[syslog-ng] cannot filter by program name

[Luis Pugoy]

Sorry, just realized that the filter() element inside the log() statement in
Machine 2 must be between the source() and destination() elements. It's
working now.

On Thu, Jul 21, 2011 at 8:19 PM, Luis Pugoy <lpugoy at insynchq.com> wrote:

> Hello. I am having trouble filtering by program name and was wondering if
> anyone could help.
>
> I am using syslog-ng v3.1.2 on Ubuntu 10.04 machines. I installed syslog-ng
> by installing the provided deb package.
>
> In Machine 1, the relevant lines in syslog-ng.conf are below:
>
> source s_tag_a {
>   file('/home/ubuntu/a.tag' flags(no-parse) program_override('atag'));
> };
> destination d_tag_a {
>   tcp('machine2' port(40000));
> };
> log {
>   source(s_tag_a); destination(d_tag_a);
> };
>
> source s_tag_b {
>   file('/home/ubuntu/b.tag' flags(no-parse) program_override('btag'));
> };
> destination d_tag_b {
>   tcp('machine2' port(40000));
> };
> log {
>    source(s_tag_b); destination(d_tag_b);
> };
>
>
>
> In Machine 2, the relevant lines in syslog-ng.conf are below:
>
> source s_tag {
>   tcp(ip(0.0.0.0) port(40000));
> };
> destination d_tag_a {
>   file('/home/ubuntu/a.tag');
> };
> filter f_tag_a {
>   program('atag');
> };
> log {
>   source(s_tag); destination(d_tag_a); filter(f_tag_a);
> };
> destination d_tag_b {
>   file('/home/ubuntu/b.tag');
> };
> filter f_tag_b {
>   program('btag');
> };
> log {
>   source(s_tag); destination(d_tag_b); filter(f_tag_b);
> };
>
>
> Now when I execute the following commands in Machine 1:
> # echo 'atag' >> a.tag
> # echo 'btag' >> b.tag
>
>
> In Machine 2, the files a.tag and b.tag both contain the given lines.
> # cat a.tag
> atag
> btag
> # cat b.tag
> atag
> btag
>
>
> Is there something wrong in my configuration? Thank you.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110721/f25f26d9/attachment.htm