[syslog-ng] Setting and using variables
Faine, Mark R. (MSFC-IS40)[NICS]
mark.faine at nasa.gov
Mon Mar 25 13:07:17 UTC 2019
Thank you both, this is very helpful. I can use this. Is it only possible to set variables by adding to the message? Can variables exist outside of the message?
-Mark
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> On Behalf Of Péter, Kókai
Sent: Saturday, March 23, 2019 4:34 AM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Setting and using variables
Hello,
You could use *rewrite* rule to add nv-pair to each message:
log {
source(s_local);
if (message('a')) {
rewrite {
set("foo" value("app"));
set("bar" value("location"));
};
}
elif (message('b')) {
rewrite {
set("foob" value("app"));
set("barb" value("location"));
};
}
else {
rewrite {
set("default" value("app"));
set("default" value("location"));
};
};
destination {
file("/dev/stdout" template("$app $location\n"));
};
};
Something like this.
--
Kokan
On Fri, Mar 22, 2019 at 2:37 PM Faine, Mark R. (MSFC-IS40)[NICS] <mark.faine at nasa.gov<mailto:mark.faine at nasa.gov>> wrote:
Is there a way to set variables in syslog-ng?
I have a log path with about 20 if/else branches and each one does a unnamed destination for that branch:
log {
source(pan_splunk);
if ( tags('mytag') ) {
destination {
file("/var/log/remote/backup/$HOST/asa/${HOST}_asa.log"
create-dirs(yes) dir-owner("splunk") dir-group("splunk") dir-perm(0750));
};
} elif ( message('something else') ) {
destination {
file("/var/log/remote/backup/$HOST/pubfw/${HOST}_pubfw.log"
create-dirs(yes) dir-owner("splunk") dir-group("splunk") dir-perm(0750));
};
} elif {
filter { message('foo') or
message('bar') or
message('baz') or
...
I'd need to introduce another directory level as a variable and I'd also like to change an existing part of the path to a variable so that then I could then do something like this:
if ( tags('mytag') ) {
app = asa
location = msfc
elif
...
and at the end I could then just do a single destination that had a file path with the variables
file("/var/log/remote/backup/$location/$HOST/$app/${HOST}_$app.log"
Thanks,
-Mark
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.balabit.hu_mailman_listinfo_syslog-2Dng&d=DwMFaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=zMyZvtxRXMBKZZYKVMke9zplWK320p3d51BzuU4jwWo&m=0oCgkJqh7N_Ja-VdtmDlAS5pzhA0puqJm8zcAaXJyjY&s=YY8TzLxmhOq_o7pu7ONHbV6I7OVpIy1P7TQUfp_hm8M&e=>
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.balabit.com_support_documentation_-3Fproduct-3Dsyslog-2Dng&d=DwMFaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=zMyZvtxRXMBKZZYKVMke9zplWK320p3d51BzuU4jwWo&m=0oCgkJqh7N_Ja-VdtmDlAS5pzhA0puqJm8zcAaXJyjY&s=DrlT7sUf5X_xKiPK3ca7WDhiw-xr4D7mtnSfL2yXiAQ&e=>
FAQ: http://www.balabit.com/wiki/syslog-ng-faq<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.balabit.com_wiki_syslog-2Dng-2Dfaq&d=DwMFaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=zMyZvtxRXMBKZZYKVMke9zplWK320p3d51BzuU4jwWo&m=0oCgkJqh7N_Ja-VdtmDlAS5pzhA0puqJm8zcAaXJyjY&s=LvSPfbLLubjWgsCznHSgC7oIi6YzCi5LjVylqe_y5f8&e=>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190325/39e3180e/attachment.html>
More information about the syslog-ng
mailing list