<div dir="ltr"><div>My client is sending logs and it has the following config :</div><div><br></div><div><pre class="gmail-c-mrkdwn__pre" style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;font-size:12px;line-height:1.50001;font-variant-ligatures:none;white-space:pre-wrap;word-break:normal;border-radius:4px;color:rgb(29,28,29)"><i>template t_global {template("<${PRI}>${LOGHOST} ${MSG_TAG}${MSGHDR}${MSG}\n"); };</i><span class="gmail-c-mrkdwn__br" style="box-sizing:inherit;display:block;height:unset"></span><i># Global logging remote destination:<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>#-----------------------------------<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>destination d_global_remote {<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>    tcp("<a href="http://proxy.dc.nuagedemo.net">proxy.dc.nuagedemo.net</a>" port(10514)<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>        template(t_global)<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>        tls(peer-verify(required-untrusted)<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            ca-dir('/etc/default/bootstrap/keys')<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            cert_file('/etc/default/bootstrap/keys/cert.pem')<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            key-file('/etc/default/bootstrap/keys/key.pem')<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>        )<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>        flags("threaded")<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>    );<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>};<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>source s_nuageDiag {<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>    file("/home/user/nuage/nuage_diagnostics_daemon.log"<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>         follow-freq(10) default-facility(local1) default-priority(info) tags("nuageDiag"));<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>};<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>rewrite w_nuageDiag { set("nuage-diag: ", value("MSG_TAG") condition(tags("nuageDiag"))); };</i></pre><pre class="gmail-c-mrkdwn__pre" style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;line-height:1.50001;font-variant-ligatures:none;white-space:pre-wrap;word-break:normal;border-radius:4px;color:rgb(29,28,29)"><font face="arial, sans-serif" style="">On the destination, I have this :</font></pre><pre class="gmail-c-mrkdwn__pre" style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;line-height:1.50001;font-variant-ligatures:none;white-space:pre-wrap;word-break:normal;border-radius:4px;color:rgb(29,28,29)"><pre class="gmail-c-mrkdwn__pre" style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;font-size:12px;line-height:1.50001;white-space:pre-wrap;word-break:normal;border-radius:4px"><i>source s_network {<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>    tcp(<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>        port(10514)<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>        max-connections(1000)<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>        tls(<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            peer-verify(required-untrusted)<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            key-file("/opt/proxy/config/keys/proxy-Key.pem")<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            cert_file("/opt/proxy/config/keys/proxyCert.pem")<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            ca-dir("/opt/proxy/config/keys/proxy-CA.pem")<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>        )<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>    );<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>};</i><span class="gmail-c-mrkdwn__br" style="box-sizing:inherit;display:block;height:unset"></span><i>filter nsg_diag {<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>    match("nuage-diag: " value("MSG_TAG"));<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>};<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>filter f_messages { (level(info..warn) and filter (nsg_diag)); };</i><span class="gmail-c-mrkdwn__br" style="box-sizing:inherit;display:block;height:unset"></span><i>destination d_logs {<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>        file(<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            "/var/log/syslog-ng/logs.txt"<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            owner("root")<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            group("root")<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            perm(0777)<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            );<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>};<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>log { source(s_sys); source(s_network); filter(f_messages); destination(d_logs); };</i></pre>
<font face="arial, sans-serif">I can write logs locally without the filtering. But with filtering, it does not match "nuage-diag: " macro.<br>This "MSG_TAG" does not seem to be a standard header but a custom one. I couldn't find many straightforward examples on forums etc.. as well. I am missing a trick or two config-wise for sure.</font>
</pre><pre class="gmail-c-mrkdwn__pre" style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;line-height:1.50001;font-variant-ligatures:none;white-space:pre-wrap;word-break:normal;border-radius:4px;color:rgb(29,28,29)"><font face="arial, sans-serif">Any pointers / help will be much appreciated.</font></pre><pre class="gmail-c-mrkdwn__pre" style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;font-size:12px;line-height:1.50001;font-variant-ligatures:none;white-space:pre-wrap;word-break:normal;border-radius:4px;color:rgb(29,28,29)"><i><br></i></pre></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Regards,<br></div>Akshay Joshi<br></div></div></div>