Sorry, just realized that the filter() element inside the log() statement in Machine 2 must be between the source() and destination() elements. It's working now.<br><br><div class="gmail_quote">On Thu, Jul 21, 2011 at 8:19 PM, Luis Pugoy <span dir="ltr"><<a href="mailto:lpugoy@insynchq.com">lpugoy@insynchq.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hello. I am having trouble filtering by program name and was wondering if anyone could help.<div><br></div><div>I am using syslog-ng v3.1.2 on Ubuntu 10.04 machines. I installed syslog-ng by installing the provided deb package.</div>
<div><br></div><div>In Machine 1, the relevant lines in syslog-ng.conf are below:</div><div><br></div><div><div>source s_tag_a {</div><div> file('/home/ubuntu/a.tag' flags(no-parse) program_override('atag'));</div>
<div>};</div><div>destination d_tag_a {</div><div> tcp('machine2' port(40000));</div><div>};</div><div>log {</div><div> source(s_tag_a); destination(d_tag_a);</div><div>};</div><div><br></div><div>source s_tag_b {</div>
<div> file('/home/ubuntu/b.tag' flags(no-parse) program_override('btag'));</div><div>};</div><div>destination d_tag_b {</div><div> tcp('machine2' port(40000));</div><div>};</div><div>log {</div>
<div>
source(s_tag_b); destination(d_tag_b);</div><div>};</div></div><div><br></div><div><br></div><div><br></div><div>In Machine 2, the relevant lines in syslog-ng.conf are below:</div><div><br></div><div><div>source s_tag {</div>
<div> tcp(ip(0.0.0.0) port(40000));</div><div>};</div><div>destination d_tag_a {</div><div> file('/home/ubuntu/a.tag');</div><div>};</div><div>filter f_tag_a {</div><div> program('atag');</div><div>};</div>
<div>log {</div><div> source(s_tag); destination(d_tag_a); filter(f_tag_a);</div><div>};</div><div>destination d_tag_b {</div><div> file('/home/ubuntu/b.tag');</div><div>};</div><div>filter f_tag_b {</div><div>
program('btag');</div>
<div>};</div><div>log {</div><div> source(s_tag); destination(d_tag_b); filter(f_tag_b);</div><div>};</div></div><div><br></div><div><br></div><div>Now when I execute the following commands in Machine 1:</div><div># echo 'atag' >> a.tag</div>
<div># echo 'btag' >> b.tag</div><div><br></div><div><br></div><div>In Machine 2, the files a.tag and b.tag both contain the given lines.</div><div># cat a.tag</div><div>atag</div><div>btag</div><div># cat b.tag</div>
<div>atag</div><div>btag</div><div><br></div><div><br></div><div>Is there something wrong in my configuration? Thank you.</div>
</blockquote></div><br>