[syslog-ng] Problems with syslog-ng 3.7.3 + mod_confgen

Jorge Pereira jpereiran at gmail.com
Thu Sep 1 04:52:26 CEST 2016


Hi,

thanks so much! works well!

--
Jorge Pereira

On Thu, Aug 18, 2016 at 1:06 PM, Scheidler, Balázs <
balazs.scheidler at balabit.com> wrote:

>
> the @confgen line only registers a source driver named s_nginx_modsec_log
> that you'll have to use in order to expand this in your configuration file.
>
> @confgen is assumed to be used at the top level, whereas the driver being
> declared as a normal source statement.
>
>
> @module confgen context(source) name(s_nginx_modsec_log)
> exec("/etc/syslog-ng/scripts/confgen-modsec-skeleton.sh")
>
> log {
>     source { s_nginx_modsec_log(); };
>     destination(d_collector);
> };
>
> Your source name uses the conventions of a source drive (the s_ prefix),
> so you probably assumed that it is declaring a source, but it isn't. It
> defines a source driver.
>
>
> --
> Bazsi
>
> On Wed, Aug 17, 2016 at 9:42 PM, Jorge Pereira <jpereiran at gmail.com>
> wrote:
>
>> Hi guys,
>>
>> somebody could help?
>>
>> --
>> Jorge Pereira
>>
>> On Fri, Aug 12, 2016 at 3:15 AM, Jorge Pereira <jpereiran at gmail.com>
>> wrote:
>>
>>> Hi guys!
>>>
>>> Following the sample described in https://www.balabit.com/doc
>>> uments/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-ad
>>> min/html/generating-configuration-blocks.html
>>>
>>> 1) I have my 'confgen' script that prints the below *file()* entries.
>>> (p.s: these files has content.)
>>>
>>> # /etc/syslog-ng/scripts/confgen-modsec-skeleton.sh
>>> file("/opt/nginx/logs/waf/www.cocada.com" program_override("ng_modsec")
>>> flags(no-parse));
>>> file("/opt/nginx/logs/waf/www.caipirinha.com"
>>> program_override("ng_modsec") flags(no-parse));
>>> #
>>>
>>> 2) My config set:
>>>
>>> # cat /etc/syslog-ng/conf.d/nginx_modsec.conf
>>> options {
>>>     threaded(yes);
>>>     flush_lines(0);
>>>     use-dns(no);
>>>     normalize-hostnames(yes);
>>>     keep-hostname(yes);
>>> };
>>>
>>> destination d_collector {
>>>     tcp("192.168.1.248" port(514)  keep-alive(on)  );
>>> };
>>>
>>> log {
>>> @module confgen context(source) name(s_nginx_modsec_log)
>>> exec("/etc/syslog-ng/scripts/confgen-modsec-skeleton.sh")
>>>     destination(d_collector);
>>> };
>>>
>>> #
>>>
>>> Conclusion: The syslog-ng doesn't call the script at any time.
>>>
>>> # strace -fff /usr/sbin/syslog-ng -dvte 2>&1 | grep "confgen-modsec"
>>>
>>> p.s: I have 'confgen' support.
>>>
>>> # syslog-ng --version | grep confgen
>>> Available-Modules: syslogformat,kvformat,afamqp,s
>>> djournal,system-source,afuser,json-plugin,dbparser,affile,af
>>> socket,linux-kmsg-format,afmongodb,mod-python,*confgen*,csvpar
>>> ser,pseudofile,afsql,afprog,afstomp,cryptofuncs,graphite,basicfuncs
>>> #
>>>
>>> I appreciate any help.
>>>
>>> Best,
>>> Jorge Pereira
>>>
>>
>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=
>> syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160831/887e4bb0/attachment.htm 


More information about the syslog-ng mailing list