[syslog-ng] Setting and using variables

Faine, Mark R. (MSFC-IS40)[NICS] mark.faine at nasa.gov
Mon Mar 25 13:17:11 UTC 2019 

Can you expand on how the FILE_NAME macro could be used?  I don't understand how it could be helpful.  The documentation says it the location where syslog-ng received the message.  The messages are coming from a network source, my goal is to categorize them into separate files on the filesystem based on various filter matches.  I must be missing something.

Thanks,
-Mark

Mark Faine
System Administrator
SAIC/NICS
215 Wynn Dr. 5065
Huntsville, AL 35805
256-961-1295 (Desk)
256-617-4861 (Work Cell)


-----Original Message-----
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> On Behalf Of Fabien Wernli
Sent: Monday, March 25, 2019 3:39 AM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Setting and using variables

Hi Mark,

On Fri, Mar 22, 2019 at 01:37:29PM +0000, Faine, Mark R. (MSFC-IS40)[NICS] wrote:
> Is there a way to set variables in syslog-ng?

You can set arbitrary variables or tags using a rewrite:

    rewrite r_my_tags_and_vars {
      set-tag('foo');
      set('foo', value('bar'));
    };

In your particular example, you could also use the existing FILE_NAME macro.

Cheers

______________________________________________________________________________
Member info: https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.balabit.hu_mailman_listinfo_syslog-2Dng&d=DwIGaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=zMyZvtxRXMBKZZYKVMke9zplWK320p3d51BzuU4jwWo&m=7atuE2TPGLZZlvXDPbhZ1mTl6KiGUmCz3L2K_UhwcF4&s=zOv0d2SYvwmof7DGX3MKkqaR7ZBTZCnTLrB6QMErDIA&e=
Documentation: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.balabit.com_support_documentation_-3Fproduct-3Dsyslog-2Dng&d=DwIGaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=zMyZvtxRXMBKZZYKVMke9zplWK320p3d51BzuU4jwWo&m=7atuE2TPGLZZlvXDPbhZ1mTl6KiGUmCz3L2K_UhwcF4&s=RsVHvtFj_2_BPFIe-XpmsN8BS8s3p5lXTD72lLZzqVo&e=
FAQ: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.balabit.com_wiki_syslog-2Dng-2Dfaq&d=DwIGaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=zMyZvtxRXMBKZZYKVMke9zplWK320p3d51BzuU4jwWo&m=7atuE2TPGLZZlvXDPbhZ1mTl6KiGUmCz3L2K_UhwcF4&s=rRG0Vcu6Yz-9ims4x9Q7wceSM87168m5FQ0bJ5KUMkg&e=

More information about the syslog-ng mailing list