Hello. I am having trouble filtering by program name and was wondering if anyone could help.<div><br></div><div>I am using syslog-ng v3.1.2 on Ubuntu 10.04 machines. I installed syslog-ng by installing the provided deb package.</div>
<div><br></div><div>In Machine 1, the relevant lines in syslog-ng.conf are below:</div><div><br></div><div><div>source s_tag_a {</div><div> file('/home/ubuntu/a.tag' flags(no-parse) program_override('atag'));</div>
<div>};</div><div>destination d_tag_a {</div><div> tcp('machine2' port(40000));</div><div>};</div><div>log {</div><div> source(s_tag_a); destination(d_tag_a);</div><div>};</div><div><br></div><div>source s_tag_b {</div>
<div> file('/home/ubuntu/b.tag' flags(no-parse) program_override('btag'));</div><div>};</div><div>destination d_tag_b {</div><div> tcp('machine2' port(40000));</div><div>};</div><div>log {</div>
<div>
source(s_tag_b); destination(d_tag_b);</div><div>};</div></div><div><br></div><div><br></div><div><br></div><div>In Machine 2, the relevant lines in syslog-ng.conf are below:</div><div><br></div><div><div>source s_tag {</div>
<div> tcp(ip(0.0.0.0) port(40000));</div><div>};</div><div>destination d_tag_a {</div><div> file('/home/ubuntu/a.tag');</div><div>};</div><div>filter f_tag_a {</div><div> program('atag');</div><div>};</div>
<div>log {</div><div> source(s_tag); destination(d_tag_a); filter(f_tag_a);</div><div>};</div><div>destination d_tag_b {</div><div> file('/home/ubuntu/b.tag');</div><div>};</div><div>filter f_tag_b {</div><div>
program('btag');</div>
<div>};</div><div>log {</div><div> source(s_tag); destination(d_tag_b); filter(f_tag_b);</div><div>};</div></div><div><br></div><div><br></div><div>Now when I execute the following commands in Machine 1:</div><div># echo 'atag' >> a.tag</div>
<div># echo 'btag' >> b.tag</div><div><br></div><div><br></div><div>In Machine 2, the files a.tag and b.tag both contain the given lines.</div><div># cat a.tag</div><div>atag</div><div>btag</div><div># cat b.tag</div>
<div>atag</div><div>btag</div><div><br></div><div><br></div><div>Is there something wrong in my configuration? Thank you.</div><meta charset="utf-8">