<div dir="auto">Sure, just set a value in various log paths using rewrite { set("$foo $bar" value("output")); };<div dir="auto"><br></div><div dir="auto">And then in the template:</div><div dir="auto"><br></div><div dir="auto">template("$output\n");</div><div dir="auto"><br></div><div dir="auto">Or if the syslog header in the file is ok, just rewrite the MSG part and then you won't need a template on the destination side at all.</div><div dir="auto"><br></div><div dir="auto">Bazsi</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Feb 23, 2017 18:31, "Evan Rempel" <<a href="mailto:erempel@uvic.ca">erempel@uvic.ca</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div class="m_5166500216371740167moz-cite-prefix">Can you show a simplified example of
how to use a single destination but define different templates
that write to it? I have never been able to figure that out and it
should make some of my configs a lot easier.<br>
<br>
Evan.<br>
<br>
On 02/23/2017 08:56 AM, Scheidler, Balázs wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>This bugs may not have surfaced in your simple examples
though. The reason we have a unique id requirement is that
we store stuff like disk buffer file name associated to
destinations. Probably, you would not use the disk buffer
associated with a file destination, but internally you
could.<br>
<br>
</div>
An alternative solution is to define a single
/var/log/audit.log destination and then send messages from
multiple log paths. For that to work you'd have to construct
the template associated with the destination files a bit
earlier in the processing chain.<br>
<br>
</div>
hope this helps,<br>
</div>
Bazsi<br>
<div>
<div><br>
<br>
</div>
</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="m_5166500216371740167gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">-- <br>
Bazsi<br>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Thu, Feb 23, 2017 at 5:50 PM, Noémi
Ványi <span dir="ltr"><<a href="mailto:sitbackandwait@gmail.com" target="_blank">sitbackandwait@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>
<div>
<div>Syslog-ng stores persistent options and data in
syslog-ng.persist file. It contains data about
drivers specified in the configuration. The drivers
are identified by their "settings". In your case you
have three file drivers which contain the same log
file: "/var/log/abc/audit_log". Thus, the id of that
driver is not unique. To provide a unique identifier
for these drivers you must specify a different
string in persist-name. <br>
<br>
For example, you could add persist-name("abcaudit")
to driver d_abcaudit, persist-name("abcaudit_Prio")
to driver d_abcaudit_Prio and
persist-name("abcaudit_IPtab") to d_abcaudit_IPtab.
The key is that the string in persist-name is
unique.<br>
<br>
</div>
Previously, handling multiple drivers on the same
thing was broken in the usage of the persist file, if
I recall correctly. This persist-name option was
introduced to fix the problem. So, in previous
versions it was buggy.<br>
<br>
</div>
BR,<br>
</div>
kvch
<div>
<div class="m_5166500216371740167h5"><br>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 23
February 2017 at 16:43, David
Hauck <span dir="ltr"><<a href="mailto:davidh@netacquire.com" target="_blank">davidh@netacquire.com</a>></span>
wrote:<br>
<blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">Hi András,<br>
<span class="m_5166500216371740167m_-4633293952113833681gmail-"><br>
On Thu, 23 Feb 2017 at
00:22:00, syslog-ng wrote:<br>
> Hi David,<br>
><br>
> The issue with
persist_name() option was
mentioned (and solved)<br>
> previously in: <a rel="noreferrer" href="https://github.com/balabit/syslog-" target="_blank">https://github.com/balabit/sys<wbr>log-</a><br>
> ng/issues/1275<br>
<br>
</span>Thx, I'd seen that entry
prior to my email, however, it
wasn't clear to me what exactly
this doing. And I wasn't able to
find anything in the
documentation regarding the
persist-name() option. Moreover,
I wasn't sure if this would work
with my 'destination'
specification (as seen below).<br>
<br>
What exactly does
"persit-name()" do? How exactly
do I specifcy this for my
destination specifications
below? And what has changed
between these two versions to
now require this option?<br>
<br>
Thanks,<br>
-David<br>
<div>
<div class="m_5166500216371740167m_-4633293952113833681gmail-h5"><br>
> Br,<br>
> Andras<br>
><br>
><br>
> On Thu, Feb 23, 2017 at
1:28 AM, David Hauck <<a href="mailto:davidh@netacquire.com" target="_blank">davidh@netacquire.com</a>><br>
> wrote:<br>
><br>
><br>
> Hi,<br>
><br>
> I'm in the
processing or updating a
distribution's v3.6.3
syslog-ng<br>
> configuration to v3.9.1
and am running into some
issues getting<br>
> syslog-ng started. The
first one was:<br>
><br>
> Starting
syslog-ng: Error parsing
config, Error compiling
template<br>
> (Unknown template
function "format-json") in<br>
>
/usr/share/syslog-ng/include/s<wbr>cl/cim/template.conf
at line 23, column<br>
> 32<br>
><br>
> I found a
reference online to fixing
this by removing<br>
>
/usr/share/syslog-ng/include/s<wbr>cl/cim
and this indeed got me past
this<br>
> error (hopefully this
is an otherwise benign
modification).<br>
><br>
> I'm now stuck at
the following error:<br>
><br>
> Starting
syslog-ng:
[2017-02-22T08:07:50.101422]
Error checking the<br>
> uniqueness of the
persist names, please
override it with
persist-name<br>
> option. Shutting down.;<br>
>
persist_name='affile_dd_writer<wbr>s(/var/log/abc/audit_log)',<br>
>
location='/etc/syslog-ng.conf:<wbr>128:33'<br>
><br>
> Here's snippet
from my configuration file
that this error message<br>
> references:<br>
><br>
> ...<br>
> destination
d_abcaudit {
file("/var/log/abc/audit_log"<br>
> template(t_NAFormat));
};<br>
> destination
d_abcaudit_Prio {
file("/var/log/abc/audit_log"<br>
>
template(t_NAFormat_Prio));
};<br>
> -->
destination
d_abcaudit_IPtab {<br>
>
file("/var/log/abc/audit_log"
template(t_abcFormat_IPtab)); };<br>
> destination
d_abcmessage_Prio {
file("/dev/null"); };<br>
> ...<br>
><br>
> I wasn't able to
find any documentation or
guidance on the<br>
> "persist-name" option.
Any ideas on how I should go
about fixing this<br>
> error?<br>
><br>
> Thanks,<br>
> -David<br>
><br>
>
______________________________<wbr>______________________________<wbr>__________</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</blockquote>
<br>
<br>
</div>
<br>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
<br></blockquote></div></div>