[syslog-ng] syslog-ng help: how can I use function in double quotes?
Fekete Róbert
frobert at balabit.hu
Tue Jul 5 20:56:10 CEST 2011
On Tuesday, July 5, 2011 17:52 CEST, Gergely Nagy <algernon at balabit.hu> wrote:
> "Henry Xu" <xkb.surfing at gmail.com> writes:
>
> > Since there's no available macro that represent the IP of syslog-ng
> > server(only have macros indicate where the message sent to syslog-ng
> > server,like $HOST). So I want to use ip() function and record it to
> > database.
>
> There is no ip() function in syslog-ng. The various ip() stuff you can
> see in configs, are settings for the various sources and destinations.
>
> The main issue with what you want to do, is figuring out what the
> servers IP is, as there can be many. I assume you want the IP the
> message arrived to - am I correct?
>
> In that case, the best option off the top of my head, is to tag messages
> coming to the different IP addresses, and use the $TAG macro in the
> destination:
>
> source s_net_1234 {
> tcp(ip(1.2.3.4) ...);
> tag("1.2.3.4");
> };
>
> source s_net_192 {
> tcp(ip(192.168.0.1) ...);
> tag("192.168.0.1");
> };
>
> destination d_sql {
> sql(...
> values("${R_YEAR}-${R_MONTH}-${R_DAY} ${R_HOUR}:${R_MIN}:${R_SEC}",
> "${TAGS}", "${HOST}", ...);
> );
> };
>
> Care should be taken that $TAGS will expand to all tags, so only one tag
> should be on any message.
AFAIK, syslog-ng automatically adds the id of the source (s_net_192 in the above example) to $TAGS, so you'll have at least two tags.
Robert
>
> There might be better ways to achieve the same thing, though, but this
> is the first that I could think of.
>
> --
> |8]
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
More information about the syslog-ng
mailing list