[syslog-ng] preserving tags across the network
Joël Landry Nyamsi Kouendé
l.kouende at samirisassurances.com
Thu Nov 24 22:32:06 CET 2011
Le 11 nov. 2011 17:06, "Matt Zagrabelny" <mzagrabe at d.umn.edu> a écrit :
> Hi,
>
> I am trying to ship a bunch of apache log files across the network and
> on the syslog-ng server side then break them into their individual
> files again.
>
> I am not sure the best way to do this, but it looks like tags might be
> helpful.
>
> On my apache system I have the following snippets:
>
> -----{syslog-ng client begin}-----
>
> source s_apache_access {
> file("/var/log/apache2/access.log"
> tags("main_access")
> );
> };
>
> source s_apache_other_vhost_access {
> file("/var/log/apache2/other_vhost.log"
> tags("other_vhost_access")
> );
> };
>
> destination d_server {
> syslog(
> "10.0.0.1"
> transport("tls")
> port(6514)
> tls(
> peer-verify(required-trusted)
> ca_dir('/etc/syslog-ng/ssl/ca.d')
> key_file('/etc/syslog-ng/ssl/server.key')
> cert_file('/etc/syslog-ng/ssl/server.crt')
> )
> );
> };
>
> log {
> source(s_apache_access);
> source(s_apache_other_vhost_access);
> destination(d_server);
> };
>
> -----{syslog-ng client end}-----
>
> On my server I have the following:
>
> -----{syslog-ng server begin}-----
>
> source s_tls {
> syslog(
> ip(0.0.0.0)
> port(6514)
> transport("tls")
> tls(
> peer-verify(required-trusted)
> ca_dir('/etc/syslog-ng/ssl/ca.d')
> key_file('/etc/syslog-ng/ssl/server.key')
> cert_file('/etc/syslog-ng/ssl/server.crt')
> )
> max_connections(1000)
> keep_hostname(yes)
> );
> };
>
> filter f_main_apache_access {
> tags("main_access");
> };
>
> destination d_main_access {
> file("/var/log/apache2/access.log");
> };
>
> log {
> source(s_tls);
> filter(f_main_apache_access);
> destination(d_main_access);
> };
>
> -----{syslog-ng server end}-----
>
> It doesn't look like the "tag" is being preserved through the network.
> Does anyone know if tags is the right mechanism for splitting apart
> (filtering) the aggregate stream coming in on the server?
>
> Any other advice would be greatly appreciated.
>
> Thanks!
>
> -matt zagrabelny
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20111124/944d925e/attachment.htm
More information about the syslog-ng
mailing list