[syslog-ng] group name being a function of the $HOST macro?

[syslog-ng at v3-1347.vlinux.de]

Hello all,

presently, I have a generic (so-to-say "zero configuration")
destination in my syslog-ng.conf, 

  destination d_host_month_facility_level {file("/var/log/$HOST/$YEAR-$MONTH.$FACILITY.$LEVEL"); };

, which works fine for my purposes.

Presently, I have some scripts, processing log data, which have to run
under "root", since the syslog files are all created with default
owner("root") and perm("600").

I'd like to have such scripts running under less privileged accounts,
that are member of a log source specific group.

My first attempt was a

  destination d_host_month_facility_level { file("/var/log/$HOST/$YEAR-$MONTH.$FACILITY.$LEVEL" group("syslog_$HOST_r") perm(0640)); };

, but results in an error

Error resolving group; group='syslog_$HOST_r'

, which shows, that in the context of a "group()" parameter, the $HOST
macro seem to be not evaluated.

Does anybody here see another means, that would allow me to achieve
something like the above without going away from my beloved generic
single destination specification? 

Ideally, what I would like to achieve further to get an abstraction
away from the hostname itself, is to have a mapping from $HOST to
something that I can specify in a kind of conditional statement like  

  if  $HOST == "my_box"
    then
      groupname="user_machine_log_reader"
    else
      if  $HOST == "some_of_my_routers"
        then
          groupname="wan_log_reader"
        else
          if  $HOST == "some_other_of_my_routers"
            then
              groupname="firewall_log_reader"
            else
              groupname="$HOST"

and finally, of course, a generic 'group("$groupname")' parameter to
get it into position.


Any ideas?


Best regards and thanks.