Hi, I want to send apache2 messages via tcp to my syslog server using syslog-ng3 with the IETF-Message format. I specified a source which uses file("/var/log/apache2/access.log" flags(no-parse) follow-freq(5)) to fetch the log data. So the orginating apache message keeps untouched and can be found in the MSG part. This message is packed into the IETF-Frame with the destination syslog("..." transport("tls") ... ) On server-side I want to "unpack" the message again to reconstruct the original format of the access.log. The main problem is to decide the source of the message to write it into the right file (multiple webservers will log this way). I wanted to solve this problem by setting the unused IETF-Message Headers to the values the identify them. For example I wanted to append a string like "www=my.web.site" to the Structured Data. These information then would be interpreted and the corresponding file will be used. Is there a way the set these fields and use them on the destination server in filters? Dear, Christian Haase -- ifu Hamburg - material flows and software ifu Institut fuer Umweltinformatik Hamburg GmbH Grosse Bergstrasse 219, 22767 Hamburg, Germany Managing Director: Jan Hedemann, Commercial Register: Hamburg, HRB 52629 www.ifu.com - www.umberto.de - www.sabento.com - www.e-sankey.com
e!Sankey - software for easy drawing of Sankey diagrams. Visit http://www.e-sankey.com