Your source name uses the conventions of a source drive (the s_ prefix), so you probably assumed that it is declaring a source, but it isn't. It defines a source driver.@confgen is assumed to be used at the top level, whereas the driver being declared as a normal source statement.the @confgen line only registers a source driver named s_nginx_modsec_log that you'll have to use in order to expand this in your configuration file.@module confgen context(source) name(s_nginx_modsec_log) exec("/etc/syslog-ng/scripts/clog {onfgen-modsec-skeleton.sh") source { s_nginx_modsec_log(); };destination(d_collector);};--
BazsiOn Wed, Aug 17, 2016 at 9:42 PM, Jorge Pereira <jpereiran@gmail.com> wrote:______________________________Hi guys,somebody could help?--Jorge PereiraOn Fri, Aug 12, 2016 at 3:15 AM, Jorge Pereira <jpereiran@gmail.com> wrote:Hi guys!Following the sample described in https://www.balabit.com/documents/syslog-ng-ose-latest-gu ides/en/syslog-ng-ose-guide-ad min/html/generating-configurat ion-blocks.html 1) I have my 'confgen' script that prints the below file() entries. (p.s: these files has content.)# /etc/syslog-ng/scripts/confgen-modsec-skeleton.sh file("/opt/nginx/logs/waf/www.cocada.com " program_override("ng_modsec") flags(no-parse));file("/opt/nginx/logs/waf/www.caipirinha.com " program_override("ng_modsec") flags(no-parse));#2) My config set:# cat /etc/syslog-ng/conf.d/nginx_modsec.conf options {threaded(yes);flush_lines(0);use-dns(no);normalize-hostnames(yes);keep-hostname(yes);};destination d_collector {tcp("192.168.1.248" port(514) keep-alive(on) );};log {@module confgen context(source) name(s_nginx_modsec_log) exec("/etc/syslog-ng/scripts/confgen-modsec-skeleton.sh") destination(d_collector);};#Conclusion: The syslog-ng doesn't call the script at any time.# strace -fff /usr/sbin/syslog-ng -dvte 2>&1 | grep "confgen-modsec"p.s: I have 'confgen' support.# syslog-ng --version | grep confgenAvailable-Modules: syslogformat,kvformat,afamqp,sdjournal,system-source,afuser, json-plugin,dbparser,affile,af socket,linux-kmsg-format,afmon godb,mod-python,confgen,csvpar ser,pseudofile,afsql,afprog, afstomp,cryptofuncs,graphite, basicfuncs #I appreciate any help.Best,Jorge Pereira______________________________ __________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq