Syslog-ng and External variables
OS: FreeBSD 10.3 Syslog-ng: 3.7.3 I am trying to reference/use a OS level environment variable in my Syslog-Ng configuration. Everything I’ve read and tried, does not appear to work. I have confirmed simple environment variables like HOSTNAME and PATH are there, but when trying to reference them using backticks, ie: `HOSTNAME` does not appear to work. According to the documentation, environment variables are imported. ie: “Tip The environmental variables of the host are automatically imported and can be used as global variables.” But this does not appear to be the case. When I try referencing a known environment variable I get: Error parsing rewrite expression, syntax error, unexpected KW_VALUE, expecting LL_IDENTIFIER or LL_STRING in /usr/local/etc/syslog-ng.conf at line 56, column 24: rewrite r_host { set(`HOSTNAME`, value("HOST")); }; Or is there another easier way to override the HOST in all messages to be that of the actual servers hostname. (and not things like localhost, 127.0.0.1, etc) TIA -- Robert inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP Key: 78BEDCE1 @ pgp.mit.edu
On Mon, Aug 29, 2016 at 08:34:12AM -0400, Robert Blayzor wrote:
rewrite r_host { set(`HOSTNAME`, value("HOST")); };
The backticks replace content, so you end up with a literal in your config. Try this instead: rewrite r_host { set("`HOSTNAME`", value("HOST")); };
On Aug 29, 2016, at 9:22 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
The backticks replace content, so you end up with a literal in your config. Try this instead:
rewrite r_host { set("`HOSTNAME`", value("HOST")); };
That certainly fixes the config from complaining, but I now just get an empty string; for which syslog-ng replaces with the hosts IP instead. I’m just trying to re-write each messages host with the hostname of the current server.
I do this by adding the following to my config file @module confgen context(rewrite) name(r_myself) exec("/bin/hostname") rewrite r_local { set( r_myself(), value("HOST") ); }; log { source(s_your_source); rewrite(r_local); destination(d_your_destination); }; hope that helps. On 08/29/2016 06:35 AM, Robert Blayzor wrote:
On Aug 29, 2016, at 9:22 AM, Fabien Wernli <wernli@in2p3.fr> wrote:
The backticks replace content, so you end up with a literal in your config. Try this instead:
rewrite r_host { set("`HOSTNAME`", value("HOST")); };
That certainly fixes the config from complaining, but I now just get an empty string; for which syslog-ng replaces with the hosts IP instead.
I’m just trying to re-write each messages host with the hostname of the current server.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Evan Rempel erempel@uvic.ca Senior Systems Administrator 250.721.7691 Data Centre Services, University Systems, University of Victoria
On Aug 29, 2016, at 11:38 AM, Evan Rempel <erempel@uvic.ca> wrote:
I do this by adding the following to my config file
@module confgen context(rewrite) name(r_myself) exec("/bin/hostname")
rewrite r_local { set( r_myself(), value("HOST") ); };
log { source(s_your_source); rewrite(r_local); destination(d_your_destination); };
hope that helps.
And that it most certainly did. Worked great, thank you! -- Robert inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP Key: 78BEDCE1 @ pgp.mit.edu
On Aug 29, 2016, at 11:38 AM, Evan Rempel <erempel@uvic.ca> wrote:
@module confgen context(rewrite) name(r_myself) exec("/bin/hostname")
I guess the only remaining question on this is a performance one. Would the exec be done for each and every log message or is it done only once? -- Robert inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP Key: 78BEDCE1 @ pgp.mit.edu
It is done only once when the configuration file is evaluated. I think it is obvious that the rewrite is done every time :-) On 08/29/2016 09:16 AM, Robert Blayzor wrote:
On Aug 29, 2016, at 11:38 AM, Evan Rempel <erempel@uvic.ca> wrote:
@module confgen context(rewrite) name(r_myself) exec("/bin/hostname")
I guess the only remaining question on this is a performance one.
Would the exec be done for each and every log message or is it done only once?
-- Robert inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP Key: 78BEDCE1 @ pgp.mit.edu ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Evan Rempel erempel@uvic.ca Senior Systems Administrator 250.721.7691 Data Centre Services, University Systems, University of Victoria
Makes sense, and it does work as intended. I also managed to stumble across the “$LOGHOST” macro as well, that does exactly the same thing. Unfortunately I was digging through the docs in the wrong place. “hostname” never found it… :( -- Robert inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP Key: 78BEDCE1 @ pgp.mit.edu
On Aug 29, 2016, at 12:19 PM, Evan Rempel <erempel@uvic.ca> wrote:
It is done only once when the configuration file is evaluated. I think it is obvious that the rewrite is done every time :-)
Yeah, well. HOSTNAME would be ambigious, as we do have a $HOST macro, which is actually the sender and not the server. -- Bazsi On Mon, Aug 29, 2016 at 7:40 PM, Robert Blayzor <rblayzor.bulk@inoc.net> wrote:
Makes sense, and it does work as intended. I also managed to stumble across the “$LOGHOST” macro as well, that does exactly the same thing.
Unfortunately I was digging through the docs in the wrong place. “hostname” never found it… :(
-- Robert inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP Key: 78BEDCE1 @ pgp.mit.edu
On Aug 29, 2016, at 12:19 PM, Evan Rempel <erempel@uvic.ca> wrote:
It is done only once when the configuration file is evaluated. I think it is obvious that the rewrite is done every time :-)
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (4)
-
Evan Rempel
-
Fabien Wernli
-
Robert Blayzor
-
Scheidler, Balázs