syslog-ng-users April 2011 archive
Main Archive Page > Month Archives  > syslog-ng-users archives
syslog-ng-users: Re: [syslog-ng] Using macro substring as anothe

Re: [syslog-ng] Using macro substring as another macro

From: Balazs Scheidler <bazsi_at_nospam>
Date: Thu Apr 07 2011 - 22:51:23 GMT
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>

On Thu, 2011-04-07 at 15:01 +0200, Jakub Jankowski wrote:
> Hi,
>
> I'd like to implement simple hashing in file() destination, mainly to avoid
> ext3 32k directories limit, but also for convenience. Is it possible to do
> something simliar what this shell snippet does:
>
> $ NAME=value
> $ echo ${NAME[*]:0:1}
> v
> $
>
> but for macros (especially those coming from parsers)?
>
> What I want is logs written to /var/log/h/ho/hos/hostname/service.log (with
> configurable level of subdirs) using a single destination().

There was a similar patch for IP addresses recently, which I haven't had
the time to integrate properly, which created directories over IP
address bytes (e.g. 10.0.0.1 would become 10/0/0/1) although that is
more difficult to do with substring like functionality.

hmm.... thinking out loud. there are basically two syntactic options:

1) to use the new template function syntax

2) to continue extending our bash-like expansion syntax.

The 1) option would be something like:

$(cut -c 1-10 $NAME)

or

$(substr $NAME 1 10)

The alternative would be to add really simple functions as an addition
to the basic template syntax. We currently have the "default" values
like this way:

${NAME:-default}

this results in "default" if $NAME is not-defined or empty.

The template function stuff is easier to write (as you can write plugins
for that, and there's a whole framework to support it). The bash
syntax-like stuff is more difficult to write as the template parser is
manually coded, and each expansion mode has to be open-coded, although
it has better performance (since we can avoid a copy of $NAME into a
temporary buffer).

I'm somewhat undecided. What do others think? Can you also propose a
syntax for 1) above? I wouldn't copy the bash case exactly, as that is
an array operator if I'm right, and syslog-ng doesn't (yet) support
arrays in name-value pairs.

-- Bazsi ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html