[syslog-ng] Problems with syslog-ng 3.7.3 + mod_confgen
Jorge Pereira
jpereiran at gmail.com
Fri Aug 12 08:15:47 CEST 2016
Hi guys!
Following the sample described in
https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/generating-configuration-blocks.html
1) I have my 'confgen' script that prints the below *file()* entries. (p.s:
these files has content.)
# /etc/syslog-ng/scripts/confgen-modsec-skeleton.sh
file("/opt/nginx/logs/waf/www.cocada.com" program_override("ng_modsec")
flags(no-parse));
file("/opt/nginx/logs/waf/www.caipirinha.com" program_override("ng_modsec")
flags(no-parse));
#
2) My config set:
# cat /etc/syslog-ng/conf.d/nginx_modsec.conf
options {
threaded(yes);
flush_lines(0);
use-dns(no);
normalize-hostnames(yes);
keep-hostname(yes);
};
destination d_collector {
tcp("192.168.1.248" port(514) keep-alive(on) );
};
log {
@module confgen context(source) name(s_nginx_modsec_log)
exec("/etc/syslog-ng/scripts/confgen-modsec-skeleton.sh")
destination(d_collector);
};
#
Conclusion: The syslog-ng doesn't call the script at any time.
# strace -fff /usr/sbin/syslog-ng -dvte 2>&1 | grep "confgen-modsec"
p.s: I have 'confgen' support.
# syslog-ng --version | grep confgen
Available-Modules:
syslogformat,kvformat,afamqp,sdjournal,system-source,afuser,json-plugin,dbparser,affile,afsocket,linux-kmsg-format,afmongodb,mod-python,
*confgen*
,csvparser,pseudofile,afsql,afprog,afstomp,cryptofuncs,graphite,basicfuncs
#
I appreciate any help.
Best,
Jorge Pereira
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160812/48e8c12a/attachment.htm
More information about the syslog-ng
mailing list