[syslog-ng] Dynamic collection name in MongoDb

Peter Kokai (pkokai) Peter.Kokai at oneidentity.com
Thu Aug 15 17:48:39 UTC 2019 

Hello,

Currently mongodb destination only accepts string for collection and not templates, this is the reason it won't recognizes.

The code should be modified for such thing.

Only alternative that I see now if the possible values of *$M_ADDRESS* is finite and known you can create a separate mongo destination for each of them and do a branching directing to the proper destination each messages.

<code>
block root afmongo-template(collection())
{
   if (match("`collection`" template("$M_ADDRESS"))) {
   destination {
     mongodb( ... collection("`collection`") ...);
   };
   };
};

log {
   ...

   afmongo-template(collection("A"));  
   afmongo-template(collection("B"));  
   # and so on ...

};
</code>

This is not something I would highly recommend, but could work. Also please note that I did not try the config above (not even syntax check), that just to cover the basic idea.
If this is something that your are willing to do I could invest more time to tidy up some config.

--
Kokan

On Thu, Aug 15, 2019 at 12:07:05PM -0400, PC LP wrote:
> CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
> 
> Hi,
> 
> I am retrieving the value for $M_ADDRESS from the Syslog message using patterndb.
> 
> $M_ADDRESS  is a unique value. Based on that I have to create the collection in MongoDB dynamically. If I provide the value like below it is not recognizing
> 
> collection("$M_ADDRESS")
> 
> Is there any alternate way to create it? Please advise.
> 
> Regards,
> PCLP.
> 

> ______________________________________________________________________________
> Member info: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CPeter.Kokai%40oneidentity.com%7C611b3d4cc19e4d8b08f108d7219aa60e%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637014820431286258&sdata=vks4g9JKWaWso4etBL1N58ecyD9OF7fYF6zidaZIKbo%3D&reserved=0
> Documentation: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CPeter.Kokai%40oneidentity.com%7C611b3d4cc19e4d8b08f108d7219aa60e%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637014820431286258&sdata=pCYXZi6PnFEaUBpUFETLmeVr0cd%2BuPdAfLN%2F8RcRbts%3D&reserved=0
> FAQ: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CPeter.Kokai%40oneidentity.com%7C611b3d4cc19e4d8b08f108d7219aa60e%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637014820431286258&sdata=6Rml1OekCqlmiqQNt4No3iM1M%2FXZiC9vqqJbh3DEwt0%3D&reserved=0
>

More information about the syslog-ng mailing list