[syslog-ng] [EXTERNAL] Re: using VARARGS correctly

Faine, Mark R. (MSFC-IS40)[NICS] mark.faine at nasa.gov
Wed May 19 12:30:01 UTC 2021 

Thanks, I didn't see anything about the "…" in the documentation.  I'll take another look.  Your suggestion is what I tried originally, however, the problem is that sometimes the argument is not wanted and I was trying to avoid multiple log paths with separate destinations.  If I have a destination in which I sometimes do not add the session argument I get "" appended to my path.

So, in circumstances where I do pass a session it works fine and the session number is appended, however, in cases where the session is not passed I get "" appended to the end of the log file name.   I was trying to use VARARGS only as a way to work around that problem.

Thanks,
-Mark


Mark Faine
System Administrator
SAIC/NICS
215 Wynn Dr. 5065
Huntsville, AL 35805
256-961-1295 (Desk)
256-617-4861 (Work Cell)

From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> On Behalf Of Attila Szakacs (aszakacs)
Sent: Wednesday, May 19, 2021 01:40
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: [EXTERNAL] Re: [syslog-ng] using VARARGS correctly

Hi Mark,

VARARGS is used to pass unknown amount of options to the underlying driver through the block.

For example:
block destination ewmm(ip('127.0.0.1') transport(tcp) port(514) ...) {
        network("`ip`" transport(`transport`) port(`port`)
                template("$(format-ewmm)")
                frac-digits(3)
                `__VARARGS__`
        );
};

"..." and "__VARARGS​​__" must be used together.
In the example above, any option given to the ewmm destination other than ip(), transport() and port(), is passed to the underlying network() destination.

For your use case, I think a single option would suffice:
block destination default_file(
  basepath('/var/log/remote/backup')
  location("")
  app("")
  name("")
  file_path_args("")) {

  file(
    "`basepath`/`location`/`app`/${HOST}/${HOST}_`app``file_path_args`.log"
    persist-name(`name`)
    create_dirs(yes)
    flags("threaded", "no-multi-line")
  );
};

destination d_default {
  default_file(
    basepath(`BASEPATH`)
    location("$location")
    app("$app")
    name('d_default_udp')
    file_path_args("${session}${some_other_arg}")
  );
};

With the file_path_args() option you can set any number of optionally available macros in the order you like. If a macro is not available, it will resolve to empty string.

Does this take care of your needs?

Cheers,
Attila
________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu<mailto:syslog-ng-bounces at lists.balabit.hu>> on behalf of Faine, Mark R. (MSFC-IS40)[NICS] <mark.faine at nasa.gov<mailto:mark.faine at nasa.gov>>
Sent: Tuesday, May 18, 2021 8:00 PM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu<mailto:syslog-ng at lists.balabit.hu>>
Subject: [syslog-ng] using VARARGS correctly

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.


Syslog-ng 3.19

block destination d_default(basepath('/var/log/remote/backup') location("") app("") name("")) {
    file("`basepath`/`location`/`app`/${HOST}/${HOST}_`app``__VARARGS__`.log"
    persist-name(`name`) create_dirs(yes)
    flags("threaded", "no-multi-line"));
};

However, when I call it like so:

d_default(basepath(`BASEPATH`) location("$location") app("$app") name('d_default_udp') "$session");

I get a syntax error when checking with --syntax-only

Error parsing block reference, syntax error, unexpected LL_STRING, expecting ')' in /etc/syslog-ng/conf.d/splunk.conf:
23                  categorize_loc();
24                  categorize_app();
25              };
26          };
27          destination {
28---->       d_default(basepath(`BASEPATH`) location("$location") app("$app") name('d_default_udp') "$session");
28---->                                                                                    ^^^^^^^^^^


From looking at the documentation, it looks like it's a valid way to use it.  $session here is just a number from 0-9 that is set from rewriting a user defined macro from the message's sessionid field.  It's only going to exist for a certain kind of message.

Thanks,
-Mark
______________________________________________________________________________
Member info: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=04%7C01%7CAttila.Szakacs%40oneidentity.com%7Cd76c6bdac4c64ec8a0fd08d91a26d9ae%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637569576443135501%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=sPCS%2BJNfaqQRl0lODAcJx9vKtYk9W2nCvLhh73%2BS3Rg%3D&reserved=0<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=04%7C01%7Cmark.faine%40nasa.gov%7Ce828cda529dd4d527db508d91a911415%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C637570032680513779%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=yDb0c6K6XckXxtMsXp5COvxKhBl4bnVRUNDGQrwj5TU%3D&reserved=0>
Documentation: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=04%7C01%7CAttila.Szakacs%40oneidentity.com%7Cd76c6bdac4c64ec8a0fd08d91a26d9ae%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637569576443135501%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=ZntsaJqT%2Bh5EaUoQf8gb%2BF%2BdXy6LUIgkuLQzxKANitY%3D&reserved=0<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=04%7C01%7Cmark.faine%40nasa.gov%7Ce828cda529dd4d527db508d91a911415%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C637570032680518748%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=XfFi3DljMAQDTKidU%2BRYO4VJkH2uta0OTJ930AaUPgI%3D&reserved=0>
FAQ: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=04%7C01%7CAttila.Szakacs%40oneidentity.com%7Cd76c6bdac4c64ec8a0fd08d91a26d9ae%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C637569576443135501%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=EvHK7TAM%2B8QsfR8pZBCYNiJ%2BolHT7b2wo3UMwPoorGM%3D&reserved=0<https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=04%7C01%7Cmark.faine%40nasa.gov%7Ce828cda529dd4d527db508d91a911415%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C637570032680523739%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=I8IUCD6CSFnQGFYYR%2FD7ekJ8UasgMo4aa7M0wqh509E%3D&reserved=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20210519/462d29c2/attachment-0001.html>

More information about the syslog-ng mailing list