Hello, You could use *rewrite* rule to add nv-pair to each message: log { source(s_local); if (message('a')) { rewrite { set("foo" value("app")); set("bar" value("location")); }; } elif (message('b')) { rewrite { set("foob" value("app")); set("barb" value("location")); }; } else { rewrite { set("default" value("app")); set("default" value("location")); }; }; destination { file("/dev/stdout" template("$app $location\n")); }; }; Something like this. -- Kokan On Fri, Mar 22, 2019 at 2:37 PM Faine, Mark R. (MSFC-IS40)[NICS] < mark.faine@nasa.gov> wrote:
Is there a way to set variables in syslog-ng?
I have a log path with about 20 if/else branches and each one does a unnamed destination for that branch:
log { source(pan_splunk); if ( tags('mytag') ) { destination { file("/var/log/remote/backup/$HOST/asa/${HOST}_asa.log" create-dirs(yes) dir-owner("splunk") dir-group("splunk") dir-perm(0750)); }; } elif ( message('something else') ) { destination { file("/var/log/remote/backup/$HOST/pubfw/${HOST}_pubfw.log" create-dirs(yes) dir-owner("splunk") dir-group("splunk") dir-perm(0750)); }; } elif { filter { message('foo') or message('bar') or message('baz') or ...
I'd need to introduce another directory level as a variable and I'd also like to change an existing part of the path to a variable so that then I could then do something like this:
if ( tags('mytag') ) { app = asa location = msfc elif ...
and at the end I could then just do a single destination that had a file path with the variables file("/var/log/remote/backup/$location/$HOST/$app/${HOST}_$app.log"
Thanks, -Mark
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq