[syslog-ng] Problems with syslog-ng 3.7.3 + mod_confgen
Scheidler, Balázs
balazs.scheidler at balabit.com
Thu Aug 18 18:06:41 CEST 2016
the @confgen line only registers a source driver named s_nginx_modsec_log
that you'll have to use in order to expand this in your configuration file.
@confgen is assumed to be used at the top level, whereas the driver being
declared as a normal source statement.
@module confgen context(source) name(s_nginx_modsec_log)
exec("/etc/syslog-ng/scripts/confgen-modsec-skeleton.sh")
log {
source { s_nginx_modsec_log(); };
destination(d_collector);
};
Your source name uses the conventions of a source drive (the s_ prefix), so
you probably assumed that it is declaring a source, but it isn't. It
defines a source driver.
--
Bazsi
On Wed, Aug 17, 2016 at 9:42 PM, Jorge Pereira <jpereiran at gmail.com> wrote:
> Hi guys,
>
> somebody could help?
>
> --
> Jorge Pereira
>
> On Fri, Aug 12, 2016 at 3:15 AM, Jorge Pereira <jpereiran at gmail.com>
> wrote:
>
>> Hi guys!
>>
>> Following the sample described in https://www.balabit.com/doc
>> uments/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-
>> admin/html/generating-configuration-blocks.html
>>
>> 1) I have my 'confgen' script that prints the below *file()* entries.
>> (p.s: these files has content.)
>>
>> # /etc/syslog-ng/scripts/confgen-modsec-skeleton.sh
>> file("/opt/nginx/logs/waf/www.cocada.com" program_override("ng_modsec")
>> flags(no-parse));
>> file("/opt/nginx/logs/waf/www.caipirinha.com"
>> program_override("ng_modsec") flags(no-parse));
>> #
>>
>> 2) My config set:
>>
>> # cat /etc/syslog-ng/conf.d/nginx_modsec.conf
>> options {
>> threaded(yes);
>> flush_lines(0);
>> use-dns(no);
>> normalize-hostnames(yes);
>> keep-hostname(yes);
>> };
>>
>> destination d_collector {
>> tcp("192.168.1.248" port(514) keep-alive(on) );
>> };
>>
>> log {
>> @module confgen context(source) name(s_nginx_modsec_log)
>> exec("/etc/syslog-ng/scripts/confgen-modsec-skeleton.sh")
>> destination(d_collector);
>> };
>>
>> #
>>
>> Conclusion: The syslog-ng doesn't call the script at any time.
>>
>> # strace -fff /usr/sbin/syslog-ng -dvte 2>&1 | grep "confgen-modsec"
>>
>> p.s: I have 'confgen' support.
>>
>> # syslog-ng --version | grep confgen
>> Available-Modules: syslogformat,kvformat,afamqp,s
>> djournal,system-source,afuser,json-plugin,dbparser,affile,
>> afsocket,linux-kmsg-format,afmongodb,mod-python,*confgen*,
>> csvparser,pseudofile,afsql,afprog,afstomp,cryptofuncs,graphite,basicfuncs
>> #
>>
>> I appreciate any help.
>>
>> Best,
>> Jorge Pereira
>>
>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160818/2959a084/attachment.htm
More information about the syslog-ng
mailing list