[syslog-ng] Best way to pipe "application" logs to central syslog-ng server.
Fabien Wernli
wernli at in2p3.fr
Mon May 7 13:35:46 UTC 2018
Hi,
On Mon, May 07, 2018 at 03:26:21PM +0200, Gergely Nagy wrote:
> A third option would be to add an SDATA field to the apache logs on the
> rsyslog side, and filter based on that on the syslog-ng side. I am not
> familiar with rsyslog all that much, and can't offer an example how to
> do that. But it shouldn't be too hard, I imagine.
One admittedly very hackish way to add SDATA to rsyslog is:
$Template t_rfc5424,"<%pri%>1 %timestamp:::date-rfc3339% %hostname% %app-name% %procid% %msgid% [foo bar=\"baz\"] %msg:R,ERE,1,FIELD:^ (.*)--end%"
*.* @remote_syslog:514;t_rfc5424
FWIW ;-)
More information about the syslog-ng
mailing list