[syslog-ng] Using macro substring as another macro
Gergely Nagy
algernon at balabit.hu
Thu Apr 7 15:20:00 CEST 2011
Jakub Jankowski <shasta at toxcorp.com> writes:
> I'd like to implement simple hashing in file() destination, mainly to avoid
> ext3 32k directories limit, but also for convenience. Is it possible to do
> something simliar what this shell snippet does:
>
> $ NAME=value
> $ echo ${NAME[*]:0:1}
> v
> $
>
> but for macros (especially those coming from parsers)?
Off the top of my head: no, it's not currently possible with stock
syslog-ng (except with some dirty hacks I'd rather not share). On the
other hand, writing a template function that would do just what you want
should be very very easy.
> What I want is logs written to /var/log/h/ho/hos/hostname/service.log (with
> configurable level of subdirs) using a single destination().
I can throw together a patch that would introduce a $(substr START END
STR) template function, which you could use like this:
destination d_file {
file ("/var/log/$(substr 1 1 ${HOST})/$(substr 1 2 ${HOST})/$(substr 1 3 ${HOST})/${HOST}/service.log");
};
It's a bit more verbose than ${NAME[*]:0:1}, but does pretty much the
same thing.
I'll knock something up either tonight or sometime tomorrow, both for
syslog-ng 3.2 and for 3.3 aswell. On the other hand, if you have basic C
knowledge, you can do this too, and it's actually quite fun to do so!
I've written a short blog post a few months ago about writing trivial
template functions, that should be enough to get you started:
http://algernon.blogs.balabit.com/2011/01/howto-write-a-simple-template-function-for-syslog-ng/
If anyone beats me to it: you're my guest for your (reasonable) choice
of beverage if you ever come to Hungary, or wherever we might meet.
--
|8]
More information about the syslog-ng
mailing list