The latest pull request to syslog-ng adds a really useful feature: the flip-parser(): https://github.com/syslog-ng/syslog-ng/pull/3971
It allows you to flip the message text, reverse it, or both. As I also reported a couple of minor problems related to UTF-8 character handling, this PR most likely will not be merged today. However, you can compile it yourself, or if you use openSUSE Tumbleweed, use my packages from the openSUSE Build Service.
Before you begin
The flip-parser() is not yet part of a syslog-ng release. You need to compile syslog-ng yourself with the patch applied (describing the steps is not the scope of this blog), or if you use openSUSE Tumbleweed, you can use my git snapshot test packages from the openSUSE Build Service: https://www.syslog-ng.com/community/b/blog/posts/rpm-packages-from-syslog-ng-git-head/
Note that compiling syslog-ng with flip-parser() requires the very latest versions of dependencies. I could not get it compiled on SLES or openSUSE Leap, only on Tumbleweed.
Configuring syslog-ng
Configuring the flip-parser() is easy. There are two mandatory parameters where you can configure if you want to flip the message, reverse it, or both. Create a new configuration under /etc/syslog-ng/conf.d/ or append it to syslog-ng.conf:
tumbleweed:~ # cat /etc/syslog-ng/conf.d/flip.conf
parser p_flip {
flip-parser(
flip-text(yes)
reverse-text(no)
);
};
destination d_flip {
file("/var/log/flip");
};
log {
source(src);
parser(p_flip);
destination(d_flip);
};
This configuration assumes that local logs are collected by a source called “src”, it flips the log messages and writes them to /var/log/flip.
Testing
Once you reloaded the syslog-ng configuration you are ready for testing. Send a few log messages and check the results:
tumbleweed:~ # logger this is a test tumbleweed:~ # logger árvíztűrő tükörfúrógép tumbleweed:~ # tail -2 /var/log/flip Apr 1 09:21:53 tumbleweed root[9179]: ʇɥᴉs ᴉs a ʇǝsʇ Apr 1 09:22:00 tumbleweed root[9180]: áɹʌízʇűɹő ʇüʞöɹɟúɹóᵷéd
As you can see, characters with accent marks were not flipped.
What is next?
As a possible next step, you could also test reversing the message text. Once you are done with testing, just sit back and relax until the next April Fools’ Day. Hopefully the syslog-ng team keeps this tradition and we will have another nice feature to check next year!
-
If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik.