On Fri, Apr 2, 2010 at 1:25 AM, SZALAY Attila
<sasa@balabit.hu> wrote:
Hi All!
On Thu, 2010-04-01 at 11:37 -0600, Martin Holste wrote:
> Ok, I think I see what you're saying: the tag only exists on the local
> box and does not get forwarded in the message. You were saying you
> have to overwrite the original program with some other value so that
> the tag is permanent and will survive multiple relays. Sorry for the
> confusion.
Try to think about the tags as a sticky note on a package. When I want
to create a lot of uniform white bag I put a sticky note into it, so I
can make a difference between them. But after I write the correct
adresses I take off the notes from it. In the example the tag is not
surviving the relays, He put the tag _value_ into an another field. Just
like if I put some information into the destination address to my mail.
But I think that the idea of the persistant tags is great. And in the
new syslog protocol there is space for it. I will create a feature
request for it. :)
I agree. When tagging was first announced I was disappointed that they would not survive relays. Program_override is a way to 'tag' relayed messages, but it seems like a work-around (just like, say, using templates to add a custom string before $MSG to filter for at your receiving host). In a large setup, matching by host or other means is not manageable (especially if you want your configs to be multi-site compatible), so I think persistent tags would be a useful feature when sending from syslog-ng to syslog-ng.