[syslog-ng] Pre-processing ability?

[Balazs Scheidler]

Hi,

> I'm fairly new to syslog-ng (got it today as a matter of fact).  The config
> file is very easy to configure and get going (hat's off to you guys) even
> with sparse documentation (up and running in under 2 hours including compile
> time).
> 
> I do, however, need to know if there is any pre-processing ability with m4
> or cpp, etc.  
> 
> I plan on rolling syslog-ng to our enterprise and would like one
> syslog-ng.conf file on all our hosts.  In order to do this I need to parse
> off the platform type to set the source since we're primarily a sun shop but
> do have other platforms we support (sco, hp, linux and sun).
> 
> Is there any way of doing this with builtin functionality?  I also forsee
> the need to have some sort of pre-processing based on whether it's a
> loghost, etc.  Any plans on adding this or is it already there and I have to
> dig deeper into the documentation, etc.

The only similar feature is filename expansion, e.g. you can use a
destination like this:

destination all { file("/var/log/$FACILITY"); };

where $FACILITY is expanded each time a message is written. Internally of
course the file is kept opened, so it doesn't hurt performance too much.

There's no complete preprocessing  feature yet, but nothing prevents you
from rolling your own system. I think the best way to implement this would
be something similar to sendmail's m4 files, and some Makefiles.

I'm not too familiar with m4 though, so you are on your own here.

Happy hacking,

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
     url: http://www.balabit.hu/pgpkey.txt