Script worked like a charm... Thanks Gergely :) Sagar On Wed, Aug 22, 2012 at 3:40 PM, Gergely Nagy <algernon@balabit.hu> wrote:
sagar naravane <sagar.naravane@gmail.com> writes:
Gergely,
Here all three log {} gets executed. What i am basically looking for is a "if..else" or "case" sort of condition where only one of client-relay communication happens based on hostname of client system.
That's what flags(final) is for. It will connect nevertheless, but will only send data when the filter matches.
syslog-ng 3.4 might be a tiny bit better in this regard, you can more closely model your requirement there, but as far as I understand, even that would try to connect to all three relays.
On the other hand, there may be another way, which works slightly differently: it basically makes syslog-ng call out to a shell script when it starts up, to determine the host name, and set up the configuration according to that.
Something like:
@module confgen context(destination) name(relay) exec("/path/to/script.sh") destination d_relay { relay(); }; log { source(s_local); destination(d_relay); };
Where the script would look something along these lines:
,---- | #! /bin/sh | set -e | | h=$(hostname) | case h in | sj1*) | relay="sj1-relay.localnet" | ;; | *) | echo "Unknown host: $h!" >&2 | exit 1 | ;; | esac | | cat <<EOF | tcp("${relay}"); | EOF `----
This has the advantage of not requiring a filter, and that all conditional stuff is performed at config load time, not for each and every message. Also, it will only ever connect to one single destination.
The disadvantage is that the config isn't entirely contained in syslog-ng.conf, but you use an external script to generate parts of it.
Also, the above solution requires syslog-ng 3.3+, while filters work with older versions too. Mind you, upgrading to 3.3 would be strongly recommended anyway :)
-- |8]
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Regards, Sagar Naravane