[syslog-ng] Set log directory based on the source
Attila Szakacs (aszakacs)
Attila.Szakacs at oneidentity.com
Tue Feb 18 08:06:10 UTC 2020
Hi!
I would not mix up the two sources in this case. You can define multiple logpaths:
@define server-log "/tmp/var/log/cron.log"
@define client-log "/tmp/var/log/CLIENTS/$YEAR/$MONTH_ABBREV/$DAY/$HOST/cron.log"
source s_local {
...
};
source s_network {
...
};
destination d_cron_client {
file("`server-log`" create-dirs(yes));
};
destination d_cron_server {
file("`client-log`" create-dirs(yes));
};
log {
source(s_local);
destination(d_cron_client);
};
log {
source(s_network);
destination(d_cron_server);
};
Also the `create-dirs(yes)` option is necessary to allow syslog-ng to create the directories needed.
I hope this does what you expect, if not, feel free to ask more 🙂
Regards,
Attila
________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Frank DiGennaro <frank at digennaro.com>
Sent: Monday, February 17, 2020 3:15 PM
To: 'Syslog-ng users' and developers' mailing list' <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Set log directory based on the source
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hello;
Thanks for the input but I am still missing something here. This is what I have implemented but still can't get it to work.
Thanks;
Frank
@define server-logdir "/var/log"
@define client-logdir "/var/log/CLIENTS/$YEAR/$MONTH_ABBREV/$DAY/$HOST"
@define logdir ""
rewrite r_logdir {
set(
"server-logdir"
value( "logdir" )
condition( source( "s_local" ) )
);
set(
"client-logdir"
value( "logdir" )
condition( source( "s_network" ) )
);
};
source s_local {
...
};
source s_network {
...
};
destination d_cron {
file( "`logdir`/cron.log" );
};
log {
source( s_local );
source( s_network );
rewrite(r_logdir);
filter( f_cron );
destination( d_cron );
};
-----Original Message-----
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> On Behalf Of Peter Kokai (pkokai)
Sent: Thursday, January 30, 2020 12:14 PM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Set log directory based on the source
Hello,
You could use macro in order to create different logpath with one file destination:
```
destination d_local0 {
file( "${LOGDIR}/local/local0.log" );
};
```
This is going to create a path based on the current logmessage $LOGDIR variable/macro.
The question remains how to calculate $LOGDIR.
One option you could use:
```
source s_local0 {
internal();
};
source s_network {
network(port(1111));
};
destination d_local {
file("${LOGDIR}/some/path.txt"); };
rewrite r_logdir {
set("logdir-server" value("LOGDIR") condition( source("s_network") ) );
set("logdir-client" value("LOGDIR") condition( source("s_local0") ) ); };
log {
source(s_local0);
source(s_network);
rewrite(r_logdir);
destination(d_local);
};
```
The rewrite possible can be replaced, but if you have low number of different path I guess it is enough. (Also you could write more complex condition for different logdir names.)
--
Kokan
On Thu, Jan 30, 2020 at 11:25:26AM -0500, Frank DiGennaro wrote:
> CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
>
> Hello;
> I'm somewhat of a newbie when it comes to syslog-ng so forgive me if the question is somewhat basic. I am running syslog-ng 3.25 on both server and clients and would like to set a variable based on the source. This is what I have:
>
> @define server-logdir "/var/log"
> @define client-logdir "/var/log/CLIENTS/$YEAR/$MONTH_ABBREV/$DAY/$HOST"
> @define logdir ""
>
> source s_local {
> logdir `server-logdir`; *No!
> ...
> ...
> };
> source s_network {
> logdir `client-logdir`; *No!
> ...
> ...
> };
> destination d_local0 {
> file( "`logdir`/local/local0.log" ); };
>
> The goal is to set 'logdir' to either 'server-logdir' or
> 'client-logdir' and use it in the destination. I know there are probably several ways that this can be accomplished but I think this was will cut down on the number of lines in the configuration. So my question Is this. How do I set 'logdir' to either 'server-logdir' or 'client-logdir' in the source definition?
> Thanks;
>
> DiGennaro
> Frank DiGennaro
> 301-676-8193 (C)
> frank at digennaro.com<mailto:frank at digennaro.com>
>
> ______________________________________________________________________
> ________ Member info:
> https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist
> s.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CPeter
> .Kokai%40oneidentity.com%7C74d83ff1c9024e60428408d7a5a108c8%7C91c369b5
> 1c9e439c989c1867ec606603%7C0%7C0%7C637159983378113505&sdata=jRbzD6
> 8qb8i3PvTtOwXN4XMQRG%2Fx2DLR%2FiUg%2FTUigfQ%3D&reserved=0
> Documentation:
> https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.b
> alabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data
> =02%7C01%7CPeter.Kokai%40oneidentity.com%7C74d83ff1c9024e60428408d7a5a
> 108c8%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637159983378113505&
> amp;sdata=GLC5NR2Fm4dmXz%2BtyRxRD4CnERaOKDBsQ11xSN0ykhs%3D&reserve
> d=0
> FAQ:
> https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.b
> alabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CPeter.Kokai%40one
> identity.com%7C74d83ff1c9024e60428408d7a5a108c8%7C91c369b51c9e439c989c
> 1867ec606603%7C0%7C0%7C637159983378113505&sdata=xvZE3offYnT%2BLlR6
> 7tlWPYwB26L5Mulaj7YQMViKDdU%3D&reserved=0
>
______________________________________________________________________________
Member info: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C86a7d431093d4c53886e08d7b3b3cbd2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637175457109309159&sdata=RuqJ7F0VKuuJ%2FhT8ufWaWipWFzU5DKLYLmxgumqefQ8%3D&reserved=0
Documentation: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C86a7d431093d4c53886e08d7b3b3cbd2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637175457109309159&sdata=bgP9jDwcFMkrKHUY5I3nROD%2B4sHG%2B2DupHhxbXFtZEM%3D&reserved=0
FAQ: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C86a7d431093d4c53886e08d7b3b3cbd2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637175457109309159&sdata=zbsHBCoLmI2%2F85Sdvuw1HM5u3LTzULKUvd%2BpiWCCZFg%3D&reserved=0
______________________________________________________________________________
Member info: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C86a7d431093d4c53886e08d7b3b3cbd2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637175457109309159&sdata=RuqJ7F0VKuuJ%2FhT8ufWaWipWFzU5DKLYLmxgumqefQ8%3D&reserved=0
Documentation: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C86a7d431093d4c53886e08d7b3b3cbd2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637175457109309159&sdata=bgP9jDwcFMkrKHUY5I3nROD%2B4sHG%2B2DupHhxbXFtZEM%3D&reserved=0
FAQ: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C86a7d431093d4c53886e08d7b3b3cbd2%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637175457109309159&sdata=zbsHBCoLmI2%2F85Sdvuw1HM5u3LTzULKUvd%2BpiWCCZFg%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200218/259d7f13/attachment-0001.html>
More information about the syslog-ng
mailing list