[syslog-ng] Question on custom log writer message output
Dylan Kulesza
dylan.kulesza at gmail.com
Sun May 12 23:42:18 CEST 2013
Ok, after getting some rest and experimenting, I determined the solution.
Creating a custom logformat had potential for a solution, but really wasn't
the ideal way. After digging in the code more and stumbling on the
logproto.c file (specifically the _frame_ functions), I was able to create
my own frame handler for my module.
Essentially,
Created a custom framed_client_post that encapsulated messages to the
destination protocol. This seems to keep true to the logproto intent.
Assigned the custom proto when issuing a log_writer_reopen and life is good.
Next challenge is how to prevent dropped messages in high volume
scenarios...
On Wed, May 8, 2013 at 5:38 PM, Dylan Kulesza <dylan.kulesza at gmail.com>wrote:
> I'm working on a custom module to integrate with a third parties native
> log format. My intent is to have messages come into syslog-ng and
> processed as usual and then sent out a custom destination driver.
>
> Right now I've hacked together different code to make it work (tcp socket
> connection per log source) and now I'm at the point of actually sending a
> custom message. I've tried to stay as "true" to the syslog-ng as possible
> and have leveraged the log_forward_msg method to send my LogMessage. I was
> hoping I could just prepend data to the LogMessage but realized after doing
> all the other leg work that it wasn't a simple string :)
>
> So, my question is - what would the easiest way to leverage the existing
> queue->log_forward_msg (doesn't require the socket to be open vs examples
> such as spoof_source in afsocket) to write a custom message? I see that
> LogTemplate may have what I need, but after submerging myself in syslog-ng
> for the past week I'm not seeing clearly... Can anyone lend a hint/helping
> hand?
>
> What I'm trying to do:
>
> Open Socket
> Send Magic/StartPacket
>
> Prepend all log messages with a byte message - for example:
>
> 040404040400010MESSAGE (Of course Message would be in bytes/hex).
>
> It seems I would create an NVENTRY for my prepend message and then
> override log_writer_format_log? to do this? Not 100% clear how I would
> accomplish this. I also don't want to change any of the core/lib syslog-ng
> to accomplish this. Should be implemented purely as a module.
>
>
> Thanks!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20130512/497ec395/attachment.htm
More information about the syslog-ng
mailing list