[syslog-ng] preserving tags across the network

Joël Landry Nyamsi Kouendé l.kouende at samirisassurances.com
Thu Nov 24 22:32:06 CET 2011 

Le 11 nov. 2011 17:06, "Matt Zagrabelny" <mzagrabe at d.umn.edu> a écrit :

> Hi,
>
> I am trying to ship a bunch of apache log files across the network and
> on the syslog-ng server side then break them into their individual
> files again.
>
> I am not sure the best way to do this, but it looks like tags might be
> helpful.
>
> On my apache system I have the following snippets:
>
> -----{syslog-ng client begin}-----
>
> source s_apache_access {
>  file("/var/log/apache2/access.log"
>       tags("main_access")
>      );
> };
>
> source s_apache_other_vhost_access {
>  file("/var/log/apache2/other_vhost.log"
>       tags("other_vhost_access")
>      );
> };
>
> destination d_server {
>                   syslog(
>                          "10.0.0.1"
>                          transport("tls")
>                          port(6514)
>                          tls(
>                              peer-verify(required-trusted)
>                              ca_dir('/etc/syslog-ng/ssl/ca.d')
>                              key_file('/etc/syslog-ng/ssl/server.key')
>                              cert_file('/etc/syslog-ng/ssl/server.crt')
>                             )
>                         );
> };
>
> log {
>  source(s_apache_access);
>  source(s_apache_other_vhost_access);
>  destination(d_server);
> };
>
> -----{syslog-ng client end}-----
>
> On my server I have the following:
>
> -----{syslog-ng server begin}-----
>
> source s_tls {
>              syslog(
>                     ip(0.0.0.0)
>                     port(6514)
>                     transport("tls")
>                     tls(
>                         peer-verify(required-trusted)
>                         ca_dir('/etc/syslog-ng/ssl/ca.d')
>                         key_file('/etc/syslog-ng/ssl/server.key')
>                         cert_file('/etc/syslog-ng/ssl/server.crt')
>                        )
>                     max_connections(1000)
>                     keep_hostname(yes)
>                    );
> };
>
> filter f_main_apache_access {
>  tags("main_access");
> };
>
> destination d_main_access {
>  file("/var/log/apache2/access.log");
> };
>
> log {
>  source(s_tls);
>  filter(f_main_apache_access);
>  destination(d_main_access);
> };
>
> -----{syslog-ng server end}-----
>
> It doesn't look like the "tag" is being preserved through the network.
> Does anyone know if tags is the right mechanism for splitting apart
> (filtering) the aggregate stream coming in on the server?
>
> Any other advice would be greatly appreciated.
>
> Thanks!
>
> -matt zagrabelny
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20111124/944d925e/attachment.htm

More information about the syslog-ng mailing list