Script worked like a charm... Thanks Gergely :)<div><br></div><div>Sagar<br><br><div class="gmail_quote">On Wed, Aug 22, 2012 at 3:40 PM, Gergely Nagy <span dir="ltr"><<a href="mailto:algernon@balabit.hu" target="_blank">algernon@balabit.hu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">sagar naravane <<a href="mailto:sagar.naravane@gmail.com">sagar.naravane@gmail.com</a>> writes:<br>
<br>
> Gergely,<br>
><br>
> Here all three log {} gets executed. What i am basically looking for is a<br>
> "if..else" or "case" sort of condition where only one of client-relay<br>
> communication happens based on hostname of client system.<br>
<br>
</div>That's what flags(final) is for. It will connect nevertheless, but will<br>
only send data when the filter matches.<br>
<br>
syslog-ng 3.4 might be a tiny bit better in this regard, you can more<br>
closely model your requirement there, but as far as I understand, even<br>
that would try to connect to all three relays.<br>
<br>
On the other hand, there may be another way, which works slightly<br>
differently: it basically makes syslog-ng call out to a shell script<br>
when it starts up, to determine the host name, and set up the<br>
configuration according to that.<br>
<br>
Something like:<br>
<br>
@module confgen context(destination) name(relay) exec("/path/to/script.sh")<br>
destination d_relay { relay(); };<br>
log { source(s_local); destination(d_relay); };<br>
<br>
Where the script would look something along these lines:<br>
<br>
,----<br>
| #! /bin/sh<br>
| set -e<br>
|<br>
| h=$(hostname)<br>
| case h in<br>
| sj1*)<br>
| relay="sj1-relay.localnet"<br>
| ;;<br>
| *)<br>
| echo "Unknown host: $h!" >&2<br>
| exit 1<br>
| ;;<br>
| esac<br>
|<br>
| cat <<EOF<br>
| tcp("${relay}");<br>
| EOF<br>
`----<br>
<br>
This has the advantage of not requiring a filter, and that all<br>
conditional stuff is performed at config load time, not for each and<br>
every message. Also, it will only ever connect to one single<br>
destination.<br>
<br>
The disadvantage is that the config isn't entirely contained in<br>
syslog-ng.conf, but you use an external script to generate parts of it.<br>
<br>
Also, the above solution requires syslog-ng 3.3+, while filters work<br>
with older versions too. Mind you, upgrading to 3.3 would be strongly<br>
recommended anyway :)<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
|8]<br>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Regards,<br><br>Sagar Naravane<br>
</div>