[syslog-ng] cannot filter by program name
Luis Pugoy
lpugoy at insynchq.com
Thu Jul 21 14:19:33 CEST 2011
Hello. I am having trouble filtering by program name and was wondering if
anyone could help.
I am using syslog-ng v3.1.2 on Ubuntu 10.04 machines. I installed syslog-ng
by installing the provided deb package.
In Machine 1, the relevant lines in syslog-ng.conf are below:
source s_tag_a {
file('/home/ubuntu/a.tag' flags(no-parse) program_override('atag'));
};
destination d_tag_a {
tcp('machine2' port(40000));
};
log {
source(s_tag_a); destination(d_tag_a);
};
source s_tag_b {
file('/home/ubuntu/b.tag' flags(no-parse) program_override('btag'));
};
destination d_tag_b {
tcp('machine2' port(40000));
};
log {
source(s_tag_b); destination(d_tag_b);
};
In Machine 2, the relevant lines in syslog-ng.conf are below:
source s_tag {
tcp(ip(0.0.0.0) port(40000));
};
destination d_tag_a {
file('/home/ubuntu/a.tag');
};
filter f_tag_a {
program('atag');
};
log {
source(s_tag); destination(d_tag_a); filter(f_tag_a);
};
destination d_tag_b {
file('/home/ubuntu/b.tag');
};
filter f_tag_b {
program('btag');
};
log {
source(s_tag); destination(d_tag_b); filter(f_tag_b);
};
Now when I execute the following commands in Machine 1:
# echo 'atag' >> a.tag
# echo 'btag' >> b.tag
In Machine 2, the files a.tag and b.tag both contain the given lines.
# cat a.tag
atag
btag
# cat b.tag
atag
btag
Is there something wrong in my configuration? Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110721/c616c669/attachment.htm
More information about the syslog-ng
mailing list