Sorry, just realized that the filter() element inside the log() statement in Machine 2 must be between the source() and destination() elements. It's working now. On Thu, Jul 21, 2011 at 8:19 PM, Luis Pugoy <lpugoy@insynchq.com> wrote:
Hello. I am having trouble filtering by program name and was wondering if anyone could help.
I am using syslog-ng v3.1.2 on Ubuntu 10.04 machines. I installed syslog-ng by installing the provided deb package.
In Machine 1, the relevant lines in syslog-ng.conf are below:
source s_tag_a { file('/home/ubuntu/a.tag' flags(no-parse) program_override('atag')); }; destination d_tag_a { tcp('machine2' port(40000)); }; log { source(s_tag_a); destination(d_tag_a); };
source s_tag_b { file('/home/ubuntu/b.tag' flags(no-parse) program_override('btag')); }; destination d_tag_b { tcp('machine2' port(40000)); }; log { source(s_tag_b); destination(d_tag_b); };
In Machine 2, the relevant lines in syslog-ng.conf are below:
source s_tag { tcp(ip(0.0.0.0) port(40000)); }; destination d_tag_a { file('/home/ubuntu/a.tag'); }; filter f_tag_a { program('atag'); }; log { source(s_tag); destination(d_tag_a); filter(f_tag_a); }; destination d_tag_b { file('/home/ubuntu/b.tag'); }; filter f_tag_b { program('btag'); }; log { source(s_tag); destination(d_tag_b); filter(f_tag_b); };
Now when I execute the following commands in Machine 1: # echo 'atag' >> a.tag # echo 'btag' >> b.tag
In Machine 2, the files a.tag and b.tag both contain the given lines. # cat a.tag atag btag # cat b.tag atag btag
Is there something wrong in my configuration? Thank you.