[syslog-ng] Set log directory based on the source

Frank DiGennaro frank at digennaro.com
Mon Feb 17 14:15:01 UTC 2020


Hello;
    Thanks for the input but I am still missing something here. This is what I have implemented but still can't get it to work.
Thanks;
Frank

@define server-logdir "/var/log"
@define client-logdir "/var/log/CLIENTS/$YEAR/$MONTH_ABBREV/$DAY/$HOST"
@define logdir ""

rewrite r_logdir {
    set(
        "server-logdir"
        value( "logdir" )
        condition( source( "s_local" ) )
    );
    set(
        "client-logdir"
        value( "logdir" )
        condition( source( "s_network" ) )
    );
};

source s_local {
...
};

source s_network {
...
};

destination d_cron {
        file( "`logdir`/cron.log" );
};

log {
    source( s_local );
    source( s_network );
    rewrite(r_logdir);
    filter( f_cron );
    destination( d_cron );
};

-----Original Message-----
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> On Behalf Of Peter Kokai (pkokai)
Sent: Thursday, January 30, 2020 12:14 PM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Set log directory based on the source

Hello,

You could use macro in order to create different logpath with one file destination:

```
destination d_local0 {
  file( "${LOGDIR}/local/local0.log" );
};
```

This is going to create a path based on the current logmessage $LOGDIR variable/macro.

The question remains how to calculate $LOGDIR.
One option you could use:

```
source s_local0 {
        internal();
};

source s_network {
        network(port(1111));
};

destination d_local {
        file("${LOGDIR}/some/path.txt"); };

rewrite r_logdir {
  set("logdir-server" value("LOGDIR") condition( source("s_network") ) );
  set("logdir-client" value("LOGDIR") condition( source("s_local0") ) ); };

log {
        source(s_local0);
        source(s_network);

        rewrite(r_logdir);

        destination(d_local);
};
```

The rewrite possible can be replaced, but if you have low number of different path I guess it is enough. (Also you could write more complex condition for different logdir names.)

--
Kokan

On Thu, Jan 30, 2020 at 11:25:26AM -0500, Frank DiGennaro wrote:
> CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
> 
> Hello;
>     I'm somewhat of a newbie when it comes to syslog-ng so forgive me if the question is somewhat basic. I am running syslog-ng 3.25 on both server and clients and would like to set a variable based on the source. This is what I have:
> 
> @define server-logdir "/var/log"
> @define client-logdir "/var/log/CLIENTS/$YEAR/$MONTH_ABBREV/$DAY/$HOST"
> @define logdir ""
> 
> source s_local {
>     logdir `server-logdir`;  *No!
>     ...
>     ...
> };
> source s_network {
>     logdir `client-logdir`;  *No!
>     ...
>     ...
> };
> destination d_local0 {
>     file( "`logdir`/local/local0.log" ); };
> 
> The goal is to set 'logdir' to either 'server-logdir' or 
> 'client-logdir' and use it in the destination. I know there are probably several ways that this can be accomplished but I think this was will cut down on the number of lines in the configuration. So my question Is this. How do I set 'logdir' to either 'server-logdir' or 'client-logdir' in the source definition?
> Thanks;
> 
> DiGennaro
> Frank DiGennaro
> 301-676-8193 (C)
> frank at digennaro.com<mailto:frank at digennaro.com>
> 

> ______________________________________________________________________
> ________ Member info: 
> https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist
> s.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CPeter
> .Kokai%40oneidentity.com%7C74d83ff1c9024e60428408d7a5a108c8%7C91c369b5
> 1c9e439c989c1867ec606603%7C0%7C0%7C637159983378113505&sdata=jRbzD6
> 8qb8i3PvTtOwXN4XMQRG%2Fx2DLR%2FiUg%2FTUigfQ%3D&reserved=0
> Documentation: 
> https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.b
> alabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data
> =02%7C01%7CPeter.Kokai%40oneidentity.com%7C74d83ff1c9024e60428408d7a5a
> 108c8%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637159983378113505&
> amp;sdata=GLC5NR2Fm4dmXz%2BtyRxRD4CnERaOKDBsQ11xSN0ykhs%3D&reserve
> d=0
> FAQ: 
> https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.b
> alabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CPeter.Kokai%40one
> identity.com%7C74d83ff1c9024e60428408d7a5a108c8%7C91c369b51c9e439c989c
> 1867ec606603%7C0%7C0%7C637159983378113505&sdata=xvZE3offYnT%2BLlR6
> 7tlWPYwB26L5Mulaj7YQMViKDdU%3D&reserved=0
> 
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq




More information about the syslog-ng mailing list