Hi
all,
I got a problem to
get the "tags" feature working on our syslog-ng 3.1. I want to collect messages
from 3 different files on the
source system and
want to separate them again on the central logging
server.
The client
configuration looks like this:
----------------------------------------------------------------------------------------------------
source s_app
{
file("/var/log/log1.log");
file("/opt//log/log2.log"
tags("log2"));
file("/opt/log/log3.log"
tags("log3"));
};
options
{
};
destination d_app { tcp("logrelay01.domain.com" port(13074));
};
log {
source(s_app);
destination(d_app);
};
----------------------------------------------------------------------------------------------------
The log relay does
nothing than forward the messages to the central logging server with the
following config:
----------------------------------------------------------------------------------------------------
options
{
time_sleep(20);
log_fifo_size(1000);
dns_cache(2000);
dns_cache_expire(87600);
keep_hostname(yes);
};
source s_remote { tcp(ip("0.0.0.0") port(13074));
};
destination remote_tcp { tcp("centrallog01.domain.com"
port(13074)); };
log {
source(s_remote);
destination(remote_tcp);
};
----------------------------------------------------------------------------------------------------
On the central logging server I use filters to separate
the logfiles again:
----------------------------------------------------------------------------------------------------
@version:
3.0
include
"/opt/config/syslogng-inc.conf";
options
{
time_sleep(20);
dns_cache(2000);
dns_cache_expire(87600);
keep_hostname(yes);
create_dirs(yes);
};
source s_remote { tcp
(ip("0.0.0.0") port(13074) keep-alive(yes));
};
============================================
This is the confoguration in
/opt/config/syslogng-inc.conf
# Filter
filter f_log1 { host("web00(09|10)");
};
filter f_log2 { host("web00(09|10)") and tags("log2"); };
filter f_log3
{ host("web00(09|10)") and tags("log3");
};
#Configuration for
Destinations
destination d_log1 { file("/var/logs/log1/combined.log"
perm(0755) dir_perm(0755)); };
destination d_log2 {
file("/var/logs/log2/combined.log" perm(0755) dir_perm(0755)); };
destination
d_log3 { file("/var/logs/log3/combined.log" perm(0755) dir_perm(0755));
};
# Logfile log1
log
{
source(s_remote);
filter(f_log1);
destination(d_log1);
};
# Logfile log2
log
{
source(s_remote);
filter(f_log2);
destination(d_log2);
};
# Logfile log3
log
{
source(s_remote);
filter(f_log3);
destination(d_log3);
};
----------------------------------------------------------------------------------------------------
Does anybody have an idea, why it does not work as
expected.
Thanks for any suggestion and/or
idea.
Best regards Stefan