[syslog-ng]chain_hostname(yes) complicates use of $HOST

Balazs Scheidler bazsi@balabit.hu
Mon, 25 Sep 2000 15:44:27 +0200


Hi,

> >file("$HOST/$PROGRAM/$YEAR_$MONTH" create_dirs(yes));
> >
> >with your "fix" ?
> >Will i still get logs from "Message" ? (yes...running AIX. :-/)
> 
> I tested this destination under both the original and altered versions of 
> syslog-ng, and could see no difference in the way files were created. 
> However, from both I did see results I would neither expect nor desire. As 
> you can see from the results of a "find ." execution at the root of the 
> directory tree used by syslog-ng for the destination:
> 
> d_test { file("/logs/test/$HOST/$PROGRAM/$YEAR_$MONTH" create_dirs(yes));};
> 
> is:
> 
>  .
> ./aaaa.bbbb.cornell.edu
> ./aaaa.bbbb.cornell.edu/At
> ./aaaa.bbbb.cornell.edu/At/2000_09
> ./aaaa.bbbb.cornell.edu/--syslog
> ./aaaa.bbbb.cornell.edu/--syslog/2000_09
> ./cccc.dddd.cornell.edu
> ./cccc.dddd.cornell.edu/dhcpd
> ./cccc.dddd.cornell.edu/dhcpd/2000_09
> ./eeee.dddd.cornell.edu
> ./eeee.dddd.cornell.edu/forwarded from eeee
> ./eeee.dddd.cornell.edu/forwarded from eeee/2000_09
> ./ffff.bbbb.cornell.edu
> ./ffff.bbbb.cornell.edu/--syslog
> ./ffff.bbbb.cornell.edu/--syslog/2000_09
> ./ffff.bbbb.cornell.edu/At
> ./ffff.bbbb.cornell.edu/At/2000_09
> ./gggg.dddd.cornell.edu
> ./gggg.dddd.cornell.edu/13125
> ./gggg.dddd.cornell.edu/13125/2000_09
> ./gggg.dddd.cornell.edu/13126
> ./gggg.dddd.cornell.edu/13126/2000_09
> ./gggg.dddd.cornell.edu/13127
> ./gggg.dddd.cornell.edu/13127/2000_09
> ./gggg.dddd.cornell.edu/13128
> ./gggg.dddd.cornell.edu/13128/2000_09
> ./hhhh.iiii.cornell.edu
> ./hhhh.iiii.cornell.edu/forwarded from hhhh
> ./hhhh.iiii.cornell.edu/forwarded from hhhh/2000_09
> ./jjjj
> ./jjjj/sudo
> ./jjjj/sudo/2000_09
> ./kkkk.dddd.cornell.edu
> ./kkkk.dddd.cornell.edu/dhcpd
> ./kkkk.dddd.cornell.edu/dhcpd/2000_09
> ./llll.dddd.cornell.edu
> ./llll.dddd.cornell.edu/sendmail
> ./llll.dddd.cornell.edu/sendmail/2000_09
> ./mmmm.bbbb.cornell.edu
> ./mmmm.bbbb.cornell.edu/At
> ./mmmm.bbbb.cornell.edu/At/2000_09
> ./nnnn.dddd.cornell.edu
> ./nnnn.dddd.cornell.edu/forwarded from nnnn
> ./nnnn.dddd.cornell.edu/forwarded from nnnn/2000_09
> 
> 
> Directories like: "/forwarded from nnnn/" are not good for us. 
> Additionally, I did not see any "Message" directories, but only let the 
> test run for a few minutes.
> 
> I really don't know for sure whether what I changed might break other 
> functions. I think only Bazsi can make that observation.

The code you changed affects only the hostname part of the loglines written
to files. If you intend to change the parsed hostname value you should
change msg->host, which is a struct ol_string *.

If you intend to change the way syslog-ng parses log messages you may be
interested in the parse_log_msg function in log.c.

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
     url: http://www.balabit.hu/pgpkey.txt