Hi, thanks so much! works well! -- Jorge Pereira On Thu, Aug 18, 2016 at 1:06 PM, Scheidler, Balázs < balazs.scheidler@balabit.com> wrote:

the @confgen line only registers a source driver named s_nginx_modsec_log that you'll have to use in order to expand this in your configuration file.

@confgen is assumed to be used at the top level, whereas the driver being declared as a normal source statement.

@module confgen context(source) name(s_nginx_modsec_log) exec("/etc/syslog-ng/scripts/confgen-modsec-skeleton.sh")

log { source { s_nginx_modsec_log(); }; destination(d_collector); };

Your source name uses the conventions of a source drive (the s_ prefix), so you probably assumed that it is declaring a source, but it isn't. It defines a source driver.

-- Bazsi

On Wed, Aug 17, 2016 at 9:42 PM, Jorge Pereira <jpereiran@gmail.com> wrote:

...

Hi guys,

somebody could help?

-- Jorge Pereira

On Fri, Aug 12, 2016 at 3:15 AM, Jorge Pereira <jpereiran@gmail.com> wrote:

...

Hi guys!

Following the sample described in https://www.balabit.com/doc uments/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-ad min/html/generating-configuration-blocks.html

1) I have my 'confgen' script that prints the below *file()* entries. (p.s: these files has content.)

# /etc/syslog-ng/scripts/confgen-modsec-skeleton.sh file("/opt/nginx/logs/waf/www.cocada.com" program_override("ng_modsec") flags(no-parse)); file("/opt/nginx/logs/waf/www.caipirinha.com" program_override("ng_modsec") flags(no-parse)); #

2) My config set:

# cat /etc/syslog-ng/conf.d/nginx_modsec.conf options { threaded(yes); flush_lines(0); use-dns(no); normalize-hostnames(yes); keep-hostname(yes); };

destination d_collector { tcp("192.168.1.248" port(514) keep-alive(on) ); };

log { @module confgen context(source) name(s_nginx_modsec_log) exec("/etc/syslog-ng/scripts/confgen-modsec-skeleton.sh") destination(d_collector); };

#

Conclusion: The syslog-ng doesn't call the script at any time.

# strace -fff /usr/sbin/syslog-ng -dvte 2>&1 | grep "confgen-modsec"

p.s: I have 'confgen' support.

# syslog-ng --version | grep confgen Available-Modules: syslogformat,kvformat,afamqp,s djournal,system-source,afuser,json-plugin,dbparser,affile,af socket,linux-kmsg-format,afmongodb,mod-python,*confgen*,csvpar ser,pseudofile,afsql,afprog,afstomp,cryptofuncs,graphite,basicfuncs #

I appreciate any help.

Best, Jorge Pereira

____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq

____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq