Hi,
I would like to transfer/store apache logs, but for some reason i cant tag them:
I tried:
source s_access {
pipe("/var/log/apache2/pipe_access.log"
tags("testtag"));.
};
or
source s_access {
pipe("/var/log/apache2/pipe_access.log"
program-override("testtag"));.
};
Because it doesn't work with 'tags' i used the apache to format the message, i put the choosen word to the log format so it stores the correct place the log on the client and also on the server.
Part of the log:
- [19/Jun/2017:13:46:29 +0200] acc001 127.0.0.1 - - "GET /server-status?auto HTTP/1.1" 200 1781
If it possible i want to use 'tags' instead of manipulating apache logformats.
I tried to read the pipes directly, but the above settings doesnt show, just the above log.
I tried to tcpdump the traffic from client -> server (client side) but doesn't show any of the settings. It looks like for me, syslog-ng wont tag my logs.
And i tried to read the stored log with file() and tag it, that doesn't work neither.
What i am missing?
Thanks, Robert