[syslog-ng] Auto routing to specific relay based on hostname

[Gergely Nagy]

sagar naravane <sagar.naravane at gmail.com> writes:

> Gergely,
>
> Here all three log {} gets executed. What i am basically looking for is a
> "if..else" or "case" sort of condition where only one of client-relay
> communication happens based on hostname of client system.

That's what flags(final) is for. It will connect nevertheless, but will
only send data when the filter matches.

syslog-ng 3.4 might be a tiny bit better in this regard, you can more
closely model your requirement there, but as far as I understand, even
that would try to connect to all three relays.

On the other hand, there may be another way, which works slightly
differently: it basically makes syslog-ng call out to a shell script
when it starts up, to determine the host name, and set up the
configuration according to that.

Something like:

@module confgen context(destination) name(relay) exec("/path/to/script.sh")
destination d_relay { relay(); };
log { source(s_local); destination(d_relay); };

Where the script would look something along these lines:

,----
| #! /bin/sh
| set -e
|
| h=$(hostname)
| case h in
|      sj1*)
|         relay="sj1-relay.localnet"
|         ;;
|      *)
|         echo "Unknown host: $h!" >&2
|         exit 1
|         ;;
| esac
|
| cat <<EOF
| tcp("${relay}");
| EOF
`----

This has the advantage of not requiring a filter, and that all
conditional stuff is performed at config load time, not for each and
every message. Also, it will only ever connect to one single
destination.

The disadvantage is that the config isn't entirely contained in
syslog-ng.conf, but you use an external script to generate parts of it.

Also, the above solution requires syslog-ng 3.3+, while filters work
with older versions too. Mind you, upgrading to 3.3 would be strongly
recommended anyway :)

-- 
|8]