@version: 3.6
@include "scl.conf"

options {
  check_hostname(yes); # check if the hostname contains valid characters
  use_dns(no);   # do not resolve names for speed
  dns_cache(no); # no DNS cache since we do not resolve names
  keep_hostname(yes); # keep hostnames to enable related macros
  chain_hostnames(no); # do not track / forward syslog forwarder chain

  # options related to file and directories
  dir_owner("root");
  dir_group("adm");
  owner("root");
  group("adm");
  perm(0640);
  dir_perm(0750);
  create_dirs(yes);
  threaded(yes);
};

source s_local {
	system();
	internal();
};

source s_network {
	udp();
};
parser p_bluecoat {
  db-parser(file("/usr/local/etc/patterndb.d/bluecoat.xml"));
};

destination d_redis {
  redis (
    host("localhost")
    command("LPUSH", "logstash", "$(format-json proxy_time=${PROXY.TIME} proxy_time_taken=${PROXY.TIME_TAKEN} proxy_c_ip=${PROXY.C_IP} proxy_sc_status=${PROXY.SC_STATUS} proxy_s_action=${PROXY.S_ACTION} proxy_sc_bytes=${PROXY.SC_BYTES} proxy_cs_bytes=${PROXY.CS_BYTES} proxy_cs_method=${PROXY.CS_METHOD} proxy_cs_uri_scheme=${PROXY.CS_URI_SCHEME} proxy_cs_host=${PROXY.CS_HOST} proxy_cs_uri_port=${PROXY.CS_URI_PORT} proxy_cs_uri_path=${PROXY.CS_URI_PATH} proxy_cs_uri_equery=${PROXY.CS_URI_EQUERY}  proxy_cs_username=${PROXY.CS_USERNAME} proxy_cs_auth_group=${PROXY.CS_AUTH__GROUP} proxy_s_supplier_name=${PROXY.S_SUPPLIER_NAME} proxy_content_type=${PROXY.CONTENT_TYPE} proxy_referrer=${PROXY.REFERRER} proxy_user_agent=${PROXY.USER_AGENT} proxy_filter_result=${PROXY.FILTER_RESULT} proxy_cs_categories=${PROXY.CS_CATEGORIES} proxy_x_virus_id=${PROXY.X_VIRUS_ID} proxy_s_ip=${PROXY.S_IP})\n")
  );
};


destination d_local {
        file("/var/log/syslog-ng/$YEAR/$MONTH/$DAY/$HOST_FROM/$HOST_FROM.$FACILITY.$PRIORITY.$YEAR.$MONTH.$DAY");
};
 
log {
	source(s_local);
	destination(d_local);
};
log {
  source(s_network);
  parser(p_bluecoat);
  destination(d_redis);
};