Sorry, just realized that the filter() element inside the log() statement in Machine 2 must be between the source() and destination() elements. It's working now.

On Thu, Jul 21, 2011 at 8:19 PM, Luis Pugoy <lpugoy@insynchq.com> wrote:
Hello. I am having trouble filtering by program name and was wondering if anyone could help.

I am using syslog-ng v3.1.2 on Ubuntu 10.04 machines. I installed syslog-ng by installing the provided deb package.

In Machine 1, the relevant lines in syslog-ng.conf are below:

source s_tag_a {
  file('/home/ubuntu/a.tag' flags(no-parse) program_override('atag'));
};
destination d_tag_a {
  tcp('machine2' port(40000));
};
log {
  source(s_tag_a); destination(d_tag_a);
};

source s_tag_b {
  file('/home/ubuntu/b.tag' flags(no-parse) program_override('btag'));
};
destination d_tag_b {
  tcp('machine2' port(40000));
};
log {
  source(s_tag_b); destination(d_tag_b);
};



In Machine 2, the relevant lines in syslog-ng.conf are below:

source s_tag {
  tcp(ip(0.0.0.0) port(40000));
};
destination d_tag_a {
  file('/home/ubuntu/a.tag');
};
filter f_tag_a {
  program('atag');
};
log {
  source(s_tag); destination(d_tag_a); filter(f_tag_a);
};
destination d_tag_b {
  file('/home/ubuntu/b.tag');
};
filter f_tag_b {
  program('btag');
};
log {
  source(s_tag); destination(d_tag_b); filter(f_tag_b);
};


Now when I execute the following commands in Machine 1:
# echo 'atag' >> a.tag
# echo 'btag' >> b.tag


In Machine 2, the files a.tag and b.tag both contain the given lines.
# cat a.tag
atag
btag
# cat b.tag
atag
btag


Is there something wrong in my configuration? Thank you.