[syslog-ng] tags not working

Sandbox sandboxheh at gmail.com
Mon Jun 19 11:55:51 UTC 2017


Hi,

I would like to transfer/store apache logs, but for some reason i cant tag
them:

I tried:

source s_access {
    pipe("/var/log/apache2/pipe_access.log"
    tags("testtag"));.
};

or

source s_access {
    pipe("/var/log/apache2/pipe_access.log"
    program-override("testtag"));.
};

Because it doesn't work with 'tags' i used the apache to format the
message, i put the choosen word to the log format so it stores the correct
place the log on the client and also on the server.

Part of the log:
- [19/Jun/2017:13:46:29 +0200] acc001 127.0.0.1 - - "GET
/server-status?auto HTTP/1.1" 200 1781

If it possible i want to use 'tags' instead of manipulating apache
logformats.

I tried to read the pipes directly, but the above settings doesnt show,
just the above log.
I tried to tcpdump the traffic from client -> server (client side) but
doesn't show any of the settings. It looks like for me, syslog-ng wont tag
my logs.
And i tried to read the stored log with file() and tag it, that doesn't
work neither.

What i am missing?

Thanks, Robert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170619/9bd6e5b8/attachment.html>


More information about the syslog-ng mailing list