<div dir="ltr">yes! I am using and have worked perfectly!</div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">--<div>Jorge Pereira</div></div></div></div>
<br><div class="gmail_quote">On Sat, Apr 8, 2017 at 5:07 AM, Fekete, Róbert <span dir="ltr"><<a href="mailto:robert.fekete@balabit.com" target="_blank">robert.fekete@balabit.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>Hi, <br><br></div>AFAIK, the FILE_NAME macro is only available in syslog-ng Premium Edition 6. <br></div>CzP published a workaround a while back, that I never got to add to the official docs: <a href="https://czanik.blogs.balabit.com/2015/03/using-rfc5424-syslog-to-forward-file-names/" target="_blank">https://czanik.blogs.balabit.<wbr>com/2015/03/using-rfc5424-<wbr>syslog-to-forward-file-names/</a><br><br></div>I'm not sure if it works in your case.<br><br></div>Robert<br><div><br><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Apr 8, 2017 at 8:10 AM, Scheidler, Balázs <span dir="ltr"><<a href="mailto:balazs.scheidler@balabit.com" target="_blank">balazs.scheidler@balabit.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto">Hi,<div dir="auto"><br></div><div dir="auto">It seems indeed ugly. We do have a FILE_NAME macro that gets set to the name of the file the message was read from.</div><div dir="auto"><br></div><div dir="auto">With a quick search I didn't find it documented.</div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="m_-2303674341754180882h5">On Apr 8, 2017 07:27, "Jorge Pereira" <<a href="mailto:jpereiran@gmail.com" target="_blank">jpereiran@gmail.com</a>> wrote:<br type="attribution"></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="m_-2303674341754180882h5"><div dir="ltr"><div>Hi Team,</div><div><br></div><div>Well, I am working on a POC using the syslog-ng 3.7.1, basically, I have many of log files that the filename is /path/<file> and I need to append the file name into the syslog payload.</div><div><br></div><div>My current approach is.</div><div><br></div><div>1. I have the below destination() receiving the file name as a parameter. </div><div><br></div><div><snip></div><div>block destination d_collector_with_fn(__filename<wbr>("")) {</div><div>    tcp("192.168.2.44"</div><div>        port(514)</div><div>        keep-alive(on)</div><div>        template("$DATE $HOST $MSGHDR $(format-json --scope selected_macros             \</div><div>                                                    --exclude TAGS                      \</div><div>                                                    --exclude DATE                      \</div><div>                                                    --exclude PRIORITY                  \</div><div>                                                    --exclude FACILITY                  \</div><div>                                                    --exclude SOURCEIP                  \</div><div>                                                    --exclude PROGRAM                   \</div><div>                                                    --pair SYSLOG_WEBAPP_DOMAIN='`__filen<wbr>ame`'  \</div><div>                                                    --pair SOURCE=${SOURCE}</div><div>        )\n")</div><div>        template-escape(no)</div><div>    );  </div><div>};</div><div></snip></div><div><br></div><div><br></div><div>2. My simple script called by confgen create some dynamic "log {}" statements listening to the files and appending the filename as a parameter to the d_collector_with_fn()</div><div><br></div><div><snip></div><div>log {</div><div>        source {</div><div>                file("/path/<a href="http://thisisafile001.net" target="_blank">thisisafile001.net</a><wbr>"</div><div>                        program_override("mytag")</div><div>                        follow_freq(1)</div><div>                        flags(no-parse)</div><div>                );</div><div>        };</div><div>        destination {</div><div>                d_collector_with_fn(__filename<wbr>("<a href="http://thisisafile001.net" target="_blank">thisisafile001.net</a>"));</div><div>        };</div><div>};</div><div><br></div><div>log {</div><div>        source {</div><div>                file("<a href="http://caipirinha4ever.net" target="_blank">caipirinha4ever.net</a>"</div><div>                        program_override("mytag")</div><div>                        follow_freq(1)</div><div>                        flags(no-parse)</div><div>                );</div><div>        };</div><div>        destination {</div><div>                d_collector_with_fn(__filename<wbr>("<a href="http://caipirinha4ever.net" target="_blank">caipirinha4ever.net</a>"));</div><div>        };</div><div>};</div><div><br></div><div>.........................</div><div></snip></div><div><br></div><div>But, I have more than 5k files and my current approach creating multiples log { } statement resulting in one connection to the collector by each file!!! in this case, I have 5k connections... this is terrible, someone has some other suggestion? exist some way to catch the filename by some internal ${variable} and pass for a single destination()?</div><div><br></div><div>--</div><div>Jorge Pereira</div>
</div>
<br></div></div>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailm<wbr>an/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support<wbr>/documentation/?product=syslog<wbr>-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/sy<wbr>slog-ng-faq</a><br>
<br>
<br></blockquote></div></div>
</blockquote></div><br></div>
</div></div><br>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>