1 Reply Latest reply on Jan 19, 2012 4:39 AM by Rohit Nayyar

    Grammar file for Syslog-ng.conf?

      Has anyone had luck finding or creating a grammar file to parse the syslog-ng.conf file commonly found in SuSE?

       

      The part I need to control/deploy/audit through BBSA would be in this format:

       

      #

      # Remote logging to syslog server:

      #

      destination loghost { tcp ("10.7.25.117" port (514)); };

      log { source(src); destination(loghost); };

       

      But some other parts of the config file have this format:


      source src {

          #

          # include internal syslog-ng messages

          # note: the internal() soure is required!

          #

          internal();

       

          #

          # the default log socket for local logging:

          #

          unix-dgram("/dev/log");

       

          #

          # uncomment to process log messages from network:

          #

          #udp(ip("0.0.0.0") port(514));

      };

       

      And in another part it has about 20 lines of filter definitions:


      #

      # Filter definitions

      #

      filter f_iptables   { facility(kern) and match("IN=") and match("OUT="); };

       

      filter f_console    { level(warn) and facility(kern) and not filter(f_iptables)

                            or level(err) and not facility(authpriv); };

       

      I'm not even sure if it's even possible for a grammar file to parse this many different patterns at once!