>>>>> "Delon" == Delon Lee Di Lun <lee.delon2005@gmail.com> writes:

    Delon> Possible to wipe up a sample config?
    Delon> Might clear things up?

This is a slightly different solution, but should work nevertheless:

Client:

@version: 3.15

source s_apache_logs {
 wildcard-file(
   base-dir("/var/log/apache")
   filename-pattern("www.*")
   flags(no-parse)
 );
};

destination d_central {
  network("1.2.3.4" template("$(basename ${FILE_NAME}),${MSG}\n"));
};

log { source(s_apache_logs); destination(d_central); };

Server:

@version: 3.15

source s_net {
  network("1.2.3.4" flags(no-parse));
};

parser p_apache {
  csv-parser(
    columns("apache.FILE_NAME", "apache.MESSAGE");
    flags(greedy);
  );
};

destination d_central_apache {
  file("/var/log/apache/${apache.FILE_NAME}"
       template("${apache.MESSAGE}\n"));
};

log { source(s_net); parser(p_apache); destination(d_central_apache); };

------------ * --------------

The idea here is that on the client, we read the apache logs as-is, and
forward them with the filename prepended. On the server side, we split
the message into filename and message, and use the first part to
determine which file to save the message to. Then we write the rest of
the line to that file.

This way you'll end up with the same contents on both sides, in files
that have the same name (but perhaps different path, that part is up to
you).

Hope this helps.

--
|8]