<div dir="ltr"><div><div><div><div><div><div>If all you want to do is a message format then you could use the template() option for the tcp destination, like this:<br><br></div>destination d_tcp { tcp("server" port(whatever) template("040404040400010$MESSAGE"));<br>
<br></div>you can even embed hex characters in the template string using the \xFF escapes. If you want to do a more involved thing, then you probably need a LogProtoClient implementation, that you can now plug into the network() destination as a transport. The network destination was introduced in 3.4, but 3.5 has seen another largish refactoring change in this code.<br>
<br></div>Creating a LogProtoClient implementation should be straightforward, you need to create a new "class" from LogProtoClient, override its post() function. The post method should do everything to submit a message for sending. If you need duplex communication (e.g. not just one-way tcp like the "standard" tcp based syslog), you'll probably need to override prepare() to return which I/O masks you are interested in.<br>
<br></div>Once you have a working LogProtoClient, you can create a plugin from it and reference it from the transport() option of the network driver, e.g.<br><br></div>destination d_stuff {<br></div> network("server" port(whatever) transport(mytransport) template(whatever));<br>
<div>};<br><div><div><br></div><div>This will instantiate a new LogProtoClient plugin of yours and start sending messages for you.<br><br></div><div>If the protocol you want to implement has a client library and perhaps only has a blocking interface (like SQL clients usually are), you'll need to do this differently (see for example the sql destination).<br>
<br></div><div>To create a plugin from a LogProtoClient needs some boilerplate, but I can help with that.<br></div><div> </div></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, May 9, 2013 at 12:38 AM, Dylan Kulesza <span dir="ltr"><<a href="mailto:dylan.kulesza@gmail.com" target="_blank">dylan.kulesza@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div><div><div><div><div>I'm working on a custom module to integrate with a third parties native log format. My intent is to have messages come into syslog-ng and processed as usual and then sent out a custom destination driver. <br>
<br>Right now I've hacked together different code to make it work (tcp socket connection per log source) and now I'm at the point of actually sending a custom message. I've tried to stay as "true" to the syslog-ng as possible and have leveraged the log_forward_msg method to send my LogMessage. I was hoping I could just prepend data to the LogMessage but realized after doing all the other leg work that it wasn't a simple string :)<br>
<br></div>So, my question is - what would the easiest way to leverage the existing queue->log_forward_msg (doesn't require the socket to be open vs examples such as spoof_source in afsocket) to write a custom message? I see that LogTemplate may have what I need, but after submerging myself in syslog-ng for the past week I'm not seeing clearly... Can anyone lend a hint/helping hand?<br>
<br></div>What I'm trying to do:<br><br></div>Open Socket<br></div>Send Magic/StartPacket<br><br></div>Prepend all log messages with a byte message - for example:<br><br></div>040404040400010MESSAGE (Of course Message would be in bytes/hex).<br>
<br></div>It seems I would create an NVENTRY for my prepend message and then override log_writer_format_log? to do this? Not 100% clear how I would accomplish this. I also don't want to change any of the core/lib syslog-ng to accomplish this. Should be implemented purely as a module.<br>
<br><br></div>Thanks!<br></div>
<br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Bazsi
</div>