syslog-ng 3.3.9 has been released
------------------------------------------------------------------------------ PACKAGE : syslog-ng VERSION : 3.3.9 SUMMARY : new stable release DATE : Apr 15, 2013 ------------------------------------------------------------------------------ DESCRIPTION: A new stable version of syslog-ng Open Source Edition (3.3.9) has been released. For latest fixes in the 3.3.x feature branch you are recommended to upgrade to this version. CHANGES: 3.3.9 Mon, 15 April 2013 15:00:00 +0100 Highlights ========== This release is a bug-fix release, correcting a handful of issues discovered since the previous one. Bugfixes ======== * A set/subst rewrite related segmentation fault has been fixed: if a rewrite rule doing either set or subst was referenced from multiple logpath, syslog-ng crashed. Other changes ============= * The systemd unit file now has Restart=on-failure set, to restart syslog-ng when it terminates unexpectedly. [#222] * When syslog-ng-ctl disconnects from syslog-ng, syslog-ng will not log an error due to the EOF, but an info-level message instead. Credits ======= syslog-ng is developed as a community project, and as such it relies on volunteers to do the work necessarily to produce syslog-ng. Reporting bugs, testing changes, writing code or simply providing feedback are all important contributions, so please if you are a user of syslog-ng, contribute. These people have helped in this release: Balazs Scheidler <bazsi@balabit.hu> Gergely Nagy <algernon@balabit.hu> Johnson, Chris <chris.johnson3@hp.com> Lucas, Sascha <Sascha.Lucas@gisa.de> Paul Dann <pdgiddie+balabit@gmail.com> DOWNLOAD: You can download the source or binary packages from: http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/... The documentation of the syslog-ng Open Source Edition is available in The syslog-ng Open Source Edition Administrator's Guide at http://www.balabit.com/support/documentation/
First thing is that the confgen module is not in the documentation :-( Second thing is that I am having problems using the confgen module @module confgen context(source) name(myself) exec("/bin/hostname") source primary { tcp( localip( myself() ) port(514) ); }; log { source(primary); destination(d_my_dest); }; works like a charm and listens on the IP address of my hosts primary interface. But this will not work. @module confgen context(source) name(myself) exec("/bin/hostname") source self { tcp(localip(localhost) port(1514) ); }; rewrite r_self { set( "myself()", value("HOST") ); }; log { source(self); rewrite(r_self); }; What I am trying to do is accept TCP connections from applications on the host, and change the SOURCEHOST to be the actual host name rather than the text "localhost". Comments on how this can be done?
Evan Rempel <erempel@uvic.ca> writes:
First thing is that the confgen module is not in the documentation :-(
It's not easy to document it :)
Second thing is that I am having problems using the confgen module
@module confgen context(source) name(myself) exec("/bin/hostname") source primary { tcp( localip( myself() ) port(514) ); }; log { source(primary); destination(d_my_dest); };
works like a charm and listens on the IP address of my hosts primary interface.
But this will not work.
@module confgen context(source) name(myself) exec("/bin/hostname") source self { tcp(localip(localhost) port(1514) ); }; rewrite r_self { set( "myself()", value("HOST") ); }; log { source(self); rewrite(r_self); };
In the second case, you will have to change the context(source) to context(rewrite), and unquote myself(). You can test the expansion with: syslog-ng -s --preprocess-into=/dev/stdout -f /path/to/syslog-ng.conf With the context changed and myself() unquoted, the above expands to: ,---- | @module confgen context(rewrite) name(myself) exec("/bin/hostname") | source self { tcp(localip(localhost) port(1514) ); | }; | rewrite r_self { | set( hadhodrond | , value("HOST") ); | }}; | log { | source(self); rewrite(r_self); | }; `---- That should work, I think, but I haven't tested it. The basic idea behind confgen, though, is that it generates syslog-ng.conf snippets, which are then inserted into the buffer as if it was there like that to begin with, so the parser will go through it too.
What I am trying to do is accept TCP connections from applications on the host, and change the SOURCEHOST to be the actual host name rather than the text "localhost".
I'd probably do it in a very different way: using template(), because that's more efficient than rewrite. -- |8]
and there's the $LOGHOST macro which expands to the local hostname bazsi@bzorp:~/zwa/work/syslog-ng-ose-3.4/syslog-ng-ose/lib$ git show 50d3289f commit 50d3289f418f407f592d2b025e989a46840a3f76 Author: Balazs Scheidler <bazsi@balabit.hu> Date: Thu May 5 21:03:47 2011 +0200 templates: added $LOGHOST macro This patch adds a new macro "$LOGHOST" which expands to the name of the local hostname, as returned by the hostname command. Signed-off-by: Andreas Piesk <a.piesk@gmx.net> Signed-off-by: Balazs Scheidler <bazsi@balabit.hu> diff --git a/lib/templates.c b/lib/templates.c index 897365c..a3b85cf 100644 --- a/lib/templates.c +++ b/lib/templates.c @@ -59,6 +59,8 @@ enum M_SEQNUM, M_CONTEXT_ID, + M_LOGHOST, + M_DATE, M_FULLDATE, M_ISODATE, @@ -181,6 +183,9 @@ LogMacroDef macros[] = { "MSG", M_MESSAGE }, { "MESSAGE", M_MESSAGE }, { "HOST", M_HOST }, + + /* message independent macros */ + { "LOGHOST", M_LOGHOST }, { NULL, 0 } }; @@ -414,6 +419,14 @@ log_macro_expand(GString *result, gint id, gboolean escape, LogTemplateOptions * } break; } + case M_LOGHOST: + { + gsize hname_len; + const gchar *hname = get_local_hostname(&hname_len); + + result_append(result, hname, hname_len, escape); + break; + } default: { /* year, month, day */ On Wed, Apr 17, 2013 at 12:52 PM, Gergely Nagy <algernon@balabit.hu> wrote:
Evan Rempel <erempel@uvic.ca> writes:
First thing is that the confgen module is not in the documentation :-(
It's not easy to document it :)
Second thing is that I am having problems using the confgen module
@module confgen context(source) name(myself) exec("/bin/hostname") source primary { tcp( localip( myself() ) port(514) ); }; log { source(primary); destination(d_my_dest); };
works like a charm and listens on the IP address of my hosts primary interface.
But this will not work.
@module confgen context(source) name(myself) exec("/bin/hostname") source self { tcp(localip(localhost) port(1514) ); }; rewrite r_self { set( "myself()", value("HOST") ); }; log { source(self); rewrite(r_self); };
In the second case, you will have to change the context(source) to context(rewrite), and unquote myself().
You can test the expansion with: syslog-ng -s --preprocess-into=/dev/stdout -f /path/to/syslog-ng.conf
With the context changed and myself() unquoted, the above expands to:
,---- | @module confgen context(rewrite) name(myself) exec("/bin/hostname") | source self { tcp(localip(localhost) port(1514) ); | }; | rewrite r_self { | set( hadhodrond | , value("HOST") ); | }}; | log { | source(self); rewrite(r_self); | }; `----
That should work, I think, but I haven't tested it.
The basic idea behind confgen, though, is that it generates syslog-ng.conf snippets, which are then inserted into the buffer as if it was there like that to begin with, so the parser will go through it too.
What I am trying to do is accept TCP connections from applications on the host, and change the SOURCEHOST to be the actual host name rather than the text "localhost".
I'd probably do it in a very different way: using template(), because that's more efficient than rewrite.
-- |8]
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Bazsi
participants (4)
-
Balazs Scheidler
-
devel@balabit.hu
-
Evan Rempel
-
Gergely Nagy