[syslog-ng] Putting all sending Hosts in a File
Kevin
kkadow at gmail.com
Fri Jul 15 18:34:54 CEST 2005
On 7/15/05, Balazs Scheidler <bazsi at balabit.hu> wrote:
> On Fri, 2005-07-15 at 10:15 +0200, Philipp Durrer wrote:
> > I'm new to syslog-ng and i would like to put all hosts
> > which sending thier logs to the server in one file
> > without the logs. So i got only the hostnames and/or
> > Ip's in the file as a list (each line a new host ?).
> > And the second list should contain all IP Networks of
> > the senders.
While syslog-ng doesn't do this today, you can accomplish
what you are looking for by a destination with a template and
an external script (pseudocode follows):
destination d_hostlist {
program("/usr/local/libexec/hostlist.sh" template("$HOST\n") );
}
And in hostlist.sh:
#!/bin/sh
# Append one host read from stdin to a list of 'seen' hosts.
#
outfile="/var/tmp/hosts.txt" # Change this!!!!
touch outfile
read host
grep -q -x $host $outfile || exit
echo $host >> $outfile
exit
###EOF###
This is very much sub-optimal, very inefficient. A pipe would be
slightly better.
> > can someone help me or say me thats not possible to
> > make the list ?
>
> it is not currently possible.
> however I'm thinking about adding this feature.
One approach that adds value could be to add an internal table tracking
source hosts and the last time a message was received from each host.
This table could be then be written out to internal() at the stats() interval.
perhaps with a lower priority level?
Kevin Kadow
(P.S. Is there a public URL for tracking syslog-ng feature requests?)
More information about the syslog-ng
mailing list