On Tuesday, July 5, 2011 17:52 CEST, Gergely Nagy <algernon@balabit.hu> wrote:
"Henry Xu" <xkb.surfing@gmail.com> writes:
Since there's no available macro that represent the IP of syslog-ng server(only have macros indicate where the message sent to syslog-ng server,like $HOST). So I want to use ip() function and record it to database.
There is no ip() function in syslog-ng. The various ip() stuff you can see in configs, are settings for the various sources and destinations.
The main issue with what you want to do, is figuring out what the servers IP is, as there can be many. I assume you want the IP the message arrived to - am I correct?
In that case, the best option off the top of my head, is to tag messages coming to the different IP addresses, and use the $TAG macro in the destination:
source s_net_1234 { tcp(ip(1.2.3.4) ...); tag("1.2.3.4"); };
source s_net_192 { tcp(ip(192.168.0.1) ...); tag("192.168.0.1"); };
destination d_sql { sql(... values("${R_YEAR}-${R_MONTH}-${R_DAY} ${R_HOUR}:${R_MIN}:${R_SEC}", "${TAGS}", "${HOST}", ...); ); };
Care should be taken that $TAGS will expand to all tags, so only one tag should be on any message. AFAIK, syslog-ng automatically adds the id of the source (s_net_192 in the above example) to $TAGS, so you'll have at least two tags.
Robert
There might be better ways to achieve the same thing, though, but this is the first that I could think of.
-- |8]
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq