[syslog-ng] if condition

Thu Aug 15 16:47:59 UTC 2019

Hello,

So you are going to need something that differentiate the two type of machines.
For example if there is an environment variable you can depend on, syslog-ng could get that information via stubtitution:

<code>
destination { network("`my-env-variable-that-contains-an-ip`"); };
</code>

The *my-env-variable-that-contains-an-ip* environment variable is going to be pasted in the above configuration (you could use that substitution in differnet places, creating a condition like you wanted a possiblity with this). When the replacement happens the environment variable is the last thing syslog-ng looks for (first it looks for thing like @define name value).

There is no condition like in C preprocessing #if, still you could use a trick to get similiar.

Let's have an env variable GROUP_NAME=A or B

<code>
@version: 3.22

block root Ateam()
{
log {
 destination clnt { udp("remote-box-a" port(514)); };
 log { source(src); filter(f_messages); destination(clnt); };
};
};

block root Bteam()
{
log {
 destination clnt { udp("remote-box-b" port(514)); };
 log { source(src); filter(f_messages); destination(clnt); };
};
};

`GROUP_NAME`team();

</code>

This is not something I encorage you to do, just show that it is possible this way.

--
Kokan

On Thu, Aug 15, 2019 at 07:06:28PM +0300, Alexey Vlasov wrote:
> CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
> 
> 
> Hi,
> 
> I would like to optimize my syslong-ng.conf file thus it could be used
> on some boxes without any changing.
> Now I have a few modifications of syslong-ng.conf on each server to copy
> logs to remote box.
> 
> For example, group of hosts A*
> ==============================
> A1-machine (it is its hostname) has:
> destination clnt { udp("remote-box-a" port(514)); };
> log { source(src); filter(f_messages); destination(clnt); };
> ==============================
> 
> ==============================
> A2-machine has:
> destination clnt { udp("remote-box-a" port(514)); };
> log { source(src); filter(f_messages); destination(clnt); };
> ==============================
> 
> and group of hosts B*
> 
> ==============================
> B1-machine has:
> destination clnt { udp("remote-box-b" port(514)); };
> log { source(src); filter(f_messages); destination(clnt); };
> ==============================
> 
> ==============================
> B2-machine has:
> destination clnt { udp("remote-box-b" port(514)); };
> log { source(src); filter(f_messages); destination(clnt); };
> ==============================
> 
> Is there possible to write something like that
> 
> If (${HOSTNAME} ~ ^A) use remote-box-a
> If (${HOSTNAME} ~ ^B) use remote-box-b
> 
> Thanks in advance!
> ______________________________________________________________________________
> Member info: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cpeter.kokai%40oneidentity.com%7C163aa3e35fe94d791ac808d7219a8c4c%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637014820005974985&sdata=HpYwlUr1IHKsdyXl9E2RVmvd8qaJeU1t1IS96VIobNY%3D&reserved=0
> Documentation: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Cpeter.kokai%40oneidentity.com%7C163aa3e35fe94d791ac808d7219a8c4c%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637014820005974985&sdata=E6Q94nvvDQfOmm62YI3mgGaji6l9cy8gNJXuRuF4mJ8%3D&reserved=0
> FAQ: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Cpeter.kokai%40oneidentity.com%7C163aa3e35fe94d791ac808d7219a8c4c%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637014820005974985&sdata=st4NEQ7KYkqRBRCU%2F4sLAKERwS4biI9I75n2tlaZdC0%3D&reserved=0
> 