<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="zoom: 0%;">
<div dir="auto">The MSG_TAG should not include the : or the space when applying the filter on the destination.<br>
<br>
</div>
<div dir="auto"><!-- tmjah_g_1299s -->Evan Rempel<!-- tmjah_g_1299e --><br>
</div>
<div dir="auto"><!-- tmjah_g_1299s -->University of Victoria<!-- tmjah_g_1299e --></div>
<div class="gmail_quote">On Jan. 29, 2021, at 7:36 p.m., Akshay Joshi <<a href="mailto:auj89in@gmail.com" target="_blank">auj89in@gmail.com</a>> wrote:
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div style="font-size:8pt; color:#f58442 ; font-family: sans-serif; font-style:normal; font-weight:bold; padding:.2em">
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
</div>
<br>
<div>
<div dir="ltr">
<div>My client is sending logs and it has the following config :</div>
<div><br>
</div>
<div>
<pre class="gmail-c-mrkdwn__pre" style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;font-size:12px;line-height:1.50001;font-variant-ligatures:none;white-space:pre-wrap;word-break:normal;border-radius:4px;color:rgb(29,28,29)"><i>template t_global {template("<${PRI}>${LOGHOST} ${MSG_TAG}${MSGHDR}${MSG}\n"); };</i><span class="gmail-c-mrkdwn__br" style="box-sizing:inherit;display:block;height:unset"></span><i># Global logging remote destination:<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>#-----------------------------------<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>destination d_global_remote {<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>    tcp("<a href="http://proxy.dc.nuagedemo.net">proxy.dc.nuagedemo.net</a>" port(10514)<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>        template(t_global)<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>        tls(peer-verify(required-untrusted)<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            ca-dir('/etc/default/bootstrap/keys')<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            cert_file('/etc/default/bootstrap/keys/cert.pem')<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            key-file('/etc/default/bootstrap/keys/key.pem')<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>        )<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>        flags("threaded")<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>    );<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>};<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>source s_nuageDiag {<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>    file("/home/user/nuage/nuage_diagnostics_daemon.log"<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>         follow-freq(10) default-facility(local1) default-priority(info) tags("nuageDiag"));<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>};<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>rewrite w_nuageDiag { set("nuage-diag: ", value("MSG_TAG") condition(tags("nuageDiag"))); };</i></pre>
<pre class="gmail-c-mrkdwn__pre" style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;line-height:1.50001;font-variant-ligatures:none;white-space:pre-wrap;word-break:normal;border-radius:4px;color:rgb(29,28,29)"><font face="arial, sans-serif" style="">On the destination, I have this :</font></pre>
<pre class="gmail-c-mrkdwn__pre" style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;line-height:1.50001;font-variant-ligatures:none;white-space:pre-wrap;word-break:normal;border-radius:4px;color:rgb(29,28,29)"><pre class="gmail-c-mrkdwn__pre" style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;font-size:12px;line-height:1.50001;white-space:pre-wrap;word-break:normal;border-radius:4px"><i>source s_network {<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>    tcp(<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>        port(10514)<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>        max-connections(1000)<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>        tls(<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            peer-verify(required-untrusted)<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            key-file("/opt/proxy/config/keys/proxy-Key.pem")<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            cert_file("/opt/proxy/config/keys/proxyCert.pem")<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            ca-dir("/opt/proxy/config/keys/proxy-CA.pem")<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>        )<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>    );<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>};</i><span class="gmail-c-mrkdwn__br" style="box-sizing:inherit;display:block;height:unset"></span><i>filter nsg_diag {<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>    match("nuage-diag: " value("MSG_TAG"));<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>};<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>filter f_messages { (level(info..warn) and filter (nsg_diag)); };</i><span class="gmail-c-mrkdwn__br" style="box-sizing:inherit;display:block;height:unset"></span><i>destination d_logs {<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>        file(<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            "/var/log/syslog-ng/logs.txt"<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            owner("root")<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            group("root")<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            perm(0777)<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>            );<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>};<span style="box-sizing:inherit"><br style="box-sizing:inherit"></span>log { source(s_sys); source(s_network); filter(f_messages); destination(d_logs); };</i></pre>
<font face="arial, sans-serif">I can write logs locally without the filtering. But with filtering, it does not match "nuage-diag: " macro.<br>This "MSG_TAG" does not seem to be a standard header but a custom one. I couldn't find many straightforward examples on forums etc.. as well. I am missing a trick or two config-wise for sure.</font>
</pre>
<pre class="gmail-c-mrkdwn__pre" style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;line-height:1.50001;font-variant-ligatures:none;white-space:pre-wrap;word-break:normal;border-radius:4px;color:rgb(29,28,29)"><font face="arial, sans-serif">Any pointers / help will be much appreciated.</font></pre>
<pre class="gmail-c-mrkdwn__pre" style="box-sizing:inherit;margin-top:4px;margin-bottom:4px;padding:8px;font-size:12px;line-height:1.50001;font-variant-ligatures:none;white-space:pre-wrap;word-break:normal;border-radius:4px;color:rgb(29,28,29)"><i><br></i></pre>
</div>
<br clear="all">
<div><br>
</div>
</div>
</div>
</blockquote>
</div>
</body>
</html>