<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
Hi!</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
I would not mix up the two sources in this case. You can define multiple logpaths:</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<span style="font-family: Consolas, Courier, monospace;">@define server-log "/tmp/var/log/cron.log"</span><span><br>
</span>
<div><span style="font-family: Consolas, Courier, monospace;">@define client-log "/tmp/var/log/CLIENTS/$YEAR/$MONTH_ABBREV/$DAY/$HOST/cron.log"</span><br>
</div>
<div><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;">source s_local {</span><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;">...</span><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;">};</span><br>
</div>
<div><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;">source s_network {</span><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;">...</span><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;">};</span><br>
</div>
<div><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;">destination d_cron_client {</span><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;"> file("`server-log`" create-dirs(yes));</span><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;">};</span><br>
</div>
<div><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;">destination d_cron_server {</span><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;"> file("`client-log`" create-dirs(yes));</span><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;">};</span><br>
</div>
<div><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;">log {</span><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;"> source(s_local);</span><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;"> destination(d_cron_client);</span><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;">};</span><br>
</div>
<div><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;">log {</span><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;"> source(s_network);</span><br>
</div>
<div><span style="font-family: Consolas, Courier, monospace;"> destination(d_cron_server);</span><br>
</div>
<span style="font-family: Consolas, Courier, monospace;">};</span><br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<span style="font-family: Consolas, Courier, monospace;"><br>
</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<span style="font-family: Consolas, Courier, monospace;">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
Also the `create-dirs(yes)` option is necessary to allow syslog-ng to create the directories needed.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
I hope this does what you expect, if not, feel free to ask more <span id="🙂">🙂</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<span><br>
</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
Regards,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
Attila</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
</div>
<br>
</span></div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Frank DiGennaro <frank@digennaro.com><br>
<b>Sent:</b> Monday, February 17, 2020 3:15 PM<br>
<b>To:</b> 'Syslog-ng users' and developers' mailing list' <syslog-ng@lists.balabit.hu><br>
<b>Subject:</b> Re: [syslog-ng] Set log directory based on the source</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.<br>
<br>
<br>
Hello;<br>
Thanks for the input but I am still missing something here. This is what I have implemented but still can't get it to work.<br>
Thanks;<br>
Frank<br>
<br>
@define server-logdir "/var/log"<br>
@define client-logdir "/var/log/CLIENTS/$YEAR/$MONTH_ABBREV/$DAY/$HOST"<br>
@define logdir ""<br>
<br>
rewrite r_logdir {<br>
set(<br>
"server-logdir"<br>
value( "logdir" )<br>
condition( source( "s_local" ) )<br>
);<br>
set(<br>
"client-logdir"<br>
value( "logdir" )<br>
condition( source( "s_network" ) )<br>
);<br>
};<br>
<br>
source s_local {<br>
...<br>
};<br>
<br>
source s_network {<br>
...<br>
};<br>
<br>
destination d_cron {<br>
file( "`logdir`/cron.log" );<br>
};<br>
<br>
log {<br>
source( s_local );<br>
source( s_network );<br>
rewrite(r_logdir);<br>
filter( f_cron );<br>
destination( d_cron );<br>
};<br>
<br>
-----Original Message-----<br>
From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> On Behalf Of Peter Kokai (pkokai)<br>
Sent: Thursday, January 30, 2020 12:14 PM<br>
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu><br>
Subject: Re: [syslog-ng] Set log directory based on the source<br>
<br>
Hello,<br>
<br>
You could use macro in order to create different logpath with one file destination:<br>
<br>
```<br>
destination d_local0 {<br>
file( "${LOGDIR}/local/local0.log" );<br>
};<br>
```<br>
<br>
This is going to create a path based on the current logmessage $LOGDIR variable/macro.<br>
<br>
The question remains how to calculate $LOGDIR.<br>
One option you could use:<br>
<br>
```<br>
source s_local0 {<br>
internal();<br>
};<br>
<br>
source s_network {<br>
network(port(1111));<br>
};<br>
<br>
destination d_local {<br>
file("${LOGDIR}/some/path.txt"); };<br>
<br>
rewrite r_logdir {<br>
set("logdir-server" value("LOGDIR") condition( source("s_network") ) );<br>
set("logdir-client" value("LOGDIR") condition( source("s_local0") ) ); };<br>
<br>
log {<br>
source(s_local0);<br>
source(s_network);<br>
<br>
rewrite(r_logdir);<br>
<br>
destination(d_local);<br>
};<br>
```<br>
<br>
The rewrite possible can be replaced, but if you have low number of different path I guess it is enough. (Also you could write more complex condition for different logdir names.)<br>
<br>
--<br>
Kokan<br>
<br>
On Thu, Jan 30, 2020 at 11:25:26AM -0500, Frank DiGennaro wrote:<br>
> CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.<br>
><br>
> Hello;<br>
> I'm somewhat of a newbie when it comes to syslog-ng so forgive me if the question is somewhat basic. I am running syslog-ng 3.25 on both server and clients and would like to set a variable based on the source. This is what I have:<br>
><br>
> @define server-logdir "/var/log"<br>
> @define client-logdir "/var/log/CLIENTS/$YEAR/$MONTH_ABBREV/$DAY/$HOST"<br>
> @define logdir ""<br>
><br>
> source s_local {<br>
> logdir `server-logdir`; *No!<br>
> ...<br>
> ...<br>
> };<br>
> source s_network {<br>
> logdir `client-logdir`; *No!<br>
> ...<br>
> ...<br>
> };<br>
> destination d_local0 {<br>
> file( "`logdir`/local/local0.log" ); };<br>
><br>
> The goal is to set 'logdir' to either 'server-logdir' or<br>
> 'client-logdir' and use it in the destination. I know there are probably several ways that this can be accomplished but I think this was will cut down on the number of lines in the configuration. So my question Is this. How do I set 'logdir' to either 'server-logdir'
or 'client-logdir' in the source definition?<br>
> Thanks;<br>
><br>
> DiGennaro<br>
> Frank DiGennaro<br>
> 301-676-8193 (C)<br>
> frank@digennaro.com<<a href="mailto:frank@digennaro.com">mailto:frank@digennaro.com</a>><br>
><br>
<br>
> ______________________________________________________________________<br>
> ________ Member info:<br>
> <a href="https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist">
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist</a><br>
> s.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CPeter<br>
> .Kokai%40oneidentity.com%7C74d83ff1c9024e60428408d7a5a108c8%7C91c369b5<br>
> 1c9e439c989c1867ec606603%7C0%7C0%7C637159983378113505&sdata=jRbzD6<br>
> 8qb8i3PvTtOwXN4XMQRG%2Fx2DLR%2FiUg%2FTUigfQ%3D&reserved=0<br>
> Documentation:<br>
> <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.b">
https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.b</a><br>
> alabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data<br>
> =02%7C01%7CPeter.Kokai%40oneidentity.com%7C74d83ff1c9024e60428408d7a5a<br>
> 108c8%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637159983378113505&<br>
> amp;sdata=GLC5NR2Fm4dmXz%2BtyRxRD4CnERaOKDBsQ11xSN0ykhs%3D&reserve<br>
> d=0<br>
> FAQ:<br>
> <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.b">
https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.b</a><br>
> alabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CPeter.Kokai%40one<br>
> identity.com%7C74d83ff1c9024e60428408d7a5a108c8%7C91c369b51c9e439c989c<br>
> 1867ec606603%7C0%7C0%7C637159983378113505&sdata=xvZE3offYnT%2BLlR6<br>
> 7tlWPYwB26L5Mulaj7YQMViKDdU%3D&reserved=0<br>
><br>
______________________________________________________________________________<br>
Member info: <a href="https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C86a7d431093d4c53886e08d7b3b3cbd2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637175457109309159&sdata=RuqJ7F0VKuuJ%2FhT8ufWaWipWFzU5DKLYLmxgumqefQ8%3D&reserved=0">
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C86a7d431093d4c53886e08d7b3b3cbd2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637175457109309159&sdata=RuqJ7F0VKuuJ%2FhT8ufWaWipWFzU5DKLYLmxgumqefQ8%3D&reserved=0</a><br>
Documentation: <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C86a7d431093d4c53886e08d7b3b3cbd2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637175457109309159&sdata=bgP9jDwcFMkrKHUY5I3nROD%2B4sHG%2B2DupHhxbXFtZEM%3D&reserved=0">
https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C86a7d431093d4c53886e08d7b3b3cbd2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637175457109309159&sdata=bgP9jDwcFMkrKHUY5I3nROD%2B4sHG%2B2DupHhxbXFtZEM%3D&reserved=0</a><br>
FAQ: <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C86a7d431093d4c53886e08d7b3b3cbd2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637175457109309159&sdata=zbsHBCoLmI2%2F85Sdvuw1HM5u3LTzULKUvd%2BpiWCCZFg%3D&reserved=0">
https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C86a7d431093d4c53886e08d7b3b3cbd2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637175457109309159&sdata=zbsHBCoLmI2%2F85Sdvuw1HM5u3LTzULKUvd%2BpiWCCZFg%3D&reserved=0</a><br>
<br>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C86a7d431093d4c53886e08d7b3b3cbd2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637175457109309159&sdata=RuqJ7F0VKuuJ%2FhT8ufWaWipWFzU5DKLYLmxgumqefQ8%3D&reserved=0">
https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C86a7d431093d4c53886e08d7b3b3cbd2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637175457109309159&sdata=RuqJ7F0VKuuJ%2FhT8ufWaWipWFzU5DKLYLmxgumqefQ8%3D&reserved=0</a><br>
Documentation: <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C86a7d431093d4c53886e08d7b3b3cbd2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637175457109309159&sdata=bgP9jDwcFMkrKHUY5I3nROD%2B4sHG%2B2DupHhxbXFtZEM%3D&reserved=0">
https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C86a7d431093d4c53886e08d7b3b3cbd2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637175457109309159&sdata=bgP9jDwcFMkrKHUY5I3nROD%2B4sHG%2B2DupHhxbXFtZEM%3D&reserved=0</a><br>
FAQ: <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C86a7d431093d4c53886e08d7b3b3cbd2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637175457109309159&sdata=zbsHBCoLmI2%2F85Sdvuw1HM5u3LTzULKUvd%2BpiWCCZFg%3D&reserved=0">
https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C86a7d431093d4c53886e08d7b3b3cbd2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637175457109309159&sdata=zbsHBCoLmI2%2F85Sdvuw1HM5u3LTzULKUvd%2BpiWCCZFg%3D&reserved=0</a><br>
<br>
</div>
</span></font></div>
</body>
</html>