[syslog-ng] Help with embedded log paths
Faine, Mark R. (MSFC-IS40)[NICS]
mark.faine at nasa.gov
Wed Mar 23 23:06:35 UTC 2022
I need this configuration to do as the comments say but I can't figure out how to make it happen. Any pointers would be appreciated.
Thanks,
Mark
log {
source(default);
# One of these first four should always match, if not $location=unknown
log {
filter(f_arc);
rewrite(r_arc);
};
log {
filter(f_gsfc);
rewrite(r_gsfc);
};
log {
filter(f_jsc);
rewrite(r_jsc);
};
log {
filter(f_msfc);
rewrite(r_msfc);
};
## The first one of these to match writes to disk and stops processing further log paths
## I don't know how this can be done since I can't add flags(final) inside of an embedded log path
# Log Path for asa
log {
filter(f_asa);
destination {
file("/var/log/remote/data/${location:-unknown}/$(lowercase asa/${HOST}/${HOST}-asa.${UNIXTIME}.log)"
create_dirs(yes) flags("threaded", "no-multi-line"));
};
};
# Log Path for fmg
log {
filter(f_fmg);
destination {
file("/var/log/remote/data/${location:-unknown}/$(lowercase fmg/${HOST}/${HOST}-fmg.${UNIXTIME}.log)"
create_dirs(yes) flags("threaded", "no-multi-line"));
};
};
# Log Path for faz
log {
filter(f_faz);
destination {
file("/var/log/remote/data/${location:-unknown}/$(lowercase faz/${HOST}/${HOST}-faz.${UNIXTIME}.log)"
create_dirs(yes) flags("threaded", "no-multi-line"));
};
};
# Log Path for fw
log {
filter(f_fw);
destination {
file("/var/log/remote/data/${location:-unknown}/$(lowercase fw/${HOST}/${HOST}-fw.${UNIXTIME}.log)"
create_dirs(yes) flags("threaded", "no-multi-line"));
};
};
# Log Path for fw_block
log {
filter(f_fw_block);
destination {
file("/var/log/remote/data/${location:-unknown}/$(lowercase fw_block/${HOST}/${HOST}-fw_block.${UNIXTIME}.log)"
create_dirs(yes) flags("threaded", "no-multi-line"));
};
};
# Log Path for fortigate
log {
filter(f_fortigate);
destination {
file("/var/log/remote/data/${location:-unknown}/$(lowercase fortigate/${HOST}/${HOST}-fortigate.${UNIXTIME}.log)"
create_dirs(yes) flags("threaded", "no-multi-line"));
};
};
# Log Path for ips
log {
filter(f_ips);
destination {
file("/var/log/remote/data/${location:-unknown}/$(lowercase ips/${HOST}/${HOST}-ips.${UNIXTIME}.log)"
create_dirs(yes) flags("threaded", "no-multi-line"));
};
};
# Log Path for psa
log {
filter(f_psa);
destination {
file("/var/log/remote/data/${location:-unknown}/$(lowercase psa/${HOST}/${HOST}-psa.${UNIXTIME}.log)"
create_dirs(yes) flags("threaded", "no-multi-line"));
};
};
# Log Path for pubfw
log {
filter(f_pubfw);
destination {
file("/var/log/remote/data/${location:-unknown}/$(lowercase pubfw/${HOST}/${HOST}-pubfw.${UNIXTIME}.log)"
create_dirs(yes) flags("threaded", "no-multi-line"));
};
};
# Log Path for utm_other
log {
filter(f_utm_other);
destination {
file("/var/log/remote/data/${location:-unknown}/$(lowercase utm_other/${HOST}/${HOST}-utm_other.${UNIXTIME}.log)"
create_dirs(yes) flags("threaded", "no-multi-line"));
};
};
# Log Path for waf
log {
filter(f_waf);
destination {
file("/var/log/remote/data/${location:-unknown}/$(lowercase waf/${HOST}/${HOST}-waf.${UNIXTIME}.log)"
create_dirs(yes) flags("threaded", "no-multi-line"));
};
};
# Log Path for webfilter
log {
filter(f_webfilter);
destination {
file("/var/log/remote/data/${location:-unknown}/$(lowercase webfilter/${HOST}/${HOST}-webfilter.${UNIXTIME}.log)"
create_dirs(yes) flags("threaded", "no-multi-line"));
};
};
flags(final);
};
More information about the syslog-ng
mailing list