[syslog-ng] Remote tags
Fabien Wernli
wernli at in2p3.fr
Sat Nov 22 17:01:26 CET 2014
Hi Nikolay,
On Fri, Nov 21, 2014 at 04:31:58PM -0500, Nikolay P wrote:
> Could anyone here advice me if it is possible to set a tags() on a log entry on one machine, send this log message to a remote syslog-ng and use this tags() in a filter on the remote machine?
This is not possible to send the contents of the TAGS macro using standard
(rfc3164) syslog. However you could send them over using format-json, or
using the new ietf (rfc5424) syslog by including it into structured data
(SDATA).
Here's the quote from the PE doc:
"Note that the tags are not part of the log message and are not
automatically transferred from a client to the server. For example, if a
client uses a pattern database to tag the messages, the tags are not
transferred to the server. A way of transferring the tags is to explicitly
add them to the log messages using a template and the ${TAGS} macro, or to
add them to the structured metadata part of messages when using the
IETF-syslog message format.
When sent as structured metadata, it is possible to reference to the list of
tags on the central server, and for example, to add them to a database
column."
Cheers
More information about the syslog-ng
mailing list