[syslog-ng] syslog-ng 3.4 confgen how to?

[Gergely Nagy]

Evan Rempel <erempel at uvic.ca> writes:

> First thing is that the confgen module is not in the documentation :-(

It's not easy to document it :)

> Second thing is that I am having problems using the confgen module
>
>
> @module confgen context(source) name(myself) exec("/bin/hostname")
> source primary { tcp( localip( myself() ) port(514) ); };
> log { source(primary); destination(d_my_dest); };
>
>
> works like a charm and listens on the IP address of my hosts primary interface.
>
> But this will not work.
>
> @module confgen context(source) name(myself) exec("/bin/hostname")
> source self { tcp(localip(localhost) port(1514) );
> };
> rewrite r_self {
>          set( "myself()", value("HOST") );
> };
> log {
>        source(self); rewrite(r_self);
> };

In the second case, you will have to change the context(source) to
context(rewrite),  and unquote myself().

You can test the expansion with:
 syslog-ng -s --preprocess-into=/dev/stdout -f /path/to/syslog-ng.conf

With the context changed and myself() unquoted, the above expands to:

,----
| @module confgen context(rewrite) name(myself) exec("/bin/hostname")
| source self { tcp(localip(localhost) port(1514) );
| };
| rewrite r_self {
|              set( hadhodrond
| , value("HOST") );
| }};
| log {
|            source(self); rewrite(r_self);
| };
`----

That should work, I think,  but I haven't tested it.

The basic idea behind confgen, though, is that it generates
syslog-ng.conf snippets, which are then inserted into the buffer as if
it was there like that to begin with, so the parser will go through it
too.

> What I am trying to do is accept TCP connections from applications on the host, and change the SOURCEHOST to
> be the actual host name rather than the text "localhost".

I'd probably do it in a very different way: using template(), because
that's more efficient than rewrite.

-- 
|8]