Hi guys, somebody could help? -- Jorge Pereira On Fri, Aug 12, 2016 at 3:15 AM, Jorge Pereira <jpereiran@gmail.com> wrote:
Hi guys!
Following the sample described in https://www.balabit.com/ documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/ generating-configuration-blocks.html
1) I have my 'confgen' script that prints the below *file()* entries. (p.s: these files has content.)
# /etc/syslog-ng/scripts/confgen-modsec-skeleton.sh file("/opt/nginx/logs/waf/www.cocada.com" program_override("ng_modsec") flags(no-parse)); file("/opt/nginx/logs/waf/www.caipirinha.com" program_override("ng_modsec") flags(no-parse)); #
2) My config set:
# cat /etc/syslog-ng/conf.d/nginx_modsec.conf options { threaded(yes); flush_lines(0); use-dns(no); normalize-hostnames(yes); keep-hostname(yes); };
destination d_collector { tcp("192.168.1.248" port(514) keep-alive(on) ); };
log { @module confgen context(source) name(s_nginx_modsec_log) exec("/etc/syslog-ng/scripts/confgen-modsec-skeleton.sh") destination(d_collector); };
#
Conclusion: The syslog-ng doesn't call the script at any time.
# strace -fff /usr/sbin/syslog-ng -dvte 2>&1 | grep "confgen-modsec"
p.s: I have 'confgen' support.
# syslog-ng --version | grep confgen Available-Modules: syslogformat,kvformat,afamqp,sdjournal,system-source, afuser,json-plugin,dbparser,affile,afsocket,linux-kmsg- format,afmongodb,mod-python,*confgen*,csvparser,pseudofile, afsql,afprog,afstomp,cryptofuncs,graphite,basicfuncs #
I appreciate any help.
Best, Jorge Pereira