Hi guys!
1) I have my 'confgen' script that prints the below file() entries. (p.s: these files has content.)
# /etc/syslog-ng/scripts/confgen-modsec-skeleton.sh
file("/opt/nginx/logs/waf/
www.cocada.com" program_override("ng_modsec") flags(no-parse));
file("/opt/nginx/logs/waf/
www.caipirinha.com" program_override("ng_modsec") flags(no-parse));
#
2) My config set:
# cat /etc/syslog-ng/conf.d/nginx_modsec.conf
options {
threaded(yes);
flush_lines(0);
use-dns(no);
normalize-hostnames(yes);
keep-hostname(yes);
};
destination d_collector {
tcp("192.168.1.248" port(514) keep-alive(on) );
};
log {
@module confgen context(source) name(s_nginx_modsec_log) exec("/etc/syslog-ng/scripts/confgen-modsec-skeleton.sh")
destination(d_collector);
};
#
Conclusion: The syslog-ng doesn't call the script at any time.
# strace -fff /usr/sbin/syslog-ng -dvte 2>&1 | grep "confgen-modsec"
p.s: I have 'confgen' support.
# syslog-ng --version | grep confgen
Available-Modules: syslogformat,kvformat,afamqp,sdjournal,system-source,afuser,json-plugin,dbparser,affile,afsocket,linux-kmsg-format,afmongodb,mod-python,confgen,csvparser,pseudofile,afsql,afprog,afstomp,cryptofuncs,graphite,basicfuncs
#
I appreciate any help.
Best,
Jorge Pereira