[syslog-ng] Appending values to Structured-Data

Christian Haase c.haase at ifu.com
Wed Mar 11 11:59:20 CET 2009


Hi,

I want to send apache2 messages via tcp to my syslog server using
syslog-ng3 with the IETF-Message format.

I specified a source which uses file("/var/log/apache2/access.log"
flags(no-parse) follow-freq(5)) to fetch the log data. So the orginating
apache message keeps untouched and can be found in the MSG part.

This message is packed into the IETF-Frame with the destination
syslog("..." transport("tls") ... )

On server-side I want to "unpack" the message again to reconstruct the
original format of the access.log.

The main problem is to decide the source of the message to write it into
the right file (multiple webservers will log this way). I wanted to
solve this problem by setting the unused IETF-Message Headers to the
values the identify them. For example I wanted to append a string like
"www=my.web.site" to the Structured Data. These information then would
be interpreted and the corresponding file will be used.

Is there a way the set these fields and use them on the destination
server in filters?

Dear,
Christian Haase


-- 
ifu Hamburg - material flows and software

ifu Institut fuer Umweltinformatik Hamburg GmbH
Grosse Bergstrasse 219, 22767 Hamburg, Germany
Managing Director: Jan Hedemann, Commercial Register: Hamburg, HRB 52629
www.ifu.com - www.umberto.de - www.sabento.com - www.e-sankey.com

>>> e!Sankey - software for easy drawing of Sankey diagrams.
>>> Visit http://www.e-sankey.com


More information about the syslog-ng mailing list