[syslog-ng] Setting and using variables
Faine, Mark R. (MSFC-IS40)[NICS]
mark.faine at nasa.gov
Mon Mar 25 13:27:25 UTC 2019
I’m looking through the documentation at templates, macros, and destinations. Every example I see is something like yours where it is
destination {
file("<path>" "<template>"));
};
What I'd like to do is something more like:
A single template:
template log_path {
template("/var/log/remote/backup/$location/$HOST/$app/${HOST}_$app.log");
};
A single destination:
destination d_file {
file(template(log_path));
};
Then in my if/else do as you have demonstrated:
rewrite {
set("foo" value("app"));
set("bar" value("location"));
};
With the result being that all the files use the same destination which uses the same template.
Is this possible? The examples I've seen so far would seem to suggest that it wouldn't.
Thanks,
-Mark
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> On Behalf Of Péter, Kókai
Sent: Saturday, March 23, 2019 4:34 AM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Setting and using variables
Hello,
You could use *rewrite* rule to add nv-pair to each message:
log {
source(s_local);
if (message('a')) {
rewrite {
set("foo" value("app"));
set("bar" value("location"));
};
}
elif (message('b')) {
rewrite {
set("foob" value("app"));
set("barb" value("location"));
};
}
else {
rewrite {
set("default" value("app"));
set("default" value("location"));
};
};
destination {
file("/dev/stdout" template("$app $location\n"));
};
};
Something like this.
--
Kokan
On Fri, Mar 22, 2019 at 2:37 PM Faine, Mark R. (MSFC-IS40)[NICS] <mailto:mark.faine at nasa.gov> wrote:
Is there a way to set variables in syslog-ng?
I have a log path with about 20 if/else branches and each one does a unnamed destination for that branch:
log {
source(pan_splunk);
if ( tags('mytag') ) {
destination {
file("/var/log/remote/backup/$HOST/asa/${HOST}_asa.log"
create-dirs(yes) dir-owner("splunk") dir-group("splunk") dir-perm(0750));
};
} elif ( message('something else') ) {
destination {
file("/var/log/remote/backup/$HOST/pubfw/${HOST}_pubfw.log"
create-dirs(yes) dir-owner("splunk") dir-group("splunk") dir-perm(0750));
};
} elif {
filter { message('foo') or
message('bar') or
message('baz') or
...
I'd need to introduce another directory level as a variable and I'd also like to change an existing part of the path to a variable so that then I could then do something like this:
if ( tags('mytag') ) {
app = asa
location = msfc
elif
...
and at the end I could then just do a single destination that had a file path with the variables
file("/var/log/remote/backup/$location/$HOST/$app/${HOST}_$app.log"
Thanks,
-Mark
______________________________________________________________________________
Member info: https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.balabit.hu_mailman_listinfo_syslog-2Dng&d=DwMFaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=zMyZvtxRXMBKZZYKVMke9zplWK320p3d51BzuU4jwWo&m=0oCgkJqh7N_Ja-VdtmDlAS5pzhA0puqJm8zcAaXJyjY&s=YY8TzLxmhOq_o7pu7ONHbV6I7OVpIy1P7TQUfp_hm8M&e=
Documentation: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.balabit.com_support_documentation_-3Fproduct-3Dsyslog-2Dng&d=DwMFaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=zMyZvtxRXMBKZZYKVMke9zplWK320p3d51BzuU4jwWo&m=0oCgkJqh7N_Ja-VdtmDlAS5pzhA0puqJm8zcAaXJyjY&s=DrlT7sUf5X_xKiPK3ca7WDhiw-xr4D7mtnSfL2yXiAQ&e=
FAQ: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.balabit.com_wiki_syslog-2Dng-2Dfaq&d=DwMFaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=zMyZvtxRXMBKZZYKVMke9zplWK320p3d51BzuU4jwWo&m=0oCgkJqh7N_Ja-VdtmDlAS5pzhA0puqJm8zcAaXJyjY&s=LvSPfbLLubjWgsCznHSgC7oIi6YzCi5LjVylqe_y5f8&e=
More information about the syslog-ng
mailing list