Hi, Okay, I added the the tags to the sources, and its getting transferred to the server: Client: source s_access {. pipe("/var/log/apache2/pipe_access.log" tags("acc001")); }; destination d_network_def_apache { syslog("172.128.83.90" transport("tcp") ip-protocol(4) port("16602") persist-name("to_syslogng_def_apache") template("${MESSAGE} ${TAGS}\n")); }; I sat up the server like this: filter apache_access { tags("acc001") }; log { source(s_network); filter(apache_access); destination(d_apache_access); }; Nothing in the logs :S I can see via tcpdump this: ${MESSAGE} part and then the configured ${TAGS} which is: acc001,.source.s_access But the filter doesnt work on the server side. Why does it logs the fsouorce name and why doenst find the TAG? Thanks, Robert 2017-06-19 15:15 GMT+02:00 Fabien Wernli <wernli@in2p3.fr>:
Hi,
On Mon, Jun 19, 2017 at 01:55:51PM +0200, Sandbox wrote:
I would like to transfer/store apache logs, but for some reason i cant tag them:
Tags are available internally in the $TAGS macro. Tags are not implicitly sent over when using the syslog protocol, unless you explicitly instruct syslog-ng to do so.
Try adding the $TAGS macro to your template, or add a .SDATA prefix if you're using RFC5424
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq