Hi,

Okay, I added the the tags to the sources, and its getting transferred to the server:

Client:

source s_access {.

pipe("/var/log/apache2/pipe_access.log"

tags("acc001"));

};

destination d_network_def_apache {

syslog("172.128.83.90"

transport("tcp")

ip-protocol(4)

port("16602")

persist-name("to_syslogng_def_apache")

template("${MESSAGE} ${TAGS}\n"));

};

I sat up the server like this:

filter apache_access {

tags("acc001")

};

log {

source(s_network);

filter(apache_access);

destination(d_apache_access);

};

Nothing in the logs :S

I can see via tcpdump this:

${MESSAGE} part and then the configured ${TAGS} which is: acc001,.source.s_access

But the filter doesnt work on the server side.

Why does it logs the fsouorce name and why doenst find the TAG?

Thanks,

Robert

2017-06-19 15:15 GMT+02:00 Fabien Wernli <wernli@in2p3.fr>:

Hi,

On Mon, Jun 19, 2017 at 01:55:51PM +0200, Sandbox wrote:
> I would like to transfer/store apache logs, but for some reason i cant tag
> them:

Tags are available internally in the $TAGS macro.
Tags are not implicitly sent over when using the syslog protocol, unless you
explicitly instruct syslog-ng to do so.

Try adding the $TAGS macro to your template, or add a .SDATA prefix if
you're using RFC5424

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq