the @confgen line only registers a source driver named s_nginx_modsec_log that you'll have to use in order to expand this in your configuration file.

@confgen is assumed to be used at the top level, whereas the driver being declared as a normal source statement.

@module confgen context(source) name(s_nginx_modsec_log) exec("/etc/syslog-ng/scripts/confgen-modsec-skeleton.sh")

log {

source { s_nginx_modsec_log(); };

destination(d_collector);

};

Your source name uses the conventions of a source drive (the s_ prefix), so you probably assumed that it is declaring a source, but it isn't. It defines a source driver.

--
Bazsi

On Wed, Aug 17, 2016 at 9:42 PM, Jorge Pereira <jpereiran@gmail.com> wrote:

Hi guys,

somebody could help?

--
Jorge Pereira

On Fri, Aug 12, 2016 at 3:15 AM, Jorge Pereira <jpereiran@gmail.com> wrote:
Hi guys!

Following the sample described in https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/generating-configuration-blocks.html

1) I have my 'confgen' script that prints the below file() entries. (p.s: these files has content.)

# /etc/syslog-ng/scripts/confgen-modsec-skeleton.sh
file("/opt/nginx/logs/waf/www.cocada.com" program_override("ng_modsec") flags(no-parse));
file("/opt/nginx/logs/waf/www.caipirinha.com" program_override("ng_modsec") flags(no-parse));
#

2) My config set:

# cat /etc/syslog-ng/conf.d/nginx_modsec.conf
options {
threaded(yes);
flush_lines(0);
use-dns(no);
normalize-hostnames(yes);
keep-hostname(yes);
};

destination d_collector {
tcp("192.168.1.248" port(514) keep-alive(on) );
};

log {
@module confgen context(source) name(s_nginx_modsec_log) exec("/etc/syslog-ng/scripts/confgen-modsec-skeleton.sh")
destination(d_collector);
};

#

Conclusion: The syslog-ng doesn't call the script at any time.

# strace -fff /usr/sbin/syslog-ng -dvte 2>&1 | grep "confgen-modsec"

p.s: I have 'confgen' support.

# syslog-ng --version | grep confgen
Available-Modules: syslogformat,kvformat,afamqp,sdjournal,system-source,afuser,json-plugin,dbparser,affile,afsocket,linux-kmsg-format,afmongodb,mod-python,confgen,csvparser,pseudofile,afsql,afprog,afstomp,cryptofuncs,graphite,basicfuncs
#

I appreciate any help.

Best,
Jorge Pereira

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq