.. syslog_ng-sate-usage: Syslog-ng usage =============== The syslog\_ng state modul is to generate syslog-ng configurations. You can do the following things: - generate syslog-ng configuration from YAML, - use non-YAML configuration, - start, stop or reload syslog-ng. There is also an execution module, which can check the syntax of the configuration, get the version and other information about syslog-ng. Configuration ------------- The following configuration is an example, how a complete syslog-ng state configuration looks like: .. code-block:: yaml # Set the location of the configuration file "/home/tibi/install/syslog-ng/etc/syslog-ng.conf": syslog_ng.set_config_file # The syslog-ng and syslog-ng-ctl binaries are here. You needn't use # this method if these binaries can be found in a directory in your PATH. "/home/tibi/install/syslog-ng/sbin": syslog_ng.set_binary_path # Writes the first lines into the config file, also erases its previous # content "3.6": syslog_ng.write_version # Some global options global_options: syslog_ng.config: - config: options: - time_reap: 30 - mark_freq: 10 - keep_hostname: "yes" s_localhost: syslog_ng.config: - config: source: - tcp: - ip: "127.0.0.1" - port: 1233 d_log_server: syslog_ng.config: - config: destination: - tcp: - "127.0.0.1" - port: 1234 l_log_to_central_server: syslog_ng.config: - config: log: - source: s_localhost - destination: d_log_server some_comment: syslog_ng.write_config: - config: | # Multi line # comment auto_start_or_reload: {% set pids = salt["ps.pgrep"]("syslog-ng") %} {% if pids == None or pids|length == 0 %} syslog_ng.started: - user: tibi {% else %} syslog_ng.reloaded {% endif %} #auto_stop: # syslog_ng.stopped The ``3.6``, ``s_devlog``, ``d_log_server``, etc. are identifiers. The second lines in each block are functions and their first parameter is their id. The ``- config`` is the second named parameter of the ``syslog_ng.config`` function. This function can generate the syslog-ng configuration from YAML. If the statement (source, destination, parser, etc.) has a name, this function uses the id as the name, otherwise (log statement) it's purpose is like a mandatory comment. You can use ``set_binary_path`` to set the directory which contains the syslog-ng and syslog-ng-ctl binaries. If this directory is in your PATH, you don't need to use this function. Under ``auto_start_or_reload`` you can see a Jinja template. If syslog-ng isn't running it will start it, otherwise reload it. It uses the process name ``syslog-ng`` to determine its running state. I suggest that you use ``service`` state if it's available on your system. After execution this example the syslog\_ng state will generate this file: .. code-block:: text #Generated by Salt on 2014-06-19 16:53:11 @version: 3.6 options { time_reap(30); mark_freq(10); keep_hostname(yes); }; source s_localhost { tcp( ip("127.0.0.1"), port(1233) ); }; destination d_log_server { tcp( "127.0.0.1", port(1234) ); }; log { source(s_localhost); destination(d_log_server); }; # Multi line # comment Users can include arbitrary texts in the generated configuration with using the ``write_config`` function. Examples -------- Simple source ~~~~~~~~~~~~~ .. code-block:: text source s_tail { file( "/var/log/apache/access.log", follow_freq(1), flags(no-parse, validate-utf8) ); }; .. code-block:: yaml s_tail: # Salt will call the source function of syslog_ng module syslog_ng.config: - config: source: - file: - file: "/var/log/apache/access.log" - follow_freq : 1 - flags: - no-parse - validate-utf8 OR .. code-block:: yaml s_tail: syslog_ng.config: - config: source: - file: - "/var/log/apache/access.log" - follow_freq : 1 - flags: - no-parse - validate-utf8 Complex source ~~~~~~~~~~~~~~ .. code-block:: text source s_gsoc2014 { tcp( ip("0.0.0.0"), port(1234), flags(no-parse) ); }; .. code-block:: yaml s_gsoc2014: syslog_ng.config: - config: source: - tcp: - ip: 0.0.0.0 - port: 1234 - flags: no-parse Filter ~~~~~~ .. code-block:: text filter f_json { match( "@json:" ); }; .. code-block:: yaml f_json: syslog_ng.config: - config: filter: - match: - "@json:" Template ~~~~~~~~ .. code-block:: text template t_demo_filetemplate { template( "$ISODATE $HOST $MSG " ); template_escape( no ); }; .. code-block:: yaml t_demo_filetemplate: syslog_ng.config: -config: template: - template: - "$ISODATE $HOST $MSG\n" - template_escape: - "no" Rewrite ~~~~~~~ .. code-block:: text rewrite r_set_message_to_MESSAGE { set( "${.json.message}", value("$MESSAGE") ); }; .. code-block:: yaml r_set_message_to_MESSAGE: syslog_ng.config: - config: rewrite: - set: - "${.json.message}" - value : "$MESSAGE" Global options ~~~~~~~~~~~~~~ .. code-block:: text options { time_reap(30); mark_freq(10); keep_hostname(yes); }; .. code-block:: yaml global_options: syslog_ng.config: - config: options: - time_reap: 30 - mark_freq: 10 - keep_hostname: "yes" Log ~~~ .. code-block:: text log { source(s_gsoc2014); junction { channel { filter(f_json); parser(p_json); rewrite(r_set_json_tag); rewrite(r_set_message_to_MESSAGE); destination { file( "/tmp/json-input.log", template(t_gsoc2014) ); }; flags(final); }; channel { filter(f_not_json); parser { syslog-parser( ); }; rewrite(r_set_syslog_tag); flags(final); }; }; destination { file( "/tmp/all.log", template(t_gsoc2014) ); }; }; .. code-block:: yaml l_gsoc2014: syslog_ng.config: - config: log: - source: s_gsoc2014 - junction: - channel: - filter: f_json - parser: p_json - rewrite: r_set_json_tag - rewrite: r_set_message_to_MESSAGE - destination: - file: - "/tmp/json-input.log" - template: t_gsoc2014 - flags: final - channel: - filter: f_not_json - parser: - syslog-parser: [] - rewrite: r_set_syslog_tag - flags: final - destination: - file: - "/tmp/all.log" - template: t_gsoc2014