[syslog-ng] Setting and using variables

Péter, Kókai peter.kokai at oneidentity.com
Sat Mar 23 09:33:38 UTC 2019 

Hello,

You could use *rewrite* rule to add nv-pair to each message:

log {
        source(s_local);

        if (message('a')) {
                rewrite {
                        set("foo" value("app"));
                        set("bar" value("location"));
                };
        }
        elif (message('b')) {
                rewrite {
                        set("foob" value("app"));
                        set("barb" value("location"));
                };
        }
        else {
                rewrite {
                        set("default" value("app"));
                        set("default" value("location"));
                };
        };


        destination {
                file("/dev/stdout" template("$app $location\n"));
        };
};

Something like this.

--
Kokan


On Fri, Mar 22, 2019 at 2:37 PM Faine, Mark R. (MSFC-IS40)[NICS] <
mark.faine at nasa.gov> wrote:

> Is there a way to set variables in syslog-ng?
>
> I have a log path with about 20  if/else branches and each one does a
> unnamed destination for that branch:
>
> log {
>      source(pan_splunk);
>      if ( tags('mytag') ) {
>          destination {
>            file("/var/log/remote/backup/$HOST/asa/${HOST}_asa.log"
>            create-dirs(yes) dir-owner("splunk") dir-group("splunk")
> dir-perm(0750));
>          };
>      } elif ( message('something else') ) {
>          destination {
>            file("/var/log/remote/backup/$HOST/pubfw/${HOST}_pubfw.log"
>            create-dirs(yes) dir-owner("splunk") dir-group("splunk")
> dir-perm(0750));
>          };
>      } elif {
>          filter { message('foo')   or
>              message('bar')           or
>              message('baz')  or
>      ...
>
> I'd need to introduce another directory level as a variable and I'd also
> like to change an existing part of the path to a variable so that then I
> could then do something like this:
>
> if ( tags('mytag') ) {
>     app = asa
>     location = msfc
> elif
> ...
>
> and at the end I could then just do a single destination that had a file
> path with the variables
> file("/var/log/remote/backup/$location/$HOST/$app/${HOST}_$app.log"
>
> Thanks,
> -Mark
>
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190323/a5abc3fd/attachment.html>

More information about the syslog-ng mailing list