[syslog-ng] Perl: Sys::Syslog - replace hostname (host rewrite rule?)
Clayton Dukes
cdukes at gmail.com
Sun Jul 12 18:59:38 CEST 2009
Hi folks,
I'm trying to write a syslog "replay" script (in perl) and was
wondering if there's a way to replace the source hostname so that it
logs that host to syslog instead of my local machine's hostname.
For example, the logit sub below logs (to /var/log/syslog):
Jul 12 12:53:53 cdukes-lnx ./logreplay.pl[29476]:
%CSM_SLB-6-RSERVERSTATE: Module 9 server state changed: SLB-NETMGT:
TCP health probe re-activated server 10.13.164.13:0 in serverfarm
'ACC-FNET-AE'
The original message is:
Jun 19 05:11:57 ecdcsrvr2-6.some.domain 5476: Jun 19 05:11:56:
%CSM_SLB-6-RSERVERSTATE: Module 9 server state changed: SLB-NETMGT:
TCP health probe re-activated server 10.13.164.13:0 in serverfarm
'ACC-FNET-AE'
So I want it to log the originating host as "ecdcsrvr2-6.some.domain"
Additionally, if possible, I'd like to be able to log the original
datetime field (but not as important as the hostname).
Does anyone know if I could maybe accomplish this through a syslog-ng rule?
sub logit {
my ($priority, $message) = @_;
setlogsock('unix');
# $prog is assumed to be a global. Also log the PID
# and to Console if there's a problem. Use facility 'local7'
since these are (presumably) Cisco messages.
openlog($0, 'pid,cons', 'local7');
syslog($priority, $message);
closelog();
return 1;
}
--
______________________________________________________________
Clayton Dukes
______________________________________________________________
More information about the syslog-ng
mailing list