[syslog-ng] tags not working
Sandbox
sandboxheh at gmail.com
Mon Jun 19 14:27:55 UTC 2017
Hi,
Okay, I added the the tags to the sources, and its getting transferred to
the server:
Client:
source s_access {.
pipe("/var/log/apache2/pipe_access.log"
tags("acc001"));
};
destination d_network_def_apache {
syslog("172.128.83.90"
transport("tcp")
ip-protocol(4)
port("16602")
persist-name("to_syslogng_def_apache")
template("${MESSAGE} ${TAGS}\n"));
};
I sat up the server like this:
filter apache_access {
tags("acc001")
};
log {
source(s_network);
filter(apache_access);
destination(d_apache_access);
};
Nothing in the logs :S
I can see via tcpdump this:
${MESSAGE} part and then the configured ${TAGS} which is:
acc001,.source.s_access
But the filter doesnt work on the server side.
Why does it logs the fsouorce name and why doenst find the TAG?
Thanks,
Robert
2017-06-19 15:15 GMT+02:00 Fabien Wernli <wernli at in2p3.fr>:
> Hi,
>
> On Mon, Jun 19, 2017 at 01:55:51PM +0200, Sandbox wrote:
> > I would like to transfer/store apache logs, but for some reason i cant
> tag
> > them:
>
> Tags are available internally in the $TAGS macro.
> Tags are not implicitly sent over when using the syslog protocol, unless
> you
> explicitly instruct syslog-ng to do so.
>
> Try adding the $TAGS macro to your template, or add a .SDATA prefix if
> you're using RFC5424
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170619/3c920dbb/attachment.html>
More information about the syslog-ng
mailing list