[syslog-ng] Setting and using variables

Faine, Mark R. (MSFC-IS40)[NICS] mark.faine at nasa.gov
Mon Mar 25 15:17:22 UTC 2019


Forgive my use of "then", I'm used to an 'if' having a 'then'. :)  I've corrected it and I'm getting a clean syntax check.  About to test it now.  

Thanks,
-Mark

Mark Faine
System Administrator
SAIC/NICS
215 Wynn Dr. 5065
Huntsville, AL 35805
256-961-1295 (Desk)
256-617-4861 (Work Cell)


-----Original Message-----
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> On Behalf Of Faine, Mark R. (MSFC-IS40)[NICS]
Sent: Monday, March 25, 2019 10:04 AM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: [non-nasa source] Re: [syslog-ng] Setting and using variables

Thanks, yes, I eventually figured that out, but that means that template is not needed.  I don't need to change the format of the message only the destination path.

I don't know if I can do file attachments here so I'll summarize:
 (I've sanitized and stripped out lines to make it shorter)

destination d_file {
  file("/var/log/remote/backup/$location/$HOST/$app/${HOST}_$app.log")
  create-dirs(yes) dir-owner("splunk") dir-group("splunk") dir-perm(0750)); );

In addition, I have a path that throws out some messages:
log {
  source(pan_splunk);
  if {...
     destination {
       file("/dev/null");
     };
   };
};

I then have a log path that first sets the location variable in the message:

if ( message('afrc') then {
  rewrite {
    set("afrc" value("location"));
  };
} elif ...
...
} else {
  rewrite {
    set("unknown" value("location"));
  };
};

Then it sets the app variable:

if ( tags('ASA-') ) {
  rewrite {
    set("asa" value("app"));
  };
} elif ...
} else {
  rewrite {
    set("misc" value("app"));
   };
};

Then I set the destination to the file destination:
destination(d_file);



Mark Faine
System Administrator
SAIC/NICS
215 Wynn Dr. 5065
Huntsville, AL 35805
256-961-1295 (Desk)
256-617-4861 (Work Cell)


-----Original Message-----
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> On Behalf Of Fabien Wernli
Sent: Monday, March 25, 2019 9:24 AM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Setting and using variables

I think you're misunderstanding the template concept.
A template is there to tell syslog-ng in what format each message will be written to the destination.

I might be misunderstanding, but if you want the same template, different files but only one destination, this could be what you want:

          template my_template {
            template("$DATE $HOST $PROGRAM $MESSAGE\n");
          };

					destination d_file {
					    file(
					      "/var/log/remote/backup/$location/$HOST/$app/${HOST}_$app.log"
					      template(my_template)
					    );
					};


______________________________________________________________________________
Member info: https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.balabit.hu_mailman_listinfo_syslog-2Dng&d=DwIGaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=zMyZvtxRXMBKZZYKVMke9zplWK320p3d51BzuU4jwWo&m=2RhKS8JNZLbUbwsMClabp-IOhnu7Qnsz4O7A4ylvhOk&s=lQbldBZoGkVKwkxpAI1vFE7Fki_xq0Mzgb8pFi1NbdE&e=
Documentation: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.balabit.com_support_documentation_-3Fproduct-3Dsyslog-2Dng&d=DwIGaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=zMyZvtxRXMBKZZYKVMke9zplWK320p3d51BzuU4jwWo&m=2RhKS8JNZLbUbwsMClabp-IOhnu7Qnsz4O7A4ylvhOk&s=Oo6bcOBnIuPu9zwEisizzZOUY-K2itCrVTT1baadvF0&e=
FAQ: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.balabit.com_wiki_syslog-2Dng-2Dfaq&d=DwIGaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=zMyZvtxRXMBKZZYKVMke9zplWK320p3d51BzuU4jwWo&m=2RhKS8JNZLbUbwsMClabp-IOhnu7Qnsz4O7A4ylvhOk&s=QcxnlSZboss6Pix4ajrwn0wzdwtnfEVNeM2C0kZfNCQ&e=

______________________________________________________________________________
Member info: https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.balabit.hu_mailman_listinfo_syslog-2Dng&d=DwIGaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=zMyZvtxRXMBKZZYKVMke9zplWK320p3d51BzuU4jwWo&m=ulQ1lkY0tinxHSwMrZq3Sf1UDvgQHy70RL6eLTTBJVM&s=5ZAeZaX0_-ZHV1qpRGUY9F1ivYokG1UT3-jx9cYHNew&e=
Documentation: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.balabit.com_support_documentation_-3Fproduct-3Dsyslog-2Dng&d=DwIGaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=zMyZvtxRXMBKZZYKVMke9zplWK320p3d51BzuU4jwWo&m=ulQ1lkY0tinxHSwMrZq3Sf1UDvgQHy70RL6eLTTBJVM&s=nPkTdZ8PHRHdWflbP1r0P30cO2IR2AZfioDfPK9QOlI&e=
FAQ: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.balabit.com_wiki_syslog-2Dng-2Dfaq&d=DwIGaQ&c=ApwzowJNAKKw3xye91w7BE1XMRKi2LN9kiMk5Csz9Zk&r=zMyZvtxRXMBKZZYKVMke9zplWK320p3d51BzuU4jwWo&m=ulQ1lkY0tinxHSwMrZq3Sf1UDvgQHy70RL6eLTTBJVM&s=PAVTUJjV5hb854nNqP0uYPCzK5E5f9B91LZESplEk80&e=



More information about the syslog-ng mailing list