[syslog-ng] Dynamically Generated Directory Names

[Gergely Nagy]

Gergely Nagy <algernon at balabit.hu> writes:

>> Is syslog-ng PE capable of recreating that exact same directory 
>> structure (including the original filenames) on the target (remote) host 
>> or should I perhaps just opt for rdiff or rsync instead?
>
> Well, if I understood you correctly, then yes, it is possible. But it's
> not going to be pretty.
>
> The easiest would be to add the path to the SDATA around the source
> side, so /var/log/sudo-io/xx/yy/zz/file would have an "SDATA
> filename=xx/yy/zz/file" and then on the destination side, you could do
> something like this:
>
> destination d_blah {
>  file("/var/log/sudo-io/${.SDATA.filename}");
> };
>
> But it's probably a lot easier to rdiff or rsync, unless I missed
> something.

Come to think of it... you could write a program() source that reads the
appropriate files, puts their path into sdata, and voila! Then it's
fairly easy and painless to achieve what you want.

But even then, rdiff/rsync is probably a better option.

-- 
|8]