-modsec"
>
> p.s: I have 'confgen' support.
>
> # syslog-ng --version | grep confgen
> Available-Modules: syslogformat,kvformat,afamqp,sdjournal,system-source,
> afuser,json-plugin,dbparser,affile,afsocket,linux-kmsg-
> format,afmongodb,mod-python,*confgen*,csvparser,pseudofile,
> afsql,afprog,afstomp,cryptofuncs,graphite,basicfuncs
> #
>
> I appreciate any help.
>
> Best,
> Jorge Pereira
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160830/b9ae2d28/attachment-0001.htm 


More information about the syslog-ng mailing list